diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/DefaultAuditLogger.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/DefaultAuditLogger.java new file mode 100644 index 00000000000..9ac0bec44ca --- /dev/null +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/DefaultAuditLogger.java @@ -0,0 +1,93 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.hdfs.server.namenode; + +import java.net.InetAddress; +import java.util.HashSet; +import java.util.Set; + +import org.apache.hadoop.classification.InterfaceAudience; +import org.apache.hadoop.classification.InterfaceStability; +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.fs.FileStatus; +import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenSecretManager; +import org.apache.hadoop.ipc.CallerContext; +import org.apache.hadoop.security.UserGroupInformation; + +/** + * This class provides an interface for Namenode and Router to Audit events + * information. This class can be extended and can be used when no access logger + * is defined in the config file. + */ +@InterfaceAudience.Public +@InterfaceStability.Evolving +public abstract class DefaultAuditLogger extends HdfsAuditLogger { + protected static final ThreadLocal STRING_BUILDER = + new ThreadLocal() { + @Override + protected StringBuilder initialValue() { + return new StringBuilder(); + } + }; + + protected volatile boolean isCallerContextEnabled; + + /** The maximum bytes a caller context string can have. */ + protected int callerContextMaxLen; + protected int callerSignatureMaxLen; + + /** adds a tracking ID for all audit log events. */ + protected boolean logTokenTrackingId; + + /** List of commands to provide debug messages. */ + protected Set debugCmdSet = new HashSet<>(); + + /** + * Enable or disable CallerContext. + * + * @param value true, enable CallerContext, otherwise false to disable it. + */ + void setCallerContextEnabled(final boolean value) { + isCallerContextEnabled = value; + } + + /** + * Get the value indicating if CallerContext is enabled. + * + * @return true, if CallerContext is enabled, otherwise false, if it's + * disabled. + */ + boolean getCallerContextEnabled() { + return isCallerContextEnabled; + } + + public abstract void initialize(Configuration conf); + + public abstract void logAuditMessage(String message); + + public abstract void logAuditEvent(boolean succeeded, String userName, + InetAddress addr, String cmd, String src, String dst, FileStatus status, + UserGroupInformation ugi, DelegationTokenSecretManager dtSecretManager); + + public abstract void logAuditEvent(boolean succeeded, String userName, + InetAddress addr, String cmd, String src, String dst, FileStatus status, + CallerContext callerContext, UserGroupInformation ugi, + DelegationTokenSecretManager dtSecretManager); + +} diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java index e340326bd3e..58fb93446b4 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java @@ -1061,7 +1061,7 @@ public class FSNamesystem implements Namesystem, FSNamesystemMBean, try { AuditLogger logger; if (DFS_NAMENODE_DEFAULT_AUDIT_LOGGER_NAME.equals(className)) { - logger = new DefaultAuditLogger(); + logger = new FSNamesystemAuditLogger(); } else { logger = (AuditLogger) Class.forName(className).newInstance(); } @@ -1077,9 +1077,9 @@ public class FSNamesystem implements Namesystem, FSNamesystemMBean, // Make sure there is at least one logger installed. if (auditLoggers.isEmpty()) { - DefaultAuditLogger defaultAuditLogger = new DefaultAuditLogger(); - defaultAuditLogger.initialize(conf); - auditLoggers.add(defaultAuditLogger); + FSNamesystemAuditLogger fsNamesystemAuditLogger = new FSNamesystemAuditLogger(); + fsNamesystemAuditLogger.initialize(conf); + auditLoggers.add(fsNamesystemAuditLogger); } // Add audit logger to calculate top users @@ -7976,46 +7976,12 @@ public class FSNamesystem implements Namesystem, FSNamesystemMBean, } /** - * Default AuditLogger implementation; used when no access logger is - * defined in the config file. It can also be explicitly listed in the + * FSNamesystem Default AuditLogger implementation;used when no access logger + * is defined in the config file. It can also be explicitly listed in the * config file. */ @VisibleForTesting - static class DefaultAuditLogger extends HdfsAuditLogger { - private static final ThreadLocal STRING_BUILDER = - new ThreadLocal() { - @Override - protected StringBuilder initialValue() { - return new StringBuilder(); - } - }; - - private volatile boolean isCallerContextEnabled; - private int callerContextMaxLen; - private int callerSignatureMaxLen; - - private boolean logTokenTrackingId; - private Set debugCmdSet = new HashSet(); - - /** - * Enable or disable CallerContext. - * - * @param value - * true, enable CallerContext, otherwise false to disable it. - */ - void setCallerContextEnabled(final boolean value) { - isCallerContextEnabled = value; - } - - /** - * Get the value indicating if CallerContext is enabled. - * - * @return true, if CallerContext is enabled, otherwise false, if it's - * disabled. - */ - boolean getCallerContextEnabled() { - return isCallerContextEnabled; - } + static class FSNamesystemAuditLogger extends DefaultAuditLogger { @Override public void initialize(Configuration conf) { diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestAuditLogAtDebug.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestAuditLogAtDebug.java index 62da809b8ea..eb3f7ab7184 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestAuditLogAtDebug.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestAuditLogAtDebug.java @@ -24,7 +24,7 @@ import org.slf4j.LoggerFactory; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.hdfs.DFSConfigKeys; import org.apache.hadoop.hdfs.HdfsConfiguration; -import org.apache.hadoop.hdfs.server.namenode.FSNamesystem.DefaultAuditLogger; +import org.apache.hadoop.hdfs.server.namenode.FSNamesystem.FSNamesystemAuditLogger; import org.apache.hadoop.test.GenericTestUtils; import org.apache.log4j.Level; import org.junit.Rule; @@ -54,7 +54,7 @@ public class TestAuditLogAtDebug { private DefaultAuditLogger makeSpyLogger( Level level, Optional> debugCommands) { - DefaultAuditLogger logger = new DefaultAuditLogger(); + DefaultAuditLogger logger = new FSNamesystemAuditLogger(); Configuration conf = new HdfsConfiguration(); if (debugCommands.isPresent()) { conf.set(DFSConfigKeys.DFS_NAMENODE_AUDIT_LOG_DEBUG_CMDLIST, diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestFSNamesystem.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestFSNamesystem.java index 18cd1b6399e..33067f7117e 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestFSNamesystem.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestFSNamesystem.java @@ -247,9 +247,10 @@ public class TestFSNamesystem { fsn = new FSNamesystem(conf, fsImage); auditLoggers = fsn.getAuditLoggers(); assertTrue(auditLoggers.size() == 1); - assertTrue(auditLoggers.get(0) instanceof FSNamesystem.DefaultAuditLogger); - FSNamesystem.DefaultAuditLogger defaultAuditLogger = - (FSNamesystem.DefaultAuditLogger) auditLoggers.get(0); + assertTrue( + auditLoggers.get(0) instanceof FSNamesystem.FSNamesystemAuditLogger); + FSNamesystem.FSNamesystemAuditLogger defaultAuditLogger = + (FSNamesystem.FSNamesystemAuditLogger) auditLoggers.get(0); assertTrue(defaultAuditLogger.getCallerContextEnabled()); // Not to specify any audit loggers in config @@ -262,7 +263,7 @@ public class TestFSNamesystem { // the audit loggers order is not defined for (AuditLogger auditLogger : auditLoggers) { assertThat(auditLogger, - either(instanceOf(FSNamesystem.DefaultAuditLogger.class)) + either(instanceOf(FSNamesystem.FSNamesystemAuditLogger.class)) .or(instanceOf(TopAuditLogger.class))); } @@ -275,7 +276,7 @@ public class TestFSNamesystem { assertTrue(auditLoggers.size() == 2); for (AuditLogger auditLogger : auditLoggers) { assertThat(auditLogger, - either(instanceOf(FSNamesystem.DefaultAuditLogger.class)) + either(instanceOf(FSNamesystem.FSNamesystemAuditLogger.class)) .or(instanceOf(TopAuditLogger.class))); } @@ -289,7 +290,7 @@ public class TestFSNamesystem { assertTrue(auditLoggers.size() == 3); for (AuditLogger auditLogger : auditLoggers) { assertThat(auditLogger, - either(instanceOf(FSNamesystem.DefaultAuditLogger.class)) + either(instanceOf(FSNamesystem.FSNamesystemAuditLogger.class)) .or(instanceOf(TopAuditLogger.class)) .or(instanceOf(DummyAuditLogger.class))); }