zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From afine <...@git.apache.org>
Subject [GitHub] zookeeper pull request #338: ZOOKEEPER-1260:Audit logging in ZooKeeper serve...
Date Fri, 25 Aug 2017 22:16:12 GMT
Github user afine commented on a diff in the pull request:

    https://github.com/apache/zookeeper/pull/338#discussion_r135361252
  
    --- Diff: src/java/main/org/apache/zookeeper/server/FinalRequestProcessor.java ---
    @@ -465,6 +490,129 @@ public void processRequest(Request request) {
             }
         }
     
    +    private void addSuccessAudit(Request request,ServerCnxn cnxn, String op, String path)
{
    +        addSuccessAudit(request, cnxn, op, path, null);
    +    }
    +
    +    private void addSuccessAudit(Request request,ServerCnxn cnxn, String op, String path,
String acl) {
    +        if (ZKAuditLogger.isAuditDisabled) {
    +            return;
    +        }
    +        ZKAuditLogger.logSuccess(request.getUsers(), op, path, acl,
    +                getSessionId(cnxn), getHostAddress(cnxn));
    +    }
    +
    +    private void addFailureAudit(Request request,ServerCnxn cnxn, String op, String path)
{
    +        addFailureAudit(request, cnxn, op, path, null);
    +    }
    +
    +    private void addFailureAudit(Request request,ServerCnxn cnxn, String op, String path,
String acl) {
    +        if (ZKAuditLogger.isAuditDisabled) {
    +            return;
    +        }
    +        ZKAuditLogger.logFailure(request.getUsers(), op, path, acl,
    +                getSessionId(cnxn), getHostAddress(cnxn));
    +    }
    +
    +    private void addAuditLog(Request request, ServerCnxn cnxn, String op, String path,
String acl,
    +            Code err) {
    +        if (ZKAuditLogger.isAuditDisabled) {
    +            return;
    +        }
    +        if (err == Code.OK) {
    +            ZKAuditLogger.logSuccess(request.getUsers(), op, path, acl, getSessionId(cnxn),
    +                    getHostAddress(cnxn));
    +        } else {
    +            ZKAuditLogger.logFailure(request.getUsers(), op, path, acl, getSessionId(cnxn),
    +                    getHostAddress(cnxn));
    +        }
    +    }
    +
    +    private String getACLs(Request request)
    +    {
    +        ByteBuffer reqData = request.request.duplicate();
    +        reqData.rewind();
    +        SetACLRequest setACLRequest = new SetACLRequest();
    +        try {
    +            ByteBufferInputStream.byteBuffer2Record(reqData, setACLRequest);
    +        } catch (IOException e) {
    +            e.printStackTrace();
    +        }
    +        return ZKUtil.aclToString(setACLRequest.getAcl());
    +    }
    +
    +    private void addFailedTxnAduitLog(Request request) {
    +        if (ZKAuditLogger.isAuditDisabled) {
    +            return;
    +        }
    +        String op = AuditConstants.OP_CREATE;
    +        if (request.cnxn == null) {
    +            return;
    +        }
    +        String path=null;
    +        long sessionId = -1;
    +        String address = null;
    +        String acls = null;
    +        boolean exceptionOccured = false;
    +        ByteBuffer reqData = request.request.duplicate();
    +        reqData.rewind();
    +        try {
    +            sessionId = request.cnxn.getSessionId();
    +            switch (request.type) {
    +            case OpCode.create:
    +            case  OpCode.create2:
    +            case  OpCode.createContainer:
    +                op = AuditConstants.OP_CREATE;
    +                CreateRequest createRequest = new CreateRequest();
    +                ByteBufferInputStream.byteBuffer2Record(reqData, createRequest);
    +                path=createRequest.getPath();
    +                break;
    +            case OpCode.delete:
    +            case OpCode.deleteContainer:
    +                op = AuditConstants.OP_DELETE;
    +                //path = new String(request.request.array());
    +                DeleteRequest deleteRequest = new DeleteRequest();
    +                ByteBufferInputStream.byteBuffer2Record(reqData, deleteRequest);
    +                path=deleteRequest.getPath();
    +                break;
    +            case OpCode.setData:
    +                op = AuditConstants.OP_SETDATA;
    +                SetDataRequest setDataRequest = new SetDataRequest();
    +                ByteBufferInputStream.byteBuffer2Record(reqData, setDataRequest);
    +                path=setDataRequest.getPath();
    +                break;
    +            case OpCode.setACL:
    +                op = AuditConstants.OP_SETACL;
    +                SetACLRequest setACLRequest = new SetACLRequest();
    +                ByteBufferInputStream.byteBuffer2Record(reqData, setACLRequest);
    +                path=setACLRequest.getPath();
    +                acls = ZKUtil.aclToString(setACLRequest.getAcl());
    +                break;
    +            case OpCode.multi:
    +                op = AuditConstants.OP_MULTI_OP;
    +                break;
    +            case OpCode.reconfig:
    +                op = AuditConstants.OP_RECONFIG;
    +                break;
    +            }
    +            if (request.cnxn != null
    +                    && request.cnxn.getRemoteSocketAddress() != null
    +                    && request.cnxn.getRemoteSocketAddress().getAddress() !=
null) {
    +                address = request.cnxn.getRemoteSocketAddress().getAddress()
    +                        .getHostAddress();
    +            }
    +        } catch (Throwable e) {
    +            exceptionOccured = true;
    +            LOG.error("Failed to audit log request {} failure", request.type, e);
    +        }
    +        if (!exceptionOccured) {
    +            if (ZKAuditLogger.isAuditEnabled) {
    --- End diff --
    
    nit: we can combine these if statements
    
    alternatively you can return in the catch block


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message