org.apache.ranger.audit.model.AuthzAuditEvent Java Examples
The following examples show how to use
org.apache.ranger.audit.model.AuthzAuditEvent.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: RangerNiFiAuthorizer.java From nifi with Apache License 2.0 | 6 votes |
|
@Override
public void auditAccessAttempt(final AuthorizationRequest request, final AuthorizationResult result) {
final RangerAccessResult rangerResult;
synchronized (resultLookup) {
rangerResult = resultLookup.remove(request);
}
if (rangerResult != null && rangerResult.getIsAudited()) {
AuthzAuditEvent event = defaultAuditHandler.getAuthzEvents(rangerResult);
// update the event with the originally requested resource
event.setResourceType(RANGER_NIFI_RESOURCE_NAME);
event.setResourcePath(request.getRequestedResource().getIdentifier());
defaultAuditHandler.logAuthzAudit(event);
}
}
Example #2
| Source File: SolrAuditProvider.java From ranger with Apache License 2.0 | 6 votes |
|
SolrInputDocument toSolrDoc(AuthzAuditEvent auditEvent) {
SolrInputDocument doc = new SolrInputDocument();
doc.addField("id", auditEvent.getEventId());
doc.addField("access", auditEvent.getAccessType());
doc.addField("enforcer", auditEvent.getAclEnforcer());
doc.addField("agent", auditEvent.getAgentId());
doc.addField("repo", auditEvent.getRepositoryName());
doc.addField("sess", auditEvent.getSessionId());
doc.addField("reqUser", auditEvent.getUser());
doc.addField("reqData", auditEvent.getRequestData());
doc.addField("resource", auditEvent.getResourcePath());
doc.addField("cliIP", auditEvent.getClientIP());
doc.addField("logType", auditEvent.getLogType());
doc.addField("result", auditEvent.getAccessResult());
doc.addField("policy", auditEvent.getPolicyId());
doc.addField("repoType", auditEvent.getRepositoryType());
doc.addField("resType", auditEvent.getResourceType());
doc.addField("reason", auditEvent.getResultReason());
doc.addField("action", auditEvent.getAction());
doc.addField("evtTime", auditEvent.getEventTime());
doc.addField("tags", auditEvent.getTags());
doc.addField("cluster", auditEvent.getClusterName());
doc.addField("zone", auditEvent.getZoneName());
doc.addField("agentHost", auditEvent.getAgentHostname());
return doc;
}
Example #3
| Source File: HbaseAuditHandlerImpl.java From ranger with Apache License 2.0 | 6 votes |
|
@Override
public AuthzAuditEvent getAuthzEvents(RangerAccessResult result) {
if(LOG.isDebugEnabled()) {
LOG.debug("==> HbaseAuditHandlerImpl.getAuthzEvents(" + result + ")");
}
resetResourceForAudit(result.getAccessRequest());
AuthzAuditEvent event = super.getAuthzEvents(result);
// first accumulate last set of events and then capture these as the most recent ones
if (_mostRecentEvent != null) {
LOG.debug("getAuthzEvents: got one event from default audit handler");
_allEvents.add(_mostRecentEvent);
} else {
LOG.debug("getAuthzEvents: no event produced by default audit handler");
}
_mostRecentEvent = event;
if(LOG.isDebugEnabled()) {
LOG.debug("==> getAuthzEvents: mostRecentEvent:" + _mostRecentEvent);
}
// We return null because we don't want default audit handler to audit anything!
if(LOG.isDebugEnabled()) {
LOG.debug("<== HbaseAuditHandlerImpl.getAuthzEvents(" + result + "): null");
}
return null;
}
Example #4
| Source File: HbaseAuditHandlerImpl.java From ranger with Apache License 2.0 | 6 votes |
|
@Override
public List<AuthzAuditEvent> getCapturedEvents() {
if(LOG.isDebugEnabled()) {
LOG.debug("==> HbaseAuditHandlerImpl.getCapturedEvents()");
}
// construct a new collection since we don't want to lose track of which were the most recent events;
List<AuthzAuditEvent> result = new ArrayList<AuthzAuditEvent>(_allEvents);
if (_mostRecentEvent != null) {
result.add(_mostRecentEvent);
}
applySuperUserOverride(result);
if(LOG.isDebugEnabled()) {
LOG.debug("<== HbaseAuditHandlerImpl.getAuthzEvents(): count[" + result.size() + "] :result : " + result);
}
return result;
}
Example #5
| Source File: RangerAuthorizer.java From nifi-registry with Apache License 2.0 | 6 votes |
|
@Override
public void auditAccessAttempt(final AuthorizationRequest request, final AuthorizationResult result) {
final RangerAccessResult rangerResult;
synchronized (resultLookup) {
rangerResult = resultLookup.remove(request);
}
if (rangerResult != null && rangerResult.getIsAudited()) {
AuthzAuditEvent event = defaultAuditHandler.getAuthzEvents(rangerResult);
// update the event with the originally requested resource
event.setResourceType(RANGER_NIFI_REG_RESOURCE_NAME);
event.setResourcePath(request.getRequestedResource().getIdentifier());
defaultAuditHandler.logAuthzAudit(event);
}
}
Example #6
| Source File: BufferedAuditProvider.java From ranger with Apache License 2.0 | 6 votes |
|
@Override
public boolean log(AuditEventBase event) {
if (event instanceof AuthzAuditEvent) {
AuthzAuditEvent authzEvent = (AuthzAuditEvent) event;
if (authzEvent.getAgentHostname() == null) {
authzEvent.setAgentHostname(MiscUtil.getHostname());
}
if (authzEvent.getLogType() == null) {
authzEvent.setLogType("RangerAudit");
}
if (authzEvent.getEventId() == null) {
authzEvent.setEventId(MiscUtil.generateUniqueId());
}
}
if (!mBuffer.add(event)) {
logFailedEvent(event);
return false;
}
return true;
}
Example #7
| Source File: RangerDefaultAuditHandler.java From ranger with Apache License 2.0 | 6 votes |
|
private void populateDefaults(AuthzAuditEvent auditEvent) {
if( auditEvent.getAclEnforcer() == null || auditEvent.getAclEnforcer().isEmpty()) {
auditEvent.setAclEnforcer("ranger-acl"); // TODO: review
}
if (auditEvent.getAgentHostname() == null || auditEvent.getAgentHostname().isEmpty()) {
auditEvent.setAgentHostname(MiscUtil.getHostname());
}
if (auditEvent.getLogType() == null || auditEvent.getLogType().isEmpty()) {
auditEvent.setLogType("RangerAudit");
}
if (auditEvent.getEventId() == null || auditEvent.getEventId().isEmpty()) {
auditEvent.setEventId(generateNextAuditEventId());
}
if (auditEvent.getAgentId() == null) {
auditEvent.setAgentId(MiscUtil.getApplicationType());
}
auditEvent.setSeqNum(sequenceNumber++);
}
Example #8
| Source File: RangerDefaultAuditHandler.java From ranger with Apache License 2.0 | 6 votes |
|
public void logAuthzAudit(AuthzAuditEvent auditEvent) {
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerDefaultAuditHandler.logAuthzAudit(" + auditEvent + ")");
}
if(auditEvent != null) {
populateDefaults(auditEvent);
AuditHandler auditProvider = RangerBasePlugin.getAuditProvider(auditEvent.getRepositoryName());
if (auditProvider == null || !auditProvider.log(auditEvent)) {
MiscUtil.logErrorMessageByInterval(LOG, "fail to log audit event " + auditEvent);
}
}
if(LOG.isDebugEnabled()) {
LOG.debug("<== RangerDefaultAuditHandler.logAuthzAudit(" + auditEvent + ")");
}
}
Example #9
| Source File: RangerDefaultAuditHandler.java From ranger with Apache License 2.0 | 6 votes |
|
@Override
public void processResults(Collection<RangerAccessResult> results) {
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerDefaultAuditHandler.processResults(" + results + ")");
}
Collection<AuthzAuditEvent> events = getAuthzEvents(results);
if (events != null) {
logAuthzAudits(events);
}
if(LOG.isDebugEnabled()) {
LOG.debug("<== RangerDefaultAuditHandler.processResults(" + results + ")");
}
}
Example #10
| Source File: RangerAtlasAuthorizer.java From ranger with Apache License 2.0 | 6 votes |
|
@Override
public void processResult(RangerAccessResult result) {
if (denyExists) { // nothing more to do, if a deny already encountered
return;
}
AuthzAuditEvent auditEvent = super.getAuthzEvents(result);
if (auditEvent != null) {
// audit event might have list of entity-types and classification-types; overwrite with the values in original request
if (resourcePath != null) {
auditEvent.setResourcePath(resourcePath);
}
if (!result.getIsAllowed()) {
denyExists = true;
auditEvents.clear();
}
auditEvents.put(auditEvent.getPolicyId() + auditEvent.getAccessType(), auditEvent);
}
}
Example #11
| Source File: RangerHiveAuditHandler.java From ranger with Apache License 2.0 | 6 votes |
|
@Override
public void processResult(RangerAccessResult result) {
if(! result.getIsAudited()) {
return;
}
if (skipFilterOperationAuditing(result)) {
return;
}
AuthzAuditEvent auditEvent = createAuditEvent(result);
if(auditEvent != null) {
addAuthzAuditEvent(auditEvent);
}
}
Example #12
| Source File: RangerHiveAuditHandler.java From ranger with Apache License 2.0 | 6 votes |
|
public void logAuditEventForDfs(String userName, String dfsCommand, boolean accessGranted, int repositoryType, String repositoryName) {
AuthzAuditEvent auditEvent = new AuthzAuditEvent();
auditEvent.setAclEnforcer(moduleName);
auditEvent.setResourceType("@dfs"); // to be consistent with earlier release
auditEvent.setAccessType("DFS");
auditEvent.setAction("DFS");
auditEvent.setUser(userName);
auditEvent.setAccessResult((short)(accessGranted ? 1 : 0));
auditEvent.setEventTime(new Date());
auditEvent.setRepositoryType(repositoryType);
auditEvent.setRepositoryName(repositoryName);
auditEvent.setRequestData(dfsCommand);
auditEvent.setResourcePath(dfsCommand);
if(LOG.isDebugEnabled()){
LOG.debug("Logging DFS event " + auditEvent.toString());
}
addAuthzAuditEvent(auditEvent);
}
Example #13
| Source File: TestConsumer.java From ranger with Apache License 2.0 | 5 votes |
|
@Override
public boolean logJSON(String jsonStr) {
if (isDown) {
return false;
}
countTotal++;
AuthzAuditEvent event = MiscUtil.fromJson(jsonStr,
AuthzAuditEvent.class);
sumTotal += event.getEventCount();
logger.info("JSON:" + jsonStr);
eventList.add(event);
return true;
}
Example #14
| Source File: ElasticSearchAuditDestination.java From ranger with Apache License 2.0 | 5 votes |
|
Map<String, Object> toDoc(AuthzAuditEvent auditEvent) {
Map<String, Object> doc = new HashMap<String, Object>();
doc.put("id", auditEvent.getEventId());
doc.put("access", auditEvent.getAccessType());
doc.put("enforcer", auditEvent.getAclEnforcer());
doc.put("agent", auditEvent.getAgentId());
doc.put("repo", auditEvent.getRepositoryName());
doc.put("sess", auditEvent.getSessionId());
doc.put("reqUser", auditEvent.getUser());
doc.put("reqData", auditEvent.getRequestData());
doc.put("resource", auditEvent.getResourcePath());
doc.put("cliIP", auditEvent.getClientIP());
doc.put("logType", auditEvent.getLogType());
doc.put("result", auditEvent.getAccessResult());
doc.put("policy", auditEvent.getPolicyId());
doc.put("repoType", auditEvent.getRepositoryType());
doc.put("resType", auditEvent.getResourceType());
doc.put("reason", auditEvent.getResultReason());
doc.put("action", auditEvent.getAction());
doc.put("evtTime", auditEvent.getEventTime());
doc.put("seq_num", auditEvent.getSeqNum());
doc.put("event_count", auditEvent.getEventCount());
doc.put("event_dur_ms", auditEvent.getEventDurationMS());
doc.put("tags", auditEvent.getTags());
doc.put("cluster", auditEvent.getClusterName());
doc.put("zoneName", auditEvent.getZoneName());
doc.put("agentHost", auditEvent.getAgentHostname());
doc.put("policyVersion", auditEvent.getPolicyVersion());
return doc;
}
Example #15
| Source File: SolrAuditDestination.java From ranger with Apache License 2.0 | 5 votes |
|
SolrInputDocument toSolrDoc(AuthzAuditEvent auditEvent) {
SolrInputDocument doc = new SolrInputDocument();
doc.addField("id", auditEvent.getEventId());
doc.addField("access", auditEvent.getAccessType());
doc.addField("enforcer", auditEvent.getAclEnforcer());
doc.addField("agent", auditEvent.getAgentId());
doc.addField("repo", auditEvent.getRepositoryName());
doc.addField("sess", auditEvent.getSessionId());
doc.addField("reqUser", auditEvent.getUser());
doc.addField("reqData", auditEvent.getRequestData());
doc.addField("resource", auditEvent.getResourcePath());
doc.addField("cliIP", auditEvent.getClientIP());
doc.addField("logType", auditEvent.getLogType());
doc.addField("result", auditEvent.getAccessResult());
doc.addField("policy", auditEvent.getPolicyId());
doc.addField("repoType", auditEvent.getRepositoryType());
doc.addField("resType", auditEvent.getResourceType());
doc.addField("reason", auditEvent.getResultReason());
doc.addField("action", auditEvent.getAction());
doc.addField("evtTime", auditEvent.getEventTime());
doc.addField("seq_num", auditEvent.getSeqNum());
doc.setField("event_count", auditEvent.getEventCount());
doc.setField("event_dur_ms", auditEvent.getEventDurationMS());
doc.setField("tags", auditEvent.getTags());
doc.setField("cluster", auditEvent.getClusterName());
doc.setField("zoneName", auditEvent.getZoneName());
doc.setField("agentHost", auditEvent.getAgentHostname());
doc.setField("policyVersion", auditEvent.getPolicyVersion());
return doc;
}
Example #16
| Source File: RangerHiveAuditHandler.java From ranger with Apache License 2.0 | 5 votes |
|
AuthzAuditEvent createAuditEvent(RangerAccessResult result) {
AuthzAuditEvent ret = null;
RangerAccessRequest request = result.getAccessRequest();
RangerAccessResource resource = request.getResource();
String resourcePath = resource != null ? resource.getAsString() : null;
int policyType = result.getPolicyType();
if (policyType == RangerPolicy.POLICY_TYPE_DATAMASK && result.isMaskEnabled()) {
ret = createAuditEvent(result, result.getMaskType(), resourcePath);
} else if (policyType == RangerPolicy.POLICY_TYPE_ROWFILTER) {
ret = createAuditEvent(result, ACCESS_TYPE_ROWFILTER, resourcePath);
} else if (policyType == RangerPolicy.POLICY_TYPE_ACCESS) {
String accessType = null;
if (request instanceof RangerHiveAccessRequest) {
RangerHiveAccessRequest hiveRequest = (RangerHiveAccessRequest) request;
accessType = hiveRequest.getHiveAccessType().toString();
String action = request.getAction();
if (ACTION_TYPE_METADATA_OPERATION.equals(action)) {
accessType = ACTION_TYPE_METADATA_OPERATION;
}
}
if (StringUtils.isEmpty(accessType)) {
accessType = request.getAccessType();
}
ret = createAuditEvent(result, accessType, resourcePath);
}
return ret;
}
Example #17
| Source File: BaseAuditHandler.java From ranger with Apache License 2.0 | 5 votes |
|
@Override
public boolean logJSON(Collection<String> events) {
List<AuditEventBase> eventList = new ArrayList<AuditEventBase>(events.size());
for (String event : events) {
eventList.add(MiscUtil.fromJson(event, AuthzAuditEvent.class));
}
return log(eventList);
}
Example #18
| Source File: HbaseAuditHandlerImpl.java From ranger with Apache License 2.0 | 5 votes |
|
@Override
public AuthzAuditEvent getAndDiscardMostRecentEvent() {
if(LOG.isDebugEnabled()) {
LOG.debug("==> HbaseAuditHandlerImpl.getAndDiscardMostRecentEvent():");
}
AuthzAuditEvent result = _mostRecentEvent;
applySuperUserOverride(result);
_mostRecentEvent = null;
if(LOG.isDebugEnabled()) {
LOG.debug("<== HbaseAuditHandlerImpl.getAndDiscardMostRecentEvent(): " + result);
}
return result;
}
Example #19
| Source File: RangerHiveAuditHandler.java From ranger with Apache License 2.0 | 5 votes |
|
/**
* This method is expected to be called ONLY to process the results for multiple-columns in a table.
* To ensure this, RangerHiveAuthorizer should call isAccessAllowed(Collection<requests>) only for this condition
*/
@Override
public void processResults(Collection<RangerAccessResult> results) {
List<AuthzAuditEvent> auditEvents = createAuditEvents(results);
for(AuthzAuditEvent auditEvent : auditEvents) {
addAuthzAuditEvent(auditEvent);
}
}
Example #20
| Source File: HbaseAuditHandlerImpl.java From ranger with Apache License 2.0 | 5 votes |
|
@Override
public void setMostRecentEvent(AuthzAuditEvent event) {
if(LOG.isDebugEnabled()) {
LOG.debug("==> HbaseAuditHandlerImpl.setMostRecentEvent(" + event + ")");
}
_mostRecentEvent = event;
if(LOG.isDebugEnabled()) {
LOG.debug("<== HbaseAuditHandlerImpl.setMostRecentEvent(...)");
}
}
Example #21
| Source File: AuthzAuditEventDbObj.java From ranger with Apache License 2.0 | 5 votes |
|
public AuthzAuditEventDbObj(AuthzAuditEvent event) {
super();
Date utcDate=null;
if(event.getEventTime()!=null){
utcDate=MiscUtil.getUTCDateForLocalDate(event.getEventTime());
}else{
utcDate=MiscUtil.getUTCDate();
}
this.repositoryType = event.getRepositoryType();
this.repositoryName = event.getRepositoryName();
this.user = event.getUser();
this.timeStamp = utcDate;
this.accessType = event.getAccessType();
this.resourcePath = event.getResourcePath();
this.resourceType = event.getResourceType();
this.action = event.getAction();
this.accessResult = event.getAccessResult();
this.agentId = event.getAgentId();
this.policyId = event.getPolicyId();
this.resultReason = event.getResultReason();
this.aclEnforcer = event.getAclEnforcer();
this.sessionId = event.getSessionId();
this.clientType = event.getClientType();
this.clientIP = event.getClientIP();
this.requestData = event.getRequestData();
this.seqNum = event.getSeqNum();
this.eventCount = event.getEventCount();
this.eventDurationMS= event.getEventDurationMS();
this.tags = StringUtils.join(event.getTags(), ", ");
}
Example #22
| Source File: HbaseAuditHandlerImpl.java From ranger with Apache License 2.0 | 5 votes |
|
void applySuperUserOverride(List<AuthzAuditEvent> events) {
if(LOG.isDebugEnabled()) {
LOG.debug("==> HbaseAuditHandlerImpl.applySuperUserOverride(" + events + ")");
}
for (AuthzAuditEvent event : events) {
applySuperUserOverride(event);
}
if(LOG.isDebugEnabled()) {
LOG.debug("<== HbaseAuditHandlerImpl.applySuperUserOverride(...)");
}
}
Example #23
| Source File: HbaseAuditHandlerImpl.java From ranger with Apache License 2.0 | 5 votes |
|
void applySuperUserOverride(AuthzAuditEvent event) {
if(LOG.isDebugEnabled()) {
LOG.debug("==> HbaseAuditHandlerImpl.applySuperUserOverride(" + event + ")");
}
if (event != null && _superUserOverride) {
event.setAccessResult((short) 1);
event.setPolicyId(-1);
}
if(LOG.isDebugEnabled()) {
LOG.debug("<== HbaseAuditHandlerImpl.applySuperUserOverride(...)");
}
}
Example #24
| Source File: RangerDefaultAuditHandler.java From ranger with Apache License 2.0 | 5 votes |
|
public void logAuthzAudits(Collection<AuthzAuditEvent> auditEvents) {
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerDefaultAuditHandler.logAuthzAudits(" + auditEvents + ")");
}
if(auditEvents != null) {
for(AuthzAuditEvent auditEvent : auditEvents) {
logAuthzAudit(auditEvent);
}
}
if(LOG.isDebugEnabled()) {
LOG.debug("<== RangerDefaultAuditHandler.logAuthzAudits(" + auditEvents + ")");
}
}
Example #25
| Source File: TestConsumer.java From ranger with Apache License 2.0 | 5 votes |
|
@Override
public boolean log(AuditEventBase event) {
if (isDown) {
return false;
}
countTotal++;
if (event instanceof AuthzAuditEvent) {
AuthzAuditEvent azEvent = (AuthzAuditEvent) event;
sumTotal += azEvent.getEventCount();
logger.info("EVENT:" + event);
eventList.add(azEvent);
}
return true;
}
Example #26
| Source File: TestConsumer.java From ranger with Apache License 2.0 | 5 votes |
|
public AuthzAuditEvent isInSequence() {
long lastSeq = -1;
for (AuthzAuditEvent event : eventList) {
if (event.getSeqNum() <= lastSeq) {
return event;
}
lastSeq = event.getSeqNum();
}
return null;
}
Example #27
| Source File: ElasticSearchAccessAuditsServiceTest.java From ranger with Apache License 2.0 | 5 votes |
|
private AuthzAuditEvent getAuthzAuditEvent() {
AuthzAuditEvent event = new AuthzAuditEvent();
event.setAccessResult((short) 1);
event.setAccessType("");
event.setAclEnforcer("");
event.setAction("");
event.setAdditionalInfo("");
event.setAgentHostname("");
event.setAgentId("");
event.setClientIP("");
event.setClusterName("");
event.setClientType("");
event.setEventCount(1);
event.setEventDurationMS(1);
event.setEventId("");
event.setEventTime(new Date());
event.setLogType("");
event.setPolicyId(1);
event.setPolicyVersion(1l);
event.setRepositoryName("");
event.setRequestData("");
event.setRepositoryName("");
event.setRepositoryType(1);
event.setResourcePath("");
event.setResultReason("");
event.setSeqNum(1);
event.setSessionId("");
event.setTags(new HashSet<>());
event.setUser("");
event.setZoneName("");
return event;
}
Example #28
| Source File: TestAuditQueue.java From ranger with Apache License 2.0 | 5 votes |
|
private AuthzAuditEvent createEvent(String user, String accessType,
String resource, boolean isAllowed) {
AuthzAuditEvent event = new AuthzAuditEvent();
event.setUser(user);
event.setAccessType(accessType);
event.setResourcePath(resource);
event.setAccessResult(isAllowed ? (short) 1 : (short) 0);
event.setSeqNum(++seqNum);
return event;
}
Example #29
| Source File: RangerAtlasAuthorizer.java From ranger with Apache License 2.0 | 5 votes |
|
public void flushAudit() {
if (auditEvents != null) {
for (AuthzAuditEvent auditEvent : auditEvents.values()) {
logAuthzAudit(auditEvent);
}
}
}
Example #30
| Source File: RangerDefaultAuditHandler.java From ranger with Apache License 2.0 | 5 votes |
|
@Override
public void processResult(RangerAccessResult result) {
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerDefaultAuditHandler.processResult(" + result + ")");
}
AuthzAuditEvent event = getAuthzEvents(result);
logAuthzAudit(event);
if(LOG.isDebugEnabled()) {
LOG.debug("<== RangerDefaultAuditHandler.processResult(" + result + ")");
}
}
