This is an automated email from the ASF dual-hosted git repository.
agupta pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ozone.git
The following commit(s) were added to refs/heads/master by this push:
new 807986e0f6 HDDS-8951. Audit log from SCMClientProtocolServer has no
information about request params (#5137)
807986e0f6 is described below
commit 807986e0f64410b6f9ea3a1f978296c842a42cad
Author: Tejaskriya <[email protected]>
AuthorDate: Thu Aug 10 13:45:13 2023 +0530
HDDS-8951. Audit log from SCMClientProtocolServer has no information about
request params (#5137)
---
.../hdds/scm/server/SCMClientProtocolServer.java | 51 +++++++++++++++++-----
1 file changed, 40 insertions(+), 11 deletions(-)
diff --git
a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMClientProtocolServer.java
b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMClientProtocolServer.java
index 1da84af6ef..b0dc392ad4 100644
---
a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMClientProtocolServer.java
+++
b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/server/SCMClientProtocolServer.java
@@ -684,15 +684,29 @@ public class SCMClientProtocolServer implements
public Pipeline createReplicationPipeline(HddsProtos.ReplicationType type,
HddsProtos.ReplicationFactor factor, HddsProtos.NodePool nodePool)
throws IOException {
+ Map<String, String> auditMap = Maps.newHashMap();
+ if (type != null) {
+ auditMap.put("replicationType", type.toString());
+ }
+ if (factor != null) {
+ auditMap.put("replicationFactor", factor.toString());
+ }
+ if (nodePool != null && !nodePool.getNodesList().isEmpty()) {
+ List<String> nodeIpAddresses = new ArrayList<>();
+ for (HddsProtos.Node node : nodePool.getNodesList()) {
+ nodeIpAddresses.add(node.getNodeID().getIpAddress());
+ }
+ auditMap.put("nodePool", String.join(", ", nodeIpAddresses));
+ }
try {
Pipeline result = scm.getPipelineManager().createPipeline(
ReplicationConfig.fromProtoTypeAndFactor(type, factor));
AUDIT.logWriteSuccess(buildAuditMessageForSuccess(
- SCMAction.CREATE_PIPELINE, null));
+ SCMAction.CREATE_PIPELINE, auditMap));
return result;
} catch (SCMException e) {
AUDIT.logWriteFailure(buildAuditMessageForFailure(
- SCMAction.CREATE_PIPELINE, null, e));
+ SCMAction.CREATE_PIPELINE, auditMap, e));
throw e;
}
}
@@ -714,14 +728,16 @@ public class SCMClientProtocolServer implements
@Override
public void activatePipeline(HddsProtos.PipelineID pipelineID)
throws IOException {
+ Map<String, String> auditMap = Maps.newHashMap();
+ auditMap.put("pipelineID", pipelineID.getId());
try {
scm.getPipelineManager().activatePipeline(
PipelineID.getFromProtobuf(pipelineID));
AUDIT.logWriteSuccess(buildAuditMessageForSuccess(
- SCMAction.ACTIVATE_PIPELINE, null));
+ SCMAction.ACTIVATE_PIPELINE, auditMap));
} catch (Exception ex) {
AUDIT.logWriteFailure(buildAuditMessageForFailure(
- SCMAction.ACTIVATE_PIPELINE, null, ex));
+ SCMAction.ACTIVATE_PIPELINE, auditMap, ex));
throw ex;
}
}
@@ -729,15 +745,17 @@ public class SCMClientProtocolServer implements
@Override
public void deactivatePipeline(HddsProtos.PipelineID pipelineID)
throws IOException {
+ Map<String, String> auditMap = Maps.newHashMap();
+ auditMap.put("pipelineID", pipelineID.getId());
try {
getScm().checkAdminAccess(getRemoteUser(), false);
scm.getPipelineManager().deactivatePipeline(
PipelineID.getFromProtobuf(pipelineID));
AUDIT.logWriteSuccess(buildAuditMessageForSuccess(
- SCMAction.DEACTIVATE_PIPELINE, null));
+ SCMAction.DEACTIVATE_PIPELINE, auditMap));
} catch (Exception ex) {
AUDIT.logWriteFailure(buildAuditMessageForFailure(
- SCMAction.DEACTIVATE_PIPELINE, null, ex));
+ SCMAction.DEACTIVATE_PIPELINE, auditMap, ex));
throw ex;
}
}
@@ -808,7 +826,7 @@ public class SCMClientProtocolServer implements
false, config, "transferLeadership");
boolean auditSuccess = true;
- final Map<String, String> auditMap = Maps.newHashMap();
+ Map<String, String> auditMap = Maps.newHashMap();
auditMap.put("newLeaderId", newLeaderId);
try {
SCMRatisServer scmRatisServer = scm.getScmHAManager().getRatisServer();
@@ -848,18 +866,21 @@ public class SCMClientProtocolServer implements
public List<DeletedBlocksTransactionInfo> getFailedDeletedBlockTxn(int count,
long startTxId) throws IOException {
List<DeletedBlocksTransactionInfo> result;
+ Map<String, String> auditMap = Maps.newHashMap();
+ auditMap.put("count", String.valueOf(count));
+ auditMap.put("startTxId", String.valueOf(startTxId));
try {
result = scm.getScmBlockManager().getDeletedBlockLog()
.getFailedTransactions(count, startTxId).stream()
.map(DeletedBlocksTransactionInfoWrapper::fromTxn)
.collect(Collectors.toList());
AUDIT.logWriteSuccess(buildAuditMessageForSuccess(
- SCMAction.GET_FAILED_DELETED_BLOCKS_TRANSACTION, null));
+ SCMAction.GET_FAILED_DELETED_BLOCKS_TRANSACTION, auditMap));
return result;
} catch (IOException ex) {
AUDIT.logReadFailure(
buildAuditMessageForFailure(
- SCMAction.GET_FAILED_DELETED_BLOCKS_TRANSACTION, null, ex)
+ SCMAction.GET_FAILED_DELETED_BLOCKS_TRANSACTION, auditMap, ex)
);
throw ex;
}
@@ -994,20 +1015,25 @@ public class SCMClientProtocolServer implements
getScm().checkAdminAccess(getRemoteUser(), false);
ContainerBalancerConfiguration cbc =
scm.getConfiguration().getObject(ContainerBalancerConfiguration.class);
+ Map<String, String> auditMap = Maps.newHashMap();
if (threshold.isPresent()) {
double tsd = threshold.get();
+ auditMap.put("threshold", String.valueOf(tsd));
Preconditions.checkState(tsd >= 0.0D && tsd < 100.0D,
"threshold should be specified in range [0.0, 100.0).");
cbc.setThreshold(tsd);
}
if (maxSizeToMovePerIterationInGB.isPresent()) {
long mstm = maxSizeToMovePerIterationInGB.get();
+ auditMap.put("maxSizeToMovePerIterationInGB", String.valueOf(mstm));
Preconditions.checkState(mstm > 0,
"maxSizeToMovePerIterationInGB must be positive.");
cbc.setMaxSizeToMovePerIteration(mstm * OzoneConsts.GB);
}
if (maxDatanodesPercentageToInvolvePerIteration.isPresent()) {
int mdti = maxDatanodesPercentageToInvolvePerIteration.get();
+ auditMap.put("maxDatanodesPercentageToInvolvePerIteration",
+ String.valueOf(mdti));
Preconditions.checkState(mdti >= 0,
"maxDatanodesPercentageToInvolvePerIteration must be " +
"greater than equal to zero.");
@@ -1018,6 +1044,7 @@ public class SCMClientProtocolServer implements
}
if (iterations.isPresent()) {
int i = iterations.get();
+ auditMap.put("iterations", String.valueOf(i));
Preconditions.checkState(i > 0 || i == -1,
"number of iterations must be positive or" +
" -1 (for running container balancer infinitely).");
@@ -1026,6 +1053,7 @@ public class SCMClientProtocolServer implements
if (maxSizeEnteringTarget.isPresent()) {
long mset = maxSizeEnteringTarget.get();
+ auditMap.put("maxSizeEnteringTarget", String.valueOf(mset));
Preconditions.checkState(mset > 0,
"maxSizeEnteringTarget must be " +
"greater than zero.");
@@ -1034,6 +1062,7 @@ public class SCMClientProtocolServer implements
if (maxSizeLeavingSource.isPresent()) {
long msls = maxSizeLeavingSource.get();
+ auditMap.put("maxSizeLeavingSource", String.valueOf(msls));
Preconditions.checkState(msls > 0,
"maxSizeLeavingSource must be " +
"greater than zero.");
@@ -1046,14 +1075,14 @@ public class SCMClientProtocolServer implements
} catch (IllegalContainerBalancerStateException | IOException |
InvalidContainerBalancerConfigurationException e) {
AUDIT.logWriteFailure(buildAuditMessageForFailure(
- SCMAction.START_CONTAINER_BALANCER, null, e));
+ SCMAction.START_CONTAINER_BALANCER, auditMap, e));
return StartContainerBalancerResponseProto.newBuilder()
.setStart(false)
.setMessage(e.getMessage())
.build();
}
AUDIT.logWriteSuccess(buildAuditMessageForSuccess(
- SCMAction.START_CONTAINER_BALANCER, null));
+ SCMAction.START_CONTAINER_BALANCER, auditMap));
return StartContainerBalancerResponseProto.newBuilder()
.setStart(true)
.build();
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
