This is an automated email from the ASF dual-hosted git repository.
yongzao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/iotdb.git
The following commit(s) were added to refs/heads/master by this push:
new 48bd352fb00 Delete audit implementation (#16899)
48bd352fb00 is described below
commit 48bd352fb00a0785156ae381c199a38468dd5e15
Author: jintao zhu <[email protected]>
AuthorDate: Fri Dec 12 16:44:18 2025 +0800
Delete audit implementation (#16899)
---
.../iotdb/db/it/audit/IoTDBAuditLogBasicIT.java | 2 +
.../iotdb/confignode/audit/CNAuditLogger.java | 50 +--
.../org/apache/iotdb/db/audit/DNAuditLogger.java | 398 +--------------------
.../iotdb/commons/audit/AbstractAuditLogger.java | 77 +---
4 files changed, 8 insertions(+), 519 deletions(-)
diff --git
a/integration-test/src/test/java/org/apache/iotdb/db/it/audit/IoTDBAuditLogBasicIT.java
b/integration-test/src/test/java/org/apache/iotdb/db/it/audit/IoTDBAuditLogBasicIT.java
index f12dd4ca66e..83aa06dc61d 100644
---
a/integration-test/src/test/java/org/apache/iotdb/db/it/audit/IoTDBAuditLogBasicIT.java
+++
b/integration-test/src/test/java/org/apache/iotdb/db/it/audit/IoTDBAuditLogBasicIT.java
@@ -32,6 +32,7 @@ import org.apache.iotdb.itbase.runtime.NodeConnection;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
+import org.junit.Ignore;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.junit.runner.RunWith;
@@ -52,6 +53,7 @@ import java.util.stream.Stream;
* This test class ensures the audit log behave exactly the same as we
expected, including the
* number, sequence and content of the audit logs.
*/
+@Ignore
@RunWith(IoTDBTestRunner.class)
@Category({LocalStandaloneIT.class})
public class IoTDBAuditLogBasicIT {
diff --git
a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/audit/CNAuditLogger.java
b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/audit/CNAuditLogger.java
index 9b14d7b8423..ccc1008eec3 100644
---
a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/audit/CNAuditLogger.java
+++
b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/audit/CNAuditLogger.java
@@ -19,24 +19,16 @@
package org.apache.iotdb.confignode.audit;
-import org.apache.iotdb.common.rpc.thrift.TConsensusGroupId;
-import org.apache.iotdb.common.rpc.thrift.TConsensusGroupType;
-import org.apache.iotdb.common.rpc.thrift.TDataNodeLocation;
-import org.apache.iotdb.common.rpc.thrift.TRegionReplicaSet;
import org.apache.iotdb.commons.audit.AbstractAuditLogger;
import org.apache.iotdb.commons.audit.IAuditEntity;
-import
org.apache.iotdb.confignode.client.async.AsyncDataNodeHeartbeatClientPool;
-import
org.apache.iotdb.confignode.client.async.handlers.audit.DataNodeWriteAuditLogHandler;
import org.apache.iotdb.confignode.conf.ConfigNodeConfig;
import org.apache.iotdb.confignode.conf.ConfigNodeDescriptor;
import org.apache.iotdb.confignode.manager.ConfigManager;
import org.apache.iotdb.confignode.manager.IManager;
-import org.apache.iotdb.mpp.rpc.thrift.TAuditLogReq;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import java.util.List;
import java.util.function.Supplier;
public class CNAuditLogger extends AbstractAuditLogger {
@@ -50,45 +42,5 @@ public class CNAuditLogger extends AbstractAuditLogger {
}
@Override
- public void log(IAuditEntity auditLogFields, Supplier<String> log) {
- if (!IS_AUDIT_LOG_ENABLED) {
- return;
- }
- if (noNeedInsertAuditLog(auditLogFields)) {
- return;
- }
- // find database "__audit"'s data_region
- List<TRegionReplicaSet> auditReplicaSets =
- configManager
- .getPartitionManager()
- .getAllReplicaSets("root.__audit", TConsensusGroupType.DataRegion);
- if (auditReplicaSets.isEmpty()) {
- logger.warn("Database {} does not exist.", "root.__audit");
- return;
- }
- TConsensusGroupId regionId = auditReplicaSets.get(0).getRegionId();
- // use ConfigManager.getLoadManager().getLoadCache().getRegionLeaderMap()
to get regionLeaderId
- TDataNodeLocation regionLeader =
configManager.getRegionLeaderLocation(regionId);
- TAuditLogReq req =
- new TAuditLogReq(
- auditLogFields.getUsername(),
- auditLogFields.getUserId(),
- auditLogFields.getCliHostname(),
- auditLogFields.getAuditEventType().toString(),
- auditLogFields.getAuditLogOperation().toString(),
- auditLogFields.getPrivilegeTypeString(),
- auditLogFields.getResult(),
- auditLogFields.getDatabase(),
- auditLogFields.getSqlString(),
- log.get(),
- CONF.getConfigNodeId());
- // refer the implementation of HeartbeatService.pingRegisteredDataNode().
By appending a new
- // writeAudtiLog() interface in AsyncDataNodeHeartbeatClientPool, the main
thread is not
- // required to wait until the write audit log request to be complete.
- AsyncDataNodeHeartbeatClientPool.getInstance()
- .writeAuditLog(
- regionLeader.getInternalEndPoint(),
- req,
- new DataNodeWriteAuditLogHandler(regionLeader.getDataNodeId()));
- }
+ public void log(IAuditEntity auditLogFields, Supplier<String> log) {}
}
diff --git
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/audit/DNAuditLogger.java
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/audit/DNAuditLogger.java
index 713d79f77d9..3a07ac9aa69 100644
---
a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/audit/DNAuditLogger.java
+++
b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/audit/DNAuditLogger.java
@@ -19,99 +19,20 @@
package org.apache.iotdb.db.audit;
-import org.apache.iotdb.common.rpc.thrift.TSStatus;
import org.apache.iotdb.commons.audit.AbstractAuditLogger;
-import org.apache.iotdb.commons.audit.AuditEventType;
import org.apache.iotdb.commons.audit.AuditLogFields;
-import org.apache.iotdb.commons.audit.AuditLogOperation;
import org.apache.iotdb.commons.audit.IAuditEntity;
-import org.apache.iotdb.commons.audit.PrivilegeLevel;
-import org.apache.iotdb.commons.audit.UserEntity;
-import org.apache.iotdb.commons.auth.entity.PrivilegeType;
-import org.apache.iotdb.commons.client.IClientManager;
-import org.apache.iotdb.commons.client.exception.ClientManagerException;
-import org.apache.iotdb.commons.conf.IoTDBConstant;
-import org.apache.iotdb.commons.consensus.ConfigRegionId;
import org.apache.iotdb.commons.exception.IllegalPathException;
import org.apache.iotdb.commons.path.PartialPath;
-import org.apache.iotdb.commons.pipe.config.constant.SystemConstant;
-import org.apache.iotdb.commons.utils.CommonDateTimeUtils;
-import org.apache.iotdb.confignode.rpc.thrift.TGetDatabaseReq;
-import org.apache.iotdb.confignode.rpc.thrift.TShowDatabaseResp;
-import org.apache.iotdb.db.auth.AuthorityChecker;
-import org.apache.iotdb.db.conf.IoTDBConfig;
-import org.apache.iotdb.db.conf.IoTDBDescriptor;
-import org.apache.iotdb.db.protocol.client.ConfigNodeClient;
-import org.apache.iotdb.db.protocol.client.ConfigNodeClientManager;
-import org.apache.iotdb.db.protocol.client.ConfigNodeInfo;
-import org.apache.iotdb.db.protocol.session.IClientSession;
-import org.apache.iotdb.db.protocol.session.InternalClientSession;
-import org.apache.iotdb.db.protocol.session.SessionManager;
-import org.apache.iotdb.db.queryengine.common.SessionInfo;
import org.apache.iotdb.db.queryengine.plan.Coordinator;
-import org.apache.iotdb.db.queryengine.plan.analyze.ClusterPartitionFetcher;
-import
org.apache.iotdb.db.queryengine.plan.analyze.cache.schema.DataNodeDevicePathCache;
-import org.apache.iotdb.db.queryengine.plan.execution.ExecutionResult;
-import org.apache.iotdb.db.queryengine.plan.parser.StatementGenerator;
-import org.apache.iotdb.db.queryengine.plan.planner.LocalExecutionPlanner;
-import org.apache.iotdb.db.queryengine.plan.relational.metadata.Metadata;
-import org.apache.iotdb.db.queryengine.plan.relational.sql.parser.SqlParser;
-import org.apache.iotdb.db.queryengine.plan.statement.Statement;
import org.apache.iotdb.db.queryengine.plan.statement.crud.InsertRowStatement;
-import
org.apache.iotdb.db.queryengine.plan.statement.metadata.ShowDatabaseStatement;
-import org.apache.iotdb.rpc.TSStatusCode;
-
-import org.apache.thrift.TException;
-import org.apache.tsfile.common.conf.TSFileConfig;
-import org.apache.tsfile.enums.TSDataType;
-import org.apache.tsfile.utils.Binary;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
import javax.validation.constraints.NotNull;
-import java.io.IOException;
-import java.time.ZoneId;
-import java.util.Arrays;
-import java.util.List;
-import java.util.concurrent.TimeUnit;
-import java.util.concurrent.atomic.AtomicBoolean;
import java.util.function.Supplier;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-
-import static
org.apache.iotdb.db.pipe.receiver.protocol.legacy.loader.ILoader.SCHEMA_FETCHER;
public class DNAuditLogger extends AbstractAuditLogger {
public static final String PREFIX_PASSWORD_HISTORY =
"root.__audit.password_history";
- private static final Logger logger =
LoggerFactory.getLogger(DNAuditLogger.class);
-
- // TODO: @zhujt20 Optimize the following stupid intervals
- private static final int INSERT_RETRY_COUNT = 5;
- private static final int INSERT_RETRY_INTERVAL_MS = 2000;
- private static final int INSERT_INTERVAL_MS = 50;
-
- private static final IoTDBConfig config =
IoTDBDescriptor.getInstance().getConfig();
-
- private static final String AUDIT_LOG_DEVICE =
"root.__audit.log.node_%s.u_%s";
- private static final String AUDIT_CN_LOG_DEVICE =
"root.__audit.log.node_%s.u_all";
- private static final SessionInfo sessionInfo =
- new SessionInfo(
- 0,
- new UserEntity(
- AuthorityChecker.INTERNAL_AUDIT_USER_ID,
- AuthorityChecker.INTERNAL_AUDIT_USER,
- IoTDBDescriptor.getInstance().getConfig().getInternalAddress()),
- ZoneId.systemDefault());
-
- private static final SessionManager SESSION_MANAGER =
SessionManager.getInstance();
-
- private static final IClientManager<ConfigRegionId, ConfigNodeClient>
CONFIG_NODE_CLIENT_MANAGER =
- ConfigNodeClientManager.getInstance();
-
- private static final DataNodeDevicePathCache DEVICE_PATH_CACHE =
- DataNodeDevicePathCache.getInstance();
- private static final AtomicBoolean tableViewIsInitialized = new
AtomicBoolean(false);
private Coordinator coordinator;
@@ -130,327 +51,16 @@ public class DNAuditLogger extends AbstractAuditLogger {
@NotNull
private static InsertRowStatement generateInsertStatement(
IAuditEntity auditLogFields, String log, PartialPath logDevice) {
- String username = auditLogFields.getUsername();
- String address = auditLogFields.getCliHostname();
- AuditEventType type = auditLogFields.getAuditEventType();
- AuditLogOperation operation = auditLogFields.getAuditLogOperation();
- PrivilegeLevel privilegeLevel = null;
- if (auditLogFields.getPrivilegeTypes() != null) {
- for (PrivilegeType privilegeType : auditLogFields.getPrivilegeTypes()) {
- privilegeLevel = judgePrivilegeLevel(privilegeType);
- if (privilegeLevel.equals(PrivilegeLevel.GLOBAL)) {
- break;
- }
- }
- } else {
- privilegeLevel = PrivilegeLevel.GLOBAL;
- }
- InsertRowStatement insertStatement = new InsertRowStatement();
- insertStatement.setDevicePath(logDevice);
- insertStatement.setTime(CommonDateTimeUtils.currentTime());
- insertStatement.setMeasurements(
- new String[] {
- AUDIT_LOG_USERNAME,
- AUDIT_LOG_CLI_HOSTNAME,
- AUDIT_LOG_AUDIT_EVENT_TYPE,
- AUDIT_LOG_OPERATION_TYPE,
- AUDIT_LOG_PRIVILEGE_TYPE,
- AUDIT_LOG_PRIVILEGE_LEVEL,
- AUDIT_LOG_RESULT,
- AUDIT_LOG_DATABASE,
- AUDIT_LOG_SQL_STRING,
- AUDIT_LOG_LOG
- });
- insertStatement.setAligned(false);
- String sqlString = auditLogFields.getSqlString();
- if (sqlString != null) {
- if (sqlString.toUpperCase().startsWith("CREATE USER")) {
- sqlString = String.join(" ", Arrays.asList(sqlString.split("
")).subList(0, 3)) + " ...";
- }
- Pattern pattern = Pattern.compile("(?i)(values)\\([^)]*\\)");
- Matcher matcher = pattern.matcher(sqlString);
- StringBuffer sb = new StringBuffer();
- while (matcher.find()) {
- matcher.appendReplacement(sb, matcher.group(1) + "(...)");
- }
- matcher.appendTail(sb);
- sqlString = sb.toString();
- }
- insertStatement.setValues(
- new Object[] {
- new Binary(username == null ? "null" : username,
TSFileConfig.STRING_CHARSET),
- new Binary(address == null ? "null" : address,
TSFileConfig.STRING_CHARSET),
- new Binary(type == null ? "null" : type.toString(),
TSFileConfig.STRING_CHARSET),
- new Binary(
- operation == null ? "null" : operation.toString(),
TSFileConfig.STRING_CHARSET),
- new Binary(
- auditLogFields.getPrivilegeTypes() == null
- ? "null"
- : auditLogFields.getPrivilegeTypeString(),
- TSFileConfig.STRING_CHARSET),
- new Binary(
- privilegeLevel == null ? "null" : privilegeLevel.toString(),
- TSFileConfig.STRING_CHARSET),
- auditLogFields.getResult(),
- new Binary(
- auditLogFields.getDatabase() == null ? "null" :
auditLogFields.getDatabase(),
- TSFileConfig.STRING_CHARSET),
- new Binary(sqlString == null ? "null" : sqlString,
TSFileConfig.STRING_CHARSET),
- new Binary(log == null ? "null" : log, TSFileConfig.STRING_CHARSET)
- });
- insertStatement.setDataTypes(
- new TSDataType[] {
- TSDataType.STRING,
- TSDataType.STRING,
- TSDataType.STRING,
- TSDataType.STRING,
- TSDataType.STRING,
- TSDataType.STRING,
- TSDataType.BOOLEAN,
- TSDataType.STRING,
- TSDataType.STRING,
- TSDataType.STRING,
- });
- return insertStatement;
+ return null;
}
- public void createViewIfNecessary() {
- if (!tableViewIsInitialized.get()) {
- synchronized (this) {
- if (tableViewIsInitialized.get()) {
- return;
- }
- Statement statement =
- StatementGenerator.createStatement(
- "SHOW DATABASES " + SystemConstant.AUDIT_DATABASE,
ZoneId.systemDefault());
- try (final ConfigNodeClient client =
-
CONFIG_NODE_CLIENT_MANAGER.borrowClient(ConfigNodeInfo.CONFIG_REGION_ID)) {
- ShowDatabaseStatement showStatement = (ShowDatabaseStatement)
statement;
- final List<String> databasePathPattern =
- Arrays.asList(showStatement.getPathPattern().getNodes());
- final TGetDatabaseReq req =
- new TGetDatabaseReq(
- databasePathPattern,
showStatement.getAuthorityScope().serialize())
- .setIsTableModel(false);
- final TShowDatabaseResp resp = client.showDatabase(req);
- if (resp.getDatabaseInfoMapSize() > 0) {
- tableViewIsInitialized.set(true);
- return;
- }
- } catch (ClientManagerException | TException | IOException e) {
- logger.error(
- "Failed to show database before creating database {} for audit
log",
- SystemConstant.AUDIT_DATABASE);
- }
-
- statement =
- StatementGenerator.createStatement(
- "CREATE DATABASE "
- + SystemConstant.AUDIT_DATABASE
- + " WITH SCHEMA_REGION_GROUP_NUM=1,
DATA_REGION_GROUP_NUM=1",
- ZoneId.systemDefault());
- ExecutionResult result =
- coordinator.executeForTreeModel(
- statement,
- SESSION_MANAGER.requestQueryId(),
- sessionInfo,
- "",
- ClusterPartitionFetcher.getInstance(),
- SCHEMA_FETCHER);
- if (result.status.getCode() ==
TSStatusCode.SUCCESS_STATUS.getStatusCode()
- || result.status.getCode() ==
TSStatusCode.DATABASE_ALREADY_EXISTS.getStatusCode()) {
-
- SqlParser relationSqlParser = new SqlParser();
- IClientSession session =
- new InternalClientSession(
- String.format(
- "%s_%s", DNAuditLogger.class.getSimpleName(),
SystemConstant.AUDIT_DATABASE));
- session.setUsername(AuthorityChecker.INTERNAL_AUDIT_USER);
- session.setZoneId(ZoneId.systemDefault());
- session.setClientVersion(IoTDBConstant.ClientVersion.V_1_0);
- session.setDatabaseName(SystemConstant.AUDIT_DATABASE);
- session.setSqlDialect(IClientSession.SqlDialect.TABLE);
- SESSION_MANAGER.registerSession(session);
- Metadata metadata = LocalExecutionPlanner.getInstance().metadata;
-
- org.apache.iotdb.db.queryengine.plan.relational.sql.ast.Statement
stmt =
- relationSqlParser.createStatement(
- "CREATE DATABASE " + SystemConstant.AUDIT_PREFIX_KEY,
- ZoneId.systemDefault(),
- session);
- TSStatus status =
- coordinator.executeForTableModel(
- stmt,
- relationSqlParser,
- session,
- SESSION_MANAGER.requestQueryId(),
- SESSION_MANAGER.getSessionInfoOfTableModel(session),
- "",
- metadata,
- config.getQueryTimeoutThreshold(),
- false)
- .status;
- if (status.getCode() != TSStatusCode.SUCCESS_STATUS.getStatusCode()
- && status.getCode() !=
TSStatusCode.DATABASE_ALREADY_EXISTS.getStatusCode()) {
- logger.error(
- "Failed to create database in table model for audit log,
because {}",
- status.getMessage());
- }
- stmt =
- relationSqlParser.createStatement(
- String.format(
- "CREATE VIEW __audit.audit_log (\n"
- + " %s STRING TAG,\n"
- + " %s STRING TAG,\n"
- + " %s STRING FIELD,\n"
- + " %s STRING FIELD,\n"
- + " %s STRING FIELD,\n"
- + " %s STRING FIELD,\n"
- + " %s STRING FIELD,\n"
- + " %s STRING FIELD,\n"
- + " %s BOOLEAN FIELD,\n"
- + " %s STRING FIELD,\n"
- + " %s STRING FIELD,\n"
- + " %s STRING FIELD\n"
- + ") AS root.__audit.log.**",
- AUDIT_LOG_NODE_ID,
- AUDIT_LOG_USER_ID,
- AUDIT_LOG_USERNAME,
- AUDIT_LOG_CLI_HOSTNAME,
- AUDIT_LOG_AUDIT_EVENT_TYPE,
- AUDIT_LOG_OPERATION_TYPE,
- AUDIT_LOG_PRIVILEGE_TYPE,
- AUDIT_LOG_PRIVILEGE_LEVEL,
- AUDIT_LOG_RESULT,
- AUDIT_LOG_DATABASE,
- AUDIT_LOG_SQL_STRING,
- AUDIT_LOG_LOG),
- ZoneId.systemDefault(),
- session);
- status =
- coordinator.executeForTableModel(
- stmt,
- relationSqlParser,
- session,
- SESSION_MANAGER.requestQueryId(),
- SESSION_MANAGER.getSessionInfoOfTableModel(session),
- "",
- metadata,
- config.getQueryTimeoutThreshold(),
- false)
- .status;
- if (status.getCode() != TSStatusCode.SUCCESS_STATUS.getStatusCode()
- && status.getCode()
- !=
TSStatusCode.MEASUREMENT_ALREADY_EXISTS_IN_TEMPLATE.getStatusCode()) {
- logger.error("Failed to create view for audit log, because {}",
status.getMessage());
- } else {
- logger.info("Create view for audit log successfully");
- tableViewIsInitialized.set(true);
- }
- } else {
- logger.error("Failed to create database {} for audit log",
SystemConstant.AUDIT_DATABASE);
- }
- }
- }
- }
+ public void createViewIfNecessary() {}
@Override
- public synchronized void log(IAuditEntity auditLogFields, Supplier<String>
log) {
- if (!IS_AUDIT_LOG_ENABLED) {
- return;
- }
- try {
- createViewIfNecessary();
- if (noNeedInsertAuditLog(auditLogFields)) {
- return;
- }
- long userId = auditLogFields.getUserId();
- String user = String.valueOf(userId);
- if (userId == -1) {
- user = "none";
- }
- String dataNodeId = String.valueOf(config.getDataNodeId());
- InsertRowStatement statement =
- generateInsertStatement(
- auditLogFields,
- log.get(),
- DEVICE_PATH_CACHE.getPartialPath(String.format(AUDIT_LOG_DEVICE,
dataNodeId, user)));
- for (int retry = 0; retry < INSERT_RETRY_COUNT; retry++) {
- ExecutionResult insertResult =
- coordinator.executeForTreeModel(
- statement,
- SESSION_MANAGER.requestQueryId(),
- sessionInfo,
- "",
- ClusterPartitionFetcher.getInstance(),
- SCHEMA_FETCHER);
- if (insertResult.status.getCode() ==
TSStatusCode.SUCCESS_STATUS.getStatusCode()) {
- TimeUnit.MILLISECONDS.sleep(INSERT_INTERVAL_MS);
- return;
- }
- TimeUnit.MILLISECONDS.sleep(INSERT_RETRY_INTERVAL_MS);
- }
- } catch (InterruptedException e) {
- Thread.currentThread().interrupt();
- logger.warn("[AUDIT] Audit log insertion retry sleep was interrupted
because", e);
- } catch (Exception e) {
- logger.warn("[AUDIT] Failed to log audit events because", e);
- }
- AuditEventType type = auditLogFields.getAuditEventType();
- if (isLoginEvent(type)) {
- // TODO: @wenyanshi-123 Reactivate the following codes in the future
- // try {
- // statement.setDevicePath(
- // DEVICE_PATH_CACHE.getPartialPath(
- // String.format(AUDIT_LOGIN_LOG_DEVICE, dataNodeId,
user)));
- // } catch (IllegalPathException e) {
- // logger.error("Failed to log audit login events because ", e);
- // return;
- // }
- // coordinator.executeForTreeModel(
- // statement,
- // SESSION_MANAGER.requestQueryId(),
- // sessionInfo,
- // "",
- // ClusterPartitionFetcher.getInstance(),
- // SCHEMA_FETCHER);
- }
- }
+ public synchronized void log(IAuditEntity auditLogFields, Supplier<String>
log) {}
public void logFromCN(AuditLogFields auditLogFields, String log, int nodeId)
- throws IllegalPathException {
- if (!IS_AUDIT_LOG_ENABLED) {
- return;
- }
- createViewIfNecessary();
- if (noNeedInsertAuditLog(auditLogFields)) {
- return;
- }
- InsertRowStatement statement =
- generateInsertStatement(
- auditLogFields,
- log,
-
DEVICE_PATH_CACHE.getPartialPath(String.format(AUDIT_CN_LOG_DEVICE, nodeId)));
- for (int retry = 0; retry < INSERT_RETRY_COUNT; retry++) {
- ExecutionResult insertResult =
- coordinator.executeForTreeModel(
- statement,
- SESSION_MANAGER.requestQueryId(),
- sessionInfo,
- "",
- ClusterPartitionFetcher.getInstance(),
- SCHEMA_FETCHER);
- if (insertResult.status.getCode() ==
TSStatusCode.SUCCESS_STATUS.getStatusCode()) {
- return;
- }
- try {
- TimeUnit.MILLISECONDS.sleep(INSERT_RETRY_INTERVAL_MS);
- } catch (InterruptedException e) {
- Thread.currentThread().interrupt();
- logger.error("Audit log insertion retry sleep was interrupted", e);
- }
- }
- }
+ throws IllegalPathException {}
private static class DNAuditLoggerHolder {
diff --git
a/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/audit/AbstractAuditLogger.java
b/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/audit/AbstractAuditLogger.java
index ca659a532cd..cec03366321 100644
---
a/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/audit/AbstractAuditLogger.java
+++
b/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/audit/AbstractAuditLogger.java
@@ -19,11 +19,9 @@
package org.apache.iotdb.commons.audit;
-import org.apache.iotdb.commons.auth.entity.PrivilegeType;
import org.apache.iotdb.commons.conf.CommonConfig;
import org.apache.iotdb.commons.conf.CommonDescriptor;
-import java.util.List;
import java.util.function.Supplier;
public abstract class AbstractAuditLogger {
@@ -43,83 +41,10 @@ public abstract class AbstractAuditLogger {
private static final CommonConfig CONFIG =
CommonDescriptor.getInstance().getConfig();
protected static final boolean IS_AUDIT_LOG_ENABLED =
CONFIG.isEnableAuditLog();
- private static final List<AuditLogOperation> AUDITABLE_OPERATION_TYPE =
- CONFIG.getAuditableOperationType();
- private static final PrivilegeLevel AUDITABLE_OPERATION_LEVEL =
- CONFIG.getAuditableOperationLevel();
- private static final String AUDITABLE_OPERATION_RESULT =
CONFIG.getAuditableOperationResult();
public abstract void log(IAuditEntity auditLogFields, Supplier<String> log);
public boolean noNeedInsertAuditLog(IAuditEntity auditLogFields) {
- AuditLogOperation operation = auditLogFields.getAuditLogOperation();
- boolean result = auditLogFields.getResult();
-
- // to do: check whether this event should be logged.
- // if whitelist or blacklist is used, only ip on the whitelist or
blacklist can be logged
-
- if (AUDITABLE_OPERATION_TYPE == null ||
!AUDITABLE_OPERATION_TYPE.contains(operation)) {
- return true;
- }
- if (auditLogFields.getPrivilegeTypes() != null) {
- for (PrivilegeType privilegeType : auditLogFields.getPrivilegeTypes()) {
- PrivilegeLevel privilegeLevel = judgePrivilegeLevel(privilegeType);
- if (AUDITABLE_OPERATION_LEVEL == PrivilegeLevel.OBJECT
- && privilegeLevel == PrivilegeLevel.GLOBAL) {
- return true;
- }
- }
- }
- if (result && !AUDITABLE_OPERATION_RESULT.contains("SUCCESS")) {
- return true;
- }
- return !result && !AUDITABLE_OPERATION_RESULT.contains("FAIL");
- }
-
- public static PrivilegeLevel judgePrivilegeLevel(PrivilegeType type) {
- if (type == null) {
- return PrivilegeLevel.GLOBAL;
- }
- switch (type) {
- case READ_DATA:
- case DROP:
- case ALTER:
- case CREATE:
- case DELETE:
- case INSERT:
- case SELECT:
- case MANAGE_DATABASE:
- case WRITE_DATA:
- case READ_SCHEMA:
- case WRITE_SCHEMA:
- return PrivilegeLevel.OBJECT;
- case USE_CQ:
- case USE_UDF:
- case USE_PIPE:
- case USE_MODEL:
- case MAINTAIN:
- case MANAGE_ROLE:
- case MANAGE_USER:
- case USE_TRIGGER:
- case EXTEND_TEMPLATE:
- default:
- return PrivilegeLevel.GLOBAL;
- }
- }
-
- public static Boolean isLoginEvent(AuditEventType type) {
- switch (type) {
- case LOGIN:
- case LOGIN_FINAL:
- case MODIFY_PASSWD:
- case LOGIN_EXCEED_LIMIT:
- case LOGIN_FAILED_TRIES:
- case LOGIN_REJECT_IP:
- case LOGIN_FAIL_MAX_TIMES:
- case LOGIN_RESOURCE_RESTRICT:
- return true;
- default:
- return false;
- }
+ return true;
}
}
