HDFS-14625. Make DefaultAuditLogger class in FSnamesystem to Abstract. Contributed by hemanthboyina.
This commit is contained in:
parent
da0006fe04
commit
633b7c1cfe
@ -0,0 +1,93 @@
|
|||||||
|
/**
|
||||||
|
* Licensed to the Apache Software Foundation (ASF) under one
|
||||||
|
* or more contributor license agreements. See the NOTICE file
|
||||||
|
* distributed with this work for additional information
|
||||||
|
* regarding copyright ownership. The ASF licenses this file
|
||||||
|
* to you under the Apache License, Version 2.0 (the
|
||||||
|
* "License"); you may not use this file except in compliance
|
||||||
|
* with the License. You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.apache.hadoop.hdfs.server.namenode;
|
||||||
|
|
||||||
|
import java.net.InetAddress;
|
||||||
|
import java.util.HashSet;
|
||||||
|
import java.util.Set;
|
||||||
|
|
||||||
|
import org.apache.hadoop.classification.InterfaceAudience;
|
||||||
|
import org.apache.hadoop.classification.InterfaceStability;
|
||||||
|
import org.apache.hadoop.conf.Configuration;
|
||||||
|
import org.apache.hadoop.fs.FileStatus;
|
||||||
|
import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenSecretManager;
|
||||||
|
import org.apache.hadoop.ipc.CallerContext;
|
||||||
|
import org.apache.hadoop.security.UserGroupInformation;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This class provides an interface for Namenode and Router to Audit events
|
||||||
|
* information. This class can be extended and can be used when no access logger
|
||||||
|
* is defined in the config file.
|
||||||
|
*/
|
||||||
|
@InterfaceAudience.Public
|
||||||
|
@InterfaceStability.Evolving
|
||||||
|
public abstract class DefaultAuditLogger extends HdfsAuditLogger {
|
||||||
|
protected static final ThreadLocal<StringBuilder> STRING_BUILDER =
|
||||||
|
new ThreadLocal<StringBuilder>() {
|
||||||
|
@Override
|
||||||
|
protected StringBuilder initialValue() {
|
||||||
|
return new StringBuilder();
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
protected volatile boolean isCallerContextEnabled;
|
||||||
|
|
||||||
|
/** The maximum bytes a caller context string can have. */
|
||||||
|
protected int callerContextMaxLen;
|
||||||
|
protected int callerSignatureMaxLen;
|
||||||
|
|
||||||
|
/** adds a tracking ID for all audit log events. */
|
||||||
|
protected boolean logTokenTrackingId;
|
||||||
|
|
||||||
|
/** List of commands to provide debug messages. */
|
||||||
|
protected Set<String> debugCmdSet = new HashSet<>();
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Enable or disable CallerContext.
|
||||||
|
*
|
||||||
|
* @param value true, enable CallerContext, otherwise false to disable it.
|
||||||
|
*/
|
||||||
|
void setCallerContextEnabled(final boolean value) {
|
||||||
|
isCallerContextEnabled = value;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get the value indicating if CallerContext is enabled.
|
||||||
|
*
|
||||||
|
* @return true, if CallerContext is enabled, otherwise false, if it's
|
||||||
|
* disabled.
|
||||||
|
*/
|
||||||
|
boolean getCallerContextEnabled() {
|
||||||
|
return isCallerContextEnabled;
|
||||||
|
}
|
||||||
|
|
||||||
|
public abstract void initialize(Configuration conf);
|
||||||
|
|
||||||
|
public abstract void logAuditMessage(String message);
|
||||||
|
|
||||||
|
public abstract void logAuditEvent(boolean succeeded, String userName,
|
||||||
|
InetAddress addr, String cmd, String src, String dst, FileStatus status,
|
||||||
|
UserGroupInformation ugi, DelegationTokenSecretManager dtSecretManager);
|
||||||
|
|
||||||
|
public abstract void logAuditEvent(boolean succeeded, String userName,
|
||||||
|
InetAddress addr, String cmd, String src, String dst, FileStatus status,
|
||||||
|
CallerContext callerContext, UserGroupInformation ugi,
|
||||||
|
DelegationTokenSecretManager dtSecretManager);
|
||||||
|
|
||||||
|
}
|
@ -1061,7 +1061,7 @@ private List<AuditLogger> initAuditLoggers(Configuration conf) {
|
|||||||
try {
|
try {
|
||||||
AuditLogger logger;
|
AuditLogger logger;
|
||||||
if (DFS_NAMENODE_DEFAULT_AUDIT_LOGGER_NAME.equals(className)) {
|
if (DFS_NAMENODE_DEFAULT_AUDIT_LOGGER_NAME.equals(className)) {
|
||||||
logger = new DefaultAuditLogger();
|
logger = new FSNamesystemAuditLogger();
|
||||||
} else {
|
} else {
|
||||||
logger = (AuditLogger) Class.forName(className).newInstance();
|
logger = (AuditLogger) Class.forName(className).newInstance();
|
||||||
}
|
}
|
||||||
@ -1077,9 +1077,9 @@ private List<AuditLogger> initAuditLoggers(Configuration conf) {
|
|||||||
|
|
||||||
// Make sure there is at least one logger installed.
|
// Make sure there is at least one logger installed.
|
||||||
if (auditLoggers.isEmpty()) {
|
if (auditLoggers.isEmpty()) {
|
||||||
DefaultAuditLogger defaultAuditLogger = new DefaultAuditLogger();
|
FSNamesystemAuditLogger fsNamesystemAuditLogger = new FSNamesystemAuditLogger();
|
||||||
defaultAuditLogger.initialize(conf);
|
fsNamesystemAuditLogger.initialize(conf);
|
||||||
auditLoggers.add(defaultAuditLogger);
|
auditLoggers.add(fsNamesystemAuditLogger);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Add audit logger to calculate top users
|
// Add audit logger to calculate top users
|
||||||
@ -7976,46 +7976,12 @@ void checkAccess(String src, FsAction mode) throws IOException {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Default AuditLogger implementation; used when no access logger is
|
* FSNamesystem Default AuditLogger implementation;used when no access logger
|
||||||
* defined in the config file. It can also be explicitly listed in the
|
* is defined in the config file. It can also be explicitly listed in the
|
||||||
* config file.
|
* config file.
|
||||||
*/
|
*/
|
||||||
@VisibleForTesting
|
@VisibleForTesting
|
||||||
static class DefaultAuditLogger extends HdfsAuditLogger {
|
static class FSNamesystemAuditLogger extends DefaultAuditLogger {
|
||||||
private static final ThreadLocal<StringBuilder> STRING_BUILDER =
|
|
||||||
new ThreadLocal<StringBuilder>() {
|
|
||||||
@Override
|
|
||||||
protected StringBuilder initialValue() {
|
|
||||||
return new StringBuilder();
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
private volatile boolean isCallerContextEnabled;
|
|
||||||
private int callerContextMaxLen;
|
|
||||||
private int callerSignatureMaxLen;
|
|
||||||
|
|
||||||
private boolean logTokenTrackingId;
|
|
||||||
private Set<String> debugCmdSet = new HashSet<String>();
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Enable or disable CallerContext.
|
|
||||||
*
|
|
||||||
* @param value
|
|
||||||
* true, enable CallerContext, otherwise false to disable it.
|
|
||||||
*/
|
|
||||||
void setCallerContextEnabled(final boolean value) {
|
|
||||||
isCallerContextEnabled = value;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Get the value indicating if CallerContext is enabled.
|
|
||||||
*
|
|
||||||
* @return true, if CallerContext is enabled, otherwise false, if it's
|
|
||||||
* disabled.
|
|
||||||
*/
|
|
||||||
boolean getCallerContextEnabled() {
|
|
||||||
return isCallerContextEnabled;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void initialize(Configuration conf) {
|
public void initialize(Configuration conf) {
|
||||||
|
@ -24,7 +24,7 @@
|
|||||||
import org.apache.hadoop.conf.Configuration;
|
import org.apache.hadoop.conf.Configuration;
|
||||||
import org.apache.hadoop.hdfs.DFSConfigKeys;
|
import org.apache.hadoop.hdfs.DFSConfigKeys;
|
||||||
import org.apache.hadoop.hdfs.HdfsConfiguration;
|
import org.apache.hadoop.hdfs.HdfsConfiguration;
|
||||||
import org.apache.hadoop.hdfs.server.namenode.FSNamesystem.DefaultAuditLogger;
|
import org.apache.hadoop.hdfs.server.namenode.FSNamesystem.FSNamesystemAuditLogger;
|
||||||
import org.apache.hadoop.test.GenericTestUtils;
|
import org.apache.hadoop.test.GenericTestUtils;
|
||||||
import org.apache.log4j.Level;
|
import org.apache.log4j.Level;
|
||||||
import org.junit.Rule;
|
import org.junit.Rule;
|
||||||
@ -54,7 +54,7 @@ public class TestAuditLogAtDebug {
|
|||||||
|
|
||||||
private DefaultAuditLogger makeSpyLogger(
|
private DefaultAuditLogger makeSpyLogger(
|
||||||
Level level, Optional<List<String>> debugCommands) {
|
Level level, Optional<List<String>> debugCommands) {
|
||||||
DefaultAuditLogger logger = new DefaultAuditLogger();
|
DefaultAuditLogger logger = new FSNamesystemAuditLogger();
|
||||||
Configuration conf = new HdfsConfiguration();
|
Configuration conf = new HdfsConfiguration();
|
||||||
if (debugCommands.isPresent()) {
|
if (debugCommands.isPresent()) {
|
||||||
conf.set(DFSConfigKeys.DFS_NAMENODE_AUDIT_LOG_DEBUG_CMDLIST,
|
conf.set(DFSConfigKeys.DFS_NAMENODE_AUDIT_LOG_DEBUG_CMDLIST,
|
||||||
|
@ -247,9 +247,10 @@ public void testInitAuditLoggers() throws IOException {
|
|||||||
fsn = new FSNamesystem(conf, fsImage);
|
fsn = new FSNamesystem(conf, fsImage);
|
||||||
auditLoggers = fsn.getAuditLoggers();
|
auditLoggers = fsn.getAuditLoggers();
|
||||||
assertTrue(auditLoggers.size() == 1);
|
assertTrue(auditLoggers.size() == 1);
|
||||||
assertTrue(auditLoggers.get(0) instanceof FSNamesystem.DefaultAuditLogger);
|
assertTrue(
|
||||||
FSNamesystem.DefaultAuditLogger defaultAuditLogger =
|
auditLoggers.get(0) instanceof FSNamesystem.FSNamesystemAuditLogger);
|
||||||
(FSNamesystem.DefaultAuditLogger) auditLoggers.get(0);
|
FSNamesystem.FSNamesystemAuditLogger defaultAuditLogger =
|
||||||
|
(FSNamesystem.FSNamesystemAuditLogger) auditLoggers.get(0);
|
||||||
assertTrue(defaultAuditLogger.getCallerContextEnabled());
|
assertTrue(defaultAuditLogger.getCallerContextEnabled());
|
||||||
|
|
||||||
// Not to specify any audit loggers in config
|
// Not to specify any audit loggers in config
|
||||||
@ -262,7 +263,7 @@ public void testInitAuditLoggers() throws IOException {
|
|||||||
// the audit loggers order is not defined
|
// the audit loggers order is not defined
|
||||||
for (AuditLogger auditLogger : auditLoggers) {
|
for (AuditLogger auditLogger : auditLoggers) {
|
||||||
assertThat(auditLogger,
|
assertThat(auditLogger,
|
||||||
either(instanceOf(FSNamesystem.DefaultAuditLogger.class))
|
either(instanceOf(FSNamesystem.FSNamesystemAuditLogger.class))
|
||||||
.or(instanceOf(TopAuditLogger.class)));
|
.or(instanceOf(TopAuditLogger.class)));
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -275,7 +276,7 @@ public void testInitAuditLoggers() throws IOException {
|
|||||||
assertTrue(auditLoggers.size() == 2);
|
assertTrue(auditLoggers.size() == 2);
|
||||||
for (AuditLogger auditLogger : auditLoggers) {
|
for (AuditLogger auditLogger : auditLoggers) {
|
||||||
assertThat(auditLogger,
|
assertThat(auditLogger,
|
||||||
either(instanceOf(FSNamesystem.DefaultAuditLogger.class))
|
either(instanceOf(FSNamesystem.FSNamesystemAuditLogger.class))
|
||||||
.or(instanceOf(TopAuditLogger.class)));
|
.or(instanceOf(TopAuditLogger.class)));
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -289,7 +290,7 @@ public void testInitAuditLoggers() throws IOException {
|
|||||||
assertTrue(auditLoggers.size() == 3);
|
assertTrue(auditLoggers.size() == 3);
|
||||||
for (AuditLogger auditLogger : auditLoggers) {
|
for (AuditLogger auditLogger : auditLoggers) {
|
||||||
assertThat(auditLogger,
|
assertThat(auditLogger,
|
||||||
either(instanceOf(FSNamesystem.DefaultAuditLogger.class))
|
either(instanceOf(FSNamesystem.FSNamesystemAuditLogger.class))
|
||||||
.or(instanceOf(TopAuditLogger.class))
|
.or(instanceOf(TopAuditLogger.class))
|
||||||
.or(instanceOf(DummyAuditLogger.class)));
|
.or(instanceOf(DummyAuditLogger.class)));
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user