+ * http://www.apache.org/licenses/LICENSE-2.0 + *
+ * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS,WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ + +package org.apache.hadoop.ozone.audit; + +/** + * Interface to define AuditAction. + */ +public interface AuditAction { + /** + * Implementation must override. + * @return String + */ + String getAction(); +} + diff --git a/hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/audit/AuditEventStatus.java b/hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/audit/AuditEventStatus.java new file mode 100644 index 00000000000..098ab6b2f7f --- /dev/null +++ b/hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/audit/AuditEventStatus.java @@ -0,0 +1,36 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.hadoop.ozone.audit; + +/** + * Enum to define AuditEventStatus values. + */ +public enum AuditEventStatus { + SUCCESS("SUCCESS"), + FAILURE("FAILURE"); + + private String status; + + AuditEventStatus(String status){ + this.status = status; + } + + public String getStatus() { + return status; + } +} diff --git a/hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/audit/AuditLogger.java b/hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/audit/AuditLogger.java new file mode 100644 index 00000000000..46ffaab9ef5 --- /dev/null +++ b/hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/audit/AuditLogger.java @@ -0,0 +1,128 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with this + * work for additional information regarding copyright ownership. The ASF + * licenses this file to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + *
+ * http://www.apache.org/licenses/LICENSE-2.0 + *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+package org.apache.hadoop.ozone.audit;
+
+import com.google.common.annotations.VisibleForTesting;
+import org.apache.logging.log4j.Level;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Marker;
+import org.apache.logging.log4j.message.StructuredDataMessage;
+import org.apache.logging.log4j.spi.ExtendedLogger;
+
+import java.util.Map;
+
+/**
+ * Class to define Audit Logger for Ozone.
+ */
+public class AuditLogger {
+
+ private ExtendedLogger logger;
+
+ private static final String SUCCESS = AuditEventStatus.SUCCESS.getStatus();
+ private static final String FAILURE = AuditEventStatus.FAILURE.getStatus();
+ private static final String FQCN = AuditLogger.class.getName();
+ private static final Marker WRITE_MARKER = AuditMarker.WRITE.getMarker();
+ private static final Marker READ_MARKER = AuditMarker.READ.getMarker();
+
+ /**
+ * Parametrized Constructor to initialize logger.
+ * @param type
+ */
+ public AuditLogger(AuditLoggerType type){
+ initializeLogger(type);
+ }
+
+ /**
+ * Initializes the logger with specific type.
+ * @param loggerType specified one of the values from enum AuditLoggerType.
+ */
+ private void initializeLogger(AuditLoggerType loggerType){
+ this.logger = LogManager.getContext(false).getLogger(loggerType.getType());
+ }
+
+ @VisibleForTesting
+ public ExtendedLogger getLogger() {
+ return logger;
+ }
+
+ public void logWriteSuccess(AuditAction type, Map
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+package org.apache.hadoop.ozone.audit;
+
+/**
+ * Enumeration for defining types of Audit Loggers in Ozone.
+ */
+public enum AuditLoggerType {
+ DNLOGGER("DNAudit"),
+ OMLOGGER("OMAudit"),
+ SCMLOGGER("SCMAudit");
+
+ private String type;
+
+ public String getType() {
+ return type;
+ }
+
+ AuditLoggerType(String type){
+ this.type = type;
+ }
+}
diff --git a/hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/audit/AuditMarker.java b/hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/audit/AuditMarker.java
new file mode 100644
index 00000000000..505b9580715
--- /dev/null
+++ b/hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/audit/AuditMarker.java
@@ -0,0 +1,38 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with this
+ * work for additional information regarding copyright ownership. The ASF
+ * licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.hadoop.ozone.audit;
+
+import org.apache.logging.log4j.Marker;
+import org.apache.logging.log4j.MarkerManager;
+
+/**
+ * Defines audit marker types.
+ */
+public enum AuditMarker {
+ WRITE(MarkerManager.getMarker("WRITE")),
+ READ(MarkerManager.getMarker("READ"));
+
+ private Marker marker;
+
+ AuditMarker(Marker marker){
+ this.marker = marker;
+ }
+
+ public Marker getMarker(){
+ return marker;
+ }
+}
diff --git a/hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/audit/Auditable.java b/hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/audit/Auditable.java
new file mode 100644
index 00000000000..d388bca72f1
--- /dev/null
+++ b/hadoop-hdds/common/src/main/java/org/apache/hadoop/ozone/audit/Auditable.java
@@ -0,0 +1,32 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with this
+ * work for additional information regarding copyright ownership. The ASF
+ * licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+package org.apache.hadoop.ozone.audit;
+
+import java.util.Map;
+
+/**
+ * Interface to make an entity auditable.
+ */
+public interface Auditable {
+ /**
+ * Must override in implementation.
+ * @return Map
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.hadoop.ozone.audit;
+/**
+ ******************************************************************************
+ * Important
+ * 1. Any changes to classes in this package can render the logging
+ * framework broken.
+ * 2. The logger framework has been designed keeping in mind future
+ * plans to build a log parser.
+ * 3. Please exercise great caution when attempting changes in this package.
+ ******************************************************************************
+ *
+ *
+ * This package lays the foundation for Audit logging in Ozone.
+ * AuditLogging in Ozone has been built using log4j2 which brings in new
+ * features that facilitate turning on/off selective audit events by using
+ * MarkerFilter, checking for change in logging configuration periodically
+ * and reloading the changes, use of disruptor framework for improved
+ * Asynchronous logging.
+ *
+ * The log4j2 configurations can be specified in XML, YAML, JSON and
+ * Properties file. For Ozone, we are using the Properties file due to sheer
+ * simplicity, readability and ease of modification.
+ *
+ * log4j2 configuration file can be passed to startup command with option
+ * -Dlog4j.configurationFile unlike -Dlog4j.configuration in log4j 1.x
+ *
+ ******************************************************************************
+ * Understanding the Audit Logging framework in Ozone.
+ ******************************************************************************
+ * **** Auditable ***
+ * This is an interface to mark an entity as auditable.
+ * This interface must be implemented by entities requiring audit logging.
+ * For example - KSMVolumeArgs, KSMBucketArgs.
+ * The implementing class must override toAuditMap() to return an
+ * instance of Map
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+package org.apache.hadoop.ozone.audit;
+
+/**
+ * Enum to define Dummy AuditAction Type for test.
+ */
+public enum DummyAction implements AuditAction {
+
+ CREATE_VOLUME("CREATE_VOLUME"),
+ CREATE_BUCKET("CREATE_BUCKET"),
+ CREATE_KEY("CREATE_KEY"),
+ READ_VOLUME("READ_VOLUME"),
+ READ_BUCKET("READ_BUCKET"),
+ READ_KEY("READ_BUCKET"),
+ UPDATE_VOLUME("UPDATE_VOLUME"),
+ UPDATE_BUCKET("UPDATE_BUCKET"),
+ UPDATE_KEY("UPDATE_KEY"),
+ DELETE_VOLUME("DELETE_VOLUME"),
+ DELETE_BUCKET("DELETE_BUCKET"),
+ DELETE_KEY("DELETE_KEY"),
+ SET_OWNER("SET_OWNER"),
+ SET_QUOTA("SET_QUOTA");
+
+ private String action;
+
+ DummyAction(String action) {
+ this.action = action;
+ }
+
+ @Override
+ public String getAction() {
+ return this.action;
+ }
+
+}
diff --git a/hadoop-hdds/common/src/test/java/org/apache/hadoop/ozone/audit/DummyEntity.java b/hadoop-hdds/common/src/test/java/org/apache/hadoop/ozone/audit/DummyEntity.java
new file mode 100644
index 00000000000..0c2d98fab29
--- /dev/null
+++ b/hadoop-hdds/common/src/test/java/org/apache/hadoop/ozone/audit/DummyEntity.java
@@ -0,0 +1,57 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with this
+ * work for additional information regarding copyright ownership. The ASF
+ * licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.hadoop.ozone.audit;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * DummyEntity that implements Auditable for test purpose.
+ */
+public class DummyEntity implements Auditable {
+
+ private String key1;
+ private String key2;
+
+ public DummyEntity(){
+ this.key1 = "value1";
+ this.key2 = "value2";
+ }
+ public String getKey1() {
+ return key1;
+ }
+
+ public void setKey1(String key1) {
+ this.key1 = key1;
+ }
+
+ public String getKey2() {
+ return key2;
+ }
+
+ public void setKey2(String key2) {
+ this.key2 = key2;
+ }
+
+ @Override
+ public Map
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations under
+# the License.
+#
+name=PropertiesConfig
+
+# Checks for config change periodically and reloads
+monitorInterval=5
+
+filter=read, write
+# filter.read.onMatch = DENY avoids logging all READ events
+# filter.read.onMatch = ACCEPT permits logging all READ events
+# The above two settings ignore the log levels in configuration
+# filter.read.onMatch = NEUTRAL permits logging of only those READ events
+# which are attempted at log level equal or greater than log level specified
+# in the configuration
+filter.read.type = MarkerFilter
+filter.read.marker = READ
+filter.read.onMatch = DENY
+filter.read.onMismatch = NEUTRAL
+
+# filter.write.onMatch = DENY avoids logging all WRITE events
+# filter.write.onMatch = ACCEPT permits logging all WRITE events
+# The above two settings ignore the log levels in configuration
+# filter.write.onMatch = NEUTRAL permits logging of only those WRITE events
+# which are attempted at log level equal or greater than log level specified
+# in the configuration
+filter.write.type = MarkerFilter
+filter.write.marker = WRITE
+filter.write.onMatch = NEUTRAL
+filter.write.onMismatch = NEUTRAL
+
+# Log Levels are organized from most specific to least:
+# OFF (most specific, no logging)
+# FATAL (most specific, little data)
+# ERROR
+# WARN
+# INFO
+# DEBUG
+# TRACE (least specific, a lot of data)
+# ALL (least specific, all data)
+
+appenders = console, audit
+appender.console.type = Console
+appender.console.name = STDOUT
+appender.console.layout.type = PatternLayout
+appender.console.layout.pattern = [%-5level] %c{1} - %msg%n
+
+appender.audit.type = File
+appender.audit.name = AUDITLOG
+appender.audit.fileName=audit.log
+appender.audit.layout.type=PatternLayout
+appender.audit.layout.pattern= [%-5level] %c{1} - %msg%n
+
+loggers=audit
+logger.audit.type=AsyncLogger
+logger.audit.name=OMAudit
+logger.audit.level = INFO
+logger.audit.appenderRefs = audit
+logger.audit.appenderRef.file.ref = AUDITLOG
+
+rootLogger.level = INFO
+rootLogger.appenderRefs = stdout
+rootLogger.appenderRef.stdout.ref = STDOUT
diff --git a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/audit/OMAction.java b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/audit/OMAction.java
new file mode 100644
index 00000000000..d780ea2c93b
--- /dev/null
+++ b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/audit/OMAction.java
@@ -0,0 +1,51 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with this
+ * work for additional information regarding copyright ownership. The ASF
+ * licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+package org.apache.hadoop.ozone.audit;
+
+/**
+ * Enum to define OM Action types for Audit.
+ */
+public enum OMAction implements AuditAction {
+
+ CREATE_VOLUME("CREATE_VOLUME"),
+ CREATE_BUCKET("CREATE_BUCKET"),
+ CREATE_KEY("CREATE_KEY"),
+ READ_VOLUME("READ_VOLUME"),
+ READ_BUCKET("READ_BUCKET"),
+ READ_KEY("READ_BUCKET"),
+ UPDATE_VOLUME("UPDATE_VOLUME"),
+ UPDATE_BUCKET("UPDATE_BUCKET"),
+ UPDATE_KEY("UPDATE_KEY"),
+ DELETE_VOLUME("DELETE_VOLUME"),
+ DELETE_BUCKET("DELETE_BUCKET"),
+ DELETE_KEY("DELETE_KEY"),
+ SET_OWNER("SET_OWNER"),
+ SET_QUOTA("SET_QUOTA");
+
+ private String action;
+
+ OMAction(String action) {
+ this.action = action;
+ }
+
+ @Override
+ public String getAction() {
+ return this.action;
+ }
+
+}
diff --git a/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/audit/package-info.java b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/audit/package-info.java
new file mode 100644
index 00000000000..0f887909d49
--- /dev/null
+++ b/hadoop-ozone/common/src/main/java/org/apache/hadoop/ozone/audit/package-info.java
@@ -0,0 +1,22 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with this
+ * work for additional information regarding copyright ownership. The ASF
+ * licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.hadoop.ozone.audit;
+/**
+ * This package defines OMAction - an implementation of AuditAction
+ * OMAction defines audit action types for various actions that will be
+ * audited in OzoneManager.
+ */