YARN-9762. Add submission context label to audit logs. Contributed by Manoj Kumar

This commit is contained in:
Jonathan Hung 2019-09-23 11:42:41 -07:00
parent c30e495557
commit 3d78b1223d
3 changed files with 69 additions and 11 deletions

View File

@ -695,13 +695,15 @@ public class ClientRMService extends AbstractService implements
" submitted by user " + user);
RMAuditLogger.logSuccess(user, AuditConstants.SUBMIT_APP_REQUEST,
"ClientRMService", applicationId, callerContext,
submissionContext.getQueue());
submissionContext.getQueue(),
submissionContext.getNodeLabelExpression());
} catch (YarnException e) {
LOG.info("Exception in submitting " + applicationId, e);
RMAuditLogger.logFailure(user, AuditConstants.SUBMIT_APP_REQUEST,
e.getMessage(), "ClientRMService",
"Exception in submitting application", applicationId, callerContext,
submissionContext.getQueue());
submissionContext.getQueue(),
submissionContext.getNodeLabelExpression());
throw e;
}

View File

@ -271,6 +271,16 @@ public class RMAuditLogger {
}
}
public static void logSuccess(String user, String operation, String target,
ApplicationId appId, CallerContext callerContext, String queueName,
String partition) {
if (LOG.isInfoEnabled()) {
LOG.info(
createSuccessLog(user, operation, target, appId, null, null, null,
callerContext, Server.getRemoteIp(), queueName, partition));
}
}
/**
* Create a readable and parseable audit log string for a successful event.
*
@ -391,7 +401,8 @@ public class RMAuditLogger {
static String createFailureLog(String user, String operation, String perm,
String target, String description, ApplicationId appId,
ApplicationAttemptId attemptId, ContainerId containerId,
Resource resource, CallerContext callerContext, String queueName) {
Resource resource, CallerContext callerContext, String queueName,
String partition) {
StringBuilder b = createStringBuilderForFailureLog(user,
operation, target, description, perm);
if (appId != null) {
@ -410,6 +421,10 @@ public class RMAuditLogger {
if (queueName != null) {
add(Keys.QUEUENAME, queueName, b);
}
if (partition != null) {
add(Keys.NODELABEL, partition, b);
}
return b.toString();
}
@ -420,7 +435,7 @@ public class RMAuditLogger {
String target, String description, ApplicationId appId,
ApplicationAttemptId attemptId, ContainerId containerId, Resource resource) {
return createFailureLog(user, operation, perm, target, description, appId,
attemptId, containerId, resource, null, null);
attemptId, containerId, resource, null, null, null);
}
/**
@ -492,7 +507,7 @@ public class RMAuditLogger {
CallerContext callerContext) {
if (LOG.isWarnEnabled()) {
LOG.warn(createFailureLog(user, operation, perm, target, description,
appId, null, null, null, callerContext, null));
appId, null, null, null, callerContext, null, null));
}
}
@ -501,7 +516,7 @@ public class RMAuditLogger {
CallerContext callerContext, String queueName) {
if (LOG.isWarnEnabled()) {
LOG.warn(createFailureLog(user, operation, perm, target, description,
appId, null, null, null, callerContext, queueName));
appId, null, null, null, callerContext, queueName, null));
}
}
@ -533,7 +548,7 @@ public class RMAuditLogger {
String queueName) {
if (LOG.isWarnEnabled()) {
LOG.warn(createFailureLog(user, operation, perm, target, description,
appId, null, null, null, null, queueName));
appId, null, null, null, null, queueName, null));
}
}
@ -581,6 +596,34 @@ public class RMAuditLogger {
}
}
/**
* Create a readable and parseable audit log string for a failed event.
*
* @param user User who made the service request.
* @param operation Operation requested by the user.
* @param perm Target permissions.
* @param target The target on which the operation is being performed.
* @param description Some additional information as to why the operation
* failed.
* @param appId ApplicationId in which operation was performed.
* @param callerContext Caller context
* @param queueName Name of queue.
* @param partition Name of labeled partition.
*
* <br><br>
* Note that the {@link RMAuditLogger} uses tabs ('\t') as a key-val delimiter
* and hence the value fields should not contains tabs ('\t').
*/
public static void logFailure(String user, String operation, String perm,
String target, String description, ApplicationId appId,
CallerContext callerContext, String queueName, String partition) {
if (LOG.isWarnEnabled()) {
LOG.warn(
createFailureLog(user, operation, perm, target, description, appId,
null, null, null, callerContext, queueName, partition));
}
}
/**
* A helper api to add remote IP address.
*/

View File

@ -293,16 +293,17 @@ public class TestRMAuditLogger {
ApplicationAttemptId attemptId, ContainerId containerId,
CallerContext callerContext, Resource resource) {
testFailureLogFormatHelper(checkIP, appId, attemptId, containerId,
callerContext, resource, null);
callerContext, resource, null, null, null);
}
private void testFailureLogFormatHelper(boolean checkIP, ApplicationId appId,
ApplicationAttemptId attemptId, ContainerId containerId,
CallerContext callerContext, Resource resource,
RMAuditLogger.ArgsBuilder args) {
String queueName, String partition, RMAuditLogger.ArgsBuilder args) {
String fLog = args == null ?
RMAuditLogger.createFailureLog(USER, OPERATION, PERM, TARGET, DESC,
appId, attemptId, containerId, resource, callerContext, null) :
appId, attemptId, containerId, resource, callerContext,
queueName, partition) :
RMAuditLogger.createFailureLog(USER, OPERATION, PERM, TARGET, DESC,
args);
StringBuilder expLog = new StringBuilder();
@ -334,6 +335,12 @@ public class TestRMAuditLogger {
expLog.append("\tCALLERSIGNATURE=signature");
}
}
if (queueName != null) {
expLog.append("\tQUEUENAME=" + QUEUE);
}
if (partition != null) {
expLog.append("\tNODELABEL=" + PARTITION);
}
if (args != null) {
expLog.append("\tQUEUENAME=root");
expLog.append("\tRECURSIVE=true");
@ -364,10 +371,16 @@ public class TestRMAuditLogger {
testFailureLogFormatHelper(checkIP, APPID, ATTEMPTID, CONTAINERID,
new CallerContext.Builder(CALLER_CONTEXT).setSignature(CALLER_SIGNATURE)
.build(), RESOURCE);
testFailureLogFormatHelper(checkIP, APPID, ATTEMPTID, CONTAINERID,
new CallerContext.Builder(CALLER_CONTEXT).setSignature(CALLER_SIGNATURE)
.build(), RESOURCE, QUEUE, null, null);
testFailureLogFormatHelper(checkIP, APPID, ATTEMPTID, CONTAINERID,
new CallerContext.Builder(CALLER_CONTEXT).setSignature(CALLER_SIGNATURE)
.build(), RESOURCE, QUEUE, PARTITION, null);
RMAuditLogger.ArgsBuilder args = new RMAuditLogger.ArgsBuilder()
.append(Keys.QUEUENAME, QUEUE).append(Keys.RECURSIVE, "true");
testFailureLogFormatHelper(checkIP, null, null, null, null, null,
args);
null, null, args);
}
/**