HDFS-14625. Make DefaultAuditLogger class in FSnamesystem to Abstract. Contributed by hemanthboyina.

This commit is contained in:
Wei-Chiu Chuang 2019-08-13 16:50:49 -07:00
parent da0006fe04
commit 633b7c1cfe
4 changed files with 109 additions and 49 deletions

View File

@ -0,0 +1,93 @@
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.hadoop.hdfs.server.namenode;
import java.net.InetAddress;
import java.util.HashSet;
import java.util.Set;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileStatus;
import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenSecretManager;
import org.apache.hadoop.ipc.CallerContext;
import org.apache.hadoop.security.UserGroupInformation;
/**
* This class provides an interface for Namenode and Router to Audit events
* information. This class can be extended and can be used when no access logger
* is defined in the config file.
*/
@InterfaceAudience.Public
@InterfaceStability.Evolving
public abstract class DefaultAuditLogger extends HdfsAuditLogger {
protected static final ThreadLocal<StringBuilder> STRING_BUILDER =
new ThreadLocal<StringBuilder>() {
@Override
protected StringBuilder initialValue() {
return new StringBuilder();
}
};
protected volatile boolean isCallerContextEnabled;
/** The maximum bytes a caller context string can have. */
protected int callerContextMaxLen;
protected int callerSignatureMaxLen;
/** adds a tracking ID for all audit log events. */
protected boolean logTokenTrackingId;
/** List of commands to provide debug messages. */
protected Set<String> debugCmdSet = new HashSet<>();
/**
* Enable or disable CallerContext.
*
* @param value true, enable CallerContext, otherwise false to disable it.
*/
void setCallerContextEnabled(final boolean value) {
isCallerContextEnabled = value;
}
/**
* Get the value indicating if CallerContext is enabled.
*
* @return true, if CallerContext is enabled, otherwise false, if it's
* disabled.
*/
boolean getCallerContextEnabled() {
return isCallerContextEnabled;
}
public abstract void initialize(Configuration conf);
public abstract void logAuditMessage(String message);
public abstract void logAuditEvent(boolean succeeded, String userName,
InetAddress addr, String cmd, String src, String dst, FileStatus status,
UserGroupInformation ugi, DelegationTokenSecretManager dtSecretManager);
public abstract void logAuditEvent(boolean succeeded, String userName,
InetAddress addr, String cmd, String src, String dst, FileStatus status,
CallerContext callerContext, UserGroupInformation ugi,
DelegationTokenSecretManager dtSecretManager);
}

View File

@ -1061,7 +1061,7 @@ private List<AuditLogger> initAuditLoggers(Configuration conf) {
try { try {
AuditLogger logger; AuditLogger logger;
if (DFS_NAMENODE_DEFAULT_AUDIT_LOGGER_NAME.equals(className)) { if (DFS_NAMENODE_DEFAULT_AUDIT_LOGGER_NAME.equals(className)) {
logger = new DefaultAuditLogger(); logger = new FSNamesystemAuditLogger();
} else { } else {
logger = (AuditLogger) Class.forName(className).newInstance(); logger = (AuditLogger) Class.forName(className).newInstance();
} }
@ -1077,9 +1077,9 @@ private List<AuditLogger> initAuditLoggers(Configuration conf) {
// Make sure there is at least one logger installed. // Make sure there is at least one logger installed.
if (auditLoggers.isEmpty()) { if (auditLoggers.isEmpty()) {
DefaultAuditLogger defaultAuditLogger = new DefaultAuditLogger(); FSNamesystemAuditLogger fsNamesystemAuditLogger = new FSNamesystemAuditLogger();
defaultAuditLogger.initialize(conf); fsNamesystemAuditLogger.initialize(conf);
auditLoggers.add(defaultAuditLogger); auditLoggers.add(fsNamesystemAuditLogger);
} }
// Add audit logger to calculate top users // Add audit logger to calculate top users
@ -7976,46 +7976,12 @@ void checkAccess(String src, FsAction mode) throws IOException {
} }
/** /**
* Default AuditLogger implementation; used when no access logger is * FSNamesystem Default AuditLogger implementation;used when no access logger
* defined in the config file. It can also be explicitly listed in the * is defined in the config file. It can also be explicitly listed in the
* config file. * config file.
*/ */
@VisibleForTesting @VisibleForTesting
static class DefaultAuditLogger extends HdfsAuditLogger { static class FSNamesystemAuditLogger extends DefaultAuditLogger {
private static final ThreadLocal<StringBuilder> STRING_BUILDER =
new ThreadLocal<StringBuilder>() {
@Override
protected StringBuilder initialValue() {
return new StringBuilder();
}
};
private volatile boolean isCallerContextEnabled;
private int callerContextMaxLen;
private int callerSignatureMaxLen;
private boolean logTokenTrackingId;
private Set<String> debugCmdSet = new HashSet<String>();
/**
* Enable or disable CallerContext.
*
* @param value
* true, enable CallerContext, otherwise false to disable it.
*/
void setCallerContextEnabled(final boolean value) {
isCallerContextEnabled = value;
}
/**
* Get the value indicating if CallerContext is enabled.
*
* @return true, if CallerContext is enabled, otherwise false, if it's
* disabled.
*/
boolean getCallerContextEnabled() {
return isCallerContextEnabled;
}
@Override @Override
public void initialize(Configuration conf) { public void initialize(Configuration conf) {

View File

@ -24,7 +24,7 @@
import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hdfs.DFSConfigKeys; import org.apache.hadoop.hdfs.DFSConfigKeys;
import org.apache.hadoop.hdfs.HdfsConfiguration; import org.apache.hadoop.hdfs.HdfsConfiguration;
import org.apache.hadoop.hdfs.server.namenode.FSNamesystem.DefaultAuditLogger; import org.apache.hadoop.hdfs.server.namenode.FSNamesystem.FSNamesystemAuditLogger;
import org.apache.hadoop.test.GenericTestUtils; import org.apache.hadoop.test.GenericTestUtils;
import org.apache.log4j.Level; import org.apache.log4j.Level;
import org.junit.Rule; import org.junit.Rule;
@ -54,7 +54,7 @@ public class TestAuditLogAtDebug {
private DefaultAuditLogger makeSpyLogger( private DefaultAuditLogger makeSpyLogger(
Level level, Optional<List<String>> debugCommands) { Level level, Optional<List<String>> debugCommands) {
DefaultAuditLogger logger = new DefaultAuditLogger(); DefaultAuditLogger logger = new FSNamesystemAuditLogger();
Configuration conf = new HdfsConfiguration(); Configuration conf = new HdfsConfiguration();
if (debugCommands.isPresent()) { if (debugCommands.isPresent()) {
conf.set(DFSConfigKeys.DFS_NAMENODE_AUDIT_LOG_DEBUG_CMDLIST, conf.set(DFSConfigKeys.DFS_NAMENODE_AUDIT_LOG_DEBUG_CMDLIST,

View File

@ -247,9 +247,10 @@ public void testInitAuditLoggers() throws IOException {
fsn = new FSNamesystem(conf, fsImage); fsn = new FSNamesystem(conf, fsImage);
auditLoggers = fsn.getAuditLoggers(); auditLoggers = fsn.getAuditLoggers();
assertTrue(auditLoggers.size() == 1); assertTrue(auditLoggers.size() == 1);
assertTrue(auditLoggers.get(0) instanceof FSNamesystem.DefaultAuditLogger); assertTrue(
FSNamesystem.DefaultAuditLogger defaultAuditLogger = auditLoggers.get(0) instanceof FSNamesystem.FSNamesystemAuditLogger);
(FSNamesystem.DefaultAuditLogger) auditLoggers.get(0); FSNamesystem.FSNamesystemAuditLogger defaultAuditLogger =
(FSNamesystem.FSNamesystemAuditLogger) auditLoggers.get(0);
assertTrue(defaultAuditLogger.getCallerContextEnabled()); assertTrue(defaultAuditLogger.getCallerContextEnabled());
// Not to specify any audit loggers in config // Not to specify any audit loggers in config
@ -262,7 +263,7 @@ public void testInitAuditLoggers() throws IOException {
// the audit loggers order is not defined // the audit loggers order is not defined
for (AuditLogger auditLogger : auditLoggers) { for (AuditLogger auditLogger : auditLoggers) {
assertThat(auditLogger, assertThat(auditLogger,
either(instanceOf(FSNamesystem.DefaultAuditLogger.class)) either(instanceOf(FSNamesystem.FSNamesystemAuditLogger.class))
.or(instanceOf(TopAuditLogger.class))); .or(instanceOf(TopAuditLogger.class)));
} }
@ -275,7 +276,7 @@ public void testInitAuditLoggers() throws IOException {
assertTrue(auditLoggers.size() == 2); assertTrue(auditLoggers.size() == 2);
for (AuditLogger auditLogger : auditLoggers) { for (AuditLogger auditLogger : auditLoggers) {
assertThat(auditLogger, assertThat(auditLogger,
either(instanceOf(FSNamesystem.DefaultAuditLogger.class)) either(instanceOf(FSNamesystem.FSNamesystemAuditLogger.class))
.or(instanceOf(TopAuditLogger.class))); .or(instanceOf(TopAuditLogger.class)));
} }
@ -289,7 +290,7 @@ public void testInitAuditLoggers() throws IOException {
assertTrue(auditLoggers.size() == 3); assertTrue(auditLoggers.size() == 3);
for (AuditLogger auditLogger : auditLoggers) { for (AuditLogger auditLogger : auditLoggers) {
assertThat(auditLogger, assertThat(auditLogger,
either(instanceOf(FSNamesystem.DefaultAuditLogger.class)) either(instanceOf(FSNamesystem.FSNamesystemAuditLogger.class))
.or(instanceOf(TopAuditLogger.class)) .or(instanceOf(TopAuditLogger.class))
.or(instanceOf(DummyAuditLogger.class))); .or(instanceOf(DummyAuditLogger.class)));
} }