Example 1 with AuthzAuditEvent
use of org.apache.ranger.audit.model.AuthzAuditEvent in project ranger by apache.
the class HbaseAuditHandlerImpl method getAuthzEvents.
@Override
public AuthzAuditEvent getAuthzEvents(RangerAccessResult result) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> HbaseAuditHandlerImpl.getAuthzEvents(" + result + ")");
}
AuthzAuditEvent event = super.getAuthzEvents(result);
// first accumulate last set of events and then capture these as the most recent ones
if (_mostRecentEvent != null) {
LOG.debug("getAuthzEvents: got one event from default audit handler");
_allEvents.add(_mostRecentEvent);
} else {
LOG.debug("getAuthzEvents: no event produced by default audit handler");
}
_mostRecentEvent = event;
if (LOG.isDebugEnabled()) {
LOG.debug("==> getAuthzEvents: mostRecentEvent:" + _mostRecentEvent);
}
// We return null because we don't want default audit handler to audit anything!
if (LOG.isDebugEnabled()) {
LOG.debug("<== HbaseAuditHandlerImpl.getAuthzEvents(" + result + "): null");
}
return null;
}
Also used :
AuthzAuditEvent(org.apache.ranger.audit.model.AuthzAuditEvent)
Example 2 with AuthzAuditEvent
use of org.apache.ranger.audit.model.AuthzAuditEvent in project ranger by apache.
the class HbaseAuditHandlerImpl method getAndDiscardMostRecentEvent.
@Override
public AuthzAuditEvent getAndDiscardMostRecentEvent() {
if (LOG.isDebugEnabled()) {
LOG.debug("==> HbaseAuditHandlerImpl.getAndDiscardMostRecentEvent():");
}
AuthzAuditEvent result = _mostRecentEvent;
applySuperUserOverride(result);
_mostRecentEvent = null;
if (LOG.isDebugEnabled()) {
LOG.debug("<== HbaseAuditHandlerImpl.getAndDiscardMostRecentEvent(): " + result);
}
return result;
}
Also used :
AuthzAuditEvent(org.apache.ranger.audit.model.AuthzAuditEvent)
Example 3 with AuthzAuditEvent
use of org.apache.ranger.audit.model.AuthzAuditEvent in project ranger by apache.
the class RangerHBasePlugin method postGetTableDescriptors.
@Override
public void postGetTableDescriptors(ObserverContext<MasterCoprocessorEnvironment> ctx, List<TableName> tableNamesList, List<HTableDescriptor> descriptors, String regex) throws IOException {
if (LOG.isDebugEnabled()) {
LOG.debug(String.format("==> postGetTableDescriptors(count(tableNamesList)=%s, count(descriptors)=%s, regex=%s)", tableNamesList == null ? 0 : tableNamesList.size(), descriptors == null ? 0 : descriptors.size(), regex));
}
String clusterName = hbasePlugin.getClusterName();
if (CollectionUtils.isNotEmpty(descriptors)) {
// Retains only those which passes authorization checks
User user = getActiveUser();
String access = _authUtils.getAccess(Action.CREATE);
// this will accumulate audits for all tables that succeed.
HbaseAuditHandler auditHandler = _factory.getAuditHandler();
AuthorizationSession session = new AuthorizationSession(hbasePlugin).operation("getTableDescriptors").otherInformation("regex=" + regex).remoteAddress(getRemoteAddress()).auditHandler(auditHandler).user(user).access(access).clusterName(clusterName);
Iterator<HTableDescriptor> itr = descriptors.iterator();
while (itr.hasNext()) {
HTableDescriptor htd = itr.next();
String tableName = htd.getTableName().getNameAsString();
session.table(tableName).buildRequest().authorize();
if (!session.isAuthorized()) {
List<AuthzAuditEvent> events = null;
itr.remove();
AuthzAuditEvent event = auditHandler.getAndDiscardMostRecentEvent();
if (event != null) {
events = Lists.newArrayList(event);
}
auditHandler.logAuthzAudits(events);
}
}
if (descriptors.size() > 0) {
session.logCapturedEvents();
}
}
if (LOG.isDebugEnabled()) {
LOG.debug(String.format("<== postGetTableDescriptors(count(tableNamesList)=%s, count(descriptors)=%s, regex=%s)", tableNamesList == null ? 0 : tableNamesList.size(), descriptors == null ? 0 : descriptors.size(), regex));
}
}
Also used :
AuthzAuditEvent(org.apache.ranger.audit.model.AuthzAuditEvent)
User(org.apache.hadoop.hbase.security.User)
HTableDescriptor(org.apache.hadoop.hbase.HTableDescriptor)
Example 4 with AuthzAuditEvent
use of org.apache.ranger.audit.model.AuthzAuditEvent in project ranger by apache.
the class SolrAuditDestination method log.
@Override
public boolean log(Collection<AuditEventBase> events) {
boolean ret = false;
try {
logStatusIfRequired();
addTotalCount(events.size());
if (solrClient == null) {
connect();
if (solrClient == null) {
// Solr is still not initialized. So need return error
addDeferredCount(events.size());
return ret;
}
}
final Collection<SolrInputDocument> docs = new ArrayList<SolrInputDocument>();
for (AuditEventBase event : events) {
AuthzAuditEvent authzEvent = (AuthzAuditEvent) event;
// Convert AuditEventBase to Solr document
SolrInputDocument document = toSolrDoc(authzEvent);
docs.add(document);
}
try {
final UpdateResponse response = SolrAppUtil.addDocsToSolr(solrClient, docs);
if (response.getStatus() != 0) {
addFailedCount(events.size());
logFailedEvent(events, response.toString());
} else {
addSuccessCount(events.size());
ret = true;
}
} catch (SolrException ex) {
addFailedCount(events.size());
logFailedEvent(events, ex);
}
} catch (Throwable t) {
addDeferredCount(events.size());
logError("Error sending message to Solr", t);
}
return ret;
}
Also used :
AuthzAuditEvent(org.apache.ranger.audit.model.AuthzAuditEvent)
UpdateResponse(org.apache.solr.client.solrj.response.UpdateResponse)
SolrInputDocument(org.apache.solr.common.SolrInputDocument)
AuditEventBase(org.apache.ranger.audit.model.AuditEventBase)
ArrayList(java.util.ArrayList)
SolrException(org.apache.solr.common.SolrException)
Example 5 with AuthzAuditEvent
use of org.apache.ranger.audit.model.AuthzAuditEvent in project ranger by apache.
the class KafkaAuditProvider method log.
@Override
public boolean log(AuditEventBase event) {
if (event instanceof AuthzAuditEvent) {
AuthzAuditEvent authzEvent = (AuthzAuditEvent) event;
if (authzEvent.getAgentHostname() == null) {
authzEvent.setAgentHostname(MiscUtil.getHostname());
}
if (authzEvent.getLogType() == null) {
authzEvent.setLogType("RangerAudit");
}
if (authzEvent.getEventId() == null) {
authzEvent.setEventId(MiscUtil.generateUniqueId());
}
}
String message = MiscUtil.stringify(event);
try {
if (producer != null) {
// TODO: Add partition key
final ProducerRecord<String, String> keyedMessage = new ProducerRecord<String, String>(topic, message);
MiscUtil.executePrivilegedAction(new PrivilegedAction<Void>() {
@Override
public Void run() {
producer.send(keyedMessage);
return null;
}
});
} else {
LOG.info("AUDIT LOG (Kafka Down):" + message);
}
} catch (Throwable t) {
LOG.error("Error sending message to Kafka topic. topic=" + topic + ", message=" + message, t);
return false;
}
return true;
}
Also used :
AuthzAuditEvent(org.apache.ranger.audit.model.AuthzAuditEvent)
ProducerRecord(org.apache.kafka.clients.producer.ProducerRecord)
Aggregations
AuthzAuditEvent (org.apache.ranger.audit.model.AuthzAuditEvent)23
ArrayList (java.util.ArrayList)3
AccessDeniedException (org.apache.hadoop.hbase.security.AccessDeniedException)2
User (org.apache.hadoop.hbase.security.User)2
RangerAccessRequest (org.apache.ranger.plugin.policyengine.RangerAccessRequest)2
RangerAccessResource (org.apache.ranger.plugin.policyengine.RangerAccessResource)2
RangerAccessResult (org.apache.ranger.plugin.policyengine.RangerAccessResult)2
UpdateResponse (org.apache.solr.client.solrj.response.UpdateResponse)2
SolrInputDocument (org.apache.solr.common.SolrInputDocument)2
BufferedReader (java.io.BufferedReader)1
File (java.io.File)1
FileReader (java.io.FileReader)1
Date (java.util.Date)1
HashMap (java.util.HashMap)1
HashSet (java.util.HashSet)1
Map (java.util.Map)1
NavigableSet (java.util.NavigableSet)1
Properties (java.util.Properties)1
Set (java.util.Set)1
HTableDescriptor (org.apache.hadoop.hbase.HTableDescriptor)1
