Example 1 with AuditLogConfig
use of co.cask.cdap.common.logging.AuditLogConfig in project cdap by caskdata.
the class RouterAuditLookUpTest method testAppFabricEndpoints.
@Test
public void testAppFabricEndpoints() throws Exception {
// endpoints from AppLifecycleHttpHandler
assertContent("/v3/namespaces/default/apps/myApp", DEFAULT_AUDIT);
assertContent("/v3/namespaces/default/apps", new AuditLogConfig(HttpMethod.POST, false, true, ImmutableList.of(AbstractAppFabricHttpHandler.ARCHIVE_NAME_HEADER, AbstractAppFabricHttpHandler.APP_CONFIG_HEADER, AbstractAppFabricHttpHandler.PRINCIPAL_HEADER, AbstractAppFabricHttpHandler.SCHEDULES_HEADER)));
// endpoints from ArtifactHttpHandler
assertContent("/v3/namespaces/default/artifacts/myArtifact/versions/1.0/properties", DEFAULT_AUDIT);
assertContent("/v3/namespaces/default/artifacts/myArtifact", new AuditLogConfig(HttpMethod.POST, false, false, ImmutableList.of("Artifact-Version", "Artifact-Extends", "Artifact-Plugins")));
// endpoints from AuthorizationHandler
assertContent("/v3/security/authorization/privileges/grant", new AuditLogConfig(HttpMethod.POST, true, false, EMPTY_HEADERS));
// endpoints from ConsoleSettingsHttpHandler
assertContent("/v3/configuration/user/", DEFAULT_AUDIT);
// endpoints from DashboardHttpHandler
assertContent("/v3/namespaces/default/configuration/dashboards", new AuditLogConfig(HttpMethod.POST, true, true, EMPTY_HEADERS));
// endpoints from MetadataHttpHandler
assertContent("/v3/namespaces/default/apps/app1/metadata/properties", new AuditLogConfig(HttpMethod.POST, true, false, EMPTY_HEADERS));
// endpoints from MonitorHttpHandler
assertContent("/v3/system/services/appfabric/instances", DEFAULT_AUDIT);
// endpoints from NamespaceHttpHandler
assertContent("/v3/namespaces/default", DEFAULT_AUDIT);
// endpoints from NotificationFeedHttpHandler
assertContent("/v3/namespaces/default/feeds/categories/feed1/names/myFeed", DEFAULT_AUDIT);
// endpoints from PreferencesHttpHandler
assertContent("/v3/preferences", DEFAULT_AUDIT);
// endpoints from ProgramLifecycleHttpHandler
assertContent("/v3/namespaces/default/stop", new AuditLogConfig(HttpMethod.POST, true, true, EMPTY_HEADERS));
// endpoints from RouteConfigHttpHandler
assertContent("/v3/namespaces/default/apps/myApp/services/myService/routeconfig", DEFAULT_AUDIT);
// endpoints from SecureStoreHandler
assertContent("/v3/namespaces/default/securekeys/myKey", DEFAULT_AUDIT);
// endpoints from TransactionHttpHandler
assertContent("/v3/transactions/invalid/remove/until", new AuditLogConfig(HttpMethod.POST, true, false, EMPTY_HEADERS));
}
Also used :
AuditLogConfig(co.cask.cdap.common.logging.AuditLogConfig)
Test(org.junit.Test)
Example 2 with AuditLogConfig
use of co.cask.cdap.common.logging.AuditLogConfig in project cdap by caskdata.
the class RouterAuditLookUpTest method testExploreEndpoints.
@Test
public void testExploreEndpoints() throws Exception {
// endpoints from ExploreExecutorHttpHandler
assertContent("/v3/namespaces/default/data/explore/datasets/myDataset/update", new AuditLogConfig(HttpMethod.POST, true, false, EMPTY_HEADERS));
// endpoints from NamespacedExploreMetadataHttpHandler
assertContent("/v3/namespaces/default/data/explore/jdbc/tables", new AuditLogConfig(HttpMethod.POST, true, false, EMPTY_HEADERS));
// endpoints from NamespacedExploreQueryExecutorHttpHandler
assertContent("/v3/namespaces/default/data/explore/queries", new AuditLogConfig(HttpMethod.POST, true, false, EMPTY_HEADERS));
}
Also used :
AuditLogConfig(co.cask.cdap.common.logging.AuditLogConfig)
Test(org.junit.Test)
Example 3 with AuditLogConfig
use of co.cask.cdap.common.logging.AuditLogConfig in project cdap by caskdata.
the class RouterAuditLookUp method createMatcher.
private int createMatcher() {
List<ClassPath.ClassInfo> handlerClasses;
try {
handlerClasses = getAllHandlerClasses();
} catch (IOException e) {
LOG.error("Failed to get all handler classes for audit logging: {}", e.getCause());
return -1;
}
int count = 0;
for (ClassPath.ClassInfo classInfo : handlerClasses) {
Class<?> handlerClass = classInfo.load();
Path classPath = handlerClass.getAnnotation(Path.class);
String classPathStr = classPath == null ? "" : classPath.value();
for (Method method : handlerClass.getMethods()) {
Path methodPath = method.getAnnotation(Path.class);
AuditPolicy auditPolicy = method.getAnnotation(AuditPolicy.class);
HttpMethod httpMethod = getHttpMethod(method);
if (methodPath == null || auditPolicy == null || httpMethod == null) {
continue;
}
String methodPathStr = methodPath.value();
String completePath = classPathStr.endsWith("/") || methodPathStr.startsWith("/") ? classPathStr + methodPathStr : classPathStr + "/" + methodPathStr;
List<AuditDetail> auditContents = Arrays.asList(auditPolicy.value());
List<String> headerNames = new ArrayList<>();
if (auditContents.contains(AuditDetail.HEADERS)) {
Annotation[][] annotations = method.getParameterAnnotations();
for (Annotation[] annotationArr : annotations) {
if (annotationArr.length > 0) {
for (Annotation annotation : annotationArr) {
if (annotation instanceof HeaderParam) {
headerNames.add(((HeaderParam) annotation).value());
}
}
}
}
}
AuditLogConfig auditLogConfig = new AuditLogConfig(httpMethod, auditContents.contains(AuditDetail.REQUEST_BODY), auditContents.contains(AuditDetail.RESPONSE_BODY), headerNames);
LOG.trace("Audit log lookup: bootstrapped with path: {}", completePath);
patternMatcher.add(completePath, auditLogConfig);
// Don't count classes in unit-tests
if (!isTestClass(classInfo)) {
count++;
}
}
}
LOG.debug("Audit log lookup: bootstrapped with {} paths", count);
return count;
}
Also used :
Path(javax.ws.rs.Path)
ClassPath(co.cask.cdap.common.internal.guava.ClassPath)
ClassPath(co.cask.cdap.common.internal.guava.ClassPath)
HeaderParam(javax.ws.rs.HeaderParam)
ArrayList(java.util.ArrayList)
IOException(java.io.IOException)
Method(java.lang.reflect.Method)
HttpMethod(io.netty.handler.codec.http.HttpMethod)
Annotation(java.lang.annotation.Annotation)
AuditLogConfig(co.cask.cdap.common.logging.AuditLogConfig)
AuditPolicy(co.cask.cdap.common.security.AuditPolicy)
AuditDetail(co.cask.cdap.common.security.AuditDetail)
HttpMethod(io.netty.handler.codec.http.HttpMethod)
Example 4 with AuditLogConfig
use of co.cask.cdap.common.logging.AuditLogConfig in project cdap by caskdata.
the class AuditLogHandler method channelRead.
@Override
public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception {
// When a request is forwarded to the internal CDAP service
if (msg instanceof HttpRequest) {
HttpRequest request = (HttpRequest) msg;
// Extra configurations for audit log
AuditLogConfig logConfig = AUDIT_LOG_LOOKUP_METHOD.contains(request.method()) ? RouterAuditLookUp.getInstance().getAuditLogContent(request.uri(), request.method()) : null;
if (logConfig == null) {
logEntry = new AuditLogEntry(request, Networks.getIP(ctx.channel().remoteAddress()));
} else {
logEntry = new AuditLogEntry(request, Networks.getIP(ctx.channel().remoteAddress()), logConfig.getHeaderNames());
logRequestBody = logConfig.isLogRequestBody();
logResponseBody = logConfig.isLogResponseBody();
}
} else if (msg instanceof HttpContent && logEntry != null) {
ByteBuf content = ((HttpContent) msg).content();
if (logRequestBody && content.isReadable()) {
logEntry.appendRequestBody(content.toString(StandardCharsets.UTF_8));
}
}
ctx.fireChannelRead(msg);
}
Also used :
HttpRequest(io.netty.handler.codec.http.HttpRequest)
AuditLogEntry(co.cask.cdap.common.logging.AuditLogEntry)
ByteBuf(io.netty.buffer.ByteBuf)
AuditLogConfig(co.cask.cdap.common.logging.AuditLogConfig)
HttpContent(io.netty.handler.codec.http.HttpContent)
LastHttpContent(io.netty.handler.codec.http.LastHttpContent)
Example 5 with AuditLogConfig
use of co.cask.cdap.common.logging.AuditLogConfig in project cdap by caskdata.
the class RouterAuditLookUpTest method testDataFabricEndpoints.
@Test
public void testDataFabricEndpoints() throws Exception {
// endpoints from DatasetInstanceHandler
assertContent("/v3/namespaces/default/data/datasets/myDataset", DEFAULT_AUDIT);
// endpoints from DatasetTypeHandler
assertContent("/v3/namespaces/default/data/modules/myModule", new AuditLogConfig(HttpMethod.PUT, false, false, ImmutableList.of("X-Class-Name")));
// endpoints from StreamHandler
assertContent("/v3/namespaces/default/streams/myStream", DEFAULT_AUDIT);
// endpoints from StreamViewHttpHandler
assertContent("/v3/namespaces/default/streams/foo/views/myView", DEFAULT_AUDIT);
}
Also used :
AuditLogConfig(co.cask.cdap.common.logging.AuditLogConfig)
Test(org.junit.Test)
Aggregations
AuditLogConfig (co.cask.cdap.common.logging.AuditLogConfig)5
Test (org.junit.Test)3
ClassPath (co.cask.cdap.common.internal.guava.ClassPath)1
AuditLogEntry (co.cask.cdap.common.logging.AuditLogEntry)1
AuditDetail (co.cask.cdap.common.security.AuditDetail)1
AuditPolicy (co.cask.cdap.common.security.AuditPolicy)1
ByteBuf (io.netty.buffer.ByteBuf)1
HttpContent (io.netty.handler.codec.http.HttpContent)1
HttpMethod (io.netty.handler.codec.http.HttpMethod)1
HttpRequest (io.netty.handler.codec.http.HttpRequest)1
LastHttpContent (io.netty.handler.codec.http.LastHttpContent)1
IOException (java.io.IOException)1
Annotation (java.lang.annotation.Annotation)1
Method (java.lang.reflect.Method)1
ArrayList (java.util.ArrayList)1
HeaderParam (javax.ws.rs.HeaderParam)1
Path (javax.ws.rs.Path)1
