This is an automated email from the ASF dual-hosted git repository.
rmani pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new bcdb1ed RANGER-2869: Ranger audit module to provide an option to
generate a GUID for each audit log
bcdb1ed is described below
commit bcdb1eda7f0d774952facd84da77b69fca149ff1
Author: Madhan Neethiraj <[email protected]>
AuthorDate: Fri Jun 19 18:31:19 2020 -0700
RANGER-2869: Ranger audit module to provide an option to generate a GUID
for each audit log
Signed-off-by: Ramesh Mani <[email protected]>
Change-Id: I4d5b27f08cd7ecf21c674d09f8007f4af9973cca
RANGER-2869: Ranger audit module to provide an option to generate a GUID
for each audit log-Addon
Change-Id: Ib7e2f8d3d467a2a9f9c1ebebd8c1197f25c900ba
Signed-off-by: Ramesh Mani <[email protected]>
RANGER-2869: Ranger audit module to provide an option to generate a GUID
for each audit -review Fixes
---
.../org/apache/ranger/audit/provider/MiscUtil.java | 26 ++++++++--
.../plugin/audit/RangerDefaultAuditHandler.java | 60 +++++++++++++---------
.../plugin/policyengine/RangerAccessResult.java | 11 ++++
3 files changed, 69 insertions(+), 28 deletions(-)
diff --git
a/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
b/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
index b7315a9..e2b7448 100644
--- a/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
+++ b/agents-audit/src/main/java/org/apache/ranger/audit/provider/MiscUtil.java
@@ -34,6 +34,7 @@ import java.util.Hashtable;
import java.util.List;
import java.util.Map;
import java.util.Properties;
+import java.util.Random;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.TimeZone;
@@ -73,7 +74,7 @@ public class MiscUtil {
public static final String TOKEN_ENV = "env:";
public static final String ESCAPE_STR = "\\";
- static VMID sJvmID = new VMID();
+ private static final VMID sJvmID = new VMID();
public static String LINE_SEPARATOR =
System.getProperty("line.separator");
@@ -294,6 +295,17 @@ public class MiscUtil {
return UUID.randomUUID().toString();
}
+ // UUID.randomUUID() uses SecureRandom, which is seen to be slow in
some environments; this method uses Random
+ public static String generateGuid() {
+ byte[] randomBytes = new byte[16];
+
+ RandomHolder.random.nextBytes(randomBytes);
+
+ UUID uuid = UUID.nameUUIDFromBytes(randomBytes);
+
+ return uuid.toString();
+ }
+
public static <T> String stringify(T log) {
String ret = null;
@@ -461,7 +473,8 @@ public class MiscUtil {
}
/**
- * @param ugiLoginUser
+ * @param newUGI
+ * @param newSubject
*/
public static void setUGILoginUser(UserGroupInformation newUGI,
Subject newSubject) {
@@ -593,7 +606,8 @@ public class MiscUtil {
}
/**
- * @param string
+ * @param useLogger
+ * @param message
* @param e
*/
static public boolean logErrorMessageByInterval(Log useLogger,
@@ -852,4 +866,10 @@ public class MiscUtil {
utc.add(Calendar.MILLISECOND, -offset);
return utc.getTime();
}
+
+ // use Holder class to defer initialization until needed
+ private static class RandomHolder {
+ static final Random random = new Random();
+ }
+
}
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java
b/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java
index 137fd1f..4273726 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java
@@ -43,32 +43,27 @@ import org.apache.ranger.plugin.util.RangerRESTUtils;
public class RangerDefaultAuditHandler implements RangerAccessResultProcessor {
private static final Log LOG =
LogFactory.getLog(RangerDefaultAuditHandler.class);
- static long sequenceNumber;
+ private static final String CONF_AUDIT_ID_STRICT_UUID =
"xasecure.audit.auditid.strict.uuid";
+ private static final boolean DEFAULT_AUDIT_ID_STRICT_UUID = false;
- private static String UUID = MiscUtil.generateUniqueId();
- private static AtomicInteger counter = new AtomicInteger(0);
- protected String moduleName =
RangerHadoopConstants.DEFAULT_RANGER_MODULE_ACL_NAME;
+ private final boolean auditIdStrictUUID;
+ protected final String moduleName;
+ private final RangerRESTUtils restUtils = new RangerRESTUtils();
+ private long sequenceNumber = 0;
+ private String UUID =
MiscUtil.generateUniqueId();
+ private AtomicInteger counter = new AtomicInteger(0);
+
- RangerRESTUtils restUtils = new RangerRESTUtils();
public RangerDefaultAuditHandler() {
+ auditIdStrictUUID = DEFAULT_AUDIT_ID_STRICT_UUID;
+ moduleName =
RangerHadoopConstants.DEFAULT_RANGER_MODULE_ACL_NAME;
}
public RangerDefaultAuditHandler(Configuration config) {
- init(config);
- }
-
- public void init(Configuration config) {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerDefaultAuditHandler.init()");
- }
-
- moduleName =
config.get(RangerHadoopConstants.AUDITLOG_RANGER_MODULE_ACL_NAME_PROP ,
RangerHadoopConstants.DEFAULT_RANGER_MODULE_ACL_NAME);
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerDefaultAuditHandler.init()");
- }
+ auditIdStrictUUID =
config.getBoolean(CONF_AUDIT_ID_STRICT_UUID, DEFAULT_AUDIT_ID_STRICT_UUID);
+ moduleName =
config.get(RangerHadoopConstants.AUDITLOG_RANGER_MODULE_ACL_NAME_PROP ,
RangerHadoopConstants.DEFAULT_RANGER_MODULE_ACL_NAME);
}
@Override
@@ -145,7 +140,10 @@ public class RangerDefaultAuditHandler implements
RangerAccessResultProcessor {
ret.setZoneName(result.getZoneName());
ret.setAgentHostname(restUtils.getAgentHostname());
ret.setPolicyVersion(result.getPolicyVersion());
+
populateDefaults(ret);
+
+ result.setAuditLogId(ret.getEventId());
}
if(LOG.isDebugEnabled()) {
@@ -276,15 +274,27 @@ public class RangerDefaultAuditHandler implements
RangerAccessResultProcessor {
}
private String generateNextAuditEventId() {
- int nextId = counter.getAndIncrement();
+ final String ret;
- if(nextId == Integer.MAX_VALUE) {
- // reset UUID and counter
- UUID = MiscUtil.generateUniqueId();
- counter = new AtomicInteger(0);
- }
+ if (auditIdStrictUUID) {
+ ret = MiscUtil.generateGuid();
+ } else {
+ int nextId = counter.getAndIncrement();
- return UUID + "-" + Integer.toString(nextId);
+ if (nextId == Integer.MAX_VALUE) {
+ // reset UUID and counter
+ UUID = MiscUtil.generateUniqueId();
+ counter = new AtomicInteger(0);
+ }
+
+ ret = UUID + "-" + Integer.toString(nextId);
+ }
+
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("generateNextAuditEventId(): " + ret);
+ }
+
+ return ret;
}
private String writeObjectAsString(Serializable obj) {
diff --git
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java
index b82ff29..c54ef17 100644
---
a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java
+++
b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResult.java
@@ -44,6 +44,7 @@ public class RangerAccessResult {
private boolean isAuditedDetermined;
private boolean isAudited;
private long auditPolicyId = -1;
+ private String auditLogId;
private long policyId = -1;
private int policyPriority;
private String zoneName;
@@ -202,6 +203,15 @@ public class RangerAccessResult {
this.policyId = policyId;
}
+ public String getAuditLogId() {
+ return auditLogId;
+ }
+
+ public void setAuditLogId(String auditLogId) {
+ this.auditLogId = auditLogId;
+ }
+
+
/**
* @param policyId the auditPolicyId to set
*/
@@ -332,6 +342,7 @@ public class RangerAccessResult {
sb.append("isAllowed={").append(isAllowed).append("} ");
sb.append("isAuditedDetermined={").append(isAuditedDetermined).append("} ");
sb.append("isAudited={").append(isAudited).append("} ");
+ sb.append("auditLogId={").append(auditLogId).append("} ");
sb.append("policyType={").append(policyType).append("} ");
sb.append("policyId={").append(policyId).append("} ");
sb.append("zoneName={").append(zoneName).append("} ");
