Apache
/
hbase
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HBASE-22759 Extended grant and revoke audit events with caller info - ADDENDUM 

Added remote address to grant/revoke audit log messages
This commit is contained in:
Andor Molnár 2019-08-06 11:44:13 +02:00 committed by Peter Somogyi
parent 94e35d8cdf
commit 9a6494f02f
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
View File

@ -23,6 +23,7 @@ import com.google.protobuf.RpcCallback;
import com.google.protobuf.RpcController;
import com.google.protobuf.Service;
import java.io.IOException;
import java.net.InetAddress;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Collection;
@ -2072,7 +2073,8 @@ public class AccessController implements MasterCoprocessor, RegionCoprocessor,
if (AUDITLOG.isTraceEnabled()) {
// audit log should store permission changes in addition to auth results
AUDITLOG.trace("User {} granted permission {}", caller, perm);
String remoteAddress = RpcServer.getRemoteAddress().map(InetAddress::toString).orElse("");
AUDITLOG.trace("User {} (remote address: {}) granted permission {}", caller, remoteAddress, perm);
}
} else {
throw new CoprocessorException(AccessController.class, "This method "
@ -2129,7 +2131,8 @@ public class AccessController implements MasterCoprocessor, RegionCoprocessor,
if (AUDITLOG.isTraceEnabled()) {
// audit log should record all permission changes
AUDITLOG.trace("User {} revoked permission {}", caller, perm);
String remoteAddress = RpcServer.getRemoteAddress().map(InetAddress::toString).orElse("");
AUDITLOG.trace("User {} (remote address: {}) revoked permission {}", caller, remoteAddress, perm);
}
} else {
throw new CoprocessorException(AccessController.class, "This method "