http://git-wip-us.apache.org/repos/asf/ambari/blob/1b1b3bc6/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/RecommendationIgnoreEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/RecommendationIgnoreEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/RecommendationIgnoreEventCreator.java new file mode 100644 index 0000000..c569bd1 --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/RecommendationIgnoreEventCreator.java @@ -0,0 +1,77 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.audit.event.request.eventcreator; + +import java.util.Collections; +import java.util.HashSet; +import java.util.Set; + +import org.apache.ambari.server.api.services.Request; +import org.apache.ambari.server.api.services.Result; +import org.apache.ambari.server.api.services.ResultStatus; +import org.apache.ambari.server.audit.event.AuditEvent; +import org.apache.ambari.server.audit.event.request.RequestAuditEventCreator; +import org.apache.ambari.server.controller.spi.Resource; + +/** + * This creator ignores recommendation post requests + * For resource type {@link Resource.Type#Recommendation} + * and request types {@link Request.Type#POST} + */ +public class RecommendationIgnoreEventCreator implements RequestAuditEventCreator { + + /** + * Set of {@link Request.Type}s that are handled by this plugin + */ + private Set<Request.Type> requestTypes = new HashSet<Request.Type>(); + + { + requestTypes.add(Request.Type.POST); + } + + /** + * {@inheritDoc} + */ + @Override + public Set<Request.Type> getRequestTypes() { + return requestTypes; + } + + /** + * {@inheritDoc} + */ + @Override + public Set<Resource.Type> getResourceTypes() { + return Collections.singleton(Resource.Type.Recommendation); + } + + /** + * {@inheritDoc} + */ + @Override + public Set<ResultStatus.STATUS> getResultStatuses() { + return null; + } + + @Override + public AuditEvent createAuditEvent(Request request, Result result) { + // intentionally skipping this event + return null; + } +}
http://git-wip-us.apache.org/repos/asf/ambari/blob/1b1b3bc6/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/RepositoryEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/RepositoryEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/RepositoryEventCreator.java new file mode 100644 index 0000000..379c58d --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/RepositoryEventCreator.java @@ -0,0 +1,124 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.audit.event.request.eventcreator; + +import java.util.Collections; +import java.util.HashSet; +import java.util.Set; + +import org.apache.ambari.server.api.services.Request; +import org.apache.ambari.server.api.services.Result; +import org.apache.ambari.server.api.services.ResultStatus; +import org.apache.ambari.server.audit.event.AuditEvent; +import org.apache.ambari.server.audit.event.request.RequestAuditEventCreator; +import org.apache.ambari.server.audit.event.request.event.AddRepositoryRequestAuditEvent; +import org.apache.ambari.server.audit.event.request.event.UpdateRepositoryRequestAuditEvent; +import org.apache.ambari.server.controller.spi.Resource; +import org.apache.ambari.server.controller.utilities.PropertyHelper; +import org.joda.time.DateTime; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.core.userdetails.User; + +/** + * This creator handles privilege requests + * For resource type {@link Resource.Type#Repository} + * and request types {@link Request.Type#POST} and {@link Request.Type#PUT} + */ +public class RepositoryEventCreator implements RequestAuditEventCreator { + + /** + * Set of {@link Request.Type}s that are handled by this plugin + */ + private Set<Request.Type> requestTypes = new HashSet<Request.Type>(); + + { + requestTypes.add(Request.Type.POST); + requestTypes.add(Request.Type.PUT); + } + + /** + * {@inheritDoc} + */ + @Override + public Set<Request.Type> getRequestTypes() { + return requestTypes; + } + + /** + * {@inheritDoc} + */ + @Override + public Set<Resource.Type> getResourceTypes() { + return Collections.singleton(Resource.Type.Repository); + } + + /** + * {@inheritDoc} + */ + @Override + public Set<ResultStatus.STATUS> getResultStatuses() { + return null; + } + + @Override + public AuditEvent createAuditEvent(Request request, Result result) { + String username = ((User) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername(); + + switch (request.getRequestType()) { + case POST: + return AddRepositoryRequestAuditEvent.builder() + .withTimestamp(DateTime.now()) + .withRequestType(request.getRequestType()) + .withResultStatus(result.getStatus()) + .withUrl(request.getURI()) + .withRemoteIp(request.getRemoteAddress()) + .withUserName(username) + .withRepo(getProperty(request, PropertyHelper.getPropertyId("Repositories", "repo_id"))) + .withStackName(getProperty(request, PropertyHelper.getPropertyId("Repositories", "stack_name"))) + .withStackVersion(getProperty(request, PropertyHelper.getPropertyId("Repositories", "stack_version"))) + .withOsType(getProperty(request, PropertyHelper.getPropertyId("Repositories", "os_type"))) + .withBaseUrl(getProperty(request, PropertyHelper.getPropertyId("Repositories", "base_url"))) + .build(); + case PUT: + return UpdateRepositoryRequestAuditEvent.builder() + .withTimestamp(DateTime.now()) + .withRequestType(request.getRequestType()) + .withResultStatus(result.getStatus()) + .withUrl(request.getURI()) + .withRemoteIp(request.getRemoteAddress()) + .withUserName(username) + .withRepo(getProperty(request, PropertyHelper.getPropertyId("Repositories", "repo_id"))) + .withStackName(getProperty(request, PropertyHelper.getPropertyId("Repositories", "stack_name"))) + .withStackVersion(getProperty(request, PropertyHelper.getPropertyId("Repositories", "stack_version"))) + .withOsType(getProperty(request, PropertyHelper.getPropertyId("Repositories", "os_type"))) + .withBaseUrl(getProperty(request, PropertyHelper.getPropertyId("Repositories", "base_url"))) + .build(); + default: + return null; + } + } + + private String getProperty(Request request, String properyId) { + if (!request.getBody().getPropertySets().isEmpty()) { + return String.valueOf(request.getBody().getPropertySets().iterator().next().get(properyId)); + } + return null; + } + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/1b1b3bc6/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/RepositoryVersionEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/RepositoryVersionEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/RepositoryVersionEventCreator.java new file mode 100644 index 0000000..14145e4 --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/RepositoryVersionEventCreator.java @@ -0,0 +1,181 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.audit.event.request.eventcreator; + +import java.util.Collections; +import java.util.HashMap; +import java.util.HashSet; +import java.util.LinkedList; +import java.util.List; +import java.util.Map; +import java.util.Set; + +import org.apache.ambari.server.api.services.Request; +import org.apache.ambari.server.api.services.Result; +import org.apache.ambari.server.api.services.ResultStatus; +import org.apache.ambari.server.audit.event.AuditEvent; +import org.apache.ambari.server.audit.event.request.RequestAuditEventCreator; +import org.apache.ambari.server.audit.event.request.event.AddRepositoryVersionRequestAuditEvent; +import org.apache.ambari.server.audit.event.request.event.ChangeRepositoryVersionRequestAuditEvent; +import org.apache.ambari.server.audit.event.request.event.DeleteRepositoryVersionRequestAuditEvent; +import org.apache.ambari.server.controller.spi.Resource; +import org.apache.ambari.server.controller.utilities.PropertyHelper; +import org.joda.time.DateTime; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.core.userdetails.User; + +/** + * This creator handles privilege requests + * For resource type {@link Resource.Type#Repository} + * and request types {@link Request.Type#POST}, {@link Request.Type#PUT} and {@link Request.Type#DELETE} + */ +public class RepositoryVersionEventCreator implements RequestAuditEventCreator { + + /** + * Set of {@link Request.Type}s that are handled by this plugin + */ + private Set<Request.Type> requestTypes = new HashSet<Request.Type>(); + + { + requestTypes.add(Request.Type.POST); + requestTypes.add(Request.Type.PUT); + requestTypes.add(Request.Type.DELETE); + } + + /** + * {@inheritDoc} + */ + @Override + public Set<Request.Type> getRequestTypes() { + return requestTypes; + } + + /** + * {@inheritDoc} + */ + @Override + public Set<Resource.Type> getResourceTypes() { + return Collections.singleton(Resource.Type.RepositoryVersion); + } + + /** + * {@inheritDoc} + */ + @Override + public Set<ResultStatus.STATUS> getResultStatuses() { + return null; + } + + @Override + public AuditEvent createAuditEvent(Request request, Result result) { + String username = ((User) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername(); + + switch (request.getRequestType()) { + case POST: + return AddRepositoryVersionRequestAuditEvent.builder() + .withTimestamp(DateTime.now()) + .withRequestType(request.getRequestType()) + .withResultStatus(result.getStatus()) + .withUrl(request.getURI()) + .withRemoteIp(request.getRemoteAddress()) + .withUserName(username) + .withStackName(getProperty(request, PropertyHelper.getPropertyId("RepositoryVersions", "stack_name"))) + .withStackVersion(getProperty(request, PropertyHelper.getPropertyId("RepositoryVersions", "stack_version"))) + .withDisplayName(getProperty(request, PropertyHelper.getPropertyId("RepositoryVersions", "display_name"))) + .withRepoVersion(getProperty(request, PropertyHelper.getPropertyId("RepositoryVersions", "repository_version"))) + .withRepos(getRepos(request)) + .build(); + case PUT: + return ChangeRepositoryVersionRequestAuditEvent.builder() + .withTimestamp(DateTime.now()) + .withRequestType(request.getRequestType()) + .withResultStatus(result.getStatus()) + .withUrl(request.getURI()) + .withRemoteIp(request.getRemoteAddress()) + .withUserName(username) + .withStackName(getProperty(request, PropertyHelper.getPropertyId("RepositoryVersions", "stack_name"))) + .withStackVersion(getProperty(request, PropertyHelper.getPropertyId("RepositoryVersions", "stack_version"))) + .withDisplayName(getProperty(request, PropertyHelper.getPropertyId("RepositoryVersions", "display_name"))) + .withRepoVersion(getProperty(request, PropertyHelper.getPropertyId("RepositoryVersions", "repository_version"))) + .withRepos(getRepos(request)) + .build(); + case DELETE: + return DeleteRepositoryVersionRequestAuditEvent.builder() + .withTimestamp(DateTime.now()) + .withRequestType(request.getRequestType()) + .withResultStatus(result.getStatus()) + .withUrl(request.getURI()) + .withRemoteIp(request.getRemoteAddress()) + .withUserName(username) + .withStackName(request.getResource().getKeyValueMap().get(Resource.Type.Stack)) + .withStackVersion(request.getResource().getKeyValueMap().get(Resource.Type.StackVersion)) + .withRepoVersion(request.getResource().getKeyValueMap().get(Resource.Type.RepositoryVersion)) + .build(); + default: + return null; + } + } + + private Map<String, List<Map<String, String>>> getRepos(Request request) { + + Map<String, List<Map<String, String>>> result = new HashMap<String, List<Map<String, String>>>(); + + if (!request.getBody().getPropertySets().isEmpty()) { + if (request.getBody().getPropertySets().iterator().next().get("operating_systems") instanceof Set) { + Set<Object> set = (Set<Object>) request.getBody().getPropertySets().iterator().next().get("operating_systems"); + + for (Object entry : set) { + if (entry instanceof Map) { + Map<String, Object> map = (Map<String, Object>) entry; + String osType = (String) map.get(PropertyHelper.getPropertyId("OperatingSystems", "os_type")); + if (!result.containsKey(osType)) { + result.put(osType, new LinkedList<Map<String, String>>()); + } + if (map.get("repositories") instanceof Set) { + Set<Object> repos = (Set<Object>) map.get("repositories"); + for (Object repo : repos) { + if (repo instanceof Map) { + Map<String, String> m = (Map<String, String>) repo; + String repoId = m.get(PropertyHelper.getPropertyId("Repositories", "repo_id")); + String repo_name = m.get(PropertyHelper.getPropertyId("Repositories", "repo_name")); + String baseUrl = m.get(PropertyHelper.getPropertyId("Repositories", "base_url")); + Map<String, String> resultMap = new HashMap<>(); + resultMap.put("repo_id", repoId); + resultMap.put("repo_name", repo_name); + resultMap.put("base_url", baseUrl); + result.get(osType).add(resultMap); + } + } + } + } + } + } + } + return result; + } + + private String getProperty(Request request, String properyId) { + if (!request.getBody().getPropertySets().isEmpty()) { + return String.valueOf(request.getBody().getPropertySets().iterator().next().get(properyId)); + } + return null; + } + + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/1b1b3bc6/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/RequestEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/RequestEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/RequestEventCreator.java new file mode 100644 index 0000000..6053b13 --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/RequestEventCreator.java @@ -0,0 +1,103 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.audit.event.request.eventcreator; + +import java.util.HashSet; +import java.util.Set; + +import org.apache.ambari.server.api.services.Request; +import org.apache.ambari.server.api.services.Result; +import org.apache.ambari.server.api.services.ResultStatus; +import org.apache.ambari.server.audit.event.AuditEvent; +import org.apache.ambari.server.audit.event.request.RequestAuditEventCreator; +import org.apache.ambari.server.audit.event.request.event.AddRequestRequestAuditEvent; +import org.apache.ambari.server.controller.internal.RequestOperationLevel; +import org.apache.ambari.server.controller.spi.Resource; +import org.joda.time.DateTime; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.core.userdetails.User; + +/** + * This creator handles request type requests + * For resource type {@link Resource.Type#Request} + * and request types {@link Request.Type#POST} + */ +public class RequestEventCreator implements RequestAuditEventCreator { + + /** + * Set of {@link Request.Type}s that are handled by this plugin + */ + private Set<Request.Type> requestTypes = new HashSet<Request.Type>(); + + { + requestTypes.add(Request.Type.POST); + } + + private Set<Resource.Type> resourceTypes = new HashSet<Resource.Type>(); + + { + resourceTypes.add(Resource.Type.Request); + } + + /** + * {@inheritDoc} + */ + @Override + public Set<Request.Type> getRequestTypes() { + return requestTypes; + } + + /** + * {@inheritDoc} + */ + @Override + public Set<Resource.Type> getResourceTypes() { + return resourceTypes; + } + + /** + * {@inheritDoc} + */ + @Override + public Set<ResultStatus.STATUS> getResultStatuses() { + // null makes this default + return null; + } + + @Override + public AuditEvent createAuditEvent(Request request, Result result) { + String username = ((User) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername(); + + switch (request.getRequestType()) { + case POST: + return AddRequestRequestAuditEvent.builder() + .withTimestamp(DateTime.now()) + .withRequestType(request.getRequestType()) + .withResultStatus(result.getStatus()) + .withUrl(request.getURI()) + .withRemoteIp(request.getRemoteAddress()) + .withUserName(username) + .withCommand(request.getBody().getRequestInfoProperties().get("command")) + .withClusterName(request.getBody().getRequestInfoProperties().get(RequestOperationLevel.OPERATION_CLUSTER_ID)) + .build(); + default: + return null; + } + } +} http://git-wip-us.apache.org/repos/asf/ambari/blob/1b1b3bc6/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/ServiceConfigDownloadEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/ServiceConfigDownloadEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/ServiceConfigDownloadEventCreator.java new file mode 100644 index 0000000..6f9a769 --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/ServiceConfigDownloadEventCreator.java @@ -0,0 +1,90 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.audit.event.request.eventcreator; + +import java.util.Collections; +import java.util.HashSet; +import java.util.Set; + +import org.apache.ambari.server.api.services.Request; +import org.apache.ambari.server.api.services.Result; +import org.apache.ambari.server.api.services.ResultStatus; +import org.apache.ambari.server.audit.event.AuditEvent; +import org.apache.ambari.server.audit.event.request.RequestAuditEventCreator; +import org.apache.ambari.server.audit.event.request.event.ClientConfigDownloadRequestAuditEvent; +import org.apache.ambari.server.controller.spi.Resource; +import org.joda.time.DateTime; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.core.userdetails.User; + +/** + * This creator handles service config download requests + * For resource type {@link Resource.Type#Service} + * and request types {@link Request.Type#GET} + */ +public class ServiceConfigDownloadEventCreator implements RequestAuditEventCreator { + + /** + * Set of {@link Request.Type}s that are handled by this plugin + */ + private Set<Request.Type> requestTypes = new HashSet<Request.Type>(); + + { + requestTypes.add(Request.Type.GET); + } + + /** + * {@inheritDoc} + */ + @Override + public Set<Request.Type> getRequestTypes() { + return requestTypes; + } + + /** + * {@inheritDoc} + */ + @Override + public Set<Resource.Type> getResourceTypes() { + return Collections.singleton(Resource.Type.ClientConfig); + } + + /** + * {@inheritDoc} + */ + @Override + public Set<ResultStatus.STATUS> getResultStatuses() { + return null; + } + + @Override + public AuditEvent createAuditEvent(Request request, Result result) { + String username = ((User) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername(); + return ClientConfigDownloadRequestAuditEvent.builder() + .withTimestamp(DateTime.now()) + .withRequestType(request.getRequestType()) + .withResultStatus(result.getStatus()) + .withUrl(request.getURI()) + .withRemoteIp(request.getRemoteAddress()) + .withUserName(username) + .withService(request.getResource().getKeyValueMap().get(Resource.Type.Service)) + .withComponent(request.getResource().getKeyValueMap().get(Resource.Type.Component)) + .build(); + } +} http://git-wip-us.apache.org/repos/asf/ambari/blob/1b1b3bc6/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/ServiceEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/ServiceEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/ServiceEventCreator.java new file mode 100644 index 0000000..ea08f56 --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/ServiceEventCreator.java @@ -0,0 +1,167 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.audit.event.request.eventcreator; + +import java.util.HashSet; +import java.util.Map; +import java.util.Set; + +import org.apache.ambari.server.api.services.Request; +import org.apache.ambari.server.api.services.Result; +import org.apache.ambari.server.api.services.ResultStatus; +import org.apache.ambari.server.audit.event.AuditEvent; +import org.apache.ambari.server.audit.event.StartOperationAuditEvent; +import org.apache.ambari.server.audit.event.request.RequestAuditEventCreator; +import org.apache.ambari.server.audit.event.request.event.DeleteServiceRequestAuditEvent; +import org.apache.ambari.server.controller.internal.RequestOperationLevel; +import org.apache.ambari.server.controller.spi.Resource; +import org.apache.ambari.server.controller.utilities.PropertyHelper; +import org.joda.time.DateTime; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.core.userdetails.User; + +/** + * This creator handles operation requests (start, stop, install, etc) + * For resource type {@link Resource.Type#Service} + * and request types {@link Request.Type#POST}, {@link Request.Type#PUT} and {@link Request.Type#DELETE} + */ +public class ServiceEventCreator implements RequestAuditEventCreator { + + /** + * Set of {@link Request.Type}s that are handled by this plugin + */ + private Set<Request.Type> requestTypes = new HashSet<Request.Type>(); + + { + requestTypes.add(Request.Type.POST); + requestTypes.add(Request.Type.PUT); + requestTypes.add(Request.Type.DELETE); + } + + private Set<Resource.Type> resourceTypes = new HashSet<Resource.Type>(); + + { + resourceTypes.add(Resource.Type.Service); + } + + /** + * {@inheritDoc} + */ + @Override + public Set<Request.Type> getRequestTypes() { + return requestTypes; + } + + /** + * {@inheritDoc} + */ + @Override + public Set<Resource.Type> getResourceTypes() { + return resourceTypes; + } + + /** + * {@inheritDoc} + */ + @Override + public Set<ResultStatus.STATUS> getResultStatuses() { + // null makes this default + return null; + } + + @Override + public AuditEvent createAuditEvent(Request request, Result result) { + String username = ((User) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername(); + + if (request.getRequestType() == Request.Type.DELETE) { + return DeleteServiceRequestAuditEvent.builder() + .withTimestamp(DateTime.now()) + .withRequestType(request.getRequestType()) + .withResultStatus(result.getStatus()) + .withUrl(request.getURI()) + .withRemoteIp(request.getRemoteAddress()) + .withUserName(username) + .withService(request.getResource().getKeyValueMap().get(Resource.Type.Service)) + .build(); + } + + String operation = getOperation(request); + + Long requestId = null; + if (containsRequestId(result)) { + requestId = getRequestId(result); + } + + StartOperationAuditEvent.StartOperationAuditEventBuilder auditEventBuilder = StartOperationAuditEvent.builder() + .withOperation(operation) + .withUserName(username) + .withRemoteIp(request.getRemoteAddress()) + .withTimestamp(DateTime.now()) + .withRequestId(String.valueOf(requestId)); + + if (result.getStatus().isErrorState()) { + auditEventBuilder.withReasonOfFailure(result.getStatus().getMessage()); + } + + return auditEventBuilder.build(); + } + + private String getOperation(Request request) { + if (request.getBody().getRequestInfoProperties().containsKey(RequestOperationLevel.OPERATION_LEVEL_ID)) { + String operation = ""; + if ("CLUSTER".equals(request.getBody().getRequestInfoProperties().get(RequestOperationLevel.OPERATION_LEVEL_ID))) { + for (Map<String, Object> map : request.getBody().getPropertySets()) { + if (map.containsKey(PropertyHelper.getPropertyId("ServiceInfo", "state"))) { + operation = String.valueOf(map.get(PropertyHelper.getPropertyId("ServiceInfo", "state"))) + ": all services" + + " (" + request.getBody().getRequestInfoProperties().get(RequestOperationLevel.OPERATION_CLUSTER_ID) + ")"; + break; + } + } + } + if ("SERVICE".equals(request.getBody().getRequestInfoProperties().get(RequestOperationLevel.OPERATION_LEVEL_ID))) { + for (Map<String, Object> map : request.getBody().getPropertySets()) { + if (map.containsKey(PropertyHelper.getPropertyId("ServiceInfo", "state"))) { + operation = String.valueOf(map.get(PropertyHelper.getPropertyId("ServiceInfo", "state"))) + ": " + map.get(PropertyHelper.getPropertyId("ServiceInfo", "service_name")) + + " (" + request.getBody().getRequestInfoProperties().get(RequestOperationLevel.OPERATION_CLUSTER_ID) + ")"; + break; + } + } + } + return operation; + } + + for (Map<String, Object> map : request.getBody().getPropertySets()) { + if (map.containsKey(PropertyHelper.getPropertyId("ServiceInfo", "maintenance_state"))) { + return "Turn " + map.get(PropertyHelper.getPropertyId("ServiceInfo", "maintenance_state")) + " Maintenance Mode for " + map.get(PropertyHelper.getPropertyId("ServiceInfo", "service_name")); + } + } + return null; + } + + private Long getRequestId(Result result) { + return (Long) result.getResultTree().getChild("request").getObject().getPropertiesMap().get("Requests").get("id"); + } + + private boolean containsRequestId(Result result) { + return result.getResultTree().getChild("request") != null + && result.getResultTree().getChild("request").getObject() != null + && result.getResultTree().getChild("request").getObject().getPropertiesMap().get("Requests") != null + && result.getResultTree().getChild("request").getObject().getPropertiesMap().get("Requests").get("id") != null; + } +} http://git-wip-us.apache.org/repos/asf/ambari/blob/1b1b3bc6/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/UnauthorizedEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/UnauthorizedEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/UnauthorizedEventCreator.java new file mode 100644 index 0000000..e83d3cb --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/UnauthorizedEventCreator.java @@ -0,0 +1,72 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.audit.event.request.eventcreator; + +import java.util.HashSet; +import java.util.Set; + +import org.apache.ambari.server.api.services.Request; +import org.apache.ambari.server.api.services.Result; +import org.apache.ambari.server.api.services.ResultStatus; +import org.apache.ambari.server.audit.event.AccessUnauthorizedAuditEvent; +import org.apache.ambari.server.audit.event.AuditEvent; +import org.apache.ambari.server.audit.event.request.RequestAuditEventCreator; +import org.apache.ambari.server.controller.spi.Resource; +import org.joda.time.DateTime; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.core.userdetails.User; + +public class UnauthorizedEventCreator implements RequestAuditEventCreator { + + @Override + public Set<Request.Type> getRequestTypes() { + return null; + } + + @Override + public Set<Resource.Type> getResourceTypes() { + return null; + } + + private Set<ResultStatus.STATUS> statuses = new HashSet<>(); + + { + statuses.add(ResultStatus.STATUS.UNAUTHORIZED); + statuses.add(ResultStatus.STATUS.FORBIDDEN); + } + + @Override + public Set<ResultStatus.STATUS> getResultStatuses() { + return statuses; + } + + @Override + public AuditEvent createAuditEvent(Request request, Result result) { + + String username = ((User) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername(); + AccessUnauthorizedAuditEvent ae = AccessUnauthorizedAuditEvent.builder() + .withRemoteIp(request.getRemoteAddress()) + .withResourcePath(request.getURI()) + .withTimestamp(DateTime.now()) + .withUserName(username) + .build(); + + return ae; + } +} http://git-wip-us.apache.org/repos/asf/ambari/blob/1b1b3bc6/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/UpgradeEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/UpgradeEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/UpgradeEventCreator.java new file mode 100644 index 0000000..2ca64cc --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/UpgradeEventCreator.java @@ -0,0 +1,101 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.audit.event.request.eventcreator; + +import java.util.Collections; +import java.util.HashSet; +import java.util.Set; + +import org.apache.ambari.server.api.services.Request; +import org.apache.ambari.server.api.services.Result; +import org.apache.ambari.server.api.services.ResultStatus; +import org.apache.ambari.server.audit.event.AuditEvent; +import org.apache.ambari.server.audit.event.request.RequestAuditEventCreator; +import org.apache.ambari.server.audit.event.request.event.AddUpgradeRequestAuditEvent; +import org.apache.ambari.server.controller.spi.Resource; +import org.apache.ambari.server.controller.utilities.PropertyHelper; +import org.joda.time.DateTime; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.core.userdetails.User; + +/** + * This creator handles upgrade requests + * For resource type {@link Resource.Type#Upgrade} + * and request types {@link Request.Type#POST} + */ +public class UpgradeEventCreator implements RequestAuditEventCreator { + + /** + * Set of {@link Request.Type}s that are handled by this plugin + */ + private Set<Request.Type> requestTypes = new HashSet<Request.Type>(); + + { + requestTypes.add(Request.Type.POST); + } + + /** + * {@inheritDoc} + */ + @Override + public Set<Request.Type> getRequestTypes() { + return requestTypes; + } + + /** + * {@inheritDoc} + */ + @Override + public Set<Resource.Type> getResourceTypes() { + return Collections.singleton(Resource.Type.Upgrade); + } + + /** + * {@inheritDoc} + */ + @Override + public Set<ResultStatus.STATUS> getResultStatuses() { + return null; + } + + @Override + public AuditEvent createAuditEvent(Request request, Result result) { + String username = ((User) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername(); + + return AddUpgradeRequestAuditEvent.builder() + .withTimestamp(DateTime.now()) + .withRequestType(request.getRequestType()) + .withResultStatus(result.getStatus()) + .withUrl(request.getURI()) + .withRemoteIp(request.getRemoteAddress()) + .withUserName(username) + .withRepositoryVersion(getProperty(request, "repository_version")) + .withUpgradeType(getProperty(request, "upgrade_type")) + .withClusterName(getProperty(request, "cluster_name")) + .build(); + + } + + private String getProperty(Request request, String propertyName) { + if (!request.getBody().getPropertySets().isEmpty()) { + return String.valueOf(request.getBody().getPropertySets().iterator().next().get(PropertyHelper.getPropertyId("Upgrade", propertyName))); + } + return null; + } +} http://git-wip-us.apache.org/repos/asf/ambari/blob/1b1b3bc6/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/UpgradeItemEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/UpgradeItemEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/UpgradeItemEventCreator.java new file mode 100644 index 0000000..5583e71 --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/UpgradeItemEventCreator.java @@ -0,0 +1,101 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.audit.event.request.eventcreator; + +import java.util.Collections; +import java.util.HashSet; +import java.util.Set; + +import org.apache.ambari.server.api.services.Request; +import org.apache.ambari.server.api.services.Result; +import org.apache.ambari.server.api.services.ResultStatus; +import org.apache.ambari.server.audit.event.AuditEvent; +import org.apache.ambari.server.audit.event.request.RequestAuditEventCreator; +import org.apache.ambari.server.audit.event.request.event.UpdateUpgradeItemRequestAuditEvent; +import org.apache.ambari.server.controller.spi.Resource; +import org.apache.ambari.server.controller.utilities.PropertyHelper; +import org.joda.time.DateTime; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.core.userdetails.User; + +/** + * This creator handles upgrade requests + * For resource type {@link Resource.Type#Upgrade} + * and request types {@link Request.Type#PUT} + */ +public class UpgradeItemEventCreator implements RequestAuditEventCreator { + + /** + * Set of {@link Request.Type}s that are handled by this plugin + */ + private Set<Request.Type> requestTypes = new HashSet<Request.Type>(); + + { + requestTypes.add(Request.Type.PUT); + } + + /** + * {@inheritDoc} + */ + @Override + public Set<Request.Type> getRequestTypes() { + return requestTypes; + } + + /** + * {@inheritDoc} + */ + @Override + public Set<Resource.Type> getResourceTypes() { + return Collections.singleton(Resource.Type.UpgradeItem); + } + + /** + * {@inheritDoc} + */ + @Override + public Set<ResultStatus.STATUS> getResultStatuses() { + return null; + } + + @Override + public AuditEvent createAuditEvent(Request request, Result result) { + String username = ((User) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername(); + + return UpdateUpgradeItemRequestAuditEvent.builder() + .withTimestamp(DateTime.now()) + .withRequestType(request.getRequestType()) + .withResultStatus(result.getStatus()) + .withUrl(request.getURI()) + .withRemoteIp(request.getRemoteAddress()) + .withUserName(username) + .withStatus(getProperty(request, "status")) + .withStageId(getProperty(request, "stage_id")) + .withRequestId(getProperty(request, "request_id")) + .build(); + + } + + private String getProperty(Request request, String propertyName) { + if (!request.getBody().getPropertySets().isEmpty()) { + return String.valueOf(request.getBody().getPropertySets().iterator().next().get(PropertyHelper.getPropertyId("UpgradeItem", propertyName))); + } + return null; + } +} http://git-wip-us.apache.org/repos/asf/ambari/blob/1b1b3bc6/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/UserEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/UserEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/UserEventCreator.java new file mode 100644 index 0000000..09b9efb --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/UserEventCreator.java @@ -0,0 +1,180 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.audit.event.request.eventcreator; + +import java.util.Collections; +import java.util.HashSet; +import java.util.Set; + +import org.apache.ambari.server.api.services.Request; +import org.apache.ambari.server.api.services.Result; +import org.apache.ambari.server.api.services.ResultStatus; +import org.apache.ambari.server.audit.event.AuditEvent; +import org.apache.ambari.server.audit.event.request.RequestAuditEventCreator; +import org.apache.ambari.server.audit.event.request.event.ActivateUserRequestAuditEvent; +import org.apache.ambari.server.audit.event.request.event.AdminUserRequestAuditEvent; +import org.apache.ambari.server.audit.event.request.event.CreateUserRequestAuditEvent; +import org.apache.ambari.server.audit.event.request.event.DeleteUserRequestAuditEvent; +import org.apache.ambari.server.audit.event.request.event.UserPasswordChangeRequestAuditEvent; +import org.apache.ambari.server.controller.spi.Resource; +import org.apache.ambari.server.controller.utilities.PropertyHelper; +import org.joda.time.DateTime; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.core.userdetails.User; + +/** + * This creator handles user requests + * For resource type {@link Resource.Type#User} + * and request types {@link Request.Type#POST}, {@link Request.Type#PUT} and {@link Request.Type#DELETE} + */ +public class UserEventCreator implements RequestAuditEventCreator { + + /** + * Set of {@link Request.Type}s that are handled by this plugin + */ + private Set<Request.Type> requestTypes = new HashSet<Request.Type>(); + + { + requestTypes.add(Request.Type.POST); + requestTypes.add(Request.Type.PUT); + requestTypes.add(Request.Type.DELETE); + } + + /** + * {@inheritDoc} + */ + @Override + public Set<Request.Type> getRequestTypes() { + return requestTypes; + } + + /** + * {@inheritDoc} + */ + @Override + public Set<Resource.Type> getResourceTypes() { + return Collections.singleton(Resource.Type.User); + } + + /** + * {@inheritDoc} + */ + @Override + public Set<ResultStatus.STATUS> getResultStatuses() { + return null; + } + + @Override + public AuditEvent createAuditEvent(Request request, Result result) { + String username = ((User) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername(); + + switch (request.getRequestType()) { + case POST: + return CreateUserRequestAuditEvent.builder() + .withTimestamp(DateTime.now()) + .withRequestType(request.getRequestType()) + .withResultStatus(result.getStatus()) + .withUrl(request.getURI()) + .withRemoteIp(request.getRemoteAddress()) + .withUserName(username) + .withCreatedUsername(getUsername(request)) + .withActive(isActive(request)) + .withAdmin(isAdmin(request)) + .build(); + case DELETE: + return DeleteUserRequestAuditEvent.builder() + .withTimestamp(DateTime.now()) + .withRequestType(request.getRequestType()) + .withResultStatus(result.getStatus()) + .withUrl(request.getURI()) + .withRemoteIp(request.getRemoteAddress()) + .withUserName(username) + .withDeletedUsername(request.getResource().getKeyValueMap().get(Resource.Type.User)) + .build(); + case PUT: + if (hasActive(request)) { + return ActivateUserRequestAuditEvent.builder() + .withTimestamp(DateTime.now()) + .withRequestType(request.getRequestType()) + .withResultStatus(result.getStatus()) + .withUrl(request.getURI()) + .withRemoteIp(request.getRemoteAddress()) + .withUserName(username) + .withAffectedUsername(getUsername(request)) + .withActive(isActive(request)) + .build(); + } + if (hasAdmin(request)) { + return AdminUserRequestAuditEvent.builder() + .withTimestamp(DateTime.now()) + .withRequestType(request.getRequestType()) + .withResultStatus(result.getStatus()) + .withUrl(request.getURI()) + .withRemoteIp(request.getRemoteAddress()) + .withUserName(username) + .withAffectedUsername(getUsername(request)) + .withAdmin(isAdmin(request)) + .build(); + } + if (hasOldPassword(request)) { + return UserPasswordChangeRequestAuditEvent.builder() + .withTimestamp(DateTime.now()) + .withRequestType(request.getRequestType()) + .withResultStatus(result.getStatus()) + .withUrl(request.getURI()) + .withRemoteIp(request.getRemoteAddress()) + .withUserName(username) + .withAffectedUsername(getUsername(request)) + .build(); + } + default: + break; + } + return null; + } + + + private boolean isAdmin(Request request) { + return hasAdmin(request) && "true".equals(request.getBody().getPropertySets().iterator().next().get(PropertyHelper.getPropertyId("Users", "admin"))); + } + + private boolean isActive(Request request) { + return hasActive(request) && "true".equals(request.getBody().getPropertySets().iterator().next().get(PropertyHelper.getPropertyId("Users", "active"))); + } + + private boolean hasAdmin(Request request) { + return !request.getBody().getPropertySets().isEmpty() && request.getBody().getPropertySets().iterator().next().containsKey(PropertyHelper.getPropertyId("Users", "admin")); + } + + private boolean hasActive(Request request) { + return !request.getBody().getPropertySets().isEmpty() && request.getBody().getPropertySets().iterator().next().containsKey(PropertyHelper.getPropertyId("Users", "active")); + } + + private boolean hasOldPassword(Request request) { + return !request.getBody().getPropertySets().isEmpty() && request.getBody().getPropertySets().iterator().next().containsKey(PropertyHelper.getPropertyId("Users", "old_password")); + } + + private String getUsername(Request request) { + if (!request.getBody().getPropertySets().isEmpty()) { + return String.valueOf(request.getBody().getPropertySets().iterator().next().get(PropertyHelper.getPropertyId("Users", "user_name"))); + } + return null; + } + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/1b1b3bc6/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/ValidationIgnoreEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/ValidationIgnoreEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/ValidationIgnoreEventCreator.java new file mode 100644 index 0000000..b00a9d9 --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/ValidationIgnoreEventCreator.java @@ -0,0 +1,77 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.audit.event.request.eventcreator; + +import java.util.Collections; +import java.util.HashSet; +import java.util.Set; + +import org.apache.ambari.server.api.services.Request; +import org.apache.ambari.server.api.services.Result; +import org.apache.ambari.server.api.services.ResultStatus; +import org.apache.ambari.server.audit.event.AuditEvent; +import org.apache.ambari.server.audit.event.request.RequestAuditEventCreator; +import org.apache.ambari.server.controller.spi.Resource; + +/** + * This creator ignores validation post requests + * For resource type {@link Resource.Type#Validation} + * and request types {@link Request.Type#POST} + */ +public class ValidationIgnoreEventCreator implements RequestAuditEventCreator { + + /** + * Set of {@link Request.Type}s that are handled by this plugin + */ + private Set<Request.Type> requestTypes = new HashSet<Request.Type>(); + + { + requestTypes.add(Request.Type.POST); + } + + /** + * {@inheritDoc} + */ + @Override + public Set<Request.Type> getRequestTypes() { + return requestTypes; + } + + /** + * {@inheritDoc} + */ + @Override + public Set<Resource.Type> getResourceTypes() { + return Collections.singleton(Resource.Type.Validation); + } + + /** + * {@inheritDoc} + */ + @Override + public Set<ResultStatus.STATUS> getResultStatuses() { + return null; + } + + @Override + public AuditEvent createAuditEvent(Request request, Result result) { + // intentionally skipping this event + return null; + } +} http://git-wip-us.apache.org/repos/asf/ambari/blob/1b1b3bc6/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/ViewInstanceEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/ViewInstanceEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/ViewInstanceEventCreator.java new file mode 100644 index 0000000..00aa1ce --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/ViewInstanceEventCreator.java @@ -0,0 +1,142 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.audit.event.request.eventcreator; + +import java.util.Collections; +import java.util.HashSet; +import java.util.Set; + +import org.apache.ambari.server.api.services.Request; +import org.apache.ambari.server.api.services.Result; +import org.apache.ambari.server.api.services.ResultStatus; +import org.apache.ambari.server.audit.event.AuditEvent; +import org.apache.ambari.server.audit.event.request.RequestAuditEventCreator; +import org.apache.ambari.server.audit.event.request.event.AddViewInstanceRequestAuditEvent; +import org.apache.ambari.server.audit.event.request.event.ChangeViewInstanceRequestAuditEvent; +import org.apache.ambari.server.audit.event.request.event.DeleteViewInstanceRequestAuditEvent; +import org.apache.ambari.server.controller.spi.Resource; +import org.apache.ambari.server.controller.utilities.PropertyHelper; +import org.joda.time.DateTime; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.core.userdetails.User; + +/** + * This creator handles view instance requests + * For resource type {@link Resource.Type#ViewInstance} + * and request types {@link Request.Type#POST}, {@link Request.Type#PUT} and {@link Request.Type#DELETE} + */ +public class ViewInstanceEventCreator implements RequestAuditEventCreator { + + /** + * Set of {@link Request.Type}s that are handled by this plugin + */ + private Set<Request.Type> requestTypes = new HashSet<Request.Type>(); + + { + requestTypes.add(Request.Type.POST); + requestTypes.add(Request.Type.PUT); + requestTypes.add(Request.Type.DELETE); + } + + /** + * {@inheritDoc} + */ + @Override + public Set<Request.Type> getRequestTypes() { + return requestTypes; + } + + /** + * {@inheritDoc} + */ + @Override + public Set<Resource.Type> getResourceTypes() { + return Collections.singleton(Resource.Type.ViewInstance); + } + + /** + * {@inheritDoc} + */ + @Override + public Set<ResultStatus.STATUS> getResultStatuses() { + return null; + } + + @Override + public AuditEvent createAuditEvent(Request request, Result result) { + String username = ((User) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername(); + + switch (request.getRequestType()) { + + case POST: + return AddViewInstanceRequestAuditEvent.builder() + .withTimestamp(DateTime.now()) + .withRequestType(request.getRequestType()) + .withResultStatus(result.getStatus()) + .withUrl(request.getURI()) + .withRemoteIp(request.getRemoteAddress()) + .withUserName(username) + .withType(getProperty(request, PropertyHelper.getPropertyId("ViewInstanceInfo", "view_name"))) + .withVersion(getProperty(request, PropertyHelper.getPropertyId("ViewInstanceInfo", "version"))) + .withName(getProperty(request, PropertyHelper.getPropertyId("ViewInstanceInfo", "instance_name"))) + .withDisplayName(getProperty(request, PropertyHelper.getPropertyId("ViewInstanceInfo", "label"))) + .withDescription(getProperty(request, PropertyHelper.getPropertyId("ViewInstanceInfo", "description"))) + .build(); + + case PUT: + return ChangeViewInstanceRequestAuditEvent.builder() + .withTimestamp(DateTime.now()) + .withRequestType(request.getRequestType()) + .withResultStatus(result.getStatus()) + .withUrl(request.getURI()) + .withRemoteIp(request.getRemoteAddress()) + .withUserName(username) + .withType(getProperty(request, PropertyHelper.getPropertyId("ViewInstanceInfo", "view_name"))) + .withVersion(getProperty(request, PropertyHelper.getPropertyId("ViewInstanceInfo", "version"))) + .withName(getProperty(request, PropertyHelper.getPropertyId("ViewInstanceInfo", "instance_name"))) + .withDisplayName(getProperty(request, PropertyHelper.getPropertyId("ViewInstanceInfo", "label"))) + .withDescription(getProperty(request, PropertyHelper.getPropertyId("ViewInstanceInfo", "description"))) + .build(); + + case DELETE: + return DeleteViewInstanceRequestAuditEvent.builder() + .withTimestamp(DateTime.now()) + .withRequestType(request.getRequestType()) + .withResultStatus(result.getStatus()) + .withUrl(request.getURI()) + .withRemoteIp(request.getRemoteAddress()) + .withUserName(username) + .withType(request.getResource().getKeyValueMap().get(Resource.Type.View)) + .withVersion(request.getResource().getKeyValueMap().get(Resource.Type.ViewVersion)) + .withName(request.getResource().getKeyValueMap().get(Resource.Type.ViewInstance)) + .build(); + + default: + return null; + } + } + + private String getProperty(Request request, String properyId) { + if (!request.getBody().getPropertySets().isEmpty()) { + return String.valueOf(request.getBody().getPropertySets().iterator().next().get(properyId)); + } + return null; + } + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/1b1b3bc6/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/ViewPrivilegeEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/ViewPrivilegeEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/ViewPrivilegeEventCreator.java new file mode 100644 index 0000000..9c5ba1b --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/request/eventcreator/ViewPrivilegeEventCreator.java @@ -0,0 +1,130 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.audit.event.request.eventcreator; + +import java.util.Collections; +import java.util.HashMap; +import java.util.HashSet; +import java.util.LinkedList; +import java.util.List; +import java.util.Map; +import java.util.Set; + +import org.apache.ambari.server.api.services.Request; +import org.apache.ambari.server.api.services.Result; +import org.apache.ambari.server.api.services.ResultStatus; +import org.apache.ambari.server.audit.event.AuditEvent; +import org.apache.ambari.server.audit.event.request.RequestAuditEventCreator; +import org.apache.ambari.server.audit.event.request.event.ViewPrivilegeChangeRequestAuditEvent; +import org.apache.ambari.server.controller.spi.Resource; +import org.apache.ambari.server.controller.utilities.PropertyHelper; +import org.joda.time.DateTime; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.core.userdetails.User; + +/** + * This creator handles view privilege requests + * For resource type {@link Resource.Type#ViewInstance} + * and request types {@link Request.Type#PUT} + */ +public class ViewPrivilegeEventCreator implements RequestAuditEventCreator { + + /** + * Set of {@link Request.Type}s that are handled by this plugin + */ + private Set<Request.Type> requestTypes = new HashSet<Request.Type>(); + + { + requestTypes.add(Request.Type.PUT); + } + + /** + * {@inheritDoc} + */ + @Override + public Set<Request.Type> getRequestTypes() { + return requestTypes; + } + + /** + * {@inheritDoc} + */ + @Override + public Set<Resource.Type> getResourceTypes() { + return Collections.singleton(Resource.Type.ViewPrivilege); + } + + /** + * {@inheritDoc} + */ + @Override + public Set<ResultStatus.STATUS> getResultStatuses() { + return null; + } + + @Override + public AuditEvent createAuditEvent(Request request, Result result) { + String username = ((User) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername(); + + + Map<String, List<String>> users = getEntities(request, "USER"); + Map<String, List<String>> groups = getEntities(request, "GROUP"); + + return ViewPrivilegeChangeRequestAuditEvent.builder() + .withTimestamp(DateTime.now()) + .withRequestType(request.getRequestType()) + .withResultStatus(result.getStatus()) + .withUrl(request.getURI()) + .withRemoteIp(request.getRemoteAddress()) + .withUserName(username) + .withType(getProperty(request, PropertyHelper.getPropertyId("PrivilegeInfo", "view_name"))) + .withVersion(getProperty(request, PropertyHelper.getPropertyId("PrivilegeInfo", "version"))) + .withName(getProperty(request, PropertyHelper.getPropertyId("PrivilegeInfo", "instance_name"))) + .withUsers(users) + .withGroups(groups) + .build(); + + } + + private String getProperty(Request request, String properyId) { + if (!request.getBody().getPropertySets().isEmpty()) { + return String.valueOf(request.getBody().getPropertySets().iterator().next().get(properyId)); + } + return null; + } + + private Map<String, List<String>> getEntities(final Request request, final String type) { + Map<String, List<String>> entities = new HashMap<String, List<String>>(); + + for (Map<String, Object> propertyMap : request.getBody().getPropertySets()) { + String ptype = String.valueOf(propertyMap.get(PropertyHelper.getPropertyId("PrivilegeInfo", "principal_type"))); + if (type.equals(ptype)) { + String role = String.valueOf(propertyMap.get(PropertyHelper.getPropertyId("PrivilegeInfo", "permission_name"))); + String name = String.valueOf(propertyMap.get(PropertyHelper.getPropertyId("PrivilegeInfo", "principal_name"))); + if (!entities.containsKey(role)) { + entities.put(role, new LinkedList<String>()); + } + + entities.get(role).add(name); + } + } + return entities; + } + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/1b1b3bc6/ambari-server/src/main/java/org/apache/ambari/server/audit/kerberos/AbstractKerberosAuditEvent.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/kerberos/AbstractKerberosAuditEvent.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/kerberos/AbstractKerberosAuditEvent.java deleted file mode 100644 index 899432c..0000000 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/kerberos/AbstractKerberosAuditEvent.java +++ /dev/null @@ -1,76 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ambari.server.audit.kerberos; - - -import javax.annotation.concurrent.Immutable; - -import org.apache.ambari.server.audit.AbstractAuditEvent; - -@Immutable -public class AbstractKerberosAuditEvent extends AbstractAuditEvent { - static abstract class AbstractKerberosAuditEventBuilder<T extends AbstractKerberosAuditEvent, TBuilder extends AbstractKerberosAuditEventBuilder<T, TBuilder>> - extends AbstractAuditEvent.AbstractAuditEventBuilder<T, TBuilder> { - - protected String operation; - protected String reasonOfFailure; - - /** - * Builds and audit log message based on the member variables - * @param builder builder for the audit event details. - */ - @Override - protected void buildAuditMessage(StringBuilder builder) { - builder - .append("Operation(") - .append(operation); - - builder.append("), Status(") - .append(reasonOfFailure == null ? "Success" : "Failed"); - - if(reasonOfFailure != null) { - builder.append("), Reason of failure(") - .append(reasonOfFailure); - } - - builder.append(")"); - } - - public TBuilder withOperation(String operation) { - this.operation = operation; - return (TBuilder) this; - } - - public TBuilder withReasonOfFailure(String reasonOfFailure) { - this.reasonOfFailure = reasonOfFailure; - return (TBuilder) this; - } - } - - protected AbstractKerberosAuditEvent() { - } - - /** - * {@inheritDoc} - */ - protected AbstractKerberosAuditEvent(AbstractKerberosAuditEventBuilder<?, ?> builder) { - super(builder); - } - -} http://git-wip-us.apache.org/repos/asf/ambari/blob/1b1b3bc6/ambari-server/src/main/java/org/apache/ambari/server/audit/kerberos/ChangeSecurityStateKerberosAuditEvent.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/kerberos/ChangeSecurityStateKerberosAuditEvent.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/kerberos/ChangeSecurityStateKerberosAuditEvent.java deleted file mode 100644 index 899addc..0000000 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/kerberos/ChangeSecurityStateKerberosAuditEvent.java +++ /dev/null @@ -1,99 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ambari.server.audit.kerberos; - -import javax.annotation.concurrent.Immutable; - -@Immutable -public class ChangeSecurityStateKerberosAuditEvent extends AbstractKerberosAuditEvent { - - public static class ChangeSecurityStateKerberosAuditEventBuilder extends AbstractKerberosAuditEventBuilder<ChangeSecurityStateKerberosAuditEvent, ChangeSecurityStateKerberosAuditEventBuilder> { - - private String service; - private String component; - private String hostName; - private String state; - - private ChangeSecurityStateKerberosAuditEventBuilder() { - this.withOperation("Security state change"); - } - - @Override - protected void buildAuditMessage(StringBuilder builder) { - super.buildAuditMessage(builder); - - builder - .append(", Hostname(") - .append(hostName) - .append("), Service(") - .append(service) - .append("), Component(") - .append(component) - .append("), State(") - .append(state) - .append(")"); - } - - /** - * {@inheritDoc} - */ - @Override - protected ChangeSecurityStateKerberosAuditEvent newAuditEvent() { - return new ChangeSecurityStateKerberosAuditEvent(this); - } - - public ChangeSecurityStateKerberosAuditEventBuilder withService(String service) { - this.service = service; - return this; - } - - public ChangeSecurityStateKerberosAuditEventBuilder withComponent(String component) { - this.component = component; - return this; - } - - public ChangeSecurityStateKerberosAuditEventBuilder withHostName(String hostName) { - this.hostName = hostName; - return this; - } - - public ChangeSecurityStateKerberosAuditEventBuilder withState(String state) { - this.state = state; - return this; - } - } - - private ChangeSecurityStateKerberosAuditEvent() { - } - - /** - * {@inheritDoc} - */ - private ChangeSecurityStateKerberosAuditEvent(ChangeSecurityStateKerberosAuditEventBuilder builder) { - super(builder); - } - - /** - * Returns an builder for {@link ChangeSecurityStateKerberosAuditEvent} - * @return a builder instance - */ - public static ChangeSecurityStateKerberosAuditEventBuilder builder() { - return new ChangeSecurityStateKerberosAuditEventBuilder(); - } -} http://git-wip-us.apache.org/repos/asf/ambari/blob/1b1b3bc6/ambari-server/src/main/java/org/apache/ambari/server/audit/kerberos/CreateKeyTabKerberosAuditEvent.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/kerberos/CreateKeyTabKerberosAuditEvent.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/kerberos/CreateKeyTabKerberosAuditEvent.java deleted file mode 100644 index 1c2d52b..0000000 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/kerberos/CreateKeyTabKerberosAuditEvent.java +++ /dev/null @@ -1,95 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ambari.server.audit.kerberos; - -import javax.annotation.concurrent.Immutable; - -@Immutable -public class CreateKeyTabKerberosAuditEvent extends AbstractKerberosAuditEvent { - - public static class CreateKeyTabKerberosAuditEventBuilder extends AbstractKerberosAuditEventBuilder<CreateKeyTabKerberosAuditEvent, CreateKeyTabKerberosAuditEventBuilder> { - - private String keyTabFilePath; - private String hostName; - private String principal; - - private CreateKeyTabKerberosAuditEventBuilder() { - this.withOperation("Keytab file creation"); - } - - @Override - protected void buildAuditMessage(StringBuilder builder) { - super.buildAuditMessage(builder); - - builder - .append(", Principal(") - .append(principal) - .append("), Hostname(") - .append(hostName) - .append("), Keytab file(") - .append(keyTabFilePath) - .append(")"); - } - - /** - * {@inheritDoc} - */ - @Override - protected CreateKeyTabKerberosAuditEvent newAuditEvent() { - return new CreateKeyTabKerberosAuditEvent(this); - } - - public CreateKeyTabKerberosAuditEventBuilder withKeyTabFilePath(String keyTabFilePath) { - this.keyTabFilePath = keyTabFilePath; - return this; - } - - public CreateKeyTabKerberosAuditEventBuilder withHostName(String hostName) { - this.hostName = hostName; - return this; - } - - public CreateKeyTabKerberosAuditEventBuilder withPrincipal(String principal) { - this.principal = principal; - return this; - } - - public boolean hasPrincipal() { - return principal != null; - } - } - - private CreateKeyTabKerberosAuditEvent() { - } - - /** - * {@inheritDoc} - */ - private CreateKeyTabKerberosAuditEvent(CreateKeyTabKerberosAuditEventBuilder builder) { - super(builder); - } - - /** - * Returns an builder for {@link CreateKeyTabKerberosAuditEvent} - * @return a builder instance - */ - public static CreateKeyTabKerberosAuditEventBuilder builder() { - return new CreateKeyTabKerberosAuditEventBuilder(); - } -} http://git-wip-us.apache.org/repos/asf/ambari/blob/1b1b3bc6/ambari-server/src/main/java/org/apache/ambari/server/audit/kerberos/CreatePrincipalKerberosAuditEvent.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/kerberos/CreatePrincipalKerberosAuditEvent.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/kerberos/CreatePrincipalKerberosAuditEvent.java deleted file mode 100644 index 82790ab..0000000 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/kerberos/CreatePrincipalKerberosAuditEvent.java +++ /dev/null @@ -1,72 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ambari.server.audit.kerberos; - -import javax.annotation.concurrent.Immutable; - -@Immutable -public class CreatePrincipalKerberosAuditEvent extends AbstractKerberosAuditEvent { - - public static class CreatePrincipalKerberosAuditEventBuilder extends AbstractKerberosAuditEventBuilder<CreatePrincipalKerberosAuditEvent, CreatePrincipalKerberosAuditEventBuilder> { - - private String principal; - - private CreatePrincipalKerberosAuditEventBuilder() { - this.withOperation("Principal creation"); - } - - @Override - protected void buildAuditMessage(StringBuilder builder) { - super.buildAuditMessage(builder); - builder.append("), Principal(") - .append(principal); - } - - /** - * {@inheritDoc} - */ - @Override - protected CreatePrincipalKerberosAuditEvent newAuditEvent() { - return new CreatePrincipalKerberosAuditEvent(this); - } - - public CreatePrincipalKerberosAuditEventBuilder withPrincipal(String principal) { - this.principal = principal; - return this; - } - } - - private CreatePrincipalKerberosAuditEvent() { - } - - /** - * {@inheritDoc} - */ - private CreatePrincipalKerberosAuditEvent(CreatePrincipalKerberosAuditEventBuilder builder) { - super(builder); - } - - /** - * Returns an builder for {@link CreatePrincipalKerberosAuditEvent} - * @return a builder instance - */ - public static CreatePrincipalKerberosAuditEventBuilder builder() { - return new CreatePrincipalKerberosAuditEventBuilder(); - } -} http://git-wip-us.apache.org/repos/asf/ambari/blob/1b1b3bc6/ambari-server/src/main/java/org/apache/ambari/server/audit/kerberos/DestroyPrincipalKerberosAuditEvent.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/kerberos/DestroyPrincipalKerberosAuditEvent.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/kerberos/DestroyPrincipalKerberosAuditEvent.java deleted file mode 100644 index 911f82c..0000000 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/kerberos/DestroyPrincipalKerberosAuditEvent.java +++ /dev/null @@ -1,73 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ambari.server.audit.kerberos; - -import javax.annotation.concurrent.Immutable; - -@Immutable -public class DestroyPrincipalKerberosAuditEvent extends AbstractKerberosAuditEvent { - - public static class DestroyPrincipalKerberosAuditEventBuilder extends AbstractKerberosAuditEventBuilder<DestroyPrincipalKerberosAuditEvent, DestroyPrincipalKerberosAuditEventBuilder> { - - private String principal; - - private DestroyPrincipalKerberosAuditEventBuilder() { - this.withOperation("Principal removal"); - } - - @Override - protected void buildAuditMessage(StringBuilder builder) { - super.buildAuditMessage(builder); - - builder.append("), Principal(") - .append(principal); - } - - /** - * {@inheritDoc} - */ - @Override - protected DestroyPrincipalKerberosAuditEvent newAuditEvent() { - return new DestroyPrincipalKerberosAuditEvent(this); - } - - public DestroyPrincipalKerberosAuditEventBuilder withPrincipal(String principal) { - this.principal = principal; - return this; - } - } - - private DestroyPrincipalKerberosAuditEvent() { - } - - /** - * {@inheritDoc} - */ - private DestroyPrincipalKerberosAuditEvent(DestroyPrincipalKerberosAuditEventBuilder builder) { - super(builder); - } - - /** - * Returns an builder for {@link DestroyPrincipalKerberosAuditEvent} - * @return a builder instance - */ - public static DestroyPrincipalKerberosAuditEventBuilder builder() { - return new DestroyPrincipalKerberosAuditEventBuilder(); - } -} http://git-wip-us.apache.org/repos/asf/ambari/blob/1b1b3bc6/ambari-server/src/main/java/org/apache/ambari/server/audit/request/RequestAuditEvent.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/RequestAuditEvent.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/RequestAuditEvent.java deleted file mode 100644 index e3cd39d..0000000 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/RequestAuditEvent.java +++ /dev/null @@ -1,139 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.ambari.server.audit.request; - -import org.apache.ambari.server.api.services.Request; -import org.apache.ambari.server.api.services.ResultStatus; -import org.apache.ambari.server.audit.AbstractUserAuditEvent; - -/** - * Base class for start operation audit events. - */ -public class RequestAuditEvent extends AbstractUserAuditEvent { - - public static class RequestAuditEventBuilder<T extends RequestAuditEvent, TBuilder extends RequestAuditEventBuilder<T, TBuilder>> extends AbstractUserAuditEventBuilder<T, TBuilder> { - - private Request.Type requestType; - - private ResultStatus resultStatus; - - private String url; - - private String operation; - - @Override - protected T newAuditEvent() { - return (T)new RequestAuditEvent(this); - } - - /** - * Appends to the event the details of the incoming request. - * @param builder builder for the audit event details. - */ - @Override - protected void buildAuditMessage(StringBuilder builder) { - super.buildAuditMessage(builder); - if (operation != null) { - builder - .append(", Operation(") - .append(operation) - .append(")"); - } - builder - .append(", RequestType(") - .append(requestType) - .append("), ") - .append("url(") - .append(url) - .append("), ResultStatus(") - .append(resultStatus.getStatusCode()) - .append(" ") - .append(resultStatus.getStatus()) - .append(")"); - - if (resultStatus.isErrorState()) { - builder.append(", Reason(") - .append(resultStatus.getMessage()) - .append(")"); - } - } - - /** - * Sets the request type to be added to the audit event. - * @param requestType request type to be added to the audit event. - * @return this builder - */ - public TBuilder withRequestType(Request.Type requestType) { - this.requestType = requestType; - - return (TBuilder)this; - } - - /** - * Sets the url to be added to the audit event. - * @param url url to be added to the audit event. - * @return this builder - */ - public TBuilder withUrl(String url) { - this.url = url; - - return (TBuilder)this; - } - - /** - * Sets the result status to be added to the audit event. - * @param resultStatus result status to be added to the audit event. - * @return this builder - */ - public TBuilder withResultStatus(ResultStatus resultStatus) { - this.resultStatus = resultStatus; - - return (TBuilder)this; - } - - /** - * Sets the operation to be added to the audit event. - * @param operation operation to be added to the audit event. - * @return this builder - */ - public TBuilder withOperation(String operation) { - this.operation = operation; - - return (TBuilder)this; - } - } - - protected RequestAuditEvent() { - } - - /** - * {@inheritDoc} - */ - protected RequestAuditEvent(RequestAuditEventBuilder<?,?> builder) { - super(builder); - } - - /** - * Returns an builder for {@link RequestAuditEvent} - * @return a builder instance - */ - public static RequestAuditEventBuilder<?,?> builder() { - return new RequestAuditEventBuilder(); - } - -}
