Examples with AccessPayload co.cask.cdap.proto.audit.payload.access.AccessPayload used on opensource projects

Search in sources :

Example 1 with AccessPayload

use of co.cask.cdap.proto.audit.payload.access.AccessPayload in project cdap by caskdata.

the class AuditMessageTest method testAccessMessage.

@Test
public void testAccessMessage() throws Exception {
    String flowAccessJson = "{\"version\":1,\"time\":2000,\"entityId\":{\"namespace\":\"ns1\",\"stream\":\"stream1\"," + "\"entity\":\"STREAM\"},\"user\":\"user1\",\"type\":\"ACCESS\",\"payload\":{\"accessType\":\"WRITE\"," + "\"accessor\":{\"namespace\":\"ns1\",\"application\":\"app1\",\"version\":\"v1\",\"type\":\"Flow\"," + "\"program\":\"flow1\",\"run\":\"run1\",\"entity\":\"PROGRAM_RUN\"}}}";
    AuditMessage flowAccess = new AuditMessage(2000L, new NamespaceId("ns1").stream("stream1"), "user1", AuditType.ACCESS, new AccessPayload(AccessType.WRITE, new NamespaceId("ns1").app("app1", "v1").flow("flow1").run("run1")));
    Assert.assertEquals(jsonToMap(flowAccessJson), jsonToMap(GSON.toJson(flowAccess)));
    Assert.assertEquals(flowAccess, GSON.fromJson(flowAccessJson, AuditMessage.class));
    String exploreAccessJson = "{\"version\":1,\"time\":2500,\"entityId\":{\"namespace\":\"ns1\",\"dataset\":\"ds1\",\"entity\":\"DATASET\"}," + "\"user\":\"user1\",\"type\":\"ACCESS\",\"payload\":{\"accessType\":\"UNKNOWN\"," + "\"accessor\":{\"service\":\"explore\",\"entity\":\"SYSTEM_SERVICE\"}}}";
    AuditMessage exploreAccess = new AuditMessage(2500L, new NamespaceId("ns1").dataset("ds1"), "user1", AuditType.ACCESS, new AccessPayload(AccessType.UNKNOWN, new SystemServiceId("explore")));
    Assert.assertEquals(jsonToMap(exploreAccessJson), jsonToMap(GSON.toJson(exploreAccess)));
    Assert.assertEquals(exploreAccess, GSON.fromJson(exploreAccessJson, AuditMessage.class));
}
Also used : SystemServiceId(co.cask.cdap.proto.id.SystemServiceId) AccessPayload(co.cask.cdap.proto.audit.payload.access.AccessPayload) NamespaceId(co.cask.cdap.proto.id.NamespaceId) Test(org.junit.Test)

Example 2 with AccessPayload

use of co.cask.cdap.proto.audit.payload.access.AccessPayload in project cdap by caskdata.

the class StreamAdminTest method testAuditPublish.

@Test
public void testAuditPublish() throws Exception {
    // clear existing all messages
    getInMemoryAuditPublisher().popMessages();
    final List<AuditMessage> expectedMessages = new ArrayList<>();
    StreamAdmin streamAdmin = getStreamAdmin();
    StreamId stream1 = FOO_NAMESPACE.stream("stream1");
    grantAndAssertSuccess(stream1, USER, EnumSet.of(Action.ADMIN));
    streamAdmin.create(stream1);
    expectedMessages.add(new AuditMessage(0, stream1, "", AuditType.CREATE, AuditPayload.EMPTY_PAYLOAD));
    StreamId stream2 = FOO_NAMESPACE.stream("stream2");
    grantAndAssertSuccess(stream2, USER, EnumSet.of(Action.ADMIN));
    streamAdmin.create(stream2);
    expectedMessages.add(new AuditMessage(0, stream2, "", AuditType.CREATE, AuditPayload.EMPTY_PAYLOAD));
    streamAdmin.truncate(stream1);
    expectedMessages.add(new AuditMessage(0, stream1, "", AuditType.TRUNCATE, AuditPayload.EMPTY_PAYLOAD));
    streamAdmin.updateConfig(stream1, new StreamProperties(100L, new FormatSpecification("f", null), 100));
    expectedMessages.add(new AuditMessage(0, stream1, "", AuditType.UPDATE, AuditPayload.EMPTY_PAYLOAD));
    ProgramRunId run = new ProgramId("ns1", "app", ProgramType.FLOW, "flw").run(RunIds.generate().getId());
    streamAdmin.addAccess(run, stream1, AccessType.READ);
    expectedMessages.add(new AuditMessage(0, stream1, "", AuditType.ACCESS, new AccessPayload(co.cask.cdap.proto.audit.payload.access.AccessType.READ, run)));
    streamAdmin.drop(stream1);
    expectedMessages.add(new AuditMessage(0, stream1, "", AuditType.DELETE, AuditPayload.EMPTY_PAYLOAD));
    streamAdmin.dropAllInNamespace(FOO_NAMESPACE);
    expectedMessages.add(new AuditMessage(0, stream2, "", AuditType.DELETE, AuditPayload.EMPTY_PAYLOAD));
    // Ignore audit messages for system namespace (creation of system datasets, etc)
    final String systemNs = NamespaceId.SYSTEM.getNamespace();
    final Iterable<AuditMessage> actualMessages = Iterables.filter(getInMemoryAuditPublisher().popMessages(), new Predicate<AuditMessage>() {

        @Override
        public boolean apply(AuditMessage input) {
            return !(input.getEntityId() instanceof NamespacedEntityId && ((NamespacedEntityId) input.getEntityId()).getNamespace().equals(systemNs));
        }
    });
    Assert.assertEquals(expectedMessages, Lists.newArrayList(actualMessages));
    // clean up privilege
    revokeAndAssertSuccess(stream1, USER, EnumSet.of(Action.ADMIN));
    revokeAndAssertSuccess(stream2, USER, EnumSet.of(Action.ADMIN));
}
Also used : AuditMessage(co.cask.cdap.proto.audit.AuditMessage) StreamId(co.cask.cdap.proto.id.StreamId) ArrayList(java.util.ArrayList) StreamProperties(co.cask.cdap.proto.StreamProperties) FormatSpecification(co.cask.cdap.api.data.format.FormatSpecification) ProgramId(co.cask.cdap.proto.id.ProgramId) AccessPayload(co.cask.cdap.proto.audit.payload.access.AccessPayload) NamespacedEntityId(co.cask.cdap.proto.id.NamespacedEntityId) ProgramRunId(co.cask.cdap.proto.id.ProgramRunId) Test(org.junit.Test)

Example 3 with AccessPayload

use of co.cask.cdap.proto.audit.payload.access.AccessPayload in project cdap by caskdata.

the class AbstractDatasetFrameworkTest method testAuditPublish.

@Test
public void testAuditPublish() throws Exception {
    // Clear all audit messages
    inMemoryAuditPublisher.popMessages();
    List<AuditMessage> expectedMessages = new ArrayList<>();
    // Adding modules
    DatasetFramework framework = getFramework();
    framework.addModule(IN_MEMORY, new InMemoryTableModule());
    // Creating instances
    framework.addInstance(Table.class.getName(), MY_TABLE, DatasetProperties.EMPTY);
    expectedMessages.add(new AuditMessage(0, MY_TABLE, "", AuditType.CREATE, AuditPayload.EMPTY_PAYLOAD));
    framework.addInstance(Table.class.getName(), MY_TABLE2, DatasetProperties.EMPTY);
    expectedMessages.add(new AuditMessage(0, MY_TABLE2, "", AuditType.CREATE, AuditPayload.EMPTY_PAYLOAD));
    // Update instance
    framework.updateInstance(MY_TABLE, DatasetProperties.EMPTY);
    expectedMessages.add(new AuditMessage(0, MY_TABLE, "", AuditType.UPDATE, AuditPayload.EMPTY_PAYLOAD));
    // Access instance
    ProgramRunId runId = new ProgramId("ns", "app", ProgramType.FLOW, "flow").run(RunIds.generate().getId());
    LineageWriterDatasetFramework lineageFramework = new LineageWriterDatasetFramework(framework, new NoOpLineageWriter(), new NoOpUsageRegistry(), new AuthenticationTestContext(), new NoOpAuthorizer());
    lineageFramework.setContext(new TestProgramContext(runId));
    lineageFramework.setAuditPublisher(inMemoryAuditPublisher);
    lineageFramework.getDataset(MY_TABLE, ImmutableMap.<String, String>of(), getClass().getClassLoader());
    expectedMessages.add(new AuditMessage(0, MY_TABLE, "", AuditType.ACCESS, new AccessPayload(AccessType.UNKNOWN, runId)));
    // Truncate instance
    framework.truncateInstance(MY_TABLE);
    expectedMessages.add(new AuditMessage(0, MY_TABLE, "", AuditType.TRUNCATE, AuditPayload.EMPTY_PAYLOAD));
    // Delete instance
    framework.deleteInstance(MY_TABLE);
    expectedMessages.add(new AuditMessage(0, MY_TABLE, "", AuditType.DELETE, AuditPayload.EMPTY_PAYLOAD));
    // Delete all instances in a namespace
    framework.deleteAllInstances(MY_TABLE2.getParent());
    expectedMessages.add(new AuditMessage(0, MY_TABLE2, "", AuditType.DELETE, AuditPayload.EMPTY_PAYLOAD));
    Assert.assertEquals(expectedMessages, inMemoryAuditPublisher.popMessages());
    // cleanup
    framework.deleteModule(IN_MEMORY);
}
Also used : AuditMessage(co.cask.cdap.proto.audit.AuditMessage) Table(co.cask.cdap.api.dataset.table.Table) ArrayList(java.util.ArrayList) AuthenticationTestContext(co.cask.cdap.security.auth.context.AuthenticationTestContext) NoOpAuthorizer(co.cask.cdap.security.spi.authorization.NoOpAuthorizer) NoOpUsageRegistry(co.cask.cdap.data2.registry.NoOpUsageRegistry) ProgramId(co.cask.cdap.proto.id.ProgramId) LineageWriterDatasetFramework(co.cask.cdap.data2.metadata.writer.LineageWriterDatasetFramework) LineageWriterDatasetFramework(co.cask.cdap.data2.metadata.writer.LineageWriterDatasetFramework) InMemoryTableModule(co.cask.cdap.data2.dataset2.module.lib.inmemory.InMemoryTableModule) AccessPayload(co.cask.cdap.proto.audit.payload.access.AccessPayload) NoOpLineageWriter(co.cask.cdap.data2.metadata.writer.NoOpLineageWriter) ProgramRunId(co.cask.cdap.proto.id.ProgramRunId) Test(org.junit.Test)

Example 4 with AccessPayload

use of co.cask.cdap.proto.audit.payload.access.AccessPayload in project cdap by caskdata.

the class AuditPublishers method publishAccess.

/**
 * Publish access audit information using {@link AuditPublisher}.
 *
 * @param publisher audit publisher, if null no audit information is published
 * @param entityId entity id for which audit information is being published
 * @param accessType access type
 * @param accessor the entity accessing entityId
 */
public static void publishAccess(@Nullable AuditPublisher publisher, EntityId entityId, AccessType accessType, EntityId accessor) {
    if (publisher == null) {
        logWarning();
        return;
    }
    AccessAuditInfo accessAuditInfo = new AccessAuditInfo(accessor, entityId, accessType);
    synchronized (CACHE_AUDIT_LOGS) {
        if (CACHE_AUDIT_LOGS.getIfPresent(accessAuditInfo) != null) {
            // this access has already been published recently (since it is present in the cache). hence don't publish again
            return;
        }
        CACHE_AUDIT_LOGS.put(accessAuditInfo, true);
    }
    switch(accessType) {
        case READ:
            publisher.publish(entityId, AuditType.ACCESS, new AccessPayload(co.cask.cdap.proto.audit.payload.access.AccessType.READ, accessor));
            break;
        case WRITE:
            publisher.publish(entityId, AuditType.ACCESS, new AccessPayload(co.cask.cdap.proto.audit.payload.access.AccessType.WRITE, accessor));
            break;
        case READ_WRITE:
            publisher.publish(entityId, AuditType.ACCESS, new AccessPayload(co.cask.cdap.proto.audit.payload.access.AccessType.READ, accessor));
            publisher.publish(entityId, AuditType.ACCESS, new AccessPayload(co.cask.cdap.proto.audit.payload.access.AccessType.WRITE, accessor));
            break;
        case UNKNOWN:
            publisher.publish(entityId, AuditType.ACCESS, new AccessPayload(co.cask.cdap.proto.audit.payload.access.AccessType.UNKNOWN, accessor));
            break;
    }
}
Also used : AccessPayload(co.cask.cdap.proto.audit.payload.access.AccessPayload)

Aggregations

AccessPayload (co.cask.cdap.proto.audit.payload.access.AccessPayload)4 Test (org.junit.Test)3 AuditMessage (co.cask.cdap.proto.audit.AuditMessage)2 ProgramId (co.cask.cdap.proto.id.ProgramId)2 ProgramRunId (co.cask.cdap.proto.id.ProgramRunId)2 ArrayList (java.util.ArrayList)2 FormatSpecification (co.cask.cdap.api.data.format.FormatSpecification)1 Table (co.cask.cdap.api.dataset.table.Table)1 InMemoryTableModule (co.cask.cdap.data2.dataset2.module.lib.inmemory.InMemoryTableModule)1 LineageWriterDatasetFramework (co.cask.cdap.data2.metadata.writer.LineageWriterDatasetFramework)1 NoOpLineageWriter (co.cask.cdap.data2.metadata.writer.NoOpLineageWriter)1 NoOpUsageRegistry (co.cask.cdap.data2.registry.NoOpUsageRegistry)1 StreamProperties (co.cask.cdap.proto.StreamProperties)1 NamespaceId (co.cask.cdap.proto.id.NamespaceId)1 NamespacedEntityId (co.cask.cdap.proto.id.NamespacedEntityId)1 StreamId (co.cask.cdap.proto.id.StreamId)1 SystemServiceId (co.cask.cdap.proto.id.SystemServiceId)1 AuthenticationTestContext (co.cask.cdap.security.auth.context.AuthenticationTestContext)1 NoOpAuthorizer (co.cask.cdap.security.spi.authorization.NoOpAuthorizer)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial