abhishekagarwal87 commented on code in PR #15480:
URL: https://github.com/apache/druid/pull/15480#discussion_r1429944065
##########
processing/src/main/java/org/apache/druid/audit/AuditManager.java:
##########
@@ -29,74 +28,76 @@
public interface AuditManager
{
- /**
- * This String is the default message stored instead of the actual audit
payload if the audit payload size
- * exceeded the maximum size limit configuration
- */
- String PAYLOAD_SKIP_MSG_FORMAT = "Payload was not stored as its size exceeds
the limit [%d] configured by druid.audit.manager.maxPayloadSizeBytes";
String X_DRUID_AUTHOR = "X-Druid-Author";
-
String X_DRUID_COMMENT = "X-Druid-Comment";
/**
- * inserts an audit entry in the Audit Table
- * @param key of the audit entry
- * @param type of the audit entry
- * @param auditInfo of the audit entry
- * @param payload of the audit entry
- * @param configSerde of the payload of the audit entry
+ * Value of header {@link #X_DRUID_AUTHOR} used by Druid services so that
they
+ * can be distinguished from external requests.
+ */
+ String AUTHOR_DRUID_SYSTEM = "druid_system";
+
+ /**
+ * @return true if the audited event was initiated by the Druid system
itself.
*/
- <T> void doAudit(String key, String type, AuditInfo auditInfo, T payload,
ConfigSerde<T> configSerde);
+ default boolean isSystemRequest(AuditInfo auditInfo)
+ {
+ return AUTHOR_DRUID_SYSTEM.equals(auditInfo.getAuthor());
Review Comment:
So its possible for a user to bypass audit system if they set this header?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
