Example 1 with AccessPayload
use of io.cdap.cdap.proto.audit.payload.access.AccessPayload in project cdap by caskdata.
the class AbstractDatasetFrameworkTest method testAuditPublish.
@Test
public void testAuditPublish() throws Exception {
// Clear all audit messages
inMemoryAuditPublisher.popMessages();
List<AuditMessage> expectedMessages = new ArrayList<>();
// Adding modules
DatasetFramework framework = getFramework();
framework.addModule(IN_MEMORY, new InMemoryTableModule());
// Creating instances
framework.addInstance(Table.class.getName(), MY_TABLE, DatasetProperties.EMPTY);
expectedMessages.add(new AuditMessage(0, MY_TABLE, "", AuditType.CREATE, AuditPayload.EMPTY_PAYLOAD));
framework.addInstance(Table.class.getName(), MY_TABLE2, DatasetProperties.EMPTY);
expectedMessages.add(new AuditMessage(0, MY_TABLE2, "", AuditType.CREATE, AuditPayload.EMPTY_PAYLOAD));
// Update instance
framework.updateInstance(MY_TABLE, DatasetProperties.EMPTY);
expectedMessages.add(new AuditMessage(0, MY_TABLE, "", AuditType.UPDATE, AuditPayload.EMPTY_PAYLOAD));
// Access instance
ProgramRunId runId = new ProgramId("ns", "app", ProgramType.WORKER, "worker").run(RunIds.generate().getId());
LineageWriterDatasetFramework lineageFramework = new LineageWriterDatasetFramework(framework, new NoOpLineageWriter(), new NoOpUsageRegistry(), new AuthenticationTestContext(), new NoOpAccessController());
lineageFramework.setContext(new TestProgramContext(runId));
lineageFramework.setAuditPublisher(inMemoryAuditPublisher);
lineageFramework.getDataset(MY_TABLE, ImmutableMap.<String, String>of(), getClass().getClassLoader());
expectedMessages.add(new AuditMessage(0, MY_TABLE, "", AuditType.ACCESS, new AccessPayload(AccessType.UNKNOWN, runId)));
// Truncate instance
framework.truncateInstance(MY_TABLE);
expectedMessages.add(new AuditMessage(0, MY_TABLE, "", AuditType.TRUNCATE, AuditPayload.EMPTY_PAYLOAD));
// Delete instance
framework.deleteInstance(MY_TABLE);
expectedMessages.add(new AuditMessage(0, MY_TABLE, "", AuditType.DELETE, AuditPayload.EMPTY_PAYLOAD));
// Delete all instances in a namespace
framework.deleteAllInstances(MY_TABLE2.getParent());
expectedMessages.add(new AuditMessage(0, MY_TABLE2, "", AuditType.DELETE, AuditPayload.EMPTY_PAYLOAD));
Assert.assertEquals(expectedMessages, inMemoryAuditPublisher.popMessages());
// cleanup
framework.deleteModule(IN_MEMORY);
}
Also used :
AuditMessage(io.cdap.cdap.proto.audit.AuditMessage)
Table(io.cdap.cdap.api.dataset.table.Table)
ArrayList(java.util.ArrayList)
AuthenticationTestContext(io.cdap.cdap.security.auth.context.AuthenticationTestContext)
NoOpUsageRegistry(io.cdap.cdap.data2.registry.NoOpUsageRegistry)
ProgramId(io.cdap.cdap.proto.id.ProgramId)
LineageWriterDatasetFramework(io.cdap.cdap.data2.metadata.writer.LineageWriterDatasetFramework)
LineageWriterDatasetFramework(io.cdap.cdap.data2.metadata.writer.LineageWriterDatasetFramework)
InMemoryTableModule(io.cdap.cdap.data2.dataset2.module.lib.inmemory.InMemoryTableModule)
AccessPayload(io.cdap.cdap.proto.audit.payload.access.AccessPayload)
NoOpLineageWriter(io.cdap.cdap.data2.metadata.writer.NoOpLineageWriter)
ProgramRunId(io.cdap.cdap.proto.id.ProgramRunId)
NoOpAccessController(io.cdap.cdap.security.spi.authorization.NoOpAccessController)
Test(org.junit.Test)
Example 2 with AccessPayload
use of io.cdap.cdap.proto.audit.payload.access.AccessPayload in project cdap by caskdata.
the class AuditMessageTest method testAccessMessage.
@Test
public void testAccessMessage() throws Exception {
String workerAccessJson = "{\"version\":2,\"time\":2000,\"metadataEntity\":{\"details\":{\"namespace\":\"ns1\",\"dataset\":\"ds1\"}," + "\"type\":\"dataset\"},\"user\":\"user1\",\"type\":\"ACCESS\",\"payload\":{\"accessType\":\"WRITE\"," + "\"accessor\":{\"namespace\":\"ns1\",\"application\":\"app1\",\"version\":\"v1\",\"type\":\"Worker\"," + "\"program\":\"worker1\",\"run\":\"run1\",\"entity\":\"PROGRAM_RUN\"}}}";
AuditMessage workerAccess = new AuditMessage(2000L, new NamespaceId("ns1").dataset("ds1"), "user1", AuditType.ACCESS, new AccessPayload(AccessType.WRITE, new NamespaceId("ns1").app("app1", "v1").worker("worker1").run("run1")));
Assert.assertEquals(jsonToMap(workerAccessJson), jsonToMap(GSON.toJson(workerAccess)));
Assert.assertEquals(workerAccess, GSON.fromJson(workerAccessJson, AuditMessage.class));
String exploreAccessJson = "{\"version\":2,\"time\":2500,\"metadataEntity\":{\"details\":{\"namespace\":\"ns1\",\"dataset\":\"ds1\"}," + "\"type\":\"dataset\"},\"user\":\"user1\",\"type\":\"ACCESS\",\"payload\":{\"accessType\":\"UNKNOWN\"," + "\"accessor\":{\"service\":\"explore\",\"entity\":\"SYSTEM_SERVICE\"}}}";
AuditMessage exploreAccess = new AuditMessage(2500L, new NamespaceId("ns1").dataset("ds1"), "user1", AuditType.ACCESS, new AccessPayload(AccessType.UNKNOWN, new SystemServiceId("explore")));
Assert.assertEquals(jsonToMap(exploreAccessJson), jsonToMap(GSON.toJson(exploreAccess)));
Assert.assertEquals(exploreAccess, GSON.fromJson(exploreAccessJson, AuditMessage.class));
}
Also used :
SystemServiceId(io.cdap.cdap.proto.id.SystemServiceId)
AccessPayload(io.cdap.cdap.proto.audit.payload.access.AccessPayload)
NamespaceId(io.cdap.cdap.proto.id.NamespaceId)
Test(org.junit.Test)
Example 3 with AccessPayload
use of io.cdap.cdap.proto.audit.payload.access.AccessPayload in project cdap by caskdata.
the class AuditPublishers method publishAccess.
/**
* Publish access audit information using {@link AuditPublisher}.
*
* @param publisher audit publisher, if null no audit information is published
* @param entityId entity id for which audit information is being published
* @param accessType access type
* @param accessor the entity accessing entityId
*/
public static void publishAccess(@Nullable AuditPublisher publisher, EntityId entityId, AccessType accessType, EntityId accessor) {
if (publisher == null) {
logWarning();
return;
}
AccessAuditInfo accessAuditInfo = new AccessAuditInfo(accessor, entityId, accessType);
synchronized (CACHE_AUDIT_LOGS) {
if (CACHE_AUDIT_LOGS.getIfPresent(accessAuditInfo) != null) {
// this access has already been published recently (since it is present in the cache). hence don't publish again
return;
}
CACHE_AUDIT_LOGS.put(accessAuditInfo, true);
}
switch(accessType) {
case READ:
publisher.publish(entityId, AuditType.ACCESS, new AccessPayload(io.cdap.cdap.proto.audit.payload.access.AccessType.READ, accessor));
break;
case WRITE:
publisher.publish(entityId, AuditType.ACCESS, new AccessPayload(io.cdap.cdap.proto.audit.payload.access.AccessType.WRITE, accessor));
break;
case READ_WRITE:
publisher.publish(entityId, AuditType.ACCESS, new AccessPayload(io.cdap.cdap.proto.audit.payload.access.AccessType.READ, accessor));
publisher.publish(entityId, AuditType.ACCESS, new AccessPayload(io.cdap.cdap.proto.audit.payload.access.AccessType.WRITE, accessor));
break;
case UNKNOWN:
publisher.publish(entityId, AuditType.ACCESS, new AccessPayload(io.cdap.cdap.proto.audit.payload.access.AccessType.UNKNOWN, accessor));
break;
}
}
Also used :
AccessPayload(io.cdap.cdap.proto.audit.payload.access.AccessPayload)
Aggregations
AccessPayload (io.cdap.cdap.proto.audit.payload.access.AccessPayload)3
Test (org.junit.Test)2
Table (io.cdap.cdap.api.dataset.table.Table)1
InMemoryTableModule (io.cdap.cdap.data2.dataset2.module.lib.inmemory.InMemoryTableModule)1
LineageWriterDatasetFramework (io.cdap.cdap.data2.metadata.writer.LineageWriterDatasetFramework)1
NoOpLineageWriter (io.cdap.cdap.data2.metadata.writer.NoOpLineageWriter)1
NoOpUsageRegistry (io.cdap.cdap.data2.registry.NoOpUsageRegistry)1
AuditMessage (io.cdap.cdap.proto.audit.AuditMessage)1
NamespaceId (io.cdap.cdap.proto.id.NamespaceId)1
ProgramId (io.cdap.cdap.proto.id.ProgramId)1
ProgramRunId (io.cdap.cdap.proto.id.ProgramRunId)1
SystemServiceId (io.cdap.cdap.proto.id.SystemServiceId)1
AuthenticationTestContext (io.cdap.cdap.security.auth.context.AuthenticationTestContext)1
NoOpAccessController (io.cdap.cdap.security.spi.authorization.NoOpAccessController)1
ArrayList (java.util.ArrayList)1
