accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James Mello (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ACCUMULO-3946) Not all accumulo events are audited for Audit logging
Date Fri, 07 Aug 2015 23:31:46 GMT

    [ https://issues.apache.org/jira/browse/ACCUMULO-3946?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14662648#comment-14662648
] 

James Mello commented on ACCUMULO-3946:
---------------------------------------

So here's the general gist of what I'm going to do:

Create an audit util class with methods such as:

{code}
	public static final void renameSuccess(String username,
			String newTableName, String oldTableName) {
		log("SUCCESS: RENAMETABLE: User %s, New Table Name %s, Old Table Name %s",
				username, newTableName, oldTableName);
	}

	public static final void renameFail(String username, String newTableName,
			String oldTableName) {
		log("FAILURE: RENAMETABLE: User %s, New Table Name %s, Old Table Name %s",
				username, newTableName, oldTableName);
	}
{code}

The in the MasterClientServiceHandler modify the various failure sections to include failures:

{code}
       case RENAME: {
          String oldTableName = ByteBufferUtil.toString(arguments.get(0));
          String newTableName = ByteBufferUtil.toString(arguments.get(1));

          String tableId = checkTableId(oldTableName, TableOperation.RENAME);
          checkNotMetadataTable(oldTableName, TableOperation.RENAME);
          checkNotMetadataTable(newTableName, TableOperation.RENAME);
          checkTableName(newTableName, TableOperation.RENAME);

          final boolean canRename;
          try {
            canRename = security.canRenameTable(c, tableId);
          } catch (ThriftSecurityException e) {
        	AuditUtils.renameFail(c.principal, newTableName, oldTableName);
            throwIfTableMissingSecurityException(e, tableId, oldTableName, TableOperation.RENAME);
            throw e;
          }

          if (!canRename) {
        	AuditUtils.renameFail(c.principal, newTableName, oldTableName);
            throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
          }

          fate.seedTransaction(opid, new TraceRepo<Master>(new RenameTable(c.principal,
tableId, oldTableName, newTableName)), autoCleanup);

          break;
        }

{code}
Finally modify the Fate repo operations with the instrumented methods.

{code}
    try {
      Utils.checkTableDoesNotExist(instance, newTableName, tableId, TableOperation.RENAME);

      final String tap = ZooUtil.getRoot(instance) + Constants.ZTABLES + "/" + tableId + Constants.ZTABLE_NAME;

      zoo.mutate(tap, null, null, new Mutator() {
        public byte[] mutate(byte[] current) throws Exception {
          final String currentName = new String(current, UTF_8);
          if (currentName.equals(newTableName))
            return null; // assume in this case the operation is running again, so we are
done
          if (!currentName.equals(oldTableName)) {
            throw new ThriftTableOperationException(null, oldTableName, TableOperation.RENAME,
TableOperationExceptionType.NOTFOUND,
                "Name changed while processing");
          }
          return newTableName.getBytes(UTF_8);
        }
      });
      Tables.clearCache(instance);
    } catch(Exception e) {
    	AuditUtils.renameFail(username, newTableName, oldTableName);
    	throw e;
    	
    }finally {
      Utils.tableNameLock.unlock();
      Utils.unreserveTable(tableId, tid, true);
    }
    AuditUtils.renameSuccess(username, newTableName, oldTableName);
    Logger.getLogger(RenameTable.class).debug("Renamed table " + tableId + " " + oldTableName
+ " " + newTableName);
{code}
Seem kosher?

> Not all accumulo events are audited for Audit logging
> -----------------------------------------------------
>
>                 Key: ACCUMULO-3946
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-3946
>             Project: Accumulo
>          Issue Type: Bug
>    Affects Versions: 1.5.3
>            Reporter: James Mello
>            Assignee: James Mello
>             Fix For: 1.5.4
>
>
> Currently accumulo does not log all the major events such as table creation and permissions
changes. Please modify the existing logging to include missing auditing. Note this is related
to ticket ACCUMUO-3939.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message