This is an automated email from the ASF dual-hosted git repository. dmitriusan pushed a commit to branch trunk in repository https://gitbox.apache.org/repos/asf/ambari.git
The following commit(s) were added to refs/heads/trunk by this push: new 0717fb8 AMBARI-25019. Update Ambari audit logger to handle proxied users (dly… (#2702) 0717fb8 is described below commit 0717fb84a2034b2204b346edcc86d94796f67395 Author: Lisnichenko Dmitro <dmitriu...@apache.org> AuthorDate: Mon Dec 31 20:14:24 2018 +0200 AMBARI-25019. Update Ambari audit logger to handle proxied users (dly… (#2702) AMBARI-25019. Update Ambari audit logger to handle proxied users (dlysnichenko) --- .../server/actionmanager/ActionDBAccessorImpl.java | 33 ++++++++--- .../ambari/server/api/services/LogoutService.java | 1 + .../server/audit/event/AbstractUserAuditEvent.java | 24 ++++++++ .../audit/event/OperationStatusAuditEvent.java | 19 ++---- .../server/audit/event/TaskStatusAuditEvent.java | 18 ++---- .../AmbariAuthenticationEventHandlerImpl.java | 3 + .../authorization/AmbariAuthorizationFilter.java | 3 + .../authorization/AuthorizationHelper.java | 30 ++++++++++ .../audit/AccessUnauthorizedAuditEventTest.java | 19 ++++++ .../ambari/server/audit/LoginAuditEventTest.java | 68 ++++++++++++++++++++++ .../ambari/server/audit/LogoutAuditEventTest.java | 19 ++++++ .../audit/OperationStatusAuditEventTest.java | 5 +- .../audit/StartOperationRequestAuditEventTest.java | 19 ++++++ .../server/audit/TaskStatusAuditEventTest.java | 5 +- 14 files changed, 227 insertions(+), 39 deletions(-) diff --git a/ambari-server/src/main/java/org/apache/ambari/server/actionmanager/ActionDBAccessorImpl.java b/ambari-server/src/main/java/org/apache/ambari/server/actionmanager/ActionDBAccessorImpl.java index 5c1fa66..7ab721b 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/actionmanager/ActionDBAccessorImpl.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/actionmanager/ActionDBAccessorImpl.java @@ -936,20 +936,22 @@ public class ActionDBAccessorImpl implements ActionDBAccessor { RequestDetails requestDetails = new RequestDetails(); requestDetails.setNumberOfTasks(numberOfTasks); requestDetails.setUserName(AuthorizationHelper.getAuthenticatedName()); + requestDetails.setProxyUserName(AuthorizationHelper.getProxyUserName()); auditlogRequestCache.put(request.getRequestId(), requestDetails); } } /** * AuditLog operation status change + * * @param requestId */ private void auditLog(HostRoleCommandEntity commandEntity, Long requestId) { - if(!auditLogger.isEnabled()) { + if (!auditLogger.isEnabled()) { return; } - if(requestId != null) { + if (requestId != null) { HostRoleStatus lastTaskStatus = updateAuditlogCache(commandEntity, requestId); // details must not be null @@ -961,12 +963,13 @@ public class ActionDBAccessorImpl implements ActionDBAccessor { RequestEntity request = requestDAO.findByPK(requestId); String context = request != null ? request.getRequestContext() : null; AuditEvent auditEvent = OperationStatusAuditEvent.builder() - .withRequestId(String.valueOf(requestId)) - .withStatus(String.valueOf(calculatedStatus)) - .withRequestContext(context) - .withUserName(details.getUserName()) - .withTimestamp(System.currentTimeMillis()) - .build(); + .withRequestId(String.valueOf(requestId)) + .withStatus(String.valueOf(calculatedStatus)) + .withRequestContext(context) + .withUserName(details.getUserName()) + .withProxyUserName(details.getProxyUserName()) + .withTimestamp(System.currentTimeMillis()) + .build(); auditLogger.log(auditEvent); details.setLastStatus(calculatedStatus); @@ -1011,6 +1014,7 @@ public class ActionDBAccessorImpl implements ActionDBAccessor { .withTaskId(String.valueOf(commandEntity.getTaskId())) .withHostName(commandEntity.getHostName()) .withUserName(details.getUserName()) + .withProxyUserName(details.getProxyUserName()) .withOperation(commandEntity.getRoleCommand() + " " + commandEntity.getRole()) .withDetails(commandEntity.getCommandDetail()) .withStatus(commandEntity.getStatus().toString()) @@ -1047,6 +1051,11 @@ public class ActionDBAccessorImpl implements ActionDBAccessor { */ Map<Component, HostRoleStatus> tasks = new HashMap<>(); + /** + * Name of the proxy user if proxied + */ + private String proxyUserName; + public HostRoleStatus getLastStatus() { return lastStatus; } @@ -1083,6 +1092,14 @@ public class ActionDBAccessorImpl implements ActionDBAccessor { return getTasks().values(); } + public String getProxyUserName() { + return proxyUserName; + } + + public void setProxyUserName(String proxyUserName) { + this.proxyUserName = proxyUserName; + } + /** * This nested class is the key for the {@link RequestDetails#tasks} map */ diff --git a/ambari-server/src/main/java/org/apache/ambari/server/api/services/LogoutService.java b/ambari-server/src/main/java/org/apache/ambari/server/api/services/LogoutService.java index 28c21e8..97311e3 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/api/services/LogoutService.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/api/services/LogoutService.java @@ -65,6 +65,7 @@ public class LogoutService { .withTimestamp(System.currentTimeMillis()) .withRemoteIp(RequestUtils.getRemoteAddress(servletRequest)) .withUserName(AuthorizationHelper.getAuthenticatedName()) + .withProxyUserName(AuthorizationHelper.getProxyUserName()) .build(); auditLogger.log(logoutEvent); } diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/AbstractUserAuditEvent.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/AbstractUserAuditEvent.java index 1edf22e..b4a0a7a 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/AbstractUserAuditEvent.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/AbstractUserAuditEvent.java @@ -19,6 +19,7 @@ package org.apache.ambari.server.audit.event; import org.apache.ambari.server.security.authorization.AuthorizationHelper; +import org.apache.commons.lang.StringUtils; /** * Base class for audit events which are result of user actions. It appends @@ -36,6 +37,11 @@ public abstract class AbstractUserAuditEvent extends AbstractAuditEvent { private String userName = AuthorizationHelper.getAuthenticatedName(); /** + * Name of the proxy user if proxied + */ + private String proxyUserName = AuthorizationHelper.getProxyUserName(); + + /** * Ip of the user who started the operation. Note: remote ip might not be the original ip (proxies, routers can modify it) */ private String remoteIp; @@ -58,6 +64,12 @@ public abstract class AbstractUserAuditEvent extends AbstractAuditEvent { .append("), RemoteIp(") .append(this.remoteIp) .append(")"); + if (StringUtils.isNotEmpty(this.proxyUserName)){ + builder + .append(", ProxyUser(") + .append(this.proxyUserName) + .append(")"); + } } /** @@ -73,6 +85,18 @@ public abstract class AbstractUserAuditEvent extends AbstractAuditEvent { } /** + * Sets the proxy user name. + * + * @param proxyUserName + * @return the builder + */ + public TBuilder withProxyUserName(String proxyUserName) { + this.proxyUserName = proxyUserName; + + return self(); + } + + /** * Sets the remote ip where the user action originated from. * * @param ip diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/OperationStatusAuditEvent.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/OperationStatusAuditEvent.java index 65f1b42..bf9a161 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/OperationStatusAuditEvent.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/OperationStatusAuditEvent.java @@ -25,9 +25,9 @@ import javax.annotation.concurrent.Immutable; * Audit event for tracking operations */ @Immutable -public class OperationStatusAuditEvent extends AbstractAuditEvent { +public class OperationStatusAuditEvent extends AbstractUserAuditEvent { - public static class OperationStatusAuditEventBuilder extends AbstractAuditEventBuilder<OperationStatusAuditEvent, OperationStatusAuditEventBuilder> { + public static class OperationStatusAuditEventBuilder extends AbstractUserAuditEventBuilder<OperationStatusAuditEvent, OperationStatusAuditEventBuilder> { /** * Request identifier @@ -44,11 +44,6 @@ public class OperationStatusAuditEvent extends AbstractAuditEvent { */ private String operation; - /** - * Name of the logged in user who sent the request - */ - private String userName; - private OperationStatusAuditEventBuilder() { super(OperationStatusAuditEventBuilder.class); } @@ -65,10 +60,9 @@ public class OperationStatusAuditEvent extends AbstractAuditEvent { */ @Override protected void buildAuditMessage(StringBuilder builder) { + super.buildAuditMessage(builder); builder - .append("User(") - .append(this.userName) - .append("), Operation(") + .append(", Operation(") .append(this.operation) .append("), Status(") .append(this.status) @@ -92,11 +86,6 @@ public class OperationStatusAuditEvent extends AbstractAuditEvent { this.operation = operation; return this; } - - public OperationStatusAuditEventBuilder withUserName(String userName) { - this.userName = userName; - return this; - } } private OperationStatusAuditEvent() { diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/TaskStatusAuditEvent.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/TaskStatusAuditEvent.java index 890724c..ba428d5 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/event/TaskStatusAuditEvent.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/event/TaskStatusAuditEvent.java @@ -25,9 +25,9 @@ import javax.annotation.concurrent.Immutable; * Audit event for tracking task status */ @Immutable -public class TaskStatusAuditEvent extends AbstractAuditEvent { +public class TaskStatusAuditEvent extends AbstractUserAuditEvent { - public static class TaskStatusAuditEventBuilder extends AbstractAuditEventBuilder<TaskStatusAuditEvent, TaskStatusAuditEventBuilder> { + public static class TaskStatusAuditEventBuilder extends AbstractUserAuditEventBuilder<TaskStatusAuditEvent, TaskStatusAuditEventBuilder> { /** * Request identifier @@ -59,11 +59,6 @@ public class TaskStatusAuditEvent extends AbstractAuditEvent { */ private String details; - /** - * User name - */ - private String userName; - private TaskStatusAuditEventBuilder() { super(TaskStatusAuditEventBuilder.class); } @@ -80,10 +75,9 @@ public class TaskStatusAuditEvent extends AbstractAuditEvent { */ @Override protected void buildAuditMessage(StringBuilder builder) { + super.buildAuditMessage(builder); builder - .append("User(") - .append(this.userName) - .append("), Operation(") + .append(", Operation(") .append(this.operation); if (details != null) { @@ -132,10 +126,6 @@ public class TaskStatusAuditEvent extends AbstractAuditEvent { this.details = details; return this; } - public TaskStatusAuditEventBuilder withUserName(String userName) { - this.userName = userName; - return this; - } } private TaskStatusAuditEvent() { diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/AmbariAuthenticationEventHandlerImpl.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/AmbariAuthenticationEventHandlerImpl.java index 8ff39e0..5deb995 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/AmbariAuthenticationEventHandlerImpl.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authentication/AmbariAuthenticationEventHandlerImpl.java @@ -76,6 +76,7 @@ public class AmbariAuthenticationEventHandlerImpl implements AmbariAuthenticatio AuditEvent loginSucceededAuditEvent = LoginAuditEvent.builder() .withRemoteIp(RequestUtils.getRemoteAddress(servletRequest)) .withUserName(username) + .withProxyUserName(AuthorizationHelper.getProxyUserName(result)) .withTimestamp(System.currentTimeMillis()) .withRoles(permissionHelper.getPermissionLabels(result)) .build(); @@ -144,6 +145,7 @@ public class AmbariAuthenticationEventHandlerImpl implements AmbariAuthenticatio .withReasonOfFailure(message) .withConsecutiveFailures(consecutiveFailures) .withUserName(username) + .withProxyUserName(null) .build(); auditLogger.log(loginFailedAuditEvent); } @@ -160,6 +162,7 @@ public class AmbariAuthenticationEventHandlerImpl implements AmbariAuthenticatio .withTimestamp(System.currentTimeMillis()) .withReasonOfFailure("Authentication required") .withUserName(null) + .withProxyUserName(null) .build(); auditLogger.log(loginFailedAuditEvent); } diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java index 27eee87..29b3e4f 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java @@ -182,6 +182,7 @@ public class AmbariAuthorizationFilter implements Filter { if(auditLogger.isEnabled()) { LoginAuditEvent loginAuditEvent = LoginAuditEvent.builder() .withUserName(internalAuthenticationToken.getName()) + .withProxyUserName(AuthorizationHelper.getProxyUserName(internalAuthenticationToken)) .withRemoteIp(RequestUtils.getRemoteAddress(httpRequest)) .withRoles(permissionHelper.getPermissionLabels(authentication)) .withTimestamp(System.currentTimeMillis()).build(); @@ -264,6 +265,7 @@ public class AmbariAuthorizationFilter implements Filter { .withRemoteIp(RequestUtils.getRemoteAddress(httpRequest)) .withResourcePath(httpRequest.getRequestURI()) .withUserName(AuthorizationHelper.getAuthenticatedName()) + .withProxyUserName(AuthorizationHelper.getProxyUserName()) .withTimestamp(System.currentTimeMillis()) .build(); auditLogger.log(auditEvent); @@ -283,6 +285,7 @@ public class AmbariAuthorizationFilter implements Filter { .withRemoteIp(RequestUtils.getRemoteAddress(httpRequest)) .withResourcePath(httpRequest.getRequestURI()) .withUserName(AuthorizationHelper.getAuthenticatedName()) + .withProxyUserName(AuthorizationHelper.getProxyUserName()) .withTimestamp(System.currentTimeMillis()) .build(); auditLogger.log(auditEvent); diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java index 2e2a70c..d92fc44 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AuthorizationHelper.java @@ -29,6 +29,7 @@ import org.apache.ambari.server.orm.entities.PermissionEntity; import org.apache.ambari.server.orm.entities.PrivilegeEntity; import org.apache.ambari.server.orm.entities.ResourceEntity; import org.apache.ambari.server.orm.entities.RoleAuthorizationEntity; +import org.apache.ambari.server.security.authentication.AmbariProxiedUserDetailsImpl; import org.apache.ambari.server.security.authentication.AmbariUserDetails; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -59,6 +60,35 @@ public class AuthorizationHelper { static Provider<ViewInstanceDAO> viewInstanceDAOProvider; /** + * Gets the name of the logged-in proxy user, if any. + * + * @param authentication + * @return the name of the logged-in proxy user + */ + public static String getProxyUserName(Authentication authentication) { + if (authentication==null){ + return null; + } + Object userDetails = authentication.getPrincipal(); + if (userDetails instanceof AmbariProxiedUserDetailsImpl) { + AmbariProxiedUserDetailsImpl ambariProxiedUserDetails = (AmbariProxiedUserDetailsImpl) userDetails; + return ambariProxiedUserDetails.getProxyUserDetails().getUsername(); + } + return null; + } + + /** + * Gets the name of the logged-in proxy user, if any. + * + * @return the name of the logged-in proxy user + */ + public static String getProxyUserName() { + SecurityContext securityContext = SecurityContextHolder.getContext(); + Authentication auth = securityContext.getAuthentication(); + return getProxyUserName(auth); + } + + /** * Converts collection of RoleEntities to collection of GrantedAuthorities */ public Collection<GrantedAuthority> convertPrivilegesToAuthorities(Collection<PrivilegeEntity> privilegeEntities) { diff --git a/ambari-server/src/test/java/org/apache/ambari/server/audit/AccessUnauthorizedAuditEventTest.java b/ambari-server/src/test/java/org/apache/ambari/server/audit/AccessUnauthorizedAuditEventTest.java index 7ebded1..c890ff0 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/audit/AccessUnauthorizedAuditEventTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/audit/AccessUnauthorizedAuditEventTest.java @@ -31,6 +31,7 @@ public class AccessUnauthorizedAuditEventTest { public void testAuditMessage() throws Exception { // Given String testUserName = "USER1"; + String testProxyUserName = "PROXYUSER1"; String testRemoteIp = "127.0.0.1"; String testHttpMethod = "GET"; String testResourcePath = "/api/v1/hosts"; @@ -39,6 +40,7 @@ public class AccessUnauthorizedAuditEventTest { .withTimestamp(System.currentTimeMillis()) .withRemoteIp(testRemoteIp) .withUserName(testUserName) + .withProxyUserName(null) .withHttpMethodName(testHttpMethod) .withResourcePath(testResourcePath) .build(); @@ -50,6 +52,23 @@ public class AccessUnauthorizedAuditEventTest { String expectedAuditMessage = String.format("User(%s), RemoteIp(%s), Operation(%s), ResourcePath(%s), Status(Failed), Reason(Access not authorized)", testUserName, testRemoteIp, testHttpMethod, testResourcePath); assertThat(actualAuditMessage, equalTo(expectedAuditMessage)); + + evnt = AccessUnauthorizedAuditEvent.builder() + .withTimestamp(System.currentTimeMillis()) + .withRemoteIp(testRemoteIp) + .withUserName(testUserName) + .withProxyUserName(testProxyUserName) + .withHttpMethodName(testHttpMethod) + .withResourcePath(testResourcePath) + .build(); + + // When + actualAuditMessage = evnt.getAuditMessage(); + + // Then + expectedAuditMessage = String.format("User(%s), RemoteIp(%s), ProxyUser(PROXYUSER1), Operation(%s), ResourcePath(%s), Status(Failed), Reason(Access not authorized)", testUserName, testRemoteIp, testHttpMethod, testResourcePath); + + assertThat(actualAuditMessage, equalTo(expectedAuditMessage)); } diff --git a/ambari-server/src/test/java/org/apache/ambari/server/audit/LoginAuditEventTest.java b/ambari-server/src/test/java/org/apache/ambari/server/audit/LoginAuditEventTest.java index 2cff97e..b2ab7cc 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/audit/LoginAuditEventTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/audit/LoginAuditEventTest.java @@ -39,6 +39,7 @@ public class LoginAuditEventTest { // Given String testUserName = "USER1"; String testRemoteIp = "127.0.0.1"; + String testProxyUserName = "PROXYUSER1"; Map<String, List<String>> roles = new HashMap<>(); roles.put("a", Arrays.asList("r1", "r2", "r3")); @@ -47,6 +48,7 @@ public class LoginAuditEventTest { .withTimestamp(System.currentTimeMillis()) .withRemoteIp(testRemoteIp) .withUserName(testUserName) + .withProxyUserName(null) .withRoles(roles) .build(); @@ -61,6 +63,25 @@ public class LoginAuditEventTest { assertThat(actualAuditMessage, equalTo(expectedAuditMessage)); + evnt = LoginAuditEvent.builder() + .withTimestamp(System.currentTimeMillis()) + .withRemoteIp(testRemoteIp) + .withUserName(testUserName) + .withProxyUserName(testProxyUserName) + .withRoles(roles) + .build(); + + // When + actualAuditMessage = evnt.getAuditMessage(); + + roleMessage = System.lineSeparator() + " a: r1, r2, r3" + System.lineSeparator(); + + // Then + expectedAuditMessage = String.format("User(%s), RemoteIp(%s), ProxyUser(%s), Operation(User login), Roles(%s), Status(Success)", + testUserName, testRemoteIp, testProxyUserName, roleMessage); + + assertThat(actualAuditMessage, equalTo(expectedAuditMessage)); + } @Test @@ -68,6 +89,7 @@ public class LoginAuditEventTest { // Given String testUserName = "USER1"; String testRemoteIp = "127.0.0.1"; + String testProxyUserName = "PROXYUSER1"; String reason = "Bad credentials"; Integer consecutiveFailures = 1; @@ -78,6 +100,7 @@ public class LoginAuditEventTest { .withTimestamp(System.currentTimeMillis()) .withRemoteIp(testRemoteIp) .withUserName(testUserName) + .withProxyUserName(null) .withRoles(roles) .withReasonOfFailure(reason) .withConsecutiveFailures(consecutiveFailures) @@ -93,6 +116,27 @@ public class LoginAuditEventTest { testUserName, testRemoteIp, roleMessage, reason, consecutiveFailures); assertThat(actualAuditMessage, equalTo(expectedAuditMessage)); + + evnt = LoginAuditEvent.builder() + .withTimestamp(System.currentTimeMillis()) + .withRemoteIp(testRemoteIp) + .withUserName(testUserName) + .withProxyUserName(testProxyUserName) + .withRoles(roles) + .withReasonOfFailure(reason) + .withConsecutiveFailures(consecutiveFailures) + .build(); + + // When + actualAuditMessage = evnt.getAuditMessage(); + + roleMessage = System.lineSeparator() + " a: r1, r2, r3" + System.lineSeparator(); + + // Then + expectedAuditMessage = String.format("User(%s), RemoteIp(%s), ProxyUser(%s), Operation(User login), Roles(%s), Status(Failed), Reason(%s), Consecutive failures(%d)", + testUserName, testRemoteIp, testProxyUserName, roleMessage, reason, consecutiveFailures); + + assertThat(actualAuditMessage, equalTo(expectedAuditMessage)); } @Test @@ -102,6 +146,8 @@ public class LoginAuditEventTest { String testRemoteIp = "127.0.0.1"; String reason = "Bad credentials"; + String testProxyUserName = "PROXYUSER1"; + Map<String, List<String>> roles = new HashMap<>(); roles.put("a", Arrays.asList("r1", "r2", "r3")); @@ -109,6 +155,7 @@ public class LoginAuditEventTest { .withTimestamp(System.currentTimeMillis()) .withRemoteIp(testRemoteIp) .withUserName(testUserName) + .withProxyUserName(null) .withRoles(roles) .withReasonOfFailure(reason) .withConsecutiveFailures(null) @@ -124,6 +171,27 @@ public class LoginAuditEventTest { testUserName, testRemoteIp, roleMessage, reason); assertThat(actualAuditMessage, equalTo(expectedAuditMessage)); + + evnt = LoginAuditEvent.builder() + .withTimestamp(System.currentTimeMillis()) + .withRemoteIp(testRemoteIp) + .withUserName(testUserName) + .withProxyUserName(testProxyUserName) + .withRoles(roles) + .withReasonOfFailure(reason) + .withConsecutiveFailures(null) + .build(); + + // When + actualAuditMessage = evnt.getAuditMessage(); + + roleMessage = System.lineSeparator() + " a: r1, r2, r3" + System.lineSeparator(); + + // Then + expectedAuditMessage = String.format("User(%s), RemoteIp(%s), ProxyUser(%s), Operation(User login), Roles(%s), Status(Failed), Reason(%s), Consecutive failures(UNKNOWN USER)", + testUserName, testRemoteIp, testProxyUserName, roleMessage, reason); + + assertThat(actualAuditMessage, equalTo(expectedAuditMessage)); } @Test diff --git a/ambari-server/src/test/java/org/apache/ambari/server/audit/LogoutAuditEventTest.java b/ambari-server/src/test/java/org/apache/ambari/server/audit/LogoutAuditEventTest.java index 0cc2ae2..b8c2997 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/audit/LogoutAuditEventTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/audit/LogoutAuditEventTest.java @@ -33,10 +33,13 @@ public class LogoutAuditEventTest { String testUserName = "USER1"; String testRemoteIp = "127.0.0.1"; + String testProxyUserName = "PROXYUSER1"; + LogoutAuditEvent evnt = LogoutAuditEvent.builder() .withTimestamp(System.currentTimeMillis()) .withRemoteIp(testRemoteIp) .withUserName(testUserName) + .withProxyUserName(null) .build(); // When @@ -48,6 +51,22 @@ public class LogoutAuditEventTest { assertThat(actualAuditMessage, equalTo(expectedAuditMessage)); + evnt = LogoutAuditEvent.builder() + .withTimestamp(System.currentTimeMillis()) + .withRemoteIp(testRemoteIp) + .withUserName(testUserName) + .withProxyUserName(testProxyUserName) + .build(); + + // When + actualAuditMessage = evnt.getAuditMessage(); + + // Then + expectedAuditMessage = String.format("User(%s), RemoteIp(%s), ProxyUser(%s), Operation(Logout), Status(Success)", + testUserName, testRemoteIp, testProxyUserName); + + assertThat(actualAuditMessage, equalTo(expectedAuditMessage)); + } @Test diff --git a/ambari-server/src/test/java/org/apache/ambari/server/audit/OperationStatusAuditEventTest.java b/ambari-server/src/test/java/org/apache/ambari/server/audit/OperationStatusAuditEventTest.java index 91463ab..569cee4 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/audit/OperationStatusAuditEventTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/audit/OperationStatusAuditEventTest.java @@ -34,10 +34,13 @@ public class OperationStatusAuditEventTest { Long testRequestId = 100L; String testStatus = "IN PROGRESS"; + String testRemoteIp = "127.0.0.1"; + OperationStatusAuditEvent evnt = OperationStatusAuditEvent.builder() .withTimestamp(System.currentTimeMillis()) .withRequestId(testRequestId.toString()) .withStatus(testStatus) + .withRemoteIp(testRemoteIp) .withUserName("testuser") .withRequestContext("Start Service") .build(); @@ -46,7 +49,7 @@ public class OperationStatusAuditEventTest { String actualAuditMessage = evnt.getAuditMessage(); // Then - String expectedAuditMessage = String.format("User(testuser), Operation(Start Service), Status(%s), RequestId(%s)", testStatus, testRequestId); + String expectedAuditMessage = String.format("User(testuser), RemoteIp(127.0.0.1), Operation(Start Service), Status(%s), RequestId(%s)", testStatus, testRequestId); assertThat(actualAuditMessage, equalTo(expectedAuditMessage)); } diff --git a/ambari-server/src/test/java/org/apache/ambari/server/audit/StartOperationRequestAuditEventTest.java b/ambari-server/src/test/java/org/apache/ambari/server/audit/StartOperationRequestAuditEventTest.java index f67183a..b40d134 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/audit/StartOperationRequestAuditEventTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/audit/StartOperationRequestAuditEventTest.java @@ -36,10 +36,13 @@ public class StartOperationRequestAuditEventTest { String testRequestDetails = "{ \"key\": \"value\"}"; Long testRequestId = 100L; + String testProxyUserName = "PROXYUSER1"; + StartOperationRequestAuditEvent evnt = StartOperationRequestAuditEvent.builder() .withTimestamp(System.currentTimeMillis()) .withRemoteIp(testRemoteIp) .withUserName(testUserName) + .withProxyUserName(null) .withOperation(testRequestDetails) .withRequestId(testRequestId.toString()) .build(); @@ -52,6 +55,22 @@ public class StartOperationRequestAuditEventTest { assertThat(actualAuditMessage, equalTo(expectedAuditMessage)); + evnt = StartOperationRequestAuditEvent.builder() + .withTimestamp(System.currentTimeMillis()) + .withRemoteIp(testRemoteIp) + .withUserName(testUserName) + .withProxyUserName(testProxyUserName) + .withOperation(testRequestDetails) + .withRequestId(testRequestId.toString()) + .build(); + + // When + actualAuditMessage = evnt.getAuditMessage(); + + // Then + expectedAuditMessage = String.format("User(%s), RemoteIp(%s), ProxyUser(%s), Operation(%s), RequestId(%d), Status(Successfully queued)", testUserName, testRemoteIp, testProxyUserName, testRequestDetails, testRequestId); + + assertThat(actualAuditMessage, equalTo(expectedAuditMessage)); } @Test diff --git a/ambari-server/src/test/java/org/apache/ambari/server/audit/TaskStatusAuditEventTest.java b/ambari-server/src/test/java/org/apache/ambari/server/audit/TaskStatusAuditEventTest.java index 6815af3..7d1cce6 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/audit/TaskStatusAuditEventTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/audit/TaskStatusAuditEventTest.java @@ -31,6 +31,8 @@ public class TaskStatusAuditEventTest { public void testAuditMessage() throws Exception { // Given String testUserName = "USER1"; + + String testRemoteIp = "127.0.0.1"; String testOperation = "START MYCOMPONENT"; String testRequestDetails = "Start MyComponent"; String testHostName = "ambari.example.com"; @@ -41,6 +43,7 @@ public class TaskStatusAuditEventTest { TaskStatusAuditEvent event = TaskStatusAuditEvent.builder() .withTimestamp(System.currentTimeMillis()) .withUserName(testUserName) + .withRemoteIp(testRemoteIp) .withOperation(testOperation) .withRequestId(testRequestId.toString()) .withDetails(testRequestDetails) @@ -53,7 +56,7 @@ public class TaskStatusAuditEventTest { String actualAuditMessage = event.getAuditMessage(); // Then - String expectedAuditMessage = String.format("User(%s), Operation(%s), Details(%s), Status(%s), RequestId(%d), TaskId(%d), Hostname(%s)", testUserName, testOperation, testRequestDetails, testStatus, testRequestId, testTaskId, testHostName); + String expectedAuditMessage = String.format("User(%s), RemoteIp(%s), Operation(%s), Details(%s), Status(%s), RequestId(%d), TaskId(%d), Hostname(%s)", testUserName, testRemoteIp, testOperation, testRequestDetails, testStatus, testRequestId, testTaskId, testHostName); assertThat(actualAuditMessage, equalTo(expectedAuditMessage));