This is an automated email from the ASF dual-hosted git repository.
dmitriusan pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/trunk by this push:
new 0717fb8 AMBARI-25019. Update Ambari audit logger to handle proxied
users (dly… (#2702)
0717fb8 is described below
commit 0717fb84a2034b2204b346edcc86d94796f67395
Author: Lisnichenko Dmitro <dmitriu...@apache.org>
AuthorDate: Mon Dec 31 20:14:24 2018 +0200
AMBARI-25019. Update Ambari audit logger to handle proxied users (dly…
(#2702)
AMBARI-25019. Update Ambari audit logger to handle proxied users
(dlysnichenko)
---
.../server/actionmanager/ActionDBAccessorImpl.java | 33 ++++++++---
.../ambari/server/api/services/LogoutService.java | 1 +
.../server/audit/event/AbstractUserAuditEvent.java | 24 ++++++++
.../audit/event/OperationStatusAuditEvent.java | 19 ++----
.../server/audit/event/TaskStatusAuditEvent.java | 18 ++----
.../AmbariAuthenticationEventHandlerImpl.java | 3 +
.../authorization/AmbariAuthorizationFilter.java | 3 +
.../authorization/AuthorizationHelper.java | 30 ++++++++++
.../audit/AccessUnauthorizedAuditEventTest.java | 19 ++++++
.../ambari/server/audit/LoginAuditEventTest.java | 68 ++++++++++++++++++++++
.../ambari/server/audit/LogoutAuditEventTest.java | 19 ++++++
.../audit/OperationStatusAuditEventTest.java | 5 +-
.../audit/StartOperationRequestAuditEventTest.java | 19 ++++++
.../server/audit/TaskStatusAuditEventTest.java | 5 +-
14 files changed, 227 insertions(+), 39 deletions(-)
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/actionmanager/ActionDBAccessorImpl.java
b/ambari-server/src/main/java/org/apache/ambari/server/actionmanager/ActionDBAccessorImpl.java
index 5c1fa66..7ab721b 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/actionmanager/ActionDBAccessorImpl.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/actionmanager/ActionDBAccessorImpl.java
@@ -936,20 +936,22 @@ public class ActionDBAccessorImpl implements
ActionDBAccessor {
RequestDetails requestDetails = new RequestDetails();
requestDetails.setNumberOfTasks(numberOfTasks);
requestDetails.setUserName(AuthorizationHelper.getAuthenticatedName());
+ requestDetails.setProxyUserName(AuthorizationHelper.getProxyUserName());
auditlogRequestCache.put(request.getRequestId(), requestDetails);
}
}
/**
* AuditLog operation status change
+ *
* @param requestId
*/
private void auditLog(HostRoleCommandEntity commandEntity, Long requestId) {
- if(!auditLogger.isEnabled()) {
+ if (!auditLogger.isEnabled()) {
return;
}
- if(requestId != null) {
+ if (requestId != null) {
HostRoleStatus lastTaskStatus = updateAuditlogCache(commandEntity,
requestId);
// details must not be null
@@ -961,12 +963,13 @@ public class ActionDBAccessorImpl implements
ActionDBAccessor {
RequestEntity request = requestDAO.findByPK(requestId);
String context = request != null ? request.getRequestContext() :
null;
AuditEvent auditEvent = OperationStatusAuditEvent.builder()
- .withRequestId(String.valueOf(requestId))
- .withStatus(String.valueOf(calculatedStatus))
- .withRequestContext(context)
- .withUserName(details.getUserName())
- .withTimestamp(System.currentTimeMillis())
- .build();
+ .withRequestId(String.valueOf(requestId))
+ .withStatus(String.valueOf(calculatedStatus))
+ .withRequestContext(context)
+ .withUserName(details.getUserName())
+ .withProxyUserName(details.getProxyUserName())
+ .withTimestamp(System.currentTimeMillis())
+ .build();
auditLogger.log(auditEvent);
details.setLastStatus(calculatedStatus);
@@ -1011,6 +1014,7 @@ public class ActionDBAccessorImpl implements
ActionDBAccessor {
.withTaskId(String.valueOf(commandEntity.getTaskId()))
.withHostName(commandEntity.getHostName())
.withUserName(details.getUserName())
+ .withProxyUserName(details.getProxyUserName())
.withOperation(commandEntity.getRoleCommand() + " " +
commandEntity.getRole())
.withDetails(commandEntity.getCommandDetail())
.withStatus(commandEntity.getStatus().toString())
@@ -1047,6 +1051,11 @@ public class ActionDBAccessorImpl implements
ActionDBAccessor {
*/
Map<Component, HostRoleStatus> tasks = new HashMap<>();
+ /**
+ * Name of the proxy user if proxied
+ */
+ private String proxyUserName;
+
public HostRoleStatus getLastStatus() {
return lastStatus;
}
@@ -1083,6 +1092,14 @@ public class ActionDBAccessorImpl implements
ActionDBAccessor {
return getTasks().values();
}
+ public String getProxyUserName() {
+ return proxyUserName;
+ }
+
+ public void setProxyUserName(String proxyUserName) {
+ this.proxyUserName = proxyUserName;
+ }
+
/**
* This nested class is the key for the {@link RequestDetails#tasks} map
*/
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/api/services/LogoutService.java
b/ambari-server/src/main/java/org/apache/ambari/server/api/services/LogoutService.java
index 28c21e8..97311e3 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/api/services/LogoutService.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/api/services/LogoutService.java
@@ -65,6 +65,7 @@ public class LogoutService {
.withTimestamp(System.currentTimeMillis())
.withRemoteIp(RequestUtils.getRemoteAddress(servletRequest))
.withUserName(AuthorizationHelper.getAuthenticatedName())
+ .withProxyUserName(AuthorizationHelper.getProxyUserName())
.build();
auditLogger.log(logoutEvent);
}
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/AbstractUserAuditEvent.java
b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/AbstractUserAuditEvent.java
index 1edf22e..b4a0a7a 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/AbstractUserAuditEvent.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/AbstractUserAuditEvent.java
@@ -19,6 +19,7 @@
package org.apache.ambari.server.audit.event;
import org.apache.ambari.server.security.authorization.AuthorizationHelper;
+import org.apache.commons.lang.StringUtils;
/**
* Base class for audit events which are result of user actions. It appends
@@ -36,6 +37,11 @@ public abstract class AbstractUserAuditEvent extends
AbstractAuditEvent {
private String userName = AuthorizationHelper.getAuthenticatedName();
/**
+ * Name of the proxy user if proxied
+ */
+ private String proxyUserName = AuthorizationHelper.getProxyUserName();
+
+ /**
* Ip of the user who started the operation. Note: remote ip might not be
the original ip (proxies, routers can modify it)
*/
private String remoteIp;
@@ -58,6 +64,12 @@ public abstract class AbstractUserAuditEvent extends
AbstractAuditEvent {
.append("), RemoteIp(")
.append(this.remoteIp)
.append(")");
+ if (StringUtils.isNotEmpty(this.proxyUserName)){
+ builder
+ .append(", ProxyUser(")
+ .append(this.proxyUserName)
+ .append(")");
+ }
}
/**
@@ -73,6 +85,18 @@ public abstract class AbstractUserAuditEvent extends
AbstractAuditEvent {
}
/**
+ * Sets the proxy user name.
+ *
+ * @param proxyUserName
+ * @return the builder
+ */
+ public TBuilder withProxyUserName(String proxyUserName) {
+ this.proxyUserName = proxyUserName;
+
+ return self();
+ }
+
+ /**
* Sets the remote ip where the user action originated from.
*
* @param ip
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/OperationStatusAuditEvent.java
b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/OperationStatusAuditEvent.java
index 65f1b42..bf9a161 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/OperationStatusAuditEvent.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/OperationStatusAuditEvent.java
@@ -25,9 +25,9 @@ import javax.annotation.concurrent.Immutable;
* Audit event for tracking operations
*/
@Immutable
-public class OperationStatusAuditEvent extends AbstractAuditEvent {
+public class OperationStatusAuditEvent extends AbstractUserAuditEvent {
- public static class OperationStatusAuditEventBuilder extends
AbstractAuditEventBuilder<OperationStatusAuditEvent,
OperationStatusAuditEventBuilder> {
+ public static class OperationStatusAuditEventBuilder extends
AbstractUserAuditEventBuilder<OperationStatusAuditEvent,
OperationStatusAuditEventBuilder> {
/**
* Request identifier
@@ -44,11 +44,6 @@ public class OperationStatusAuditEvent extends
AbstractAuditEvent {
*/
private String operation;
- /**
- * Name of the logged in user who sent the request
- */
- private String userName;
-
private OperationStatusAuditEventBuilder() {
super(OperationStatusAuditEventBuilder.class);
}
@@ -65,10 +60,9 @@ public class OperationStatusAuditEvent extends
AbstractAuditEvent {
*/
@Override
protected void buildAuditMessage(StringBuilder builder) {
+ super.buildAuditMessage(builder);
builder
- .append("User(")
- .append(this.userName)
- .append("), Operation(")
+ .append(", Operation(")
.append(this.operation)
.append("), Status(")
.append(this.status)
@@ -92,11 +86,6 @@ public class OperationStatusAuditEvent extends
AbstractAuditEvent {
this.operation = operation;
return this;
}
-
- public OperationStatusAuditEventBuilder withUserName(String userName) {
- this.userName = userName;
- return this;
- }
}
private OperationStatusAuditEvent() {
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/TaskStatusAuditEvent.java
b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/TaskStatusAuditEvent.java
index 890724c..ba428d5 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/TaskStatusAuditEvent.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/TaskStatusAuditEvent.java
@@ -25,9 +25,9 @@ import javax.annotation.concurrent.Immutable;
* Audit event for tracking task status
*/
@Immutable
-public class TaskStatusAuditEvent extends AbstractAuditEvent {
+public class TaskStatusAuditEvent extends AbstractUserAuditEvent {
- public static class TaskStatusAuditEventBuilder extends
AbstractAuditEventBuilder<TaskStatusAuditEvent, TaskStatusAuditEventBuilder> {
+ public static class TaskStatusAuditEventBuilder extends
AbstractUserAuditEventBuilder<TaskStatusAuditEvent,
TaskStatusAuditEventBuilder> {
/**
* Request identifier
@@ -59,11 +59,6 @@ public class TaskStatusAuditEvent extends AbstractAuditEvent
{
*/
private String details;
- /**
- * User name
- */
- private String userName;
-
private TaskStatusAuditEventBuilder() {
super(TaskStatusAuditEventBuilder.class);
}
@@ -80,10 +75,9 @@ public class TaskStatusAuditEvent extends AbstractAuditEvent
{
*/
@Override
protected void buildAuditMessage(StringBuilder builder) {
+ super.buildAuditMessage(builder);
builder
- .append("User(")
- .append(this.userName)
- .append("), Operation(")
+ .append(", Operation(")
.append(this.operation);
if (details != null) {
@@ -132,10 +126,6 @@ public class TaskStatusAuditEvent extends
AbstractAuditEvent {
this.details = details;
return this;
}
- public TaskStatusAuditEventBuilder withUserName(String userName) {
- this.userName = userName;
- return this;
- }
}
private TaskStatusAuditEvent() {
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/AmbariAuthenticationEventHandlerImpl.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/AmbariAuthenticationEventHandlerImpl.java
index 8ff39e0..5deb995 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/AmbariAuthenticationEventHandlerImpl.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/AmbariAuthenticationEventHandlerImpl.java
@@ -76,6 +76,7 @@ public class AmbariAuthenticationEventHandlerImpl implements
AmbariAuthenticatio
AuditEvent loginSucceededAuditEvent = LoginAuditEvent.builder()
.withRemoteIp(RequestUtils.getRemoteAddress(servletRequest))
.withUserName(username)
+ .withProxyUserName(AuthorizationHelper.getProxyUserName(result))
.withTimestamp(System.currentTimeMillis())
.withRoles(permissionHelper.getPermissionLabels(result))
.build();
@@ -144,6 +145,7 @@ public class AmbariAuthenticationEventHandlerImpl
implements AmbariAuthenticatio
.withReasonOfFailure(message)
.withConsecutiveFailures(consecutiveFailures)
.withUserName(username)
+ .withProxyUserName(null)
.build();
auditLogger.log(loginFailedAuditEvent);
}
@@ -160,6 +162,7 @@ public class AmbariAuthenticationEventHandlerImpl
implements AmbariAuthenticatio
.withTimestamp(System.currentTimeMillis())
.withReasonOfFailure("Authentication required")
.withUserName(null)
+ .withProxyUserName(null)
.build();
auditLogger.log(loginFailedAuditEvent);
}
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
index 27eee87..29b3e4f 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java
@@ -182,6 +182,7 @@ public class AmbariAuthorizationFilter implements Filter {
if(auditLogger.isEnabled()) {
LoginAuditEvent loginAuditEvent = LoginAuditEvent.builder()
.withUserName(internalAuthenticationToken.getName())
+
.withProxyUserName(AuthorizationHelper.getProxyUserName(internalAuthenticationToken))
.withRemoteIp(RequestUtils.getRemoteAddress(httpRequest))
.withRoles(permissionHelper.getPermissionLabels(authentication))
.withTimestamp(System.currentTimeMillis()).build();
@@ -264,6 +265,7 @@ public class AmbariAuthorizationFilter implements Filter {
.withRemoteIp(RequestUtils.getRemoteAddress(httpRequest))
.withResourcePath(httpRequest.getRequestURI())
.withUserName(AuthorizationHelper.getAuthenticatedName())
+ .withProxyUserName(AuthorizationHelper.getProxyUserName())
.withTimestamp(System.currentTimeMillis())
.build();
auditLogger.log(auditEvent);
@@ -283,6 +285,7 @@ public class AmbariAuthorizationFilter implements Filter {
.withRemoteIp(RequestUtils.getRemoteAddress(httpRequest))
.withResourcePath(httpRequest.getRequestURI())
.withUserName(AuthorizationHelper.getAuthenticatedName())
+ .withProxyUserName(AuthorizationHelper.getProxyUserName())
.withTimestamp(System.currentTimeMillis())
.build();
auditLogger.log(auditEvent);
diff --git
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java
index 2e2a70c..d92fc44 100644
---
a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java
+++
b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java
@@ -29,6 +29,7 @@ import org.apache.ambari.server.orm.entities.PermissionEntity;
import org.apache.ambari.server.orm.entities.PrivilegeEntity;
import org.apache.ambari.server.orm.entities.ResourceEntity;
import org.apache.ambari.server.orm.entities.RoleAuthorizationEntity;
+import
org.apache.ambari.server.security.authentication.AmbariProxiedUserDetailsImpl;
import org.apache.ambari.server.security.authentication.AmbariUserDetails;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -59,6 +60,35 @@ public class AuthorizationHelper {
static Provider<ViewInstanceDAO> viewInstanceDAOProvider;
/**
+ * Gets the name of the logged-in proxy user, if any.
+ *
+ * @param authentication
+ * @return the name of the logged-in proxy user
+ */
+ public static String getProxyUserName(Authentication authentication) {
+ if (authentication==null){
+ return null;
+ }
+ Object userDetails = authentication.getPrincipal();
+ if (userDetails instanceof AmbariProxiedUserDetailsImpl) {
+ AmbariProxiedUserDetailsImpl ambariProxiedUserDetails =
(AmbariProxiedUserDetailsImpl) userDetails;
+ return ambariProxiedUserDetails.getProxyUserDetails().getUsername();
+ }
+ return null;
+ }
+
+ /**
+ * Gets the name of the logged-in proxy user, if any.
+ *
+ * @return the name of the logged-in proxy user
+ */
+ public static String getProxyUserName() {
+ SecurityContext securityContext = SecurityContextHolder.getContext();
+ Authentication auth = securityContext.getAuthentication();
+ return getProxyUserName(auth);
+ }
+
+ /**
* Converts collection of RoleEntities to collection of GrantedAuthorities
*/
public Collection<GrantedAuthority>
convertPrivilegesToAuthorities(Collection<PrivilegeEntity> privilegeEntities) {
diff --git
a/ambari-server/src/test/java/org/apache/ambari/server/audit/AccessUnauthorizedAuditEventTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/audit/AccessUnauthorizedAuditEventTest.java
index 7ebded1..c890ff0 100644
---
a/ambari-server/src/test/java/org/apache/ambari/server/audit/AccessUnauthorizedAuditEventTest.java
+++
b/ambari-server/src/test/java/org/apache/ambari/server/audit/AccessUnauthorizedAuditEventTest.java
@@ -31,6 +31,7 @@ public class AccessUnauthorizedAuditEventTest {
public void testAuditMessage() throws Exception {
// Given
String testUserName = "USER1";
+ String testProxyUserName = "PROXYUSER1";
String testRemoteIp = "127.0.0.1";
String testHttpMethod = "GET";
String testResourcePath = "/api/v1/hosts";
@@ -39,6 +40,7 @@ public class AccessUnauthorizedAuditEventTest {
.withTimestamp(System.currentTimeMillis())
.withRemoteIp(testRemoteIp)
.withUserName(testUserName)
+ .withProxyUserName(null)
.withHttpMethodName(testHttpMethod)
.withResourcePath(testResourcePath)
.build();
@@ -50,6 +52,23 @@ public class AccessUnauthorizedAuditEventTest {
String expectedAuditMessage = String.format("User(%s), RemoteIp(%s),
Operation(%s), ResourcePath(%s), Status(Failed), Reason(Access not
authorized)", testUserName, testRemoteIp, testHttpMethod, testResourcePath);
assertThat(actualAuditMessage, equalTo(expectedAuditMessage));
+
+ evnt = AccessUnauthorizedAuditEvent.builder()
+ .withTimestamp(System.currentTimeMillis())
+ .withRemoteIp(testRemoteIp)
+ .withUserName(testUserName)
+ .withProxyUserName(testProxyUserName)
+ .withHttpMethodName(testHttpMethod)
+ .withResourcePath(testResourcePath)
+ .build();
+
+ // When
+ actualAuditMessage = evnt.getAuditMessage();
+
+ // Then
+ expectedAuditMessage = String.format("User(%s), RemoteIp(%s),
ProxyUser(PROXYUSER1), Operation(%s), ResourcePath(%s), Status(Failed),
Reason(Access not authorized)", testUserName, testRemoteIp, testHttpMethod,
testResourcePath);
+
+ assertThat(actualAuditMessage, equalTo(expectedAuditMessage));
}
diff --git
a/ambari-server/src/test/java/org/apache/ambari/server/audit/LoginAuditEventTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/audit/LoginAuditEventTest.java
index 2cff97e..b2ab7cc 100644
---
a/ambari-server/src/test/java/org/apache/ambari/server/audit/LoginAuditEventTest.java
+++
b/ambari-server/src/test/java/org/apache/ambari/server/audit/LoginAuditEventTest.java
@@ -39,6 +39,7 @@ public class LoginAuditEventTest {
// Given
String testUserName = "USER1";
String testRemoteIp = "127.0.0.1";
+ String testProxyUserName = "PROXYUSER1";
Map<String, List<String>> roles = new HashMap<>();
roles.put("a", Arrays.asList("r1", "r2", "r3"));
@@ -47,6 +48,7 @@ public class LoginAuditEventTest {
.withTimestamp(System.currentTimeMillis())
.withRemoteIp(testRemoteIp)
.withUserName(testUserName)
+ .withProxyUserName(null)
.withRoles(roles)
.build();
@@ -61,6 +63,25 @@ public class LoginAuditEventTest {
assertThat(actualAuditMessage, equalTo(expectedAuditMessage));
+ evnt = LoginAuditEvent.builder()
+ .withTimestamp(System.currentTimeMillis())
+ .withRemoteIp(testRemoteIp)
+ .withUserName(testUserName)
+ .withProxyUserName(testProxyUserName)
+ .withRoles(roles)
+ .build();
+
+ // When
+ actualAuditMessage = evnt.getAuditMessage();
+
+ roleMessage = System.lineSeparator() + " a: r1, r2, r3" +
System.lineSeparator();
+
+ // Then
+ expectedAuditMessage = String.format("User(%s), RemoteIp(%s),
ProxyUser(%s), Operation(User login), Roles(%s), Status(Success)",
+ testUserName, testRemoteIp, testProxyUserName, roleMessage);
+
+ assertThat(actualAuditMessage, equalTo(expectedAuditMessage));
+
}
@Test
@@ -68,6 +89,7 @@ public class LoginAuditEventTest {
// Given
String testUserName = "USER1";
String testRemoteIp = "127.0.0.1";
+ String testProxyUserName = "PROXYUSER1";
String reason = "Bad credentials";
Integer consecutiveFailures = 1;
@@ -78,6 +100,7 @@ public class LoginAuditEventTest {
.withTimestamp(System.currentTimeMillis())
.withRemoteIp(testRemoteIp)
.withUserName(testUserName)
+ .withProxyUserName(null)
.withRoles(roles)
.withReasonOfFailure(reason)
.withConsecutiveFailures(consecutiveFailures)
@@ -93,6 +116,27 @@ public class LoginAuditEventTest {
testUserName, testRemoteIp, roleMessage, reason, consecutiveFailures);
assertThat(actualAuditMessage, equalTo(expectedAuditMessage));
+
+ evnt = LoginAuditEvent.builder()
+ .withTimestamp(System.currentTimeMillis())
+ .withRemoteIp(testRemoteIp)
+ .withUserName(testUserName)
+ .withProxyUserName(testProxyUserName)
+ .withRoles(roles)
+ .withReasonOfFailure(reason)
+ .withConsecutiveFailures(consecutiveFailures)
+ .build();
+
+ // When
+ actualAuditMessage = evnt.getAuditMessage();
+
+ roleMessage = System.lineSeparator() + " a: r1, r2, r3" +
System.lineSeparator();
+
+ // Then
+ expectedAuditMessage = String.format("User(%s), RemoteIp(%s),
ProxyUser(%s), Operation(User login), Roles(%s), Status(Failed), Reason(%s),
Consecutive failures(%d)",
+ testUserName, testRemoteIp, testProxyUserName, roleMessage, reason,
consecutiveFailures);
+
+ assertThat(actualAuditMessage, equalTo(expectedAuditMessage));
}
@Test
@@ -102,6 +146,8 @@ public class LoginAuditEventTest {
String testRemoteIp = "127.0.0.1";
String reason = "Bad credentials";
+ String testProxyUserName = "PROXYUSER1";
+
Map<String, List<String>> roles = new HashMap<>();
roles.put("a", Arrays.asList("r1", "r2", "r3"));
@@ -109,6 +155,7 @@ public class LoginAuditEventTest {
.withTimestamp(System.currentTimeMillis())
.withRemoteIp(testRemoteIp)
.withUserName(testUserName)
+ .withProxyUserName(null)
.withRoles(roles)
.withReasonOfFailure(reason)
.withConsecutiveFailures(null)
@@ -124,6 +171,27 @@ public class LoginAuditEventTest {
testUserName, testRemoteIp, roleMessage, reason);
assertThat(actualAuditMessage, equalTo(expectedAuditMessage));
+
+ evnt = LoginAuditEvent.builder()
+ .withTimestamp(System.currentTimeMillis())
+ .withRemoteIp(testRemoteIp)
+ .withUserName(testUserName)
+ .withProxyUserName(testProxyUserName)
+ .withRoles(roles)
+ .withReasonOfFailure(reason)
+ .withConsecutiveFailures(null)
+ .build();
+
+ // When
+ actualAuditMessage = evnt.getAuditMessage();
+
+ roleMessage = System.lineSeparator() + " a: r1, r2, r3" +
System.lineSeparator();
+
+ // Then
+ expectedAuditMessage = String.format("User(%s), RemoteIp(%s),
ProxyUser(%s), Operation(User login), Roles(%s), Status(Failed), Reason(%s),
Consecutive failures(UNKNOWN USER)",
+ testUserName, testRemoteIp, testProxyUserName, roleMessage, reason);
+
+ assertThat(actualAuditMessage, equalTo(expectedAuditMessage));
}
@Test
diff --git
a/ambari-server/src/test/java/org/apache/ambari/server/audit/LogoutAuditEventTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/audit/LogoutAuditEventTest.java
index 0cc2ae2..b8c2997 100644
---
a/ambari-server/src/test/java/org/apache/ambari/server/audit/LogoutAuditEventTest.java
+++
b/ambari-server/src/test/java/org/apache/ambari/server/audit/LogoutAuditEventTest.java
@@ -33,10 +33,13 @@ public class LogoutAuditEventTest {
String testUserName = "USER1";
String testRemoteIp = "127.0.0.1";
+ String testProxyUserName = "PROXYUSER1";
+
LogoutAuditEvent evnt = LogoutAuditEvent.builder()
.withTimestamp(System.currentTimeMillis())
.withRemoteIp(testRemoteIp)
.withUserName(testUserName)
+ .withProxyUserName(null)
.build();
// When
@@ -48,6 +51,22 @@ public class LogoutAuditEventTest {
assertThat(actualAuditMessage, equalTo(expectedAuditMessage));
+ evnt = LogoutAuditEvent.builder()
+ .withTimestamp(System.currentTimeMillis())
+ .withRemoteIp(testRemoteIp)
+ .withUserName(testUserName)
+ .withProxyUserName(testProxyUserName)
+ .build();
+
+ // When
+ actualAuditMessage = evnt.getAuditMessage();
+
+ // Then
+ expectedAuditMessage = String.format("User(%s), RemoteIp(%s),
ProxyUser(%s), Operation(Logout), Status(Success)",
+ testUserName, testRemoteIp, testProxyUserName);
+
+ assertThat(actualAuditMessage, equalTo(expectedAuditMessage));
+
}
@Test
diff --git
a/ambari-server/src/test/java/org/apache/ambari/server/audit/OperationStatusAuditEventTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/audit/OperationStatusAuditEventTest.java
index 91463ab..569cee4 100644
---
a/ambari-server/src/test/java/org/apache/ambari/server/audit/OperationStatusAuditEventTest.java
+++
b/ambari-server/src/test/java/org/apache/ambari/server/audit/OperationStatusAuditEventTest.java
@@ -34,10 +34,13 @@ public class OperationStatusAuditEventTest {
Long testRequestId = 100L;
String testStatus = "IN PROGRESS";
+ String testRemoteIp = "127.0.0.1";
+
OperationStatusAuditEvent evnt = OperationStatusAuditEvent.builder()
.withTimestamp(System.currentTimeMillis())
.withRequestId(testRequestId.toString())
.withStatus(testStatus)
+ .withRemoteIp(testRemoteIp)
.withUserName("testuser")
.withRequestContext("Start Service")
.build();
@@ -46,7 +49,7 @@ public class OperationStatusAuditEventTest {
String actualAuditMessage = evnt.getAuditMessage();
// Then
- String expectedAuditMessage = String.format("User(testuser),
Operation(Start Service), Status(%s), RequestId(%s)", testStatus,
testRequestId);
+ String expectedAuditMessage = String.format("User(testuser),
RemoteIp(127.0.0.1), Operation(Start Service), Status(%s), RequestId(%s)",
testStatus, testRequestId);
assertThat(actualAuditMessage, equalTo(expectedAuditMessage));
}
diff --git
a/ambari-server/src/test/java/org/apache/ambari/server/audit/StartOperationRequestAuditEventTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/audit/StartOperationRequestAuditEventTest.java
index f67183a..b40d134 100644
---
a/ambari-server/src/test/java/org/apache/ambari/server/audit/StartOperationRequestAuditEventTest.java
+++
b/ambari-server/src/test/java/org/apache/ambari/server/audit/StartOperationRequestAuditEventTest.java
@@ -36,10 +36,13 @@ public class StartOperationRequestAuditEventTest {
String testRequestDetails = "{ \"key\": \"value\"}";
Long testRequestId = 100L;
+ String testProxyUserName = "PROXYUSER1";
+
StartOperationRequestAuditEvent evnt =
StartOperationRequestAuditEvent.builder()
.withTimestamp(System.currentTimeMillis())
.withRemoteIp(testRemoteIp)
.withUserName(testUserName)
+ .withProxyUserName(null)
.withOperation(testRequestDetails)
.withRequestId(testRequestId.toString())
.build();
@@ -52,6 +55,22 @@ public class StartOperationRequestAuditEventTest {
assertThat(actualAuditMessage, equalTo(expectedAuditMessage));
+ evnt = StartOperationRequestAuditEvent.builder()
+ .withTimestamp(System.currentTimeMillis())
+ .withRemoteIp(testRemoteIp)
+ .withUserName(testUserName)
+ .withProxyUserName(testProxyUserName)
+ .withOperation(testRequestDetails)
+ .withRequestId(testRequestId.toString())
+ .build();
+
+ // When
+ actualAuditMessage = evnt.getAuditMessage();
+
+ // Then
+ expectedAuditMessage = String.format("User(%s), RemoteIp(%s),
ProxyUser(%s), Operation(%s), RequestId(%d), Status(Successfully queued)",
testUserName, testRemoteIp, testProxyUserName, testRequestDetails,
testRequestId);
+
+ assertThat(actualAuditMessage, equalTo(expectedAuditMessage));
}
@Test
diff --git
a/ambari-server/src/test/java/org/apache/ambari/server/audit/TaskStatusAuditEventTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/audit/TaskStatusAuditEventTest.java
index 6815af3..7d1cce6 100644
---
a/ambari-server/src/test/java/org/apache/ambari/server/audit/TaskStatusAuditEventTest.java
+++
b/ambari-server/src/test/java/org/apache/ambari/server/audit/TaskStatusAuditEventTest.java
@@ -31,6 +31,8 @@ public class TaskStatusAuditEventTest {
public void testAuditMessage() throws Exception {
// Given
String testUserName = "USER1";
+
+ String testRemoteIp = "127.0.0.1";
String testOperation = "START MYCOMPONENT";
String testRequestDetails = "Start MyComponent";
String testHostName = "ambari.example.com";
@@ -41,6 +43,7 @@ public class TaskStatusAuditEventTest {
TaskStatusAuditEvent event = TaskStatusAuditEvent.builder()
.withTimestamp(System.currentTimeMillis())
.withUserName(testUserName)
+ .withRemoteIp(testRemoteIp)
.withOperation(testOperation)
.withRequestId(testRequestId.toString())
.withDetails(testRequestDetails)
@@ -53,7 +56,7 @@ public class TaskStatusAuditEventTest {
String actualAuditMessage = event.getAuditMessage();
// Then
- String expectedAuditMessage = String.format("User(%s), Operation(%s),
Details(%s), Status(%s), RequestId(%d), TaskId(%d), Hostname(%s)",
testUserName, testOperation, testRequestDetails, testStatus, testRequestId,
testTaskId, testHostName);
+ String expectedAuditMessage = String.format("User(%s), RemoteIp(%s),
Operation(%s), Details(%s), Status(%s), RequestId(%d), TaskId(%d),
Hostname(%s)", testUserName, testRemoteIp, testOperation, testRequestDetails,
testStatus, testRequestId, testTaskId, testHostName);
assertThat(actualAuditMessage, equalTo(expectedAuditMessage));
