anmolnar commented on a change in pull request #1133: ZOOKEEPER-1260:Audit 
logging in ZooKeeper servers.
URL: https://github.com/apache/zookeeper/pull/1133#discussion_r343122357
 
 

 ##########
 File path: 
zookeeper-server/src/main/java/org/apache/zookeeper/server/FinalRequestProcessor.java
 ##########
 @@ -624,4 +662,157 @@ private void updateStats(Request request, String lastOp, 
long lastZxid) {
         request.cnxn.updateStatsForResponse(request.cxid, lastZxid, lastOp, 
request.createTime, currentTime);
     }
 
+    private void addSuccessAudit(Request request, ServerCnxn cnxn, String op, 
String path) {
+        addSuccessAudit(request, cnxn, op, path, null, null);
+    }
+
+    private void addSuccessAudit(Request request, ServerCnxn cnxn, String op, 
String path,
+                                 String acl, String createMode) {
+        if (!ZKAuditLogger.isAuditEnabled()) {
+            return;
+        }
+        ZKAuditLogger
+                .logSuccess(request.getUsers(), op, path, acl, createMode, 
cnxn.getSessionIdHex(),
+                        cnxn.getHostAddress());
+    }
+
+    private void addFailureAudit(Request request, ServerCnxn cnxn, String op, 
String path) {
+        addFailureAudit(request, cnxn, op, path, null, null);
+    }
+
+    private void addFailureAudit(Request request, ServerCnxn cnxn, String op, 
String path,
+                                 String acl, String createMode) {
+        if (!ZKAuditLogger.isAuditEnabled()) {
+            return;
+        }
+        ZKAuditLogger
+                .logFailure(request.getUsers(), op, path, acl, createMode, 
cnxn.getSessionIdHex(),
+                        cnxn.getHostAddress());
+    }
+
+    private void addAuditLog(Request request, ServerCnxn cnxn, String op, 
String path, String acl,
+                             String createMode, Code err) {
+        if (!ZKAuditLogger.isAuditEnabled()) {
+            return;
+        }
+        if (err == Code.OK) {
+            ZKAuditLogger
+                    .logSuccess(request.getUsers(), op, path, acl, createMode, 
cnxn.getSessionIdHex(),
+                            cnxn.getHostAddress());
+        } else {
+            ZKAuditLogger
+                    .logFailure(request.getUsers(), op, path, acl, createMode, 
cnxn.getSessionIdHex(),
+                            cnxn.getHostAddress());
+        }
+    }
+
+    private String getACLs(Request request) {
+        ByteBuffer reqData = request.request.slice();
+        reqData.rewind();
+        SetACLRequest setACLRequest = new SetACLRequest();
+        try {
+            ByteBufferInputStream.byteBuffer2Record(reqData, setACLRequest);
+        } catch (IOException e) {
+            e.printStackTrace();
+        }
+        return ZKUtil.aclToString(setACLRequest.getAcl());
+    }
+
+    private void addFailedTxnAuditLog(Request request) {
 
 Review comment:
   I'd make something very similar to this for success events:
   Get the `request` as input, short circuit if audit is disabled or the event 
is not eligible for auditing and then do stuff.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

Reply via email to