http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/agents-audit/src/main/java/org/apache/ranger/audit/entity/XXBaseAuditEvent.java ---------------------------------------------------------------------- diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/entity/XXBaseAuditEvent.java b/agents-audit/src/main/java/org/apache/ranger/audit/entity/XXBaseAuditEvent.java new file mode 100644 index 0000000..9293c72 --- /dev/null +++ b/agents-audit/src/main/java/org/apache/ranger/audit/entity/XXBaseAuditEvent.java @@ -0,0 +1,228 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + package org.apache.ranger.audit.entity; + +import java.io.Serializable; +import java.util.Date; + +import javax.persistence.Column; +import javax.persistence.DiscriminatorColumn; +import javax.persistence.DiscriminatorValue; +import javax.persistence.Entity; +import javax.persistence.GeneratedValue; +import javax.persistence.GenerationType; +import javax.persistence.Id; +import javax.persistence.Inheritance; +import javax.persistence.SequenceGenerator; +import javax.persistence.Table; +import javax.persistence.Temporal; +import javax.persistence.TemporalType; + +import org.apache.ranger.audit.model.AuditEventBase; + +/** + * Entity implementation class for Entity: XABaseAuditEvent + * + */ +@Entity +@Inheritance +@DiscriminatorColumn(name="audit_type", discriminatorType=javax.persistence.DiscriminatorType.INTEGER, length=2) +@DiscriminatorValue("0") +@Table(name="xa_access_audit") +public class XXBaseAuditEvent implements Serializable { + private static final long serialVersionUID = 1L; + + private long auditId; + private String agentId; + private String user; + private Date timeStamp; + private long policyId; + private String accessType; + private int accessResult; + private String resultReason; + private String aclEnforcer; + private int repositoryType; + private String repositoryName; + private String sessionId; + private String clientType; + private String clientIP; + private String action; + + public XXBaseAuditEvent() { + super(); + } + + public XXBaseAuditEvent(AuditEventBase event) { + this.agentId = event.getAgentId(); + this.user = event.getUser(); + this.timeStamp = event.getEventTime(); + this.policyId = event.getPolicyId(); + this.accessType = event.getAccessType(); + this.accessResult = event.getAccessResult(); + this.resultReason = event.getResultReason(); + this.aclEnforcer = event.getAclEnforcer(); + this.repositoryType = event.getRepositoryType(); + this.repositoryName = event.getRepositoryName(); + this.sessionId = event.getSessionId(); + this.clientType = event.getClientType(); + this.clientIP = event.getClientIP(); + this.action = event.getAction(); + } + + @Id + @SequenceGenerator(name="XA_ACCESS_AUDIT_SEQ",sequenceName="XA_ACCESS_AUDIT_SEQ",allocationSize=1) + @GeneratedValue(strategy=GenerationType.AUTO,generator="XA_ACCESS_AUDIT_SEQ") + @Column(name = "id", unique = true, nullable = false) + public long getAuditId() { + return this.auditId; + } + + public void setAuditId(long auditId) { + this.auditId = auditId; + } + + @Column(name = "agent_id") + public String getAgentId() { + return agentId; + } + + public void setAgentId(String agentId) { + this.agentId = agentId; + } + + @Column(name = "request_user") + public String getUser() { + return this.user; + } + + public void setUser(String user) { + this.user = user; + } + + @Temporal(TemporalType.TIMESTAMP) + @Column(name = "event_time") + public Date getTimeStamp() { + return this.timeStamp; + } + + public void setTimeStamp(Date timeStamp) { + this.timeStamp = timeStamp; + } + + @Column(name = "policy_id") + public long getPolicyId() { + return this.policyId; + } + + public void setPolicyId(long policyId) { + this.policyId = policyId; + } + + @Column(name = "access_type") + public String getAccessType() { + return this.accessType; + } + + public void setAccessType(String accessType) { + this.accessType = accessType; + } + + @Column(name = "access_result") + public int getAccessResult() { + return this.accessResult; + } + + public void setAccessResult(int accessResult) { + this.accessResult = accessResult; + } + + @Column(name = "result_reason") + public String getResultReason() { + return this.resultReason; + } + + public void setResultReason(String resultReason) { + this.resultReason = resultReason; + } + + @Column(name = "acl_enforcer") + public String getAclEnforcer() { + return this.aclEnforcer; + } + + public void setAclEnforcer(String aclEnforcer) { + this.aclEnforcer = aclEnforcer; + } + + @Column(name = "repo_type") + public int getRepositoryType() { + return this.repositoryType ; + } + + public void setRepositoryType(int repositoryType) { + this.repositoryType = repositoryType; + } + + @Column(name = "repo_name") + public String getRepositoryName() { + return this.repositoryName; + } + + public void setRepositoryName(String repositoryName) { + this.repositoryName = repositoryName; + } + + @Column(name = "session_id") + public String getSessionId() { + return this.sessionId; + } + + public void setSessionId(String sessionId) { + this.sessionId = sessionId; + } + + @Column(name = "client_type") + public String getClientType() { + return this.clientType; + } + + public void setClientType(String clientType) { + this.clientType = clientType; + } + + @Column(name = "client_ip") + public String getClientIP() { + return this.clientIP; + } + + public void setClientIP(String clientIP) { + this.clientIP = clientIP; + } + + @Column(name = "action") + public String getAction() { + return this.action; + } + + public void setAction(String action) { + this.action = action; + } + +}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/agents-audit/src/main/java/org/apache/ranger/audit/entity/XXBaseAuditEvent_.java ---------------------------------------------------------------------- diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/entity/XXBaseAuditEvent_.java b/agents-audit/src/main/java/org/apache/ranger/audit/entity/XXBaseAuditEvent_.java new file mode 100644 index 0000000..1e33181 --- /dev/null +++ b/agents-audit/src/main/java/org/apache/ranger/audit/entity/XXBaseAuditEvent_.java @@ -0,0 +1,48 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + package org.apache.ranger.audit.entity; + +import java.util.Date; + +import javax.annotation.Generated; +import javax.persistence.metamodel.SingularAttribute; +import javax.persistence.metamodel.StaticMetamodel; + +import org.apache.ranger.audit.model.EnumRepositoryType; + +@Generated(value="Dali", date="2014-02-04T07:25:42.940-0800") +@StaticMetamodel(XXBaseAuditEvent.class) +public class XXBaseAuditEvent_ { + public static volatile SingularAttribute<XXBaseAuditEvent, Long> auditId; + public static volatile SingularAttribute<XXBaseAuditEvent, String> agentId; + public static volatile SingularAttribute<XXBaseAuditEvent, String> user; + public static volatile SingularAttribute<XXBaseAuditEvent, Date> timeStamp; + public static volatile SingularAttribute<XXBaseAuditEvent, Long> policyId; + public static volatile SingularAttribute<XXBaseAuditEvent, String> accessType; + public static volatile SingularAttribute<XXBaseAuditEvent, Short> accessResult; + public static volatile SingularAttribute<XXBaseAuditEvent, String> resultReason; + public static volatile SingularAttribute<XXBaseAuditEvent, String> aclEnforcer; + public static volatile SingularAttribute<XXBaseAuditEvent, EnumRepositoryType> repositoryType; + public static volatile SingularAttribute<XXBaseAuditEvent, String> repositoryName; + public static volatile SingularAttribute<XXBaseAuditEvent, String> sessionId; + public static volatile SingularAttribute<XXBaseAuditEvent, String> clientType; + public static volatile SingularAttribute<XXBaseAuditEvent, String> clientIP; + public static volatile SingularAttribute<XXBaseAuditEvent, String> action; +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/agents-audit/src/main/java/org/apache/ranger/audit/entity/XXHBaseAuditEvent.java ---------------------------------------------------------------------- diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/entity/XXHBaseAuditEvent.java b/agents-audit/src/main/java/org/apache/ranger/audit/entity/XXHBaseAuditEvent.java new file mode 100644 index 0000000..efcb37b --- /dev/null +++ b/agents-audit/src/main/java/org/apache/ranger/audit/entity/XXHBaseAuditEvent.java @@ -0,0 +1,84 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + package org.apache.ranger.audit.entity; + +import java.io.Serializable; + +import javax.persistence.Column; +import javax.persistence.DiscriminatorValue; +import javax.persistence.Entity; + +import org.apache.ranger.audit.model.EnumRepositoryType; +import org.apache.ranger.audit.model.HBaseAuditEvent; + +/** + * Entity implementation class for Entity: XAHBaseAuditEvent + * + */ +@Entity +@DiscriminatorValue("1") +public class XXHBaseAuditEvent extends XXBaseAuditEvent implements Serializable { + private static final long serialVersionUID = 1L; + + private String resourcePath; + private String resourceType; + private String requestData; + + + public XXHBaseAuditEvent() { + super(); + } + + public XXHBaseAuditEvent(HBaseAuditEvent event) { + super(event); + + this.resourcePath = event.getResourcePath(); + this.resourceType = event.getResourceType(); + this.requestData = event.getRequestData(); + } + + @Column(name = "resource_path") + public String getResourcePath() { + return this.resourcePath; + } + + public void setResourcePath(String resourcePath) { + this.resourcePath = resourcePath; + } + + @Column(name = "resource_type") + public String getResourceType() { + return this.resourceType; + } + + public void setResourceType(String resourceType) { + this.resourceType = resourceType; + } + + @Column(name = "request_data") + public String getRequestData() { + return this.requestData; + } + + public void setRequestData(String requestData) { + this.requestData = requestData; + } + +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/agents-audit/src/main/java/org/apache/ranger/audit/entity/XXHBaseAuditEvent_.java ---------------------------------------------------------------------- diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/entity/XXHBaseAuditEvent_.java b/agents-audit/src/main/java/org/apache/ranger/audit/entity/XXHBaseAuditEvent_.java new file mode 100644 index 0000000..bbab25b --- /dev/null +++ b/agents-audit/src/main/java/org/apache/ranger/audit/entity/XXHBaseAuditEvent_.java @@ -0,0 +1,32 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + package org.apache.ranger.audit.entity; + +import javax.annotation.Generated; +import javax.persistence.metamodel.SingularAttribute; +import javax.persistence.metamodel.StaticMetamodel; + +@Generated(value="Dali", date="2014-02-02T14:05:13.483-0800") +@StaticMetamodel(XXHBaseAuditEvent.class) +public class XXHBaseAuditEvent_ extends XXBaseAuditEvent_ { + public static volatile SingularAttribute<XXHBaseAuditEvent, String> resourcePath; + public static volatile SingularAttribute<XXHBaseAuditEvent, String> resourceType; + public static volatile SingularAttribute<XXHBaseAuditEvent, String> requestData; +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/agents-audit/src/main/java/org/apache/ranger/audit/entity/XXHdfsAuditEvent.java ---------------------------------------------------------------------- diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/entity/XXHdfsAuditEvent.java b/agents-audit/src/main/java/org/apache/ranger/audit/entity/XXHdfsAuditEvent.java new file mode 100644 index 0000000..1bcebbe --- /dev/null +++ b/agents-audit/src/main/java/org/apache/ranger/audit/entity/XXHdfsAuditEvent.java @@ -0,0 +1,75 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + package org.apache.ranger.audit.entity; + +import java.io.Serializable; + +import javax.persistence.Column; +import javax.persistence.DiscriminatorValue; +import javax.persistence.Entity; +import javax.persistence.Inheritance; +import javax.persistence.InheritanceType; +import javax.persistence.Table; + +import org.apache.ranger.audit.model.HdfsAuditEvent; + +/** + * Entity implementation class for Entity: XXHdfsAuditEvent + * + */ +@Entity +@DiscriminatorValue("2") +public class XXHdfsAuditEvent extends XXBaseAuditEvent implements Serializable { + private static final long serialVersionUID = 1L; + + private String resourcePath; + private String resourceType; + + + public XXHdfsAuditEvent() { + super(); + } + + public XXHdfsAuditEvent(HdfsAuditEvent event) { + super(event); + + this.resourcePath = event.getResourcePath(); + this.resourceType = event.getResourceType(); + } + + @Column(name = "resource_path") + public String getResourcePath() { + return this.resourcePath; + } + + public void setResourcePath(String resourcePath) { + this.resourcePath = resourcePath; + } + + @Column(name = "resource_type") + public String getResourceType() { + return this.resourceType; + } + + public void setResourceType(String resourceType) { + this.resourceType = resourceType; + } + +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/agents-audit/src/main/java/org/apache/ranger/audit/entity/XXHdfsAuditEvent_.java ---------------------------------------------------------------------- diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/entity/XXHdfsAuditEvent_.java b/agents-audit/src/main/java/org/apache/ranger/audit/entity/XXHdfsAuditEvent_.java new file mode 100644 index 0000000..4f7c85e --- /dev/null +++ b/agents-audit/src/main/java/org/apache/ranger/audit/entity/XXHdfsAuditEvent_.java @@ -0,0 +1,31 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + package org.apache.ranger.audit.entity; + +import javax.annotation.Generated; +import javax.persistence.metamodel.SingularAttribute; +import javax.persistence.metamodel.StaticMetamodel; + +@Generated(value="Dali", date="2014-02-02T14:05:13.489-0800") +@StaticMetamodel(XXHdfsAuditEvent.class) +public class XXHdfsAuditEvent_ extends XXBaseAuditEvent_ { + public static volatile SingularAttribute<XXHdfsAuditEvent, String> resourcePath; + public static volatile SingularAttribute<XXHdfsAuditEvent, String> resourceType; +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/agents-audit/src/main/java/org/apache/ranger/audit/entity/XXHiveAuditEvent.java ---------------------------------------------------------------------- diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/entity/XXHiveAuditEvent.java b/agents-audit/src/main/java/org/apache/ranger/audit/entity/XXHiveAuditEvent.java new file mode 100644 index 0000000..b539be8 --- /dev/null +++ b/agents-audit/src/main/java/org/apache/ranger/audit/entity/XXHiveAuditEvent.java @@ -0,0 +1,86 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + package org.apache.ranger.audit.entity; + +import java.io.Serializable; + +import javax.persistence.Column; +import javax.persistence.DiscriminatorValue; +import javax.persistence.Entity; +import javax.persistence.Inheritance; +import javax.persistence.InheritanceType; +import javax.persistence.Table; + +import org.apache.ranger.audit.model.HiveAuditEvent; + +/** + * Entity implementation class for Entity: XXHiveAuditEvent + * + */ +@Entity +@DiscriminatorValue("3") +public class XXHiveAuditEvent extends XXBaseAuditEvent implements Serializable { + private static final long serialVersionUID = 1L; + + private String resourcePath; + private String resourceType; + private String requestData; + + + public XXHiveAuditEvent() { + super(); + } + + public XXHiveAuditEvent(HiveAuditEvent event) { + super(event); + + this.resourcePath = event.getResourcePath(); + this.resourceType = event.getResourceType(); + this.requestData = event.getRequestData(); + } + + @Column(name = "resource_path") + public String getResourcePath() { + return this.resourcePath; + } + + public void setResourcePath(String resourcePath) { + this.resourcePath = resourcePath; + } + + @Column(name = "resource_type") + public String getResourceType() { + return this.resourceType; + } + + public void setResourceType(String resourceType) { + this.resourceType = resourceType; + } + + @Column(name = "request_data") + public String getRequestData() { + return this.requestData; + } + + public void setRequestData(String requestData) { + this.requestData = requestData; + } + +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/agents-audit/src/main/java/org/apache/ranger/audit/entity/XXHiveAuditEvent_.java ---------------------------------------------------------------------- diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/entity/XXHiveAuditEvent_.java b/agents-audit/src/main/java/org/apache/ranger/audit/entity/XXHiveAuditEvent_.java new file mode 100644 index 0000000..2c4eea5 --- /dev/null +++ b/agents-audit/src/main/java/org/apache/ranger/audit/entity/XXHiveAuditEvent_.java @@ -0,0 +1,32 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + package org.apache.ranger.audit.entity; + +import javax.annotation.Generated; +import javax.persistence.metamodel.SingularAttribute; +import javax.persistence.metamodel.StaticMetamodel; + +@Generated(value="Dali", date="2014-02-02T14:05:13.494-0800") +@StaticMetamodel(XXHiveAuditEvent.class) +public class XXHiveAuditEvent_ extends XXBaseAuditEvent_ { + public static volatile SingularAttribute<XXHiveAuditEvent, String> resourcePath; + public static volatile SingularAttribute<XXHiveAuditEvent, String> resourceType; + public static volatile SingularAttribute<XXHiveAuditEvent, String> requestData; +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/agents-audit/src/main/java/org/apache/ranger/audit/entity/XXKnoxAuditEvent.java ---------------------------------------------------------------------- diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/entity/XXKnoxAuditEvent.java b/agents-audit/src/main/java/org/apache/ranger/audit/entity/XXKnoxAuditEvent.java new file mode 100644 index 0000000..57fa105 --- /dev/null +++ b/agents-audit/src/main/java/org/apache/ranger/audit/entity/XXKnoxAuditEvent.java @@ -0,0 +1,82 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ranger.audit.entity; + +import java.io.Serializable; + +import javax.persistence.Column; +import javax.persistence.DiscriminatorValue; +import javax.persistence.Entity; + +import org.apache.ranger.audit.model.KnoxAuditEvent; + +/** + * Entity implementation class for Entity: XXHiveAuditEvent + * + */ +@Entity +@DiscriminatorValue("4") +public class XXKnoxAuditEvent extends XXBaseAuditEvent implements Serializable { + private static final long serialVersionUID = 1L; + + private String resourcePath; + private String resourceType; + private String requestData; + + + public XXKnoxAuditEvent() { + super(); + } + + public XXKnoxAuditEvent(KnoxAuditEvent event) { + super(event); + + this.resourcePath = event.getResourcePath(); + this.resourceType = event.getResourceType(); + this.requestData = event.getRequestData(); + } + + @Column(name = "resource_path") + public String getResourcePath() { + return this.resourcePath; + } + + public void setResourcePath(String resourcePath) { + this.resourcePath = resourcePath; + } + + @Column(name = "resource_type") + public String getResourceType() { + return this.resourceType; + } + + public void setResourceType(String resourceType) { + this.resourceType = resourceType; + } + + @Column(name = "request_data") + public String getRequestData() { + return this.requestData; + } + + public void setRequestData(String requestData) { + this.requestData = requestData; + } + +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/agents-audit/src/main/java/org/apache/ranger/audit/entity/XXStormAuditEvent.java ---------------------------------------------------------------------- diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/entity/XXStormAuditEvent.java b/agents-audit/src/main/java/org/apache/ranger/audit/entity/XXStormAuditEvent.java new file mode 100644 index 0000000..9ffc6fb --- /dev/null +++ b/agents-audit/src/main/java/org/apache/ranger/audit/entity/XXStormAuditEvent.java @@ -0,0 +1,82 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ranger.audit.entity; + +import java.io.Serializable; + +import javax.persistence.Column; +import javax.persistence.DiscriminatorValue; +import javax.persistence.Entity; + +import org.apache.ranger.audit.model.StormAuditEvent; + +/** + * Entity implementation class for Entity: XXHiveAuditEvent + * + */ +@Entity +@DiscriminatorValue("5") +public class XXStormAuditEvent extends XXBaseAuditEvent implements Serializable { + private static final long serialVersionUID = 1L; + + private String resourcePath; + private String resourceType; + private String requestData; + + + public XXStormAuditEvent() { + super(); + } + + public XXStormAuditEvent(StormAuditEvent event) { + super(event); + + this.resourcePath = event.getResourcePath(); + this.resourceType = event.getResourceType(); + this.requestData = event.getRequestData(); + } + + @Column(name = "resource_path") + public String getResourcePath() { + return this.resourcePath; + } + + public void setResourcePath(String resourcePath) { + this.resourcePath = resourcePath; + } + + @Column(name = "resource_type") + public String getResourceType() { + return this.resourceType; + } + + public void setResourceType(String resourceType) { + this.resourceType = resourceType; + } + + @Column(name = "request_data") + public String getRequestData() { + return this.requestData; + } + + public void setRequestData(String requestData) { + this.requestData = requestData; + } + +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/agents-audit/src/main/java/org/apache/ranger/audit/model/AuditEventBase.java ---------------------------------------------------------------------- diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/model/AuditEventBase.java b/agents-audit/src/main/java/org/apache/ranger/audit/model/AuditEventBase.java new file mode 100644 index 0000000..0a5663e --- /dev/null +++ b/agents-audit/src/main/java/org/apache/ranger/audit/model/AuditEventBase.java @@ -0,0 +1,378 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + package org.apache.ranger.audit.model; + +import java.util.Date; + +import org.apache.ranger.audit.dao.DaoManager; + +import com.google.gson.annotations.SerializedName; + + +public abstract class AuditEventBase { + protected static String FIELD_SEPARATOR = ";"; + + protected static final int MAX_ACTION_FIELD_SIZE = 1800 ; + protected static final int MAX_REQUEST_DATA_FIELD_SIZE = 1800 ; + + + @SerializedName("agent") + protected String agentId = null; + + @SerializedName("reqUser") + protected String user = null; + + @SerializedName("evtTime") + protected Date eventTime = new Date(); + + @SerializedName("policy") + protected long policyId = 0; + + @SerializedName("access") + protected String accessType = null; + + @SerializedName("result") + protected short accessResult = 0; // 0 - DENIED; 1 - ALLOWED; HTTP return code + + @SerializedName("reason") + protected String resultReason = null; + + @SerializedName("enforcer") + protected String aclEnforcer = null; + + @SerializedName("repoType") + protected int repositoryType = 0; + + @SerializedName("repo") + protected String repositoryName = null; + + @SerializedName("sess") + protected String sessionId = null; + + @SerializedName("cliType") + protected String clientType = null; + + @SerializedName("cliIP") + protected String clientIP = null; + + @SerializedName("action") + protected String action = null; + + @SerializedName("agentHost") + protected String agentHostname = null; + + @SerializedName("logType") + protected String logType = null; + + @SerializedName("id") + protected String eventId = null; + + protected AuditEventBase() { + } + + protected AuditEventBase(String agentId, + String user, + Date eventTime, + long policyId, + String accessType, + short accessResult, + String resultReason, + String aclEnforcer, + int repositoryType, + String repositoryName, + String sessionId, + String clientType, + String clientIP, + String action) { + this.agentId = agentId; + this.user = user; + this.eventTime = eventTime; + this.policyId = policyId; + this.accessType = accessType; + this.accessResult = accessResult; + this.resultReason = resultReason; + this.aclEnforcer = aclEnforcer; + this.repositoryType = repositoryType; + this.repositoryName = repositoryName; + this.sessionId = sessionId; + this.clientType = clientType; + this.clientIP = clientIP; + this.action = action; + } + + /** + * @return the agentId + */ + public String getAgentId() { + return agentId; + } + + /** + * @param agentId the agentId to set + */ + public void setAgentId(String agentId) { + this.agentId = agentId; + } + + /** + * @return the user + */ + public String getUser() { + return user; + } + + /** + * @param user the user to set + */ + public void setUser(String user) { + this.user = user; + } + + /** + * @return the timeStamp + */ + public Date getEventTime() { + return eventTime; + } + + /** + * @param timeStamp the timeStamp to set + */ + public void setEventTime(Date eventTime) { + this.eventTime = eventTime; + } + + /** + * @return the policyId + */ + public long getPolicyId() { + return policyId; + } + + /** + * @param policyId the policyId to set + */ + public void setPolicyId(long policyId) { + this.policyId = policyId; + } + + /** + * @return the accessType + */ + public String getAccessType() { + return accessType; + } + + /** + * @param accessType the accessType to set + */ + public void setAccessType(String accessType) { + this.accessType = accessType; + } + + /** + * @return the accessResult + */ + public short getAccessResult() { + return accessResult; + } + + /** + * @param accessResult the accessResult to set + */ + public void setAccessResult(short accessResult) { + this.accessResult = accessResult; + } + + /** + * @return the resultReason + */ + public String getResultReason() { + return resultReason; + } + + /** + * @param resultReason the resultReason to set + */ + public void setResultReason(String resultReason) { + this.resultReason = resultReason; + } + + /** + * @return the aclEnforcer + */ + public String getAclEnforcer() { + return aclEnforcer; + } + + /** + * @param aclEnforcer the aclEnforcer to set + */ + public void setAclEnforcer(String aclEnforcer) { + this.aclEnforcer = aclEnforcer; + } + + /** + * @return the repositoryType + */ + public int getRepositoryType() { + return repositoryType; + } + + /** + * @param repositoryType the repositoryType to set + */ + public void setRepositoryType(int repositoryType) { + this.repositoryType = repositoryType; + } + + /** + * @return the repositoryName + */ + public String getRepositoryName() { + return repositoryName; + } + + /** + * @param repositoryName the repositoryName to set + */ + public void setRepositoryName(String repositoryName) { + this.repositoryName = repositoryName; + } + + /** + * @return the sessionId + */ + public String getSessionId() { + return sessionId; + } + + /** + * @param sessionId the sessionId to set + */ + public void setSessionId(String sessionId) { + this.sessionId = sessionId; + } + + /** + * @return the clientType + */ + public String getClientType() { + return clientType; + } + + /** + * @param clientType the clientType to set + */ + public void setClientType(String clientType) { + this.clientType = clientType; + } + + /** + * @return the clientIP + */ + public String getClientIP() { + return clientIP; + } + + /** + * @param clientIP the clientIP to set + */ + public void setClientIP(String clientIP) { + this.clientIP = clientIP; + } + + /** + * @return the action + */ + public String getAction() { + return trim(action,MAX_ACTION_FIELD_SIZE) ; + } + + /** + * @param action the action to set + */ + public void setAction(String action) { + this.action = action; + } + + public String getAgentHostname() { + return agentHostname; + } + + public void setAgentHostname(String agentHostname) { + this.agentHostname = agentHostname; + } + + public String getLogType() { + return logType; + } + + public void setLogType(String logType) { + this.logType = logType; + } + + public String getEventId() { + return eventId; + } + + public void setEventId(String eventId) { + this.eventId = eventId; + } + + public abstract void persist(DaoManager daoManager); + + @Override + public String toString() { + return toString(new StringBuilder()).toString(); + } + + protected StringBuilder toString(StringBuilder sb) { + sb.append("agentId=").append(agentId).append(FIELD_SEPARATOR) + .append("user=").append(user).append(FIELD_SEPARATOR) + .append("eventTime=").append(eventTime).append(FIELD_SEPARATOR) + .append("policyId=").append(policyId).append(FIELD_SEPARATOR) + .append("accessType=").append(accessType).append(FIELD_SEPARATOR) + .append("accessResult=").append(accessResult).append(FIELD_SEPARATOR) + .append("resultReason=").append(resultReason).append(FIELD_SEPARATOR) + .append("aclEnforcer=").append(aclEnforcer).append(FIELD_SEPARATOR) + .append("repositoryType=").append(repositoryType).append(FIELD_SEPARATOR) + .append("repositoryName=").append(repositoryName).append(FIELD_SEPARATOR) + .append("sessionId=").append(sessionId).append(FIELD_SEPARATOR) + .append("clientType=").append(clientType).append(FIELD_SEPARATOR) + .append("clientIP=").append(clientIP).append(FIELD_SEPARATOR) + .append("action=").append(action).append(FIELD_SEPARATOR) + .append("agentHostname=").append(agentHostname).append(FIELD_SEPARATOR) + .append("logType=").append(logType).append(FIELD_SEPARATOR) + .append("eventId=").append(eventId).append(FIELD_SEPARATOR) + ; + return sb; + } + + protected String trim(String str, int len) { + String ret = str ; + if (str != null) { + if (str.length() > len) { + ret = str.substring(0,len) ; + } + } + return ret ; + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/agents-audit/src/main/java/org/apache/ranger/audit/model/EnumRepositoryType.java ---------------------------------------------------------------------- diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/model/EnumRepositoryType.java b/agents-audit/src/main/java/org/apache/ranger/audit/model/EnumRepositoryType.java new file mode 100644 index 0000000..92456a2 --- /dev/null +++ b/agents-audit/src/main/java/org/apache/ranger/audit/model/EnumRepositoryType.java @@ -0,0 +1,37 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + package org.apache.ranger.audit.model; + +public final class EnumRepositoryType { + + public static final int HDFS = 1 ; + + public static final int HBASE = 2 ; + + public static final int HIVE = 3 ; + + public static final int XAAGENT = 4 ; + + public static final int KNOX = 5; + + public static final int STORM = 6 ; + + +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/agents-audit/src/main/java/org/apache/ranger/audit/model/HBaseAuditEvent.java ---------------------------------------------------------------------- diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/model/HBaseAuditEvent.java b/agents-audit/src/main/java/org/apache/ranger/audit/model/HBaseAuditEvent.java new file mode 100644 index 0000000..2a07fc0 --- /dev/null +++ b/agents-audit/src/main/java/org/apache/ranger/audit/model/HBaseAuditEvent.java @@ -0,0 +1,128 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.audit.model; + +import java.util.Date; + +import org.apache.ranger.audit.dao.DaoManager; +import org.apache.ranger.audit.entity.XXHBaseAuditEvent; + +import com.google.gson.annotations.SerializedName; + + +public class HBaseAuditEvent extends AuditEventBase { + @SerializedName("resource") + protected String resourcePath; + + @SerializedName("resType") + protected String resourceType; + + @SerializedName("reqData") + protected String requestData; + + public HBaseAuditEvent() { + this.repositoryType = EnumRepositoryType.HBASE; + } + + public HBaseAuditEvent(String agentId, + String user, + Date eventTime, + long policyId, + String accessType, + short accessResult, + String resultReason, + String aclEnforcer, + int repositoryType, + String repositoryName, + String sessionId, + String clientType, + String clientIP, + String resourcePath, + String resourceType, + String requestData, + String action) { + super(agentId, user, eventTime, policyId, accessType, accessResult, resultReason, aclEnforcer, repositoryType, repositoryName, sessionId, clientType, clientIP, action); + + this.resourcePath = resourcePath; + this.resourceType = resourceType; + this.requestData = requestData; + } + + /** + * @return the resourcePath + */ + public String getResourcePath() { + return resourcePath; + } + + /** + * @param resourcePath the resourcePath to set + */ + public void setResourcePath(String resourcePath) { + this.resourcePath = resourcePath; + } + + /** + * @return the resourceType + */ + public String getResourceType() { + return resourceType; + } + + /** + * @param resourceType the resourceType to set + */ + public void setResourceType(String resourceType) { + this.resourceType = resourceType; + } + + /** + * @return the requestData + */ + public String getRequestData() { + return trim(requestData,MAX_REQUEST_DATA_FIELD_SIZE) ; + } + + /** + * @param requestData the requestData to set + */ + public void setRequestData(String requestData) { + this.requestData = requestData; + } + + @Override + public void persist(DaoManager daoManager) { + daoManager.getXAHBaseAuditEventDao().create(new XXHBaseAuditEvent(this)); + } + + @Override + protected StringBuilder toString(StringBuilder sb) { + sb.append("HBaseAuditEvent{"); + + super.toString(sb) + .append("resourcePath=").append(resourcePath).append(FIELD_SEPARATOR) + .append("resourceType=").append(resourceType).append(FIELD_SEPARATOR) + .append("requestData=").append(requestData).append(FIELD_SEPARATOR); + + sb.append("}"); + + return sb; + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/agents-audit/src/main/java/org/apache/ranger/audit/model/HdfsAuditEvent.java ---------------------------------------------------------------------- diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/model/HdfsAuditEvent.java b/agents-audit/src/main/java/org/apache/ranger/audit/model/HdfsAuditEvent.java new file mode 100644 index 0000000..631c6a9 --- /dev/null +++ b/agents-audit/src/main/java/org/apache/ranger/audit/model/HdfsAuditEvent.java @@ -0,0 +1,107 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + package org.apache.ranger.audit.model; + +import java.util.Date; + +import org.apache.ranger.audit.dao.DaoManager; +import org.apache.ranger.audit.entity.XXHdfsAuditEvent; + +import com.google.gson.annotations.SerializedName; + +public class HdfsAuditEvent extends AuditEventBase { + @SerializedName("resource") + protected String resourcePath; + + @SerializedName("resType") + protected String resourceType; + + public HdfsAuditEvent() { + this.repositoryType = EnumRepositoryType.HDFS; + } + + public HdfsAuditEvent(String agentId, + String user, + Date eventTime, + long policyId, + String accessType, + short accessResult, + String resultReason, + String aclEnforcer, + int repositoryType, + String repositoryName, + String sessionId, + String clientType, + String clientIP, + String resourcePath, + String resourceType, + String action) { + super(agentId, user, eventTime, policyId, accessType, accessResult, resultReason, aclEnforcer, repositoryType, repositoryName, sessionId, clientType, clientIP, action); + + this.resourcePath = resourcePath; + this.resourceType = resourceType; + } + + /** + * @return the resourcePath + */ + public String getResourcePath() { + return resourcePath; + } + + /** + * @param resourcePath the resourcePath to set + */ + public void setResourcePath(String resourcePath) { + this.resourcePath = resourcePath; + } + + /** + * @return the resourceType + */ + public String getResourceType() { + return resourceType; + } + + /** + * @param resourceType the resourceType to set + */ + public void setResourceType(String resourceType) { + this.resourceType = resourceType; + } + + @Override + public void persist(DaoManager daoManager) { + daoManager.getXAHdfsAuditEventDao().create(new XXHdfsAuditEvent(this)); + } + + @Override + protected StringBuilder toString(StringBuilder sb) { + sb.append("HdfsAuditEvent{"); + + super.toString(sb) + .append("resourcePath=").append(resourcePath).append(FIELD_SEPARATOR) + .append("resourceType=").append(resourceType).append(FIELD_SEPARATOR); + + sb.append("}"); + + return sb; + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/agents-audit/src/main/java/org/apache/ranger/audit/model/HiveAuditEvent.java ---------------------------------------------------------------------- diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/model/HiveAuditEvent.java b/agents-audit/src/main/java/org/apache/ranger/audit/model/HiveAuditEvent.java new file mode 100644 index 0000000..2d3ffb1 --- /dev/null +++ b/agents-audit/src/main/java/org/apache/ranger/audit/model/HiveAuditEvent.java @@ -0,0 +1,127 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + package org.apache.ranger.audit.model; + +import java.util.Date; + +import org.apache.ranger.audit.dao.DaoManager; +import org.apache.ranger.audit.entity.XXHiveAuditEvent; + +import com.google.gson.annotations.SerializedName; + +public class HiveAuditEvent extends AuditEventBase { + @SerializedName("resource") + protected String resourcePath; + + @SerializedName("resType") + protected String resourceType; + + @SerializedName("reqData") + protected String requestData; + + public HiveAuditEvent() { + this.repositoryType = EnumRepositoryType.HIVE; + } + + public HiveAuditEvent(String agentId, + String user, + Date eventTime, + long policyId, + String accessType, + short accessResult, + String resultReason, + String aclEnforcer, + int repositoryType, + String repositoryName, + String sessionId, + String clientType, + String clientIP, + String resourcePath, + String resourceType, + String requestData, + String action) { + super(agentId, user, eventTime, policyId, accessType, accessResult, resultReason, aclEnforcer, repositoryType, repositoryName, sessionId, clientType, clientIP, action); + + this.resourcePath = resourcePath; + this.resourceType = resourceType; + this.requestData = requestData; + } + + /** + * @return the resourcePath + */ + public String getResourcePath() { + return resourcePath; + } + + /** + * @param resourcePath the resourcePath to set + */ + public void setResourcePath(String resourcePath) { + this.resourcePath = resourcePath; + } + + /** + * @return the resourceType + */ + public String getResourceType() { + return resourceType; + } + + /** + * @param resourceType the resourceType to set + */ + public void setResourceType(String resourceType) { + this.resourceType = resourceType; + } + + /** + * @return the requestData + */ + public String getRequestData() { + return trim(requestData,MAX_REQUEST_DATA_FIELD_SIZE); + } + + /** + * @param requestData the requestData to set + */ + public void setRequestData(String requestData) { + this.requestData = requestData; + } + + @Override + public void persist(DaoManager daoManager) { + daoManager.getXAHiveAuditEventDao().create(new XXHiveAuditEvent(this)); + } + + @Override + protected StringBuilder toString(StringBuilder sb) { + sb.append("HiveAuditEvent{"); + + super.toString(sb) + .append("resourcePath=").append(resourcePath).append(FIELD_SEPARATOR) + .append("resourceType=").append(resourceType).append(FIELD_SEPARATOR) + .append("requestData=").append(requestData).append(FIELD_SEPARATOR); + + sb.append("}"); + + return sb; + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/agents-audit/src/main/java/org/apache/ranger/audit/model/KnoxAuditEvent.java ---------------------------------------------------------------------- diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/model/KnoxAuditEvent.java b/agents-audit/src/main/java/org/apache/ranger/audit/model/KnoxAuditEvent.java new file mode 100644 index 0000000..d4d6e0a --- /dev/null +++ b/agents-audit/src/main/java/org/apache/ranger/audit/model/KnoxAuditEvent.java @@ -0,0 +1,98 @@ +package org.apache.ranger.audit.model; + +import org.apache.ranger.audit.dao.DaoManager; +import org.apache.ranger.audit.entity.XXKnoxAuditEvent; + +import com.google.gson.annotations.SerializedName; + +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with this + * work for additional information regarding copyright ownership. The ASF + * licenses this file to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ + +public class KnoxAuditEvent extends AuditEventBase { + @SerializedName("resource") + protected String resourcePath; + + @SerializedName("resType") + protected String resourceType; + + @SerializedName("reqData") + protected String requestData; + + public KnoxAuditEvent() { + this.repositoryType = EnumRepositoryType.KNOX; + } + + /** + * @return the resourcePath + */ + public String getResourcePath() { + return resourcePath; + } + + /** + * @param resourcePath the resourcePath to set + */ + public void setResourcePath(String resourcePath) { + this.resourcePath = resourcePath; + } + + /** + * @return the resourceType + */ + public String getResourceType() { + return resourceType; + } + + /** + * @param resourceType the resourceType to set + */ + public void setResourceType(String resourceType) { + this.resourceType = resourceType; + } + + /** + * @return the requestData + */ + public String getRequestData() { + return trim(requestData, MAX_REQUEST_DATA_FIELD_SIZE); + } + + /** + * @param requestData + * the requestData to set + */ + public void setRequestData(String requestData) { + this.requestData = requestData; + } + + @Override + public void persist(DaoManager daoManager) { + daoManager.getXAKnoxAuditEventDao().create(new XXKnoxAuditEvent(this)); + } + + @Override + protected StringBuilder toString(StringBuilder sb) { + sb.append("KnoxAuditEvent{"); + + super.toString(sb).append("requestData=") + .append(requestData).append(FIELD_SEPARATOR); + + sb.append("}"); + + return sb; + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/agents-audit/src/main/java/org/apache/ranger/audit/model/StormAuditEvent.java ---------------------------------------------------------------------- diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/model/StormAuditEvent.java b/agents-audit/src/main/java/org/apache/ranger/audit/model/StormAuditEvent.java new file mode 100644 index 0000000..264b123 --- /dev/null +++ b/agents-audit/src/main/java/org/apache/ranger/audit/model/StormAuditEvent.java @@ -0,0 +1,98 @@ +package org.apache.ranger.audit.model; + +import org.apache.ranger.audit.dao.DaoManager; +import org.apache.ranger.audit.entity.XXStormAuditEvent; + +import com.google.gson.annotations.SerializedName; + +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with this + * work for additional information regarding copyright ownership. The ASF + * licenses this file to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations under + * the License. + */ + +public class StormAuditEvent extends AuditEventBase { + @SerializedName("resource") + protected String resourcePath; + + @SerializedName("resType") + protected String resourceType; + + @SerializedName("reqData") + protected String requestData; + + public StormAuditEvent() { + this.repositoryType = EnumRepositoryType.STORM; + } + + /** + * @return the resourcePath + */ + public String getResourcePath() { + return resourcePath; + } + + /** + * @param resourcePath the resourcePath to set + */ + public void setResourcePath(String resourcePath) { + this.resourcePath = resourcePath; + } + + /** + * @return the resourceType + */ + public String getResourceType() { + return resourceType; + } + + /** + * @param resourceType the resourceType to set + */ + public void setResourceType(String resourceType) { + this.resourceType = resourceType; + } + + /** + * @return the requestData + */ + public String getRequestData() { + return trim(requestData, MAX_REQUEST_DATA_FIELD_SIZE); + } + + /** + * @param requestData + * the requestData to set + */ + public void setRequestData(String requestData) { + this.requestData = requestData; + } + + @Override + public void persist(DaoManager daoManager) { + daoManager.getXAStormAuditEventDao().create(new XXStormAuditEvent(this)); + } + + @Override + protected StringBuilder toString(StringBuilder sb) { + sb.append("StormAuditEvent{"); + + super.toString(sb).append("requestData=") + .append(requestData).append(FIELD_SEPARATOR); + + sb.append("}"); + + return sb; + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/agents-audit/src/main/java/org/apache/ranger/audit/provider/AsyncAuditProvider.java ---------------------------------------------------------------------- diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/provider/AsyncAuditProvider.java b/agents-audit/src/main/java/org/apache/ranger/audit/provider/AsyncAuditProvider.java new file mode 100644 index 0000000..2f90642 --- /dev/null +++ b/agents-audit/src/main/java/org/apache/ranger/audit/provider/AsyncAuditProvider.java @@ -0,0 +1,271 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + package org.apache.ranger.audit.provider; + +import java.util.concurrent.BlockingQueue; +import java.util.concurrent.ArrayBlockingQueue; +import java.util.concurrent.TimeUnit; +import java.util.concurrent.atomic.AtomicLong; +import java.util.Properties; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.ranger.audit.model.AuditEventBase; + +public class AsyncAuditProvider extends MultiDestAuditProvider implements + Runnable { + + private static final Log LOG = LogFactory.getLog(AsyncAuditProvider.class); + + private static int sThreadCount = 0; + + private BlockingQueue<AuditEventBase> mQueue = null; + private Thread mThread = null; + private boolean mStopThread = false; + private String mName = null; + private int mMaxQueueSize = 10 * 1024; + private int mMaxFlushInterval = 5000; // 5 seconds + + // Summary of logs handled + private AtomicLong lifeTimeInLogCount = new AtomicLong(0); // Total count, including drop count + private AtomicLong lifeTimeOutLogCount = new AtomicLong(0); + private AtomicLong lifeTimeDropCount = new AtomicLong(0); + private AtomicLong intervalInLogCount = new AtomicLong(0); + private AtomicLong intervalOutLogCount = new AtomicLong(0); + private AtomicLong intervalDropCount = new AtomicLong(0); + private long lastIntervalLogTime = System.currentTimeMillis(); + private int intervalLogDurationMS = 60000; + + public AsyncAuditProvider(String name, int maxQueueSize, int maxFlushInterval) { + LOG.info("AsyncAuditProvider(" + name + "): creating.."); + + if(maxQueueSize < 1) { + LOG.warn("AsyncAuditProvider(" + name + "): invalid maxQueueSize=" + maxQueueSize + ". will use default " + mMaxQueueSize); + + maxQueueSize = mMaxQueueSize; + } + + mName = name; + mMaxQueueSize = maxQueueSize; + mMaxFlushInterval = maxFlushInterval; + + mQueue = new ArrayBlockingQueue<AuditEventBase>(mMaxQueueSize); + } + + public AsyncAuditProvider(String name, int maxQueueSize, int maxFlushInterval, AuditProvider provider) { + this(name, maxQueueSize, maxFlushInterval); + + addAuditProvider(provider); + } + + @Override + public void init(Properties props) { + LOG.info("AsyncAuditProvider(" + mName + ").init()"); + + super.init(props); + } + + public int getIntervalLogDurationMS() { + return intervalLogDurationMS; + } + + public void setIntervalLogDurationMS(int intervalLogDurationMS) { + this.intervalLogDurationMS = intervalLogDurationMS; + } + + @Override + public void log(AuditEventBase event) { + LOG.debug("AsyncAuditProvider.logEvent(AuditEventBase)"); + + queueEvent(event); + } + + @Override + public void start() { + mThread = new Thread(this, "AsyncAuditProvider" + (++sThreadCount)); + + mThread.setDaemon(true); + mThread.start(); + + super.start(); + } + + @Override + public void stop() { + mStopThread = true; + + try { + mThread.join(); + } catch (InterruptedException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + + super.stop(); + } + + @Override + public void waitToComplete() { + waitToComplete(0); + + super.waitToComplete(); + } + + @Override + public void run() { + LOG.info("==> AsyncAuditProvider.run()"); + + while (!mStopThread) { + AuditEventBase event = null; + try { + event = dequeueEvent(); + + if (event != null) { + super.log(event); + } else { + flush(); + } + } catch (Exception excp) { + logFailedEvent(event, excp); + } + } + + try { + flush(); + } catch (Exception excp) { + LOG.error("AsyncAuditProvider.run()", excp); + } + + LOG.info("<== AsyncAuditProvider.run()"); + } + + private void queueEvent(AuditEventBase event) { + // Increase counts + lifeTimeInLogCount.incrementAndGet(); + intervalInLogCount.incrementAndGet(); + + if(! mQueue.offer(event)) { + lifeTimeDropCount.incrementAndGet(); + intervalDropCount.incrementAndGet(); + } + } + + private AuditEventBase dequeueEvent() { + AuditEventBase ret = mQueue.poll(); + + try { + while(ret == null && !mStopThread) { + logSummaryIfRequired(); + + if (mMaxFlushInterval > 0 && isFlushPending()) { + long timeTillNextFlush = getTimeTillNextFlush(); + + if (timeTillNextFlush <= 0) { + break; // force flush + } + + ret = mQueue.poll(timeTillNextFlush, TimeUnit.MILLISECONDS); + } else { + // Let's wake up for summary logging + long waitTime = intervalLogDurationMS - (System.currentTimeMillis() - lastIntervalLogTime); + waitTime = waitTime <= 0 ? intervalLogDurationMS : waitTime; + + ret = mQueue.poll(waitTime, TimeUnit.MILLISECONDS); + } + } + } catch(InterruptedException excp) { + LOG.error("AsyncAuditProvider.dequeueEvent()", excp); + } + + if(ret != null) { + lifeTimeOutLogCount.incrementAndGet(); + intervalOutLogCount.incrementAndGet(); + } + + logSummaryIfRequired(); + + return ret; + } + + private void logSummaryIfRequired() { + long intervalSinceLastLog = System.currentTimeMillis() - lastIntervalLogTime; + + if (intervalSinceLastLog > intervalLogDurationMS) { + if (intervalInLogCount.get() > 0 || intervalOutLogCount.get() > 0 ) { + long queueSize = mQueue.size(); + + LOG.info("AsyncAuditProvider-stats:" + mName + ": past " + formatIntervalForLog(intervalSinceLastLog) + + ": inLogs=" + intervalInLogCount.get() + + ", outLogs=" + intervalOutLogCount.get() + + ", dropped=" + intervalDropCount.get() + + ", currentQueueSize=" + queueSize); + + LOG.info("AsyncAuditProvider-stats:" + mName + ": process lifetime" + + ": inLogs=" + lifeTimeInLogCount.get() + + ", outLogs=" + lifeTimeOutLogCount.get() + + ", dropped=" + lifeTimeDropCount.get()); + } + + lastIntervalLogTime = System.currentTimeMillis(); + intervalInLogCount.set(0); + intervalOutLogCount.set(0); + intervalDropCount.set(0); + } + } + + private boolean isEmpty() { + return mQueue.isEmpty(); + } + + private void waitToComplete(long maxWaitSeconds) { + LOG.debug("==> AsyncAuditProvider.waitToComplete()"); + + for (long waitTime = 0; !isEmpty() + && (maxWaitSeconds <= 0 || maxWaitSeconds > waitTime); waitTime++) { + try { + Thread.sleep(1000); + } catch (Exception excp) { + // ignore + } + } + + LOG.debug("<== AsyncAuditProvider.waitToComplete()"); + } + + private long getTimeTillNextFlush() { + long timeTillNextFlush = mMaxFlushInterval; + + if (mMaxFlushInterval > 0) { + long lastFlushTime = getLastFlushTime(); + + if (lastFlushTime != 0) { + long timeSinceLastFlush = System.currentTimeMillis() + - lastFlushTime; + + if (timeSinceLastFlush >= mMaxFlushInterval) + timeTillNextFlush = 0; + else + timeTillNextFlush = mMaxFlushInterval - timeSinceLastFlush; + } + } + + return timeTillNextFlush; + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/agents-audit/src/main/java/org/apache/ranger/audit/provider/AuditProvider.java ---------------------------------------------------------------------- diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/provider/AuditProvider.java b/agents-audit/src/main/java/org/apache/ranger/audit/provider/AuditProvider.java new file mode 100644 index 0000000..47c2d7f --- /dev/null +++ b/agents-audit/src/main/java/org/apache/ranger/audit/provider/AuditProvider.java @@ -0,0 +1,36 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ranger.audit.provider; + +import java.util.Properties; + +import org.apache.ranger.audit.model.AuditEventBase; + +public interface AuditProvider { + public void log(AuditEventBase event); + + public void init(Properties prop); + public void start(); + public void stop(); + public void waitToComplete(); + + public boolean isFlushPending(); + public long getLastFlushTime(); + public void flush(); +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/agents-audit/src/main/java/org/apache/ranger/audit/provider/AuditProviderFactory.java ---------------------------------------------------------------------- diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/provider/AuditProviderFactory.java b/agents-audit/src/main/java/org/apache/ranger/audit/provider/AuditProviderFactory.java new file mode 100644 index 0000000..cddf546 --- /dev/null +++ b/agents-audit/src/main/java/org/apache/ranger/audit/provider/AuditProviderFactory.java @@ -0,0 +1,242 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ranger.audit.provider; + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Properties; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.ranger.audit.provider.hdfs.HdfsAuditProvider; + + +/* + * TODO: + * 1) Flag to enable/disable audit logging + * 2) Failed path to be recorded + * 3) Repo name, repo type from configuration + */ + +public class AuditProviderFactory { + + public enum ApplicationType { Unknown, Hdfs, HiveCLI, HiveServer2, HBaseMaster, HBaseRegionalServer, Knox, Storm }; + + private static final Log LOG = LogFactory.getLog(AuditProviderFactory.class); + + private static final String AUDIT_IS_ENABLED_PROP = "xasecure.audit.is.enabled" ; + private static final String AUDIT_DB_IS_ENABLED_PROP = "xasecure.audit.db.is.enabled" ; + private static final String AUDIT_HDFS_IS_ENABLED_PROP = "xasecure.audit.hdfs.is.enabled"; + private static final String AUDIT_LOG4J_IS_ENABLED_PROP = "xasecure.audit.log4j.is.enabled" ; + + private static final int AUDIT_ASYNC_MAX_QUEUE_SIZE_DEFAULT = 10 * 1024; + private static final int AUDIT_ASYNC_MAX_FLUSH_INTERVAL_DEFAULT = 5 * 1000; + + private static AuditProviderFactory sFactory; + + private AuditProvider mProvider = null; + private boolean mInitDone = false; + + private AuditProviderFactory() { + LOG.info("AuditProviderFactory: creating.."); + + mProvider = getDefaultProvider(); + } + + public static AuditProviderFactory getInstance() { + if(sFactory == null) { + synchronized(AuditProviderFactory.class) { + if(sFactory == null) { + sFactory = new AuditProviderFactory(); + } + } + } + + return sFactory; + } + + public static AuditProvider getAuditProvider() { + return AuditProviderFactory.getInstance().getProvider(); + } + + public AuditProvider getProvider() { + return mProvider; + } + + public boolean isInitDone() { + return mInitDone; + } + + public synchronized void init(Properties props, ApplicationType appType) { + LOG.info("AuditProviderFactory: initializing.."); + + if(mInitDone) { + LOG.warn("AuditProviderFactory.init(): already initialized!", new Exception()); + + return; + } + mInitDone = true; + + setApplicationType(appType); + + boolean isEnabled = BaseAuditProvider.getBooleanProperty(props, AUDIT_IS_ENABLED_PROP, false); + boolean isAuditToDbEnabled = BaseAuditProvider.getBooleanProperty(props, AUDIT_DB_IS_ENABLED_PROP, false); + boolean isAuditToHdfsEnabled = BaseAuditProvider.getBooleanProperty(props, AUDIT_HDFS_IS_ENABLED_PROP, false); + boolean isAuditToLog4jEnabled = BaseAuditProvider.getBooleanProperty(props, AUDIT_LOG4J_IS_ENABLED_PROP, false); + + if(!isEnabled || !(isAuditToDbEnabled || isAuditToHdfsEnabled || isAuditToLog4jEnabled)) { + LOG.info("AuditProviderFactory: Audit not enabled.."); + + mProvider = getDefaultProvider(); + + return; + } + + List<AuditProvider> providers = new ArrayList<AuditProvider>(); + + if(isAuditToDbEnabled) { + DbAuditProvider dbProvider = new DbAuditProvider(); + + boolean isAuditToDbAsync = BaseAuditProvider.getBooleanProperty(props, DbAuditProvider.AUDIT_DB_IS_ASYNC_PROP, false); + + if(isAuditToDbAsync) { + int maxQueueSize = BaseAuditProvider.getIntProperty(props, DbAuditProvider.AUDIT_DB_MAX_QUEUE_SIZE_PROP, AUDIT_ASYNC_MAX_QUEUE_SIZE_DEFAULT); + int maxFlushInterval = BaseAuditProvider.getIntProperty(props, DbAuditProvider.AUDIT_DB_MAX_FLUSH_INTERVAL_PROP, AUDIT_ASYNC_MAX_FLUSH_INTERVAL_DEFAULT); + + AsyncAuditProvider asyncProvider = new AsyncAuditProvider("DbAuditProvider", maxQueueSize, maxFlushInterval, dbProvider); + + providers.add(asyncProvider); + } else { + providers.add(dbProvider); + } + } + + if(isAuditToHdfsEnabled) { + HdfsAuditProvider hdfsProvider = new HdfsAuditProvider(); + + boolean isAuditToHdfsAsync = BaseAuditProvider.getBooleanProperty(props, HdfsAuditProvider.AUDIT_HDFS_IS_ASYNC_PROP, false); + + if(isAuditToHdfsAsync) { + int maxQueueSize = BaseAuditProvider.getIntProperty(props, HdfsAuditProvider.AUDIT_HDFS_MAX_QUEUE_SIZE_PROP, AUDIT_ASYNC_MAX_QUEUE_SIZE_DEFAULT); + int maxFlushInterval = BaseAuditProvider.getIntProperty(props, HdfsAuditProvider.AUDIT_HDFS_MAX_FLUSH_INTERVAL_PROP, AUDIT_ASYNC_MAX_FLUSH_INTERVAL_DEFAULT); + + AsyncAuditProvider asyncProvider = new AsyncAuditProvider("HdfsAuditProvider", maxQueueSize, maxFlushInterval, hdfsProvider); + + providers.add(asyncProvider); + } else { + providers.add(hdfsProvider); + } + } + + if(isAuditToLog4jEnabled) { + Log4jAuditProvider log4jProvider = new Log4jAuditProvider(); + + boolean isAuditToLog4jAsync = BaseAuditProvider.getBooleanProperty(props, Log4jAuditProvider.AUDIT_LOG4J_IS_ASYNC_PROP, false); + + if(isAuditToLog4jAsync) { + int maxQueueSize = BaseAuditProvider.getIntProperty(props, Log4jAuditProvider.AUDIT_LOG4J_MAX_QUEUE_SIZE_PROP, AUDIT_ASYNC_MAX_QUEUE_SIZE_DEFAULT); + int maxFlushInterval = BaseAuditProvider.getIntProperty(props, Log4jAuditProvider.AUDIT_LOG4J_MAX_FLUSH_INTERVAL_PROP, AUDIT_ASYNC_MAX_FLUSH_INTERVAL_DEFAULT); + + AsyncAuditProvider asyncProvider = new AsyncAuditProvider("Log4jAuditProvider", maxQueueSize, maxFlushInterval, log4jProvider); + + providers.add(asyncProvider); + } else { + providers.add(log4jProvider); + } + } + + if(providers.size() == 0) { + mProvider = getDefaultProvider(); + } else if(providers.size() == 1) { + mProvider = providers.get(0); + } else { + MultiDestAuditProvider multiDestProvider = new MultiDestAuditProvider(); + + multiDestProvider.addAuditProviders(providers); + + mProvider = multiDestProvider; + } + + mProvider.init(props); + mProvider.start(); + + JVMShutdownHook jvmShutdownHook = new JVMShutdownHook(mProvider); + + Runtime.getRuntime().addShutdownHook(jvmShutdownHook); + } + + private static void setApplicationType(ApplicationType appType) { + String strAppType = null; + + switch(appType) { + case Hdfs: + strAppType = "hdfs"; + break; + + case HiveCLI: + strAppType = "hiveCli"; + break; + + case HiveServer2: + strAppType = "hiveServer2"; + break; + + case HBaseMaster: + strAppType = "hbaseMaster"; + break; + + case HBaseRegionalServer: + strAppType = "hbaseRegional"; + break; + + case Knox: + strAppType = "knox"; + break; + + case Storm: + strAppType = "storm"; + break; + + case Unknown: + strAppType = "unknown"; + break; + } + + MiscUtil.setApplicationType(strAppType); + } + + private AuditProvider getDefaultProvider() { + return new DummyAuditProvider(); + } + + private static class JVMShutdownHook extends Thread { + AuditProvider mProvider; + + public JVMShutdownHook(AuditProvider provider) { + mProvider = provider; + } + + public void run() { + mProvider.waitToComplete(); + mProvider.stop(); + } + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/agents-audit/src/main/java/org/apache/ranger/audit/provider/BaseAuditProvider.java ---------------------------------------------------------------------- diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/provider/BaseAuditProvider.java b/agents-audit/src/main/java/org/apache/ranger/audit/provider/BaseAuditProvider.java new file mode 100644 index 0000000..9a0cc45 --- /dev/null +++ b/agents-audit/src/main/java/org/apache/ranger/audit/provider/BaseAuditProvider.java @@ -0,0 +1,172 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.ranger.audit.provider; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.ranger.audit.model.AuditEventBase; + +import java.util.concurrent.atomic.AtomicLong; +import java.util.HashMap; +import java.util.Map; +import java.util.Properties; + +public abstract class BaseAuditProvider implements AuditProvider { + private static final Log LOG = LogFactory.getLog(BaseAuditProvider.class); + + private static final String AUDIT_LOG_FAILURE_REPORT_MIN_INTERVAL_PROP = "xasecure.audit.log.failure.report.min.interval.ms"; + + private int mLogFailureReportMinIntervalInMs = 60 * 1000; + + private AtomicLong mFailedLogLastReportTime = new AtomicLong(0); + private AtomicLong mFailedLogCountSinceLastReport = new AtomicLong(0); + private AtomicLong mFailedLogCountLifeTime = new AtomicLong(0); + + + public BaseAuditProvider() { + } + + @Override + public void init(Properties props) { + LOG.info("BaseAuditProvider.init()"); + + mLogFailureReportMinIntervalInMs = getIntProperty(props, AUDIT_LOG_FAILURE_REPORT_MIN_INTERVAL_PROP, 60 * 1000); + } + + public void logFailedEvent(AuditEventBase event) { + logFailedEvent(event, null); + } + + public void logFailedEvent(AuditEventBase event, Throwable excp) { + long now = System.currentTimeMillis(); + + long timeSinceLastReport = now - mFailedLogLastReportTime.get(); + long countSinceLastReport = mFailedLogCountSinceLastReport.incrementAndGet(); + long countLifeTime = mFailedLogCountLifeTime.incrementAndGet(); + + if(timeSinceLastReport >= mLogFailureReportMinIntervalInMs) { + mFailedLogLastReportTime.set(now); + mFailedLogCountSinceLastReport.set(0); + + if(excp != null) { + LOG.warn("failed to log audit event: " + MiscUtil.stringify(event), excp); + } else { + LOG.warn("failed to log audit event: " + MiscUtil.stringify(event)); + } + + if(countLifeTime > 1) { // no stats to print for the 1st failure + LOG.warn("Log failure count: " + countSinceLastReport + " in past " + formatIntervalForLog(timeSinceLastReport) + "; " + countLifeTime + " during process lifetime"); + } + } + } + + public static Map<String, String> getPropertiesWithPrefix(Properties props, String prefix) { + Map<String, String> prefixedProperties = new HashMap<String, String>(); + + if(props != null && prefix != null) { + for(String key : props.stringPropertyNames()) { + if(key == null) { + continue; + } + + String val = props.getProperty(key); + + if(key.startsWith(prefix)) { + key = key.substring(prefix.length()); + + if(key == null) { + continue; + } + + prefixedProperties.put(key, val); + } + } + } + + return prefixedProperties; + } + + public static boolean getBooleanProperty(Properties props, String propName, boolean defValue) { + boolean ret = defValue; + + if(props != null && propName != null) { + String val = props.getProperty(propName); + + if(val != null) { + ret = Boolean.valueOf(val); + } + } + + return ret; + } + + public static int getIntProperty(Properties props, String propName, int defValue) { + int ret = defValue; + + if(props != null && propName != null) { + String val = props.getProperty(propName); + + if(val != null) { + try { + ret = Integer.parseInt(val); + } catch(NumberFormatException excp) { + ret = defValue; + } + } + } + + return ret; + } + + + public static String getStringProperty(Properties props, String propName) { + String ret = null; + + if(props != null && propName != null) { + String val = props.getProperty(propName); + if ( val != null){ + ret = val; + } + } + + return ret; + } + + public String getTimeDiffStr(long time1, long time2) { + long timeInMs = Math.abs(time1 - time2); + return formatIntervalForLog(timeInMs); + } + + public String formatIntervalForLog(long timeInMs) { + long hours = timeInMs / (60 * 60 * 1000); + long minutes = (timeInMs / (60 * 1000)) % 60; + long seconds = (timeInMs % (60 * 1000)) / 1000; + long mSeconds = (timeInMs % (1000)); + + if (hours > 0) + return String.format("%02d:%02d:%02d.%03d hours", hours, minutes, + seconds, mSeconds); + else if (minutes > 0) + return String.format("%02d:%02d.%03d minutes", minutes, seconds, + mSeconds); + else if (seconds > 0) + return String.format("%02d.%03d seconds", seconds, mSeconds); + else + return String.format("%03d milli-seconds", mSeconds); + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/agents-audit/src/main/java/org/apache/ranger/audit/provider/BufferedAuditProvider.java ---------------------------------------------------------------------- diff --git a/agents-audit/src/main/java/org/apache/ranger/audit/provider/BufferedAuditProvider.java b/agents-audit/src/main/java/org/apache/ranger/audit/provider/BufferedAuditProvider.java new file mode 100644 index 0000000..cb2b385 --- /dev/null +++ b/agents-audit/src/main/java/org/apache/ranger/audit/provider/BufferedAuditProvider.java @@ -0,0 +1,93 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.ranger.audit.provider; + +import java.util.Properties; + +import org.apache.ranger.audit.model.AuditEventBase; + +public abstract class BufferedAuditProvider extends BaseAuditProvider { + private LogBuffer<AuditEventBase> mBuffer = null; + private LogDestination<AuditEventBase> mDestination = null; + + @Override + public void init(Properties props) { + super.init(props); + } + + @Override + public void log(AuditEventBase event) { + if(event.getAgentHostname() == null) { + event.setAgentHostname(MiscUtil.getHostname()); + } + + if(event.getLogType() == null) { + event.setLogType("RangerAudit"); + } + + if(event.getEventId() == null) { + event.setEventId(MiscUtil.generateUniqueId()); + } + + if(! mBuffer.add(event)) { + logFailedEvent(event); + } + } + + @Override + public void start() { + mBuffer.start(mDestination); + } + + @Override + public void stop() { + mBuffer.stop(); + } + + @Override + public void waitToComplete() { + } + + @Override + public boolean isFlushPending() { + return false; + } + + @Override + public long getLastFlushTime() { + return 0; + } + + @Override + public void flush() { + } + + protected LogBuffer<AuditEventBase> getBuffer() { + return mBuffer; + } + + protected LogDestination<AuditEventBase> getDestination() { + return mDestination; + } + + protected void setBufferAndDestination(LogBuffer<AuditEventBase> buffer, + LogDestination<AuditEventBase> destination) { + mBuffer = buffer; + mDestination = destination; + } +}
