Repository event creator
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/38be6ef5 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/38be6ef5 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/38be6ef5 Branch: refs/heads/audit_logging Commit: 38be6ef509a49f793d944c0542e20b48b7e527a8 Parents: 017561f Author: Daniel Gergely <[email protected]> Authored: Thu Feb 18 17:41:08 2016 +0100 Committer: Toader, Sebastian <[email protected]> Committed: Thu Mar 24 13:06:45 2016 +0100 ---------------------------------------------------------------------- .../event/AddRepositoryRequestAuditEvent.java | 111 ++++++++++++++++ .../UpdateRepositoryRequestAuditEvent.java | 111 ++++++++++++++++ .../eventcreator/RepositoryEventCreator.java | 130 +++++++++++++++++++ .../server/controller/ControllerModule.java | 2 + 4 files changed, 354 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/38be6ef5/ambari-server/src/main/java/org/apache/ambari/server/audit/request/event/AddRepositoryRequestAuditEvent.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/event/AddRepositoryRequestAuditEvent.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/event/AddRepositoryRequestAuditEvent.java new file mode 100644 index 0000000..31ba433 --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/event/AddRepositoryRequestAuditEvent.java @@ -0,0 +1,111 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.audit.request.event; + +import org.apache.ambari.server.audit.request.RequestAuditEvent; + +public class AddRepositoryRequestAuditEvent extends RequestAuditEvent { + + public static class AddRepositoryRequestAuditEventBuilder extends RequestAuditEventBuilder<AddRepositoryRequestAuditEvent, AddRepositoryRequestAuditEventBuilder> { + + private String repo; + + private String stackName; + + private String osType; + + private String baseUrl; + + private String stackVersion; + + public AddRepositoryRequestAuditEventBuilder() { + super.withOperation("Repository addition"); + } + + @Override + protected AddRepositoryRequestAuditEvent newAuditEvent() { + return new AddRepositoryRequestAuditEvent(this); + } + + /** + * Appends to the event the details of the incoming request. + * @param builder builder for the audit event details. + */ + @Override + protected void buildAuditMessage(StringBuilder builder) { + super.buildAuditMessage(builder); + + builder.append(", Stack(") + .append(stackName) + .append("), Stack version(") + .append(stackVersion) + .append("), OS(") + .append(osType) + .append("), Repo id(") + .append(repo) + .append("), Base URL(") + .append(baseUrl) + .append(")"); + } + + public AddRepositoryRequestAuditEventBuilder withRepo(String repo) { + this.repo = repo; + return this; + } + + public AddRepositoryRequestAuditEventBuilder withStackName(String stackName) { + this.stackName = stackName; + return this; + } + + public AddRepositoryRequestAuditEventBuilder withOsType(String osType) { + this.osType = osType; + return this; + } + + public AddRepositoryRequestAuditEventBuilder withBaseUrl(String baseUrl) { + this.baseUrl = baseUrl; + return this; + } + + public AddRepositoryRequestAuditEventBuilder withStackVersion(String stackVersion) { + this.stackVersion = stackVersion; + return this; + } + } + + protected AddRepositoryRequestAuditEvent() { + } + + /** + * {@inheritDoc} + */ + protected AddRepositoryRequestAuditEvent(AddRepositoryRequestAuditEventBuilder builder) { + super(builder); + } + + /** + * Returns an builder for {@link AddRepositoryRequestAuditEvent} + * @return a builder instance + */ + public static AddRepositoryRequestAuditEventBuilder builder() { + return new AddRepositoryRequestAuditEventBuilder(); + } + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/38be6ef5/ambari-server/src/main/java/org/apache/ambari/server/audit/request/event/UpdateRepositoryRequestAuditEvent.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/event/UpdateRepositoryRequestAuditEvent.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/event/UpdateRepositoryRequestAuditEvent.java new file mode 100644 index 0000000..a44d50e --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/event/UpdateRepositoryRequestAuditEvent.java @@ -0,0 +1,111 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.audit.request.event; + +import org.apache.ambari.server.audit.request.RequestAuditEvent; + +public class UpdateRepositoryRequestAuditEvent extends RequestAuditEvent { + + public static class UpdateRepositoryRequestAuditEventBuilder extends RequestAuditEventBuilder<UpdateRepositoryRequestAuditEvent, UpdateRepositoryRequestAuditEventBuilder> { + + private String repo; + + private String stackName; + + private String osType; + + private String baseUrl; + + private String stackVersion; + + public UpdateRepositoryRequestAuditEventBuilder() { + super.withOperation("Repository update"); + } + + @Override + protected UpdateRepositoryRequestAuditEvent newAuditEvent() { + return new UpdateRepositoryRequestAuditEvent(this); + } + + /** + * Appends to the event the details of the incoming request. + * @param builder builder for the audit event details. + */ + @Override + protected void buildAuditMessage(StringBuilder builder) { + super.buildAuditMessage(builder); + + builder.append(", Stack(") + .append(stackName) + .append("), Stack version(") + .append(stackVersion) + .append("), OS(") + .append(osType) + .append("), Repo id(") + .append(repo) + .append("), Base URL(") + .append(baseUrl) + .append(")"); + } + + public UpdateRepositoryRequestAuditEventBuilder withRepo(String repo) { + this.repo = repo; + return this; + } + + public UpdateRepositoryRequestAuditEventBuilder withStackName(String stackName) { + this.stackName = stackName; + return this; + } + + public UpdateRepositoryRequestAuditEventBuilder withOsType(String osType) { + this.osType = osType; + return this; + } + + public UpdateRepositoryRequestAuditEventBuilder withBaseUrl(String baseUrl) { + this.baseUrl = baseUrl; + return this; + } + + public UpdateRepositoryRequestAuditEventBuilder withStackVersion(String stackVersion) { + this.stackVersion = stackVersion; + return this; + } + } + + protected UpdateRepositoryRequestAuditEvent() { + } + + /** + * {@inheritDoc} + */ + protected UpdateRepositoryRequestAuditEvent(UpdateRepositoryRequestAuditEventBuilder builder) { + super(builder); + } + + /** + * Returns an builder for {@link UpdateRepositoryRequestAuditEvent} + * @return a builder instance + */ + public static UpdateRepositoryRequestAuditEventBuilder builder() { + return new UpdateRepositoryRequestAuditEventBuilder(); + } + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/38be6ef5/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/RepositoryEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/RepositoryEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/RepositoryEventCreator.java new file mode 100644 index 0000000..6339727 --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/RepositoryEventCreator.java @@ -0,0 +1,130 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.audit.request.eventcreator; + +import java.util.Collections; +import java.util.HashMap; +import java.util.HashSet; +import java.util.LinkedList; +import java.util.List; +import java.util.Map; +import java.util.Set; + +import org.apache.ambari.server.api.services.Request; +import org.apache.ambari.server.api.services.Result; +import org.apache.ambari.server.api.services.ResultStatus; +import org.apache.ambari.server.audit.AuditEvent; +import org.apache.ambari.server.audit.request.RequestAuditEventCreator; +import org.apache.ambari.server.audit.request.event.AddRepositoryRequestAuditEvent; +import org.apache.ambari.server.audit.request.event.ClusterPrivilegeChangeRequestAuditEvent; +import org.apache.ambari.server.audit.request.event.PrivilegeChangeRequestAuditEvent; +import org.apache.ambari.server.audit.request.event.UpdateRepositoryRequestAuditEvent; +import org.apache.ambari.server.controller.spi.Resource; +import org.apache.ambari.server.controller.utilities.PropertyHelper; +import org.joda.time.DateTime; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.core.userdetails.User; + +/** + * This creator handles privilege requests + * For resource type {@link Resource.Type#Repository} + * and request types {@link Request.Type#POST} and {@link Request.Type#PUT} + */ +public class RepositoryEventCreator implements RequestAuditEventCreator { + + /** + * Set of {@link Request.Type}s that are handled by this plugin + */ + private Set<Request.Type> requestTypes = new HashSet<Request.Type>(); + + { + requestTypes.add(Request.Type.POST); + requestTypes.add(Request.Type.PUT); + } + + /** + * {@inheritDoc} + */ + @Override + public Set<Request.Type> getRequestTypes() { + return requestTypes; + } + + /** + * {@inheritDoc} + */ + @Override + public Set<Resource.Type> getResourceTypes() { + return Collections.singleton(Resource.Type.Repository); + } + + /** + * {@inheritDoc} + */ + @Override + public Set<ResultStatus.STATUS> getResultStatuses() { + return null; + } + + @Override + public AuditEvent createAuditEvent(Request request, Result result) { + String username = ((User) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername(); + + switch(request.getRequestType()) { + case POST: + return AddRepositoryRequestAuditEvent.builder() + .withTimestamp(DateTime.now()) + .withRequestType(request.getRequestType()) + .withResultStatus(result.getStatus()) + .withUrl(request.getURI()) + .withRemoteIp(request.getRemoteAddress()) + .withUserName(username) + .withRepo(getProperty(request, PropertyHelper.getPropertyId("Repositories", "repo_id"))) + .withStackName(getProperty(request, PropertyHelper.getPropertyId("Repositories", "stack_name"))) + .withStackVersion(getProperty(request, PropertyHelper.getPropertyId("Repositories", "stack_version"))) + .withOsType(getProperty(request, PropertyHelper.getPropertyId("Repositories", "os_type"))) + .withBaseUrl(getProperty(request, PropertyHelper.getPropertyId("Repositories", "base_url"))) + .build(); + case PUT: + return UpdateRepositoryRequestAuditEvent.builder() + .withTimestamp(DateTime.now()) + .withRequestType(request.getRequestType()) + .withResultStatus(result.getStatus()) + .withUrl(request.getURI()) + .withRemoteIp(request.getRemoteAddress()) + .withUserName(username) + .withRepo(getProperty(request, PropertyHelper.getPropertyId("Repositories", "repo_id"))) + .withStackName(getProperty(request, PropertyHelper.getPropertyId("Repositories", "stack_name"))) + .withStackVersion(getProperty(request, PropertyHelper.getPropertyId("Repositories", "stack_version"))) + .withOsType(getProperty(request, PropertyHelper.getPropertyId("Repositories", "os_type"))) + .withBaseUrl(getProperty(request, PropertyHelper.getPropertyId("Repositories", "base_url"))) + .build(); + default: + return null; + } + } + + private String getProperty(Request request, String properyId) { + if(!request.getBody().getPropertySets().isEmpty()) { + return String.valueOf(request.getBody().getPropertySets().iterator().next().get(properyId)); + } + return null; + } + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/38be6ef5/ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java index 0ab435a..9ecb345 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java @@ -49,6 +49,7 @@ import org.apache.ambari.server.audit.request.eventcreator.BlueprintExportEventC import org.apache.ambari.server.audit.request.eventcreator.PrivilegeEventCreator; import org.apache.ambari.server.audit.request.eventcreator.GroupEventCreator; import org.apache.ambari.server.audit.request.eventcreator.MemberEventCreator; +import org.apache.ambari.server.audit.request.eventcreator.RepositoryEventCreator; import org.apache.ambari.server.audit.request.eventcreator.ServiceConfigDownloadEventCreator; import org.apache.ambari.server.audit.request.eventcreator.UnauthorizedEventCreator; import org.apache.ambari.server.audit.request.eventcreator.ConfigurationChangeEventCreator; @@ -416,6 +417,7 @@ public class ControllerModule extends AbstractModule { auditLogEventCreatorBinder.addBinding().to(BlueprintEventCreator.class); auditLogEventCreatorBinder.addBinding().to(ViewInstanceEventCreator.class); auditLogEventCreatorBinder.addBinding().to(ViewPrivilegeEventCreator.class); + auditLogEventCreatorBinder.addBinding().to(RepositoryEventCreator.class); bind(RequestAuditLogger.class).to(RequestAuditLoggerImpl.class); }
