YARN-9762. Add submission context label to audit logs. Contributed by Manoj Kumar

(cherry picked from commit 3d78b1223d)
This commit is contained in:
Jonathan Hung 2019-09-23 11:42:41 -07:00
parent f9f0338104
commit a1fa9a8a7f
3 changed files with 69 additions and 11 deletions

View File

@ -694,13 +694,15 @@ public class ClientRMService extends AbstractService implements
" submitted by user " + user); " submitted by user " + user);
RMAuditLogger.logSuccess(user, AuditConstants.SUBMIT_APP_REQUEST, RMAuditLogger.logSuccess(user, AuditConstants.SUBMIT_APP_REQUEST,
"ClientRMService", applicationId, callerContext, "ClientRMService", applicationId, callerContext,
submissionContext.getQueue()); submissionContext.getQueue(),
submissionContext.getNodeLabelExpression());
} catch (YarnException e) { } catch (YarnException e) {
LOG.info("Exception in submitting " + applicationId, e); LOG.info("Exception in submitting " + applicationId, e);
RMAuditLogger.logFailure(user, AuditConstants.SUBMIT_APP_REQUEST, RMAuditLogger.logFailure(user, AuditConstants.SUBMIT_APP_REQUEST,
e.getMessage(), "ClientRMService", e.getMessage(), "ClientRMService",
"Exception in submitting application", applicationId, callerContext, "Exception in submitting application", applicationId, callerContext,
submissionContext.getQueue()); submissionContext.getQueue(),
submissionContext.getNodeLabelExpression());
throw e; throw e;
} }

View File

@ -275,6 +275,16 @@ public class RMAuditLogger {
} }
} }
public static void logSuccess(String user, String operation, String target,
ApplicationId appId, CallerContext callerContext, String queueName,
String partition) {
if (LOG.isInfoEnabled()) {
LOG.info(
createSuccessLog(user, operation, target, appId, null, null, null,
callerContext, Server.getRemoteIp(), queueName, partition));
}
}
/** /**
* Create a readable and parseable audit log string for a successful event. * Create a readable and parseable audit log string for a successful event.
* *
@ -395,7 +405,8 @@ public class RMAuditLogger {
static String createFailureLog(String user, String operation, String perm, static String createFailureLog(String user, String operation, String perm,
String target, String description, ApplicationId appId, String target, String description, ApplicationId appId,
ApplicationAttemptId attemptId, ContainerId containerId, ApplicationAttemptId attemptId, ContainerId containerId,
Resource resource, CallerContext callerContext, String queueName) { Resource resource, CallerContext callerContext, String queueName,
String partition) {
StringBuilder b = createStringBuilderForFailureLog(user, StringBuilder b = createStringBuilderForFailureLog(user,
operation, target, description, perm); operation, target, description, perm);
if (appId != null) { if (appId != null) {
@ -414,6 +425,10 @@ public class RMAuditLogger {
if (queueName != null) { if (queueName != null) {
add(Keys.QUEUENAME, queueName, b); add(Keys.QUEUENAME, queueName, b);
} }
if (partition != null) {
add(Keys.NODELABEL, partition, b);
}
return b.toString(); return b.toString();
} }
@ -424,7 +439,7 @@ public class RMAuditLogger {
String target, String description, ApplicationId appId, String target, String description, ApplicationId appId,
ApplicationAttemptId attemptId, ContainerId containerId, Resource resource) { ApplicationAttemptId attemptId, ContainerId containerId, Resource resource) {
return createFailureLog(user, operation, perm, target, description, appId, return createFailureLog(user, operation, perm, target, description, appId,
attemptId, containerId, resource, null, null); attemptId, containerId, resource, null, null, null);
} }
/** /**
@ -496,7 +511,7 @@ public class RMAuditLogger {
CallerContext callerContext) { CallerContext callerContext) {
if (LOG.isWarnEnabled()) { if (LOG.isWarnEnabled()) {
LOG.warn(createFailureLog(user, operation, perm, target, description, LOG.warn(createFailureLog(user, operation, perm, target, description,
appId, null, null, null, callerContext, null)); appId, null, null, null, callerContext, null, null));
} }
} }
@ -505,7 +520,7 @@ public class RMAuditLogger {
CallerContext callerContext, String queueName) { CallerContext callerContext, String queueName) {
if (LOG.isWarnEnabled()) { if (LOG.isWarnEnabled()) {
LOG.warn(createFailureLog(user, operation, perm, target, description, LOG.warn(createFailureLog(user, operation, perm, target, description,
appId, null, null, null, callerContext, queueName)); appId, null, null, null, callerContext, queueName, null));
} }
} }
@ -537,7 +552,7 @@ public class RMAuditLogger {
String queueName) { String queueName) {
if (LOG.isWarnEnabled()) { if (LOG.isWarnEnabled()) {
LOG.warn(createFailureLog(user, operation, perm, target, description, LOG.warn(createFailureLog(user, operation, perm, target, description,
appId, null, null, null, null, queueName)); appId, null, null, null, null, queueName, null));
} }
} }
@ -585,6 +600,34 @@ public class RMAuditLogger {
} }
} }
/**
* Create a readable and parseable audit log string for a failed event.
*
* @param user User who made the service request.
* @param operation Operation requested by the user.
* @param perm Target permissions.
* @param target The target on which the operation is being performed.
* @param description Some additional information as to why the operation
* failed.
* @param appId ApplicationId in which operation was performed.
* @param callerContext Caller context
* @param queueName Name of queue.
* @param partition Name of labeled partition.
*
* <br><br>
* Note that the {@link RMAuditLogger} uses tabs ('\t') as a key-val delimiter
* and hence the value fields should not contains tabs ('\t').
*/
public static void logFailure(String user, String operation, String perm,
String target, String description, ApplicationId appId,
CallerContext callerContext, String queueName, String partition) {
if (LOG.isWarnEnabled()) {
LOG.warn(
createFailureLog(user, operation, perm, target, description, appId,
null, null, null, callerContext, queueName, partition));
}
}
/** /**
* A helper api to add remote IP address. * A helper api to add remote IP address.
*/ */

View File

@ -293,16 +293,17 @@ public class TestRMAuditLogger {
ApplicationAttemptId attemptId, ContainerId containerId, ApplicationAttemptId attemptId, ContainerId containerId,
CallerContext callerContext, Resource resource) { CallerContext callerContext, Resource resource) {
testFailureLogFormatHelper(checkIP, appId, attemptId, containerId, testFailureLogFormatHelper(checkIP, appId, attemptId, containerId,
callerContext, resource, null); callerContext, resource, null, null, null);
} }
private void testFailureLogFormatHelper(boolean checkIP, ApplicationId appId, private void testFailureLogFormatHelper(boolean checkIP, ApplicationId appId,
ApplicationAttemptId attemptId, ContainerId containerId, ApplicationAttemptId attemptId, ContainerId containerId,
CallerContext callerContext, Resource resource, CallerContext callerContext, Resource resource,
RMAuditLogger.ArgsBuilder args) { String queueName, String partition, RMAuditLogger.ArgsBuilder args) {
String fLog = args == null ? String fLog = args == null ?
RMAuditLogger.createFailureLog(USER, OPERATION, PERM, TARGET, DESC, RMAuditLogger.createFailureLog(USER, OPERATION, PERM, TARGET, DESC,
appId, attemptId, containerId, resource, callerContext, null) : appId, attemptId, containerId, resource, callerContext,
queueName, partition) :
RMAuditLogger.createFailureLog(USER, OPERATION, PERM, TARGET, DESC, RMAuditLogger.createFailureLog(USER, OPERATION, PERM, TARGET, DESC,
args); args);
StringBuilder expLog = new StringBuilder(); StringBuilder expLog = new StringBuilder();
@ -334,6 +335,12 @@ public class TestRMAuditLogger {
expLog.append("\tCALLERSIGNATURE=signature"); expLog.append("\tCALLERSIGNATURE=signature");
} }
} }
if (queueName != null) {
expLog.append("\tQUEUENAME=" + QUEUE);
}
if (partition != null) {
expLog.append("\tNODELABEL=" + PARTITION);
}
if (args != null) { if (args != null) {
expLog.append("\tQUEUENAME=root"); expLog.append("\tQUEUENAME=root");
expLog.append("\tRECURSIVE=true"); expLog.append("\tRECURSIVE=true");
@ -364,10 +371,16 @@ public class TestRMAuditLogger {
testFailureLogFormatHelper(checkIP, APPID, ATTEMPTID, CONTAINERID, testFailureLogFormatHelper(checkIP, APPID, ATTEMPTID, CONTAINERID,
new CallerContext.Builder(CALLER_CONTEXT).setSignature(CALLER_SIGNATURE) new CallerContext.Builder(CALLER_CONTEXT).setSignature(CALLER_SIGNATURE)
.build(), RESOURCE); .build(), RESOURCE);
testFailureLogFormatHelper(checkIP, APPID, ATTEMPTID, CONTAINERID,
new CallerContext.Builder(CALLER_CONTEXT).setSignature(CALLER_SIGNATURE)
.build(), RESOURCE, QUEUE, null, null);
testFailureLogFormatHelper(checkIP, APPID, ATTEMPTID, CONTAINERID,
new CallerContext.Builder(CALLER_CONTEXT).setSignature(CALLER_SIGNATURE)
.build(), RESOURCE, QUEUE, PARTITION, null);
RMAuditLogger.ArgsBuilder args = new RMAuditLogger.ArgsBuilder() RMAuditLogger.ArgsBuilder args = new RMAuditLogger.ArgsBuilder()
.append(Keys.QUEUENAME, QUEUE).append(Keys.RECURSIVE, "true"); .append(Keys.QUEUENAME, QUEUE).append(Keys.RECURSIVE, "true");
testFailureLogFormatHelper(checkIP, null, null, null, null, null, testFailureLogFormatHelper(checkIP, null, null, null, null, null,
args); null, null, args);
} }
/** /**