YARN-9762. Add submission context label to audit logs. Contributed by Manoj Kumar
This commit is contained in:
parent
c30e495557
commit
3d78b1223d
|
@ -695,13 +695,15 @@ public class ClientRMService extends AbstractService implements
|
|||
" submitted by user " + user);
|
||||
RMAuditLogger.logSuccess(user, AuditConstants.SUBMIT_APP_REQUEST,
|
||||
"ClientRMService", applicationId, callerContext,
|
||||
submissionContext.getQueue());
|
||||
submissionContext.getQueue(),
|
||||
submissionContext.getNodeLabelExpression());
|
||||
} catch (YarnException e) {
|
||||
LOG.info("Exception in submitting " + applicationId, e);
|
||||
RMAuditLogger.logFailure(user, AuditConstants.SUBMIT_APP_REQUEST,
|
||||
e.getMessage(), "ClientRMService",
|
||||
"Exception in submitting application", applicationId, callerContext,
|
||||
submissionContext.getQueue());
|
||||
submissionContext.getQueue(),
|
||||
submissionContext.getNodeLabelExpression());
|
||||
throw e;
|
||||
}
|
||||
|
||||
|
|
|
@ -271,6 +271,16 @@ public class RMAuditLogger {
|
|||
}
|
||||
}
|
||||
|
||||
public static void logSuccess(String user, String operation, String target,
|
||||
ApplicationId appId, CallerContext callerContext, String queueName,
|
||||
String partition) {
|
||||
if (LOG.isInfoEnabled()) {
|
||||
LOG.info(
|
||||
createSuccessLog(user, operation, target, appId, null, null, null,
|
||||
callerContext, Server.getRemoteIp(), queueName, partition));
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Create a readable and parseable audit log string for a successful event.
|
||||
*
|
||||
|
@ -391,7 +401,8 @@ public class RMAuditLogger {
|
|||
static String createFailureLog(String user, String operation, String perm,
|
||||
String target, String description, ApplicationId appId,
|
||||
ApplicationAttemptId attemptId, ContainerId containerId,
|
||||
Resource resource, CallerContext callerContext, String queueName) {
|
||||
Resource resource, CallerContext callerContext, String queueName,
|
||||
String partition) {
|
||||
StringBuilder b = createStringBuilderForFailureLog(user,
|
||||
operation, target, description, perm);
|
||||
if (appId != null) {
|
||||
|
@ -410,6 +421,10 @@ public class RMAuditLogger {
|
|||
if (queueName != null) {
|
||||
add(Keys.QUEUENAME, queueName, b);
|
||||
}
|
||||
if (partition != null) {
|
||||
add(Keys.NODELABEL, partition, b);
|
||||
}
|
||||
|
||||
return b.toString();
|
||||
}
|
||||
|
||||
|
@ -420,7 +435,7 @@ public class RMAuditLogger {
|
|||
String target, String description, ApplicationId appId,
|
||||
ApplicationAttemptId attemptId, ContainerId containerId, Resource resource) {
|
||||
return createFailureLog(user, operation, perm, target, description, appId,
|
||||
attemptId, containerId, resource, null, null);
|
||||
attemptId, containerId, resource, null, null, null);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -492,7 +507,7 @@ public class RMAuditLogger {
|
|||
CallerContext callerContext) {
|
||||
if (LOG.isWarnEnabled()) {
|
||||
LOG.warn(createFailureLog(user, operation, perm, target, description,
|
||||
appId, null, null, null, callerContext, null));
|
||||
appId, null, null, null, callerContext, null, null));
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -501,7 +516,7 @@ public class RMAuditLogger {
|
|||
CallerContext callerContext, String queueName) {
|
||||
if (LOG.isWarnEnabled()) {
|
||||
LOG.warn(createFailureLog(user, operation, perm, target, description,
|
||||
appId, null, null, null, callerContext, queueName));
|
||||
appId, null, null, null, callerContext, queueName, null));
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -533,7 +548,7 @@ public class RMAuditLogger {
|
|||
String queueName) {
|
||||
if (LOG.isWarnEnabled()) {
|
||||
LOG.warn(createFailureLog(user, operation, perm, target, description,
|
||||
appId, null, null, null, null, queueName));
|
||||
appId, null, null, null, null, queueName, null));
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -581,6 +596,34 @@ public class RMAuditLogger {
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Create a readable and parseable audit log string for a failed event.
|
||||
*
|
||||
* @param user User who made the service request.
|
||||
* @param operation Operation requested by the user.
|
||||
* @param perm Target permissions.
|
||||
* @param target The target on which the operation is being performed.
|
||||
* @param description Some additional information as to why the operation
|
||||
* failed.
|
||||
* @param appId ApplicationId in which operation was performed.
|
||||
* @param callerContext Caller context
|
||||
* @param queueName Name of queue.
|
||||
* @param partition Name of labeled partition.
|
||||
*
|
||||
* <br><br>
|
||||
* Note that the {@link RMAuditLogger} uses tabs ('\t') as a key-val delimiter
|
||||
* and hence the value fields should not contains tabs ('\t').
|
||||
*/
|
||||
public static void logFailure(String user, String operation, String perm,
|
||||
String target, String description, ApplicationId appId,
|
||||
CallerContext callerContext, String queueName, String partition) {
|
||||
if (LOG.isWarnEnabled()) {
|
||||
LOG.warn(
|
||||
createFailureLog(user, operation, perm, target, description, appId,
|
||||
null, null, null, callerContext, queueName, partition));
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* A helper api to add remote IP address.
|
||||
*/
|
||||
|
|
|
@ -293,16 +293,17 @@ public class TestRMAuditLogger {
|
|||
ApplicationAttemptId attemptId, ContainerId containerId,
|
||||
CallerContext callerContext, Resource resource) {
|
||||
testFailureLogFormatHelper(checkIP, appId, attemptId, containerId,
|
||||
callerContext, resource, null);
|
||||
callerContext, resource, null, null, null);
|
||||
}
|
||||
|
||||
private void testFailureLogFormatHelper(boolean checkIP, ApplicationId appId,
|
||||
ApplicationAttemptId attemptId, ContainerId containerId,
|
||||
CallerContext callerContext, Resource resource,
|
||||
RMAuditLogger.ArgsBuilder args) {
|
||||
String queueName, String partition, RMAuditLogger.ArgsBuilder args) {
|
||||
String fLog = args == null ?
|
||||
RMAuditLogger.createFailureLog(USER, OPERATION, PERM, TARGET, DESC,
|
||||
appId, attemptId, containerId, resource, callerContext, null) :
|
||||
appId, attemptId, containerId, resource, callerContext,
|
||||
queueName, partition) :
|
||||
RMAuditLogger.createFailureLog(USER, OPERATION, PERM, TARGET, DESC,
|
||||
args);
|
||||
StringBuilder expLog = new StringBuilder();
|
||||
|
@ -334,6 +335,12 @@ public class TestRMAuditLogger {
|
|||
expLog.append("\tCALLERSIGNATURE=signature");
|
||||
}
|
||||
}
|
||||
if (queueName != null) {
|
||||
expLog.append("\tQUEUENAME=" + QUEUE);
|
||||
}
|
||||
if (partition != null) {
|
||||
expLog.append("\tNODELABEL=" + PARTITION);
|
||||
}
|
||||
if (args != null) {
|
||||
expLog.append("\tQUEUENAME=root");
|
||||
expLog.append("\tRECURSIVE=true");
|
||||
|
@ -364,10 +371,16 @@ public class TestRMAuditLogger {
|
|||
testFailureLogFormatHelper(checkIP, APPID, ATTEMPTID, CONTAINERID,
|
||||
new CallerContext.Builder(CALLER_CONTEXT).setSignature(CALLER_SIGNATURE)
|
||||
.build(), RESOURCE);
|
||||
testFailureLogFormatHelper(checkIP, APPID, ATTEMPTID, CONTAINERID,
|
||||
new CallerContext.Builder(CALLER_CONTEXT).setSignature(CALLER_SIGNATURE)
|
||||
.build(), RESOURCE, QUEUE, null, null);
|
||||
testFailureLogFormatHelper(checkIP, APPID, ATTEMPTID, CONTAINERID,
|
||||
new CallerContext.Builder(CALLER_CONTEXT).setSignature(CALLER_SIGNATURE)
|
||||
.build(), RESOURCE, QUEUE, PARTITION, null);
|
||||
RMAuditLogger.ArgsBuilder args = new RMAuditLogger.ArgsBuilder()
|
||||
.append(Keys.QUEUENAME, QUEUE).append(Keys.RECURSIVE, "true");
|
||||
testFailureLogFormatHelper(checkIP, null, null, null, null, null,
|
||||
args);
|
||||
null, null, args);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
Loading…
Reference in New Issue