/** * Creates an audit log for the drop role event. * * @param request The drop role request received by the Sentry server. * @param response The drop role response generated by the Sentry server. */ public void onDropRole(TDropSentryRoleRequest request, TDropSentryRoleResponse response) { try { info(JSON_LOG_ENTITY.createJsonLogEntity(request, response, conf)); } catch (Exception e) { String msg = "Cannot generate an audit log for creating a role: " + e.getMessage(); ERROR_LOGGER.error(msg, e); } }
public JsonLogEntity createJsonLogEntity( org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleAddGroupsRequest request, org.apache.sentry.provider.db.generic.service.thrift.TAlterSentryRoleAddGroupsResponse response, Configuration conf) { GMAuditMetadataLogEntity gmamle = createCommonGMAMLE(conf, response.getStatus(), request.getRequestorUserName(), request.getClass().getName(), request.getComponent()); Joiner joiner = Joiner.on(","); String groups = joiner.join(request.getGroupsIterator()); gmamle.setOperationText(CommandUtil.createCmdForRoleAddGroup(request.getRoleName(), groups)); return gmamle; }
public JsonLogEntity createJsonLogEntity( TAlterSentryRoleAddGroupsRequest request, TAlterSentryRoleAddGroupsResponse response, Configuration conf) { DBAuditMetadataLogEntity hamle = createCommonHAMLE(conf, response.getStatus(), request.getRequestorUserName(), request.getClass().getName()); String groups = getGroupsStr(request.getGroupsIterator()); hamle.setOperationText(CommandUtil.createCmdForRoleAddGroup(request.getRoleName(), groups)); return hamle; }
private DBAuditMetadataLogEntity createCommonHAMLE(Configuration conf, TSentryResponseStatus responseStatus, String userName, String requestClassName) { DBAuditMetadataLogEntity hamle = new DBAuditMetadataLogEntity(); setCommAttrForAMLE(hamle, conf, responseStatus, userName, toOperationType(requestClassName), toObjectType(requestClassName)); return hamle; }
public JsonLogEntity createJsonLogEntity(TAlterSentryRoleAddUsersRequest request, TAlterSentryRoleAddUsersResponse response, Configuration conf) { AuditMetadataLogEntity amle = createCommonHAMLE(conf, response.getStatus(), request.getRequestorUserName(), request.getClass().getName()); String users = getUsersStr(request.getUsersIterator()); amle.setOperationText(CommandUtil.createCmdForRoleAddUser(request.getRoleName(), users)); return amle; }
@Override public TAlterSentryRoleGrantPrivilegeResponse alter_sentry_role_grant_privilege( final TAlterSentryRoleGrantPrivilegeRequest request) throws TException { Response<Void> respose = requestHandle(new RequestHandler<Void>() { @Override public Response<Void> handle() throws Exception { validateClientVersion(request.getProtocol_version()); CommitContext context = store.alterRoleGrantPrivilege(request.getComponent(), request.getRoleName(), toPrivilegeObject(request.getPrivilege()), request.getRequestorUserName()); return new Response<Void>(Status.OK(), context); } }); TAlterSentryRoleGrantPrivilegeResponse tResponse = new TAlterSentryRoleGrantPrivilegeResponse(respose.status); if (Status.OK.getCode() == respose.status.getValue()) { handerInvoker.alter_sentry_role_grant_privilege(respose.context, request, tResponse); } try { AUDIT_LOGGER.info(JsonLogEntityFactory.getInstance() .createJsonLogEntity(request, tResponse, conf).toJsonFormatLog()); } catch (Exception e) { // if any exception, log the exception. String msg = "Error creating audit log for grant privilege to role: " + e.getMessage(); LOGGER.error(msg, e); } return tResponse; }
Set<JsonLogEntity> jsonLogEntitys = JsonLogEntityFactory.getInstance().createJsonLogEntitys( request, response, conf); for (JsonLogEntity jsonLogEntity : jsonLogEntitys) {
DBAuditMetadataLogEntity amle = new DBAuditMetadataLogEntity(); Set<JsonLogEntity> amles = JsonLogEntityFactory .getInstance().createJsonLogEntities(request, response, conf); assertEquals(amles.size(),1); amle = (DBAuditMetadataLogEntity) amles.iterator().next(); request.setPrivileges(privileges); response.setStatus(Status.InvalidInput("", null)); amles = JsonLogEntityFactory.getInstance() .createJsonLogEntities(request, response, conf); assertEquals(amles.size(),1); amle = (DBAuditMetadataLogEntity) amles.iterator().next();
public JsonLogEntity createJsonLogEntity(TDropSentryRoleRequest request, TDropSentryRoleResponse response, Configuration conf) { DBAuditMetadataLogEntity hamle = createCommonHAMLE(conf, response.getStatus(), request.getRequestorUserName(), request.getClass().getName()); hamle.setOperationText(CommandUtil.createCmdForCreateOrDropRole( request.getRoleName(), false)); return hamle; }
private DBAuditMetadataLogEntity createCommonHAMLE(Configuration conf, TSentryResponseStatus responseStatus, String userName, String requestClassName) { DBAuditMetadataLogEntity hamle = new DBAuditMetadataLogEntity(); setCommAttrForAMLE(hamle, conf, responseStatus, userName, requestClassName); return hamle; }
private void setCommAttrForAMLE(AuditMetadataLogEntity amle, Configuration conf, TSentryResponseStatus responseStatus, String userName, String requestClassName) { amle.setUserName(userName); amle.setServiceName(conf.get(ServerConfig.SENTRY_SERVICE_NAME, ServerConfig.SENTRY_SERVICE_NAME_DEFAULT).trim()); amle.setImpersonator(ThriftUtil.getImpersonator()); amle.setIpAddress(ThriftUtil.getIpAddress()); amle.setOperation(Constants.requestTypeToOperationMap.get(requestClassName)); amle.setEventTime(Long.toString(System.currentTimeMillis())); amle.setAllowed(isAllowed(responseStatus)); amle.setObjectType(Constants.requestTypeToObjectTypeMap .get(requestClassName)); } }
/** * Creates an audit log for the grant role privilege event. * * @param request The grant role privilege request received by the Sentry server. * @param response The grant role privilege response generated by the Sentry server. */ public void onGrantRolePrivilege(TAlterSentryRoleGrantPrivilegeRequest request, TAlterSentryRoleGrantPrivilegeResponse response) { try { info(JSON_LOG_ENTITY.createJsonLogEntities(request, response, conf)); } catch (Exception e) { String msg = "Cannot generate an audit log for grant role privilege: " + e.getMessage(); ERROR_LOGGER.error(msg, e); } }
@Override public TCreateSentryRoleResponse create_sentry_role( final TCreateSentryRoleRequest request) throws TException { Response<Void> respose = requestHandle(new RequestHandler<Void>() { @Override public Response<Void> handle() throws Exception { validateClientVersion(request.getProtocol_version()); authorize(request.getRequestorUserName(), getRequestorGroups(conf, request.getRequestorUserName())); CommitContext context = store.createRole(request.getComponent(), request.getRoleName(), request.getRequestorUserName()); return new Response<Void>(Status.OK(), context); } }); TCreateSentryRoleResponse tResponse = new TCreateSentryRoleResponse(respose.status); if (Status.OK.getCode() == respose.status.getValue()) { handerInvoker.create_sentry_role(respose.context, request, tResponse); } try { AUDIT_LOGGER.info(JsonLogEntityFactory.getInstance() .createJsonLogEntity(request, tResponse, conf).toJsonFormatLog()); } catch (Exception e) { // if any exception, log the exception. String msg = "Error creating audit log for create role: " + e.getMessage(); LOGGER.error(msg, e); } return tResponse; }
Set<JsonLogEntity> jsonLogEntitys = JsonLogEntityFactory.getInstance().createJsonLogEntitys( request, response, conf); for (JsonLogEntity jsonLogEntity : jsonLogEntitys) {
DBAuditMetadataLogEntity amle = new DBAuditMetadataLogEntity(); Set<JsonLogEntity> amles = JsonLogEntityFactory .getInstance().createJsonLogEntities(request, response, conf); assertEquals(amles.size(),1); amle = (DBAuditMetadataLogEntity) amles.iterator().next(); request.setPrivileges(privileges); response.setStatus(Status.InvalidInput("", null)); amles = JsonLogEntityFactory.getInstance() .createJsonLogEntities(request, response, conf); assertEquals(amles.size(),1); amle = (DBAuditMetadataLogEntity) amles.iterator().next();
public JsonLogEntity createJsonLogEntity(TDropSentryRoleRequest request, TDropSentryRoleResponse response, Configuration conf) { DBAuditMetadataLogEntity hamle = createCommonHAMLE(conf, response.getStatus(), request.getRequestorUserName(), request.getClass().getName()); hamle.setOperationText(CommandUtil.createCmdForCreateOrDropRole( request.getRoleName(), false)); return hamle; }
private GMAuditMetadataLogEntity createCommonGMAMLE(Configuration conf, TSentryResponseStatus responseStatus, String userName, String requestClassName, String component) { GMAuditMetadataLogEntity gmamle = new GMAuditMetadataLogEntity(); setCommAttrForAMLE(gmamle, conf, responseStatus, userName, toOperationType(requestClassName), toObjectType(requestClassName)); gmamle.setComponent(component); return gmamle; }
public JsonLogEntity createJsonLogEntity(TAlterSentryRoleDeleteUsersRequest request, TAlterSentryRoleDeleteUsersResponse response, Configuration conf) { AuditMetadataLogEntity amle = createCommonHAMLE(conf, response.getStatus(), request.getRequestorUserName(), request.getClass().getName()); String users = getUsersStr(request.getUsersIterator()); amle.setOperationText(CommandUtil.createCmdForRoleDeleteUser(request.getRoleName(), users)); return amle; }
private DBAuditMetadataLogEntity createCommonHAMLE(Configuration conf, TSentryResponseStatus responseStatus, String userName, String operationType, String objectType) { DBAuditMetadataLogEntity hamle = new DBAuditMetadataLogEntity(); setCommAttrForAMLE(hamle, conf, responseStatus, userName, operationType, objectType); return hamle; }
private void setCommAttrForAMLE(AuditMetadataLogEntity amle, Configuration conf, TSentryResponseStatus responseStatus, String userName, String operationType, String objectType) { amle.setUserName(userName); amle.setServiceName(conf.get(ServerConfig.SENTRY_SERVICE_NAME, ServerConfig.SENTRY_SERVICE_NAME_DEFAULT).trim()); amle.setImpersonator(ThriftUtil.getImpersonator()); amle.setIpAddress(ThriftUtil.getIpAddress()); amle.setOperation(operationType); amle.setEventTime(Long.toString(System.currentTimeMillis())); amle.setAllowed(isAllowed(responseStatus)); amle.setObjectType(objectType); }