ruanwenjun commented on code in PR #15554: URL: https://github.com/apache/dolphinscheduler/pull/15554#discussion_r1545897018
########## dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/audit/OperatorLogAspect.java: ########## @@ -0,0 +1,65 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.dolphinscheduler.api.audit; + +import org.apache.dolphinscheduler.api.audit.operator.Operator; +import org.apache.dolphinscheduler.service.bean.SpringApplicationContext; + +import java.lang.reflect.Method; + +import lombok.extern.slf4j.Slf4j; + +import org.aspectj.lang.ProceedingJoinPoint; +import org.aspectj.lang.annotation.Around; +import org.aspectj.lang.annotation.Aspect; +import org.aspectj.lang.annotation.Pointcut; +import org.aspectj.lang.reflect.MethodSignature; +import org.springframework.stereotype.Component; + +import io.swagger.v3.oas.annotations.Operation; + +@Aspect +@Slf4j +@Component +public class OperatorLogAspect { + + @Pointcut("@annotation(org.apache.dolphinscheduler.api.audit.OperatorLog)") + public void logPointCut() { + } + + @Around("logPointCut()") + public Object around(ProceedingJoinPoint point) throws Throwable { + MethodSignature signature = (MethodSignature) point.getSignature(); + Method method = signature.getMethod(); + + OperatorLog operatorLog = method.getAnnotation(OperatorLog.class); + // Api don't need record log + if (operatorLog == null) { + return point.proceed(); + } + + Operation operation = method.getAnnotation(Operation.class); Review Comment: I didn't find the `Operation` class, is this exist? ########## dolphinscheduler-common/src/main/java/org/apache/dolphinscheduler/common/enums/AuditObjectType.java: ########## @@ -0,0 +1,102 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.dolphinscheduler.common.enums; + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; + +import lombok.Getter; + +/** + * Audit Object type + */ +@Getter +public enum AuditObjectType { + + PROJECT("Project", null), // 1 + PROCESS("Process", PROJECT), + PROCESS_INSTANCE("Process instance", PROCESS), Review Comment: ```suggestion PROCESS_INSTANCE("ProcessInstance", PROCESS), ``` ########## dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/ExecutorServiceImpl.java: ########## @@ -293,7 +293,7 @@ private void checkMasterExists() { // no master if (masterServers.isEmpty()) { - throw new ServiceException(Status.MASTER_NOT_EXISTS); + // throw new ServiceException(Status.MASTER_NOT_EXISTS); Review Comment: Please rollback this kind of code. ########## dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/service/impl/AuditServiceImpl.java: ########## @@ -115,11 +121,14 @@ public PageInfo<AuditDto> queryLogListPaging(User loginUser, */ private AuditDto transformAuditLog(AuditLog auditLog) { AuditDto auditDto = new AuditDto(); - String resourceType = AuditResourceType.of(auditLog.getResourceType()).getMsg(); - auditDto.setResource(resourceType); - auditDto.setOperation(AuditOperationType.of(auditLog.getOperation()).getMsg()); + AuditObjectType objectType = AuditObjectType.of(auditLog.getObjectType()); + auditDto.setObjectType(objectType.getName()); + auditDto.setObjectName(auditLog.getObjectName()); + auditDto.setOperation(AuditOperationType.of(auditLog.getOperationType()).getName()); auditDto.setUserName(auditLog.getUserName()); - auditDto.setResourceName(auditLogMapper.queryResourceNameByType(resourceType, auditLog.getResourceId())); + auditDto.setLatency(String.format("%.2f", (double) auditLog.getLatency() / 1000)); Review Comment: ```suggestion auditDto.setLatency(String.format("%.2f", (double) auditLog.getLatency() / 1000)); ``` It's better to use ms. ########## dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/audit/operator/BaseOperator.java: ########## @@ -0,0 +1,223 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.dolphinscheduler.api.audit.operator; + +import org.apache.dolphinscheduler.api.audit.OperatorUtils; +import org.apache.dolphinscheduler.api.audit.enums.AuditType; +import org.apache.dolphinscheduler.api.service.AuditService; +import org.apache.dolphinscheduler.api.utils.Result; +import org.apache.dolphinscheduler.dao.entity.AuditLog; +import org.apache.dolphinscheduler.dao.entity.User; + +import java.util.List; +import java.util.Map; + +import lombok.extern.slf4j.Slf4j; + +import org.aspectj.lang.ProceedingJoinPoint; +import org.aspectj.lang.reflect.MethodSignature; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import com.google.common.base.Strings; + +@Service +@Slf4j +public abstract class BaseOperator implements Operator { + + @Autowired + private AuditService auditService; + + @Override + public Object recordAudit(ProceedingJoinPoint point, String describe, AuditType auditType) throws Throwable { + long beginTime = System.currentTimeMillis(); + + MethodSignature signature = (MethodSignature) point.getSignature(); + Map<String, Object> paramsMap = OperatorUtils.getParamsMap(point, signature); + + User user = OperatorUtils.getUser(paramsMap); + + if (user == null) { + log.error("user is null"); + return point.proceed(); + } + + List<AuditLog> auditLogList = OperatorUtils.buildAuditLogList(describe, auditType, user); + setRequestParam(auditType, auditLogList, paramsMap); + + Result result = (Result) point.proceed(); + if (OperatorUtils.resultFail(result)) { + log.error("request fail, code {}", result.getCode()); + return result; + } + + setObjectIdentityFromReturnObject(auditType, result, auditLogList); + + modifyAuditOperationType(auditType, paramsMap, auditLogList); + modifyAuditObjectType(auditType, paramsMap, auditLogList); + + long latency = System.currentTimeMillis() - beginTime; + auditService.addAudit(auditLogList, latency); + + return result; Review Comment: We may need to audit the case when `proceed` throw exception. ########## dolphinscheduler-dao/src/main/resources/sql/dolphinscheduler_mysql.sql: ########## @@ -2008,10 +2008,14 @@ DROP TABLE IF EXISTS `t_ds_audit_log`; CREATE TABLE `t_ds_audit_log` ( `id` bigint(11) NOT NULL AUTO_INCREMENT COMMENT'key', `user_id` int(11) NOT NULL COMMENT 'user id', - `resource_type` int(11) NOT NULL COMMENT 'resource type', - `operation` int(11) NOT NULL COMMENT 'operation', - `time` datetime DEFAULT CURRENT_TIMESTAMP COMMENT 'create time', - `resource_id` int(11) NULL DEFAULT NULL COMMENT 'resource id', + `object_id` bigint(20) DEFAULT NULL COMMENT 'object id', + `object_name` varchar(100) DEFAULT NULL COMMENT 'object id', + `object_type` varchar(100) NOT NULL COMMENT 'object type', Review Comment: ```suggestion `object_id` bigint(20) DEFAULT NULL COMMENT 'object id', `object_name` varchar(100) DEFAULT NULL COMMENT 'object id', `object_type` varchar(100) NOT NULL COMMENT 'object type', ``` Use `domain_id` or `module_id` is better than object_id? ########## dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/audit/operator/Operator.java: ########## @@ -15,14 +15,13 @@ * limitations under the License. */ -package org.apache.dolphinscheduler.api.audit; +package org.apache.dolphinscheduler.api.audit.operator; -public interface AuditSubscriber { +import org.apache.dolphinscheduler.api.audit.enums.AuditType; - /** - * process the audit message - * - * @param message - */ - void execute(AuditMessage message); +import org.aspectj.lang.ProceedingJoinPoint; + +public interface Operator { Review Comment: ```suggestion public interface AuditOperator { ``` ########## dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/audit/operator/BaseOperator.java: ########## @@ -0,0 +1,223 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.dolphinscheduler.api.audit.operator; + +import org.apache.dolphinscheduler.api.audit.OperatorUtils; +import org.apache.dolphinscheduler.api.audit.enums.AuditType; +import org.apache.dolphinscheduler.api.service.AuditService; +import org.apache.dolphinscheduler.api.utils.Result; +import org.apache.dolphinscheduler.dao.entity.AuditLog; +import org.apache.dolphinscheduler.dao.entity.User; + +import java.util.List; +import java.util.Map; + +import lombok.extern.slf4j.Slf4j; + +import org.aspectj.lang.ProceedingJoinPoint; +import org.aspectj.lang.reflect.MethodSignature; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import com.google.common.base.Strings; + +@Service +@Slf4j +public abstract class BaseOperator implements Operator { + + @Autowired + private AuditService auditService; + + @Override + public Object recordAudit(ProceedingJoinPoint point, String describe, AuditType auditType) throws Throwable { + long beginTime = System.currentTimeMillis(); + + MethodSignature signature = (MethodSignature) point.getSignature(); + Map<String, Object> paramsMap = OperatorUtils.getParamsMap(point, signature); + + User user = OperatorUtils.getUser(paramsMap); + + if (user == null) { + log.error("user is null"); + return point.proceed(); + } + + List<AuditLog> auditLogList = OperatorUtils.buildAuditLogList(describe, auditType, user); + setRequestParam(auditType, auditLogList, paramsMap); + + Result result = (Result) point.proceed(); + if (OperatorUtils.resultFail(result)) { + log.error("request fail, code {}", result.getCode()); + return result; + } + + setObjectIdentityFromReturnObject(auditType, result, auditLogList); + + modifyAuditOperationType(auditType, paramsMap, auditLogList); + modifyAuditObjectType(auditType, paramsMap, auditLogList); + + long latency = System.currentTimeMillis() - beginTime; + auditService.addAudit(auditLogList, latency); + + return result; + } + + protected void setRequestParam(AuditType auditType, List<AuditLog> auditLogList, Map<String, Object> paramsMap) { + String[] paramNameArr = auditType.getRequestParamName(); + + if (paramNameArr.length == 0) { + return; + } + + modifyRequestParams(paramNameArr, paramsMap, auditLogList); + setObjectByParma(paramNameArr, paramsMap, auditLogList); + + if (auditLogList.get(0).getObjectId() == null) { + auditLogList.get(0).setObjectId(OperatorUtils.getObjectIdentityByParma(paramNameArr, paramsMap)); + } + } + + protected void setObjectByParma(String[] paramNameArr, Map<String, Object> paramsMap, + List<AuditLog> auditLogList) { + + String name = paramNameArr[0]; + Object value = paramsMap.get(name); + + if (value == null) { + return; + } + + String objName = getObjectNameFromReturnIdentity(value); + + if (Strings.isNullOrEmpty(objName)) { + auditLogList.get(0).setObjectName(value.toString()); + return; + } + + try { + long objectId = Long.parseLong(value.toString()); + auditLogList.get(0).setObjectId(objectId); + } catch (NumberFormatException e) { + log.error("value is not long, value: {}", value); + } + + auditLogList.get(0).setObjectName(objName); + } + + protected void setObjectByParmaArr(String[] paramNameArr, Map<String, Object> paramsMap, + List<AuditLog> auditLogList) { + + AuditLog auditLog = auditLogList.get(0); + for (String param : paramNameArr) { + if (!paramsMap.containsKey(param)) { + continue; + } + + String[] identityArr = ((String) paramsMap.get(param)).split(","); + for (String identityString : identityArr) { + long identity; + try { + identity = Long.parseLong(identityString); + } catch (Exception e) { + log.error("code is not long, code: {}", identityString); + continue; + } + + String value = getObjectNameFromReturnIdentity(identity); + + if (value == null) { + continue; + } + + auditLog.setObjectId(identity); + auditLog.setObjectName(value); + auditLogList.add(auditLog); + auditLog = AuditLog.copyNewOne(auditLog); + } + } + auditLogList.remove(0); + } + + protected void setObjectIdentityFromReturnObject(AuditType auditType, Result result, + List<AuditLog> auditLogList) { + String[] returnObjectFieldNameArr = auditType.getReturnObjectFieldName(); + if (returnObjectFieldNameArr.length == 0) { + return; + } + Map<String, Object> returnObjectMap = + OperatorUtils.getObjectIfFromReturnObject(result.getData(), returnObjectFieldNameArr); + modifyObjectFromReturnObject(returnObjectFieldNameArr, returnObjectMap, auditLogList); + setObjectNameFromReturnIdentity(auditLogList); + } + + protected void setObjectNameFromReturnIdentity(List<AuditLog> auditLogList) { + auditLogList + .forEach(auditLog -> auditLog.setObjectName(getObjectNameFromReturnIdentity(auditLog.getObjectId()))); + } + + protected String getObjectNameFromReturnIdentity(Object identity) { + return ""; + } + + protected void modifyRequestParams(String[] paramNameArr, Map<String, Object> paramsMap, + List<AuditLog> auditLogList) { + } + + protected void modifyAuditObjectType(AuditType auditType, Map<String, Object> paramsMap, + List<AuditLog> auditLogList) { + + } + + protected void modifyAuditOperationType(AuditType auditType, Map<String, Object> paramsMap, + List<AuditLog> auditLogList) { + + } + + protected void modifyObjectFromReturnObject(String[] params, Map<String, Object> returnObjectMap, + List<AuditLog> auditLogList) { + if (returnObjectMap.isEmpty()) { + return; + } + + if (returnObjectMap.get(params[0]) == null) { + return; + } + + Long objId = checkNum(returnObjectMap.get(params[0]).toString()); Review Comment: ```suggestion Long objId = NumberUtils.toLong(returnObjectMap.get(params[0]).toString(), -1); ``` ########## dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/audit/OperatorLogAspect.java: ########## @@ -0,0 +1,396 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.dolphinscheduler.api.audit; + +import org.apache.dolphinscheduler.api.enums.ExecuteType; +import org.apache.dolphinscheduler.api.service.AuditService; +import org.apache.dolphinscheduler.api.utils.Result; +import org.apache.dolphinscheduler.common.enums.AuditObjectType; +import org.apache.dolphinscheduler.common.enums.AuditOperationType; +import org.apache.dolphinscheduler.common.enums.ReleaseState; +import org.apache.dolphinscheduler.dao.entity.AuditLog; +import org.apache.dolphinscheduler.dao.entity.Schedule; +import org.apache.dolphinscheduler.dao.entity.User; +import org.apache.dolphinscheduler.dao.mapper.ScheduleMapper; +import org.apache.dolphinscheduler.dao.mapper.UserMapper; +import org.apache.dolphinscheduler.spi.enums.ResourceType; + +import java.lang.reflect.Field; +import java.lang.reflect.Method; +import java.util.ArrayList; +import java.util.Date; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import lombok.extern.slf4j.Slf4j; + +import org.aspectj.lang.ProceedingJoinPoint; +import org.aspectj.lang.annotation.Around; +import org.aspectj.lang.annotation.Aspect; +import org.aspectj.lang.annotation.Pointcut; +import org.aspectj.lang.reflect.MethodSignature; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import io.swagger.v3.oas.annotations.Operation; + +@Aspect +@Component +@Slf4j +public class OperatorLogAspect { + + @Autowired + private AuditService auditService; + + @Autowired + private ScheduleMapper scheduleMapper; + + @Autowired + private UserMapper userMapper; + + @Pointcut("@annotation(OperatorLog)") + public void logPointCut() { + + } + + @Around("logPointCut()") + public Object around(ProceedingJoinPoint point) throws Throwable { + long beginTime = System.currentTimeMillis(); + MethodSignature signature = (MethodSignature) point.getSignature(); + Method method = signature.getMethod(); + + OperatorLog operatorLog = method.getAnnotation(OperatorLog.class); + // Api don't need record log + if (operatorLog == null) { + return point.proceed(); + } Review Comment: The `logPointCut` should make sure the method exist `@OperatorLog`. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
