[
https://issues.apache.org/jira/browse/ACCUMULO-3946?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14662648#comment-14662648
]
James Mello commented on ACCUMULO-3946:
---------------------------------------
So here's the general gist of what I'm going to do:
Create an audit util class with methods such as:
{code}
public static final void renameSuccess(String username,
String newTableName, String oldTableName) {
log("SUCCESS: RENAMETABLE: User %s, New Table Name %s, Old
Table Name %s",
username, newTableName, oldTableName);
}
public static final void renameFail(String username, String
newTableName,
String oldTableName) {
log("FAILURE: RENAMETABLE: User %s, New Table Name %s, Old
Table Name %s",
username, newTableName, oldTableName);
}
{code}
The in the MasterClientServiceHandler modify the various failure sections to
include failures:
{code}
case RENAME: {
String oldTableName = ByteBufferUtil.toString(arguments.get(0));
String newTableName = ByteBufferUtil.toString(arguments.get(1));
String tableId = checkTableId(oldTableName, TableOperation.RENAME);
checkNotMetadataTable(oldTableName, TableOperation.RENAME);
checkNotMetadataTable(newTableName, TableOperation.RENAME);
checkTableName(newTableName, TableOperation.RENAME);
final boolean canRename;
try {
canRename = security.canRenameTable(c, tableId);
} catch (ThriftSecurityException e) {
AuditUtils.renameFail(c.principal, newTableName, oldTableName);
throwIfTableMissingSecurityException(e, tableId, oldTableName,
TableOperation.RENAME);
throw e;
}
if (!canRename) {
AuditUtils.renameFail(c.principal, newTableName, oldTableName);
throw new ThriftSecurityException(c.getPrincipal(),
SecurityErrorCode.PERMISSION_DENIED);
}
fate.seedTransaction(opid, new TraceRepo<Master>(new
RenameTable(c.principal, tableId, oldTableName, newTableName)), autoCleanup);
break;
}
{code}
Finally modify the Fate repo operations with the instrumented methods.
{code}
try {
Utils.checkTableDoesNotExist(instance, newTableName, tableId,
TableOperation.RENAME);
final String tap = ZooUtil.getRoot(instance) + Constants.ZTABLES + "/" +
tableId + Constants.ZTABLE_NAME;
zoo.mutate(tap, null, null, new Mutator() {
public byte[] mutate(byte[] current) throws Exception {
final String currentName = new String(current, UTF_8);
if (currentName.equals(newTableName))
return null; // assume in this case the operation is running again,
so we are done
if (!currentName.equals(oldTableName)) {
throw new ThriftTableOperationException(null, oldTableName,
TableOperation.RENAME, TableOperationExceptionType.NOTFOUND,
"Name changed while processing");
}
return newTableName.getBytes(UTF_8);
}
});
Tables.clearCache(instance);
} catch(Exception e) {
AuditUtils.renameFail(username, newTableName, oldTableName);
throw e;
}finally {
Utils.tableNameLock.unlock();
Utils.unreserveTable(tableId, tid, true);
}
AuditUtils.renameSuccess(username, newTableName, oldTableName);
Logger.getLogger(RenameTable.class).debug("Renamed table " + tableId + " "
+ oldTableName + " " + newTableName);
{code}
Seem kosher?
> Not all accumulo events are audited for Audit logging
> -----------------------------------------------------
>
> Key: ACCUMULO-3946
> URL: https://issues.apache.org/jira/browse/ACCUMULO-3946
> Project: Accumulo
> Issue Type: Bug
> Affects Versions: 1.5.3
> Reporter: James Mello
> Assignee: James Mello
> Fix For: 1.5.4
>
>
> Currently accumulo does not log all the major events such as table creation
> and permissions changes. Please modify the existing logging to include
> missing auditing. Note this is related to ticket ACCUMUO-3939.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
