diff --git a/integration-test/src/test/java/org/apache/iotdb/db/it/audit/IoTDBAuditLogBasicIT.java b/integration-test/src/test/java/org/apache/iotdb/db/it/audit/IoTDBAuditLogBasicIT.java index f12dd4ca66e4..83aa06dc61dc 100644 --- a/integration-test/src/test/java/org/apache/iotdb/db/it/audit/IoTDBAuditLogBasicIT.java +++ b/integration-test/src/test/java/org/apache/iotdb/db/it/audit/IoTDBAuditLogBasicIT.java @@ -32,6 +32,7 @@ import org.junit.After; import org.junit.Assert; import org.junit.Before; +import org.junit.Ignore; import org.junit.Test; import org.junit.experimental.categories.Category; import org.junit.runner.RunWith; @@ -52,6 +53,7 @@ * This test class ensures the audit log behave exactly the same as we expected, including the * number, sequence and content of the audit logs. */ +@Ignore @RunWith(IoTDBTestRunner.class) @Category({LocalStandaloneIT.class}) public class IoTDBAuditLogBasicIT { diff --git a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/audit/CNAuditLogger.java b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/audit/CNAuditLogger.java index 9b14d7b84238..ccc1008eec31 100644 --- a/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/audit/CNAuditLogger.java +++ b/iotdb-core/confignode/src/main/java/org/apache/iotdb/confignode/audit/CNAuditLogger.java @@ -19,24 +19,16 @@ package org.apache.iotdb.confignode.audit; -import org.apache.iotdb.common.rpc.thrift.TConsensusGroupId; -import org.apache.iotdb.common.rpc.thrift.TConsensusGroupType; -import org.apache.iotdb.common.rpc.thrift.TDataNodeLocation; -import org.apache.iotdb.common.rpc.thrift.TRegionReplicaSet; import org.apache.iotdb.commons.audit.AbstractAuditLogger; import org.apache.iotdb.commons.audit.IAuditEntity; -import org.apache.iotdb.confignode.client.async.AsyncDataNodeHeartbeatClientPool; -import org.apache.iotdb.confignode.client.async.handlers.audit.DataNodeWriteAuditLogHandler; import org.apache.iotdb.confignode.conf.ConfigNodeConfig; import org.apache.iotdb.confignode.conf.ConfigNodeDescriptor; import org.apache.iotdb.confignode.manager.ConfigManager; import org.apache.iotdb.confignode.manager.IManager; -import org.apache.iotdb.mpp.rpc.thrift.TAuditLogReq; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import java.util.List; import java.util.function.Supplier; public class CNAuditLogger extends AbstractAuditLogger { @@ -50,45 +42,5 @@ public CNAuditLogger(ConfigManager configManager) { } @Override - public void log(IAuditEntity auditLogFields, Supplier log) { - if (!IS_AUDIT_LOG_ENABLED) { - return; - } - if (noNeedInsertAuditLog(auditLogFields)) { - return; - } - // find database "__audit"'s data_region - List auditReplicaSets = - configManager - .getPartitionManager() - .getAllReplicaSets("root.__audit", TConsensusGroupType.DataRegion); - if (auditReplicaSets.isEmpty()) { - logger.warn("Database {} does not exist.", "root.__audit"); - return; - } - TConsensusGroupId regionId = auditReplicaSets.get(0).getRegionId(); - // use ConfigManager.getLoadManager().getLoadCache().getRegionLeaderMap() to get regionLeaderId - TDataNodeLocation regionLeader = configManager.getRegionLeaderLocation(regionId); - TAuditLogReq req = - new TAuditLogReq( - auditLogFields.getUsername(), - auditLogFields.getUserId(), - auditLogFields.getCliHostname(), - auditLogFields.getAuditEventType().toString(), - auditLogFields.getAuditLogOperation().toString(), - auditLogFields.getPrivilegeTypeString(), - auditLogFields.getResult(), - auditLogFields.getDatabase(), - auditLogFields.getSqlString(), - log.get(), - CONF.getConfigNodeId()); - // refer the implementation of HeartbeatService.pingRegisteredDataNode(). By appending a new - // writeAudtiLog() interface in AsyncDataNodeHeartbeatClientPool, the main thread is not - // required to wait until the write audit log request to be complete. - AsyncDataNodeHeartbeatClientPool.getInstance() - .writeAuditLog( - regionLeader.getInternalEndPoint(), - req, - new DataNodeWriteAuditLogHandler(regionLeader.getDataNodeId())); - } + public void log(IAuditEntity auditLogFields, Supplier log) {} } diff --git a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/audit/DNAuditLogger.java b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/audit/DNAuditLogger.java index 713d79f77d93..3a07ac9aa69b 100644 --- a/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/audit/DNAuditLogger.java +++ b/iotdb-core/datanode/src/main/java/org/apache/iotdb/db/audit/DNAuditLogger.java @@ -19,99 +19,20 @@ package org.apache.iotdb.db.audit; -import org.apache.iotdb.common.rpc.thrift.TSStatus; import org.apache.iotdb.commons.audit.AbstractAuditLogger; -import org.apache.iotdb.commons.audit.AuditEventType; import org.apache.iotdb.commons.audit.AuditLogFields; -import org.apache.iotdb.commons.audit.AuditLogOperation; import org.apache.iotdb.commons.audit.IAuditEntity; -import org.apache.iotdb.commons.audit.PrivilegeLevel; -import org.apache.iotdb.commons.audit.UserEntity; -import org.apache.iotdb.commons.auth.entity.PrivilegeType; -import org.apache.iotdb.commons.client.IClientManager; -import org.apache.iotdb.commons.client.exception.ClientManagerException; -import org.apache.iotdb.commons.conf.IoTDBConstant; -import org.apache.iotdb.commons.consensus.ConfigRegionId; import org.apache.iotdb.commons.exception.IllegalPathException; import org.apache.iotdb.commons.path.PartialPath; -import org.apache.iotdb.commons.pipe.config.constant.SystemConstant; -import org.apache.iotdb.commons.utils.CommonDateTimeUtils; -import org.apache.iotdb.confignode.rpc.thrift.TGetDatabaseReq; -import org.apache.iotdb.confignode.rpc.thrift.TShowDatabaseResp; -import org.apache.iotdb.db.auth.AuthorityChecker; -import org.apache.iotdb.db.conf.IoTDBConfig; -import org.apache.iotdb.db.conf.IoTDBDescriptor; -import org.apache.iotdb.db.protocol.client.ConfigNodeClient; -import org.apache.iotdb.db.protocol.client.ConfigNodeClientManager; -import org.apache.iotdb.db.protocol.client.ConfigNodeInfo; -import org.apache.iotdb.db.protocol.session.IClientSession; -import org.apache.iotdb.db.protocol.session.InternalClientSession; -import org.apache.iotdb.db.protocol.session.SessionManager; -import org.apache.iotdb.db.queryengine.common.SessionInfo; import org.apache.iotdb.db.queryengine.plan.Coordinator; -import org.apache.iotdb.db.queryengine.plan.analyze.ClusterPartitionFetcher; -import org.apache.iotdb.db.queryengine.plan.analyze.cache.schema.DataNodeDevicePathCache; -import org.apache.iotdb.db.queryengine.plan.execution.ExecutionResult; -import org.apache.iotdb.db.queryengine.plan.parser.StatementGenerator; -import org.apache.iotdb.db.queryengine.plan.planner.LocalExecutionPlanner; -import org.apache.iotdb.db.queryengine.plan.relational.metadata.Metadata; -import org.apache.iotdb.db.queryengine.plan.relational.sql.parser.SqlParser; -import org.apache.iotdb.db.queryengine.plan.statement.Statement; import org.apache.iotdb.db.queryengine.plan.statement.crud.InsertRowStatement; -import org.apache.iotdb.db.queryengine.plan.statement.metadata.ShowDatabaseStatement; -import org.apache.iotdb.rpc.TSStatusCode; - -import org.apache.thrift.TException; -import org.apache.tsfile.common.conf.TSFileConfig; -import org.apache.tsfile.enums.TSDataType; -import org.apache.tsfile.utils.Binary; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import javax.validation.constraints.NotNull; -import java.io.IOException; -import java.time.ZoneId; -import java.util.Arrays; -import java.util.List; -import java.util.concurrent.TimeUnit; -import java.util.concurrent.atomic.AtomicBoolean; import java.util.function.Supplier; -import java.util.regex.Matcher; -import java.util.regex.Pattern; - -import static org.apache.iotdb.db.pipe.receiver.protocol.legacy.loader.ILoader.SCHEMA_FETCHER; public class DNAuditLogger extends AbstractAuditLogger { public static final String PREFIX_PASSWORD_HISTORY = "root.__audit.password_history"; - private static final Logger logger = LoggerFactory.getLogger(DNAuditLogger.class); - - // TODO: @zhujt20 Optimize the following stupid intervals - private static final int INSERT_RETRY_COUNT = 5; - private static final int INSERT_RETRY_INTERVAL_MS = 2000; - private static final int INSERT_INTERVAL_MS = 50; - - private static final IoTDBConfig config = IoTDBDescriptor.getInstance().getConfig(); - - private static final String AUDIT_LOG_DEVICE = "root.__audit.log.node_%s.u_%s"; - private static final String AUDIT_CN_LOG_DEVICE = "root.__audit.log.node_%s.u_all"; - private static final SessionInfo sessionInfo = - new SessionInfo( - 0, - new UserEntity( - AuthorityChecker.INTERNAL_AUDIT_USER_ID, - AuthorityChecker.INTERNAL_AUDIT_USER, - IoTDBDescriptor.getInstance().getConfig().getInternalAddress()), - ZoneId.systemDefault()); - - private static final SessionManager SESSION_MANAGER = SessionManager.getInstance(); - - private static final IClientManager CONFIG_NODE_CLIENT_MANAGER = - ConfigNodeClientManager.getInstance(); - - private static final DataNodeDevicePathCache DEVICE_PATH_CACHE = - DataNodeDevicePathCache.getInstance(); - private static final AtomicBoolean tableViewIsInitialized = new AtomicBoolean(false); private Coordinator coordinator; @@ -130,327 +51,16 @@ public void setCoordinator(Coordinator coordinator) { @NotNull private static InsertRowStatement generateInsertStatement( IAuditEntity auditLogFields, String log, PartialPath logDevice) { - String username = auditLogFields.getUsername(); - String address = auditLogFields.getCliHostname(); - AuditEventType type = auditLogFields.getAuditEventType(); - AuditLogOperation operation = auditLogFields.getAuditLogOperation(); - PrivilegeLevel privilegeLevel = null; - if (auditLogFields.getPrivilegeTypes() != null) { - for (PrivilegeType privilegeType : auditLogFields.getPrivilegeTypes()) { - privilegeLevel = judgePrivilegeLevel(privilegeType); - if (privilegeLevel.equals(PrivilegeLevel.GLOBAL)) { - break; - } - } - } else { - privilegeLevel = PrivilegeLevel.GLOBAL; - } - InsertRowStatement insertStatement = new InsertRowStatement(); - insertStatement.setDevicePath(logDevice); - insertStatement.setTime(CommonDateTimeUtils.currentTime()); - insertStatement.setMeasurements( - new String[] { - AUDIT_LOG_USERNAME, - AUDIT_LOG_CLI_HOSTNAME, - AUDIT_LOG_AUDIT_EVENT_TYPE, - AUDIT_LOG_OPERATION_TYPE, - AUDIT_LOG_PRIVILEGE_TYPE, - AUDIT_LOG_PRIVILEGE_LEVEL, - AUDIT_LOG_RESULT, - AUDIT_LOG_DATABASE, - AUDIT_LOG_SQL_STRING, - AUDIT_LOG_LOG - }); - insertStatement.setAligned(false); - String sqlString = auditLogFields.getSqlString(); - if (sqlString != null) { - if (sqlString.toUpperCase().startsWith("CREATE USER")) { - sqlString = String.join(" ", Arrays.asList(sqlString.split(" ")).subList(0, 3)) + " ..."; - } - Pattern pattern = Pattern.compile("(?i)(values)\\([^)]*\\)"); - Matcher matcher = pattern.matcher(sqlString); - StringBuffer sb = new StringBuffer(); - while (matcher.find()) { - matcher.appendReplacement(sb, matcher.group(1) + "(...)"); - } - matcher.appendTail(sb); - sqlString = sb.toString(); - } - insertStatement.setValues( - new Object[] { - new Binary(username == null ? "null" : username, TSFileConfig.STRING_CHARSET), - new Binary(address == null ? "null" : address, TSFileConfig.STRING_CHARSET), - new Binary(type == null ? "null" : type.toString(), TSFileConfig.STRING_CHARSET), - new Binary( - operation == null ? "null" : operation.toString(), TSFileConfig.STRING_CHARSET), - new Binary( - auditLogFields.getPrivilegeTypes() == null - ? "null" - : auditLogFields.getPrivilegeTypeString(), - TSFileConfig.STRING_CHARSET), - new Binary( - privilegeLevel == null ? "null" : privilegeLevel.toString(), - TSFileConfig.STRING_CHARSET), - auditLogFields.getResult(), - new Binary( - auditLogFields.getDatabase() == null ? "null" : auditLogFields.getDatabase(), - TSFileConfig.STRING_CHARSET), - new Binary(sqlString == null ? "null" : sqlString, TSFileConfig.STRING_CHARSET), - new Binary(log == null ? "null" : log, TSFileConfig.STRING_CHARSET) - }); - insertStatement.setDataTypes( - new TSDataType[] { - TSDataType.STRING, - TSDataType.STRING, - TSDataType.STRING, - TSDataType.STRING, - TSDataType.STRING, - TSDataType.STRING, - TSDataType.BOOLEAN, - TSDataType.STRING, - TSDataType.STRING, - TSDataType.STRING, - }); - return insertStatement; + return null; } - public void createViewIfNecessary() { - if (!tableViewIsInitialized.get()) { - synchronized (this) { - if (tableViewIsInitialized.get()) { - return; - } - Statement statement = - StatementGenerator.createStatement( - "SHOW DATABASES " + SystemConstant.AUDIT_DATABASE, ZoneId.systemDefault()); - try (final ConfigNodeClient client = - CONFIG_NODE_CLIENT_MANAGER.borrowClient(ConfigNodeInfo.CONFIG_REGION_ID)) { - ShowDatabaseStatement showStatement = (ShowDatabaseStatement) statement; - final List databasePathPattern = - Arrays.asList(showStatement.getPathPattern().getNodes()); - final TGetDatabaseReq req = - new TGetDatabaseReq( - databasePathPattern, showStatement.getAuthorityScope().serialize()) - .setIsTableModel(false); - final TShowDatabaseResp resp = client.showDatabase(req); - if (resp.getDatabaseInfoMapSize() > 0) { - tableViewIsInitialized.set(true); - return; - } - } catch (ClientManagerException | TException | IOException e) { - logger.error( - "Failed to show database before creating database {} for audit log", - SystemConstant.AUDIT_DATABASE); - } - - statement = - StatementGenerator.createStatement( - "CREATE DATABASE " - + SystemConstant.AUDIT_DATABASE - + " WITH SCHEMA_REGION_GROUP_NUM=1, DATA_REGION_GROUP_NUM=1", - ZoneId.systemDefault()); - ExecutionResult result = - coordinator.executeForTreeModel( - statement, - SESSION_MANAGER.requestQueryId(), - sessionInfo, - "", - ClusterPartitionFetcher.getInstance(), - SCHEMA_FETCHER); - if (result.status.getCode() == TSStatusCode.SUCCESS_STATUS.getStatusCode() - || result.status.getCode() == TSStatusCode.DATABASE_ALREADY_EXISTS.getStatusCode()) { - - SqlParser relationSqlParser = new SqlParser(); - IClientSession session = - new InternalClientSession( - String.format( - "%s_%s", DNAuditLogger.class.getSimpleName(), SystemConstant.AUDIT_DATABASE)); - session.setUsername(AuthorityChecker.INTERNAL_AUDIT_USER); - session.setZoneId(ZoneId.systemDefault()); - session.setClientVersion(IoTDBConstant.ClientVersion.V_1_0); - session.setDatabaseName(SystemConstant.AUDIT_DATABASE); - session.setSqlDialect(IClientSession.SqlDialect.TABLE); - SESSION_MANAGER.registerSession(session); - Metadata metadata = LocalExecutionPlanner.getInstance().metadata; - - org.apache.iotdb.db.queryengine.plan.relational.sql.ast.Statement stmt = - relationSqlParser.createStatement( - "CREATE DATABASE " + SystemConstant.AUDIT_PREFIX_KEY, - ZoneId.systemDefault(), - session); - TSStatus status = - coordinator.executeForTableModel( - stmt, - relationSqlParser, - session, - SESSION_MANAGER.requestQueryId(), - SESSION_MANAGER.getSessionInfoOfTableModel(session), - "", - metadata, - config.getQueryTimeoutThreshold(), - false) - .status; - if (status.getCode() != TSStatusCode.SUCCESS_STATUS.getStatusCode() - && status.getCode() != TSStatusCode.DATABASE_ALREADY_EXISTS.getStatusCode()) { - logger.error( - "Failed to create database in table model for audit log, because {}", - status.getMessage()); - } - stmt = - relationSqlParser.createStatement( - String.format( - "CREATE VIEW __audit.audit_log (\n" - + " %s STRING TAG,\n" - + " %s STRING TAG,\n" - + " %s STRING FIELD,\n" - + " %s STRING FIELD,\n" - + " %s STRING FIELD,\n" - + " %s STRING FIELD,\n" - + " %s STRING FIELD,\n" - + " %s STRING FIELD,\n" - + " %s BOOLEAN FIELD,\n" - + " %s STRING FIELD,\n" - + " %s STRING FIELD,\n" - + " %s STRING FIELD\n" - + ") AS root.__audit.log.**", - AUDIT_LOG_NODE_ID, - AUDIT_LOG_USER_ID, - AUDIT_LOG_USERNAME, - AUDIT_LOG_CLI_HOSTNAME, - AUDIT_LOG_AUDIT_EVENT_TYPE, - AUDIT_LOG_OPERATION_TYPE, - AUDIT_LOG_PRIVILEGE_TYPE, - AUDIT_LOG_PRIVILEGE_LEVEL, - AUDIT_LOG_RESULT, - AUDIT_LOG_DATABASE, - AUDIT_LOG_SQL_STRING, - AUDIT_LOG_LOG), - ZoneId.systemDefault(), - session); - status = - coordinator.executeForTableModel( - stmt, - relationSqlParser, - session, - SESSION_MANAGER.requestQueryId(), - SESSION_MANAGER.getSessionInfoOfTableModel(session), - "", - metadata, - config.getQueryTimeoutThreshold(), - false) - .status; - if (status.getCode() != TSStatusCode.SUCCESS_STATUS.getStatusCode() - && status.getCode() - != TSStatusCode.MEASUREMENT_ALREADY_EXISTS_IN_TEMPLATE.getStatusCode()) { - logger.error("Failed to create view for audit log, because {}", status.getMessage()); - } else { - logger.info("Create view for audit log successfully"); - tableViewIsInitialized.set(true); - } - } else { - logger.error("Failed to create database {} for audit log", SystemConstant.AUDIT_DATABASE); - } - } - } - } + public void createViewIfNecessary() {} @Override - public synchronized void log(IAuditEntity auditLogFields, Supplier log) { - if (!IS_AUDIT_LOG_ENABLED) { - return; - } - try { - createViewIfNecessary(); - if (noNeedInsertAuditLog(auditLogFields)) { - return; - } - long userId = auditLogFields.getUserId(); - String user = String.valueOf(userId); - if (userId == -1) { - user = "none"; - } - String dataNodeId = String.valueOf(config.getDataNodeId()); - InsertRowStatement statement = - generateInsertStatement( - auditLogFields, - log.get(), - DEVICE_PATH_CACHE.getPartialPath(String.format(AUDIT_LOG_DEVICE, dataNodeId, user))); - for (int retry = 0; retry < INSERT_RETRY_COUNT; retry++) { - ExecutionResult insertResult = - coordinator.executeForTreeModel( - statement, - SESSION_MANAGER.requestQueryId(), - sessionInfo, - "", - ClusterPartitionFetcher.getInstance(), - SCHEMA_FETCHER); - if (insertResult.status.getCode() == TSStatusCode.SUCCESS_STATUS.getStatusCode()) { - TimeUnit.MILLISECONDS.sleep(INSERT_INTERVAL_MS); - return; - } - TimeUnit.MILLISECONDS.sleep(INSERT_RETRY_INTERVAL_MS); - } - } catch (InterruptedException e) { - Thread.currentThread().interrupt(); - logger.warn("[AUDIT] Audit log insertion retry sleep was interrupted because", e); - } catch (Exception e) { - logger.warn("[AUDIT] Failed to log audit events because", e); - } - AuditEventType type = auditLogFields.getAuditEventType(); - if (isLoginEvent(type)) { - // TODO: @wenyanshi-123 Reactivate the following codes in the future - // try { - // statement.setDevicePath( - // DEVICE_PATH_CACHE.getPartialPath( - // String.format(AUDIT_LOGIN_LOG_DEVICE, dataNodeId, user))); - // } catch (IllegalPathException e) { - // logger.error("Failed to log audit login events because ", e); - // return; - // } - // coordinator.executeForTreeModel( - // statement, - // SESSION_MANAGER.requestQueryId(), - // sessionInfo, - // "", - // ClusterPartitionFetcher.getInstance(), - // SCHEMA_FETCHER); - } - } + public synchronized void log(IAuditEntity auditLogFields, Supplier log) {} public void logFromCN(AuditLogFields auditLogFields, String log, int nodeId) - throws IllegalPathException { - if (!IS_AUDIT_LOG_ENABLED) { - return; - } - createViewIfNecessary(); - if (noNeedInsertAuditLog(auditLogFields)) { - return; - } - InsertRowStatement statement = - generateInsertStatement( - auditLogFields, - log, - DEVICE_PATH_CACHE.getPartialPath(String.format(AUDIT_CN_LOG_DEVICE, nodeId))); - for (int retry = 0; retry < INSERT_RETRY_COUNT; retry++) { - ExecutionResult insertResult = - coordinator.executeForTreeModel( - statement, - SESSION_MANAGER.requestQueryId(), - sessionInfo, - "", - ClusterPartitionFetcher.getInstance(), - SCHEMA_FETCHER); - if (insertResult.status.getCode() == TSStatusCode.SUCCESS_STATUS.getStatusCode()) { - return; - } - try { - TimeUnit.MILLISECONDS.sleep(INSERT_RETRY_INTERVAL_MS); - } catch (InterruptedException e) { - Thread.currentThread().interrupt(); - logger.error("Audit log insertion retry sleep was interrupted", e); - } - } - } + throws IllegalPathException {} private static class DNAuditLoggerHolder { diff --git a/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/audit/AbstractAuditLogger.java b/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/audit/AbstractAuditLogger.java index ca659a532cd6..cec033663210 100644 --- a/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/audit/AbstractAuditLogger.java +++ b/iotdb-core/node-commons/src/main/java/org/apache/iotdb/commons/audit/AbstractAuditLogger.java @@ -19,11 +19,9 @@ package org.apache.iotdb.commons.audit; -import org.apache.iotdb.commons.auth.entity.PrivilegeType; import org.apache.iotdb.commons.conf.CommonConfig; import org.apache.iotdb.commons.conf.CommonDescriptor; -import java.util.List; import java.util.function.Supplier; public abstract class AbstractAuditLogger { @@ -43,83 +41,10 @@ public abstract class AbstractAuditLogger { private static final CommonConfig CONFIG = CommonDescriptor.getInstance().getConfig(); protected static final boolean IS_AUDIT_LOG_ENABLED = CONFIG.isEnableAuditLog(); - private static final List AUDITABLE_OPERATION_TYPE = - CONFIG.getAuditableOperationType(); - private static final PrivilegeLevel AUDITABLE_OPERATION_LEVEL = - CONFIG.getAuditableOperationLevel(); - private static final String AUDITABLE_OPERATION_RESULT = CONFIG.getAuditableOperationResult(); public abstract void log(IAuditEntity auditLogFields, Supplier log); public boolean noNeedInsertAuditLog(IAuditEntity auditLogFields) { - AuditLogOperation operation = auditLogFields.getAuditLogOperation(); - boolean result = auditLogFields.getResult(); - - // to do: check whether this event should be logged. - // if whitelist or blacklist is used, only ip on the whitelist or blacklist can be logged - - if (AUDITABLE_OPERATION_TYPE == null || !AUDITABLE_OPERATION_TYPE.contains(operation)) { - return true; - } - if (auditLogFields.getPrivilegeTypes() != null) { - for (PrivilegeType privilegeType : auditLogFields.getPrivilegeTypes()) { - PrivilegeLevel privilegeLevel = judgePrivilegeLevel(privilegeType); - if (AUDITABLE_OPERATION_LEVEL == PrivilegeLevel.OBJECT - && privilegeLevel == PrivilegeLevel.GLOBAL) { - return true; - } - } - } - if (result && !AUDITABLE_OPERATION_RESULT.contains("SUCCESS")) { - return true; - } - return !result && !AUDITABLE_OPERATION_RESULT.contains("FAIL"); - } - - public static PrivilegeLevel judgePrivilegeLevel(PrivilegeType type) { - if (type == null) { - return PrivilegeLevel.GLOBAL; - } - switch (type) { - case READ_DATA: - case DROP: - case ALTER: - case CREATE: - case DELETE: - case INSERT: - case SELECT: - case MANAGE_DATABASE: - case WRITE_DATA: - case READ_SCHEMA: - case WRITE_SCHEMA: - return PrivilegeLevel.OBJECT; - case USE_CQ: - case USE_UDF: - case USE_PIPE: - case USE_MODEL: - case MAINTAIN: - case MANAGE_ROLE: - case MANAGE_USER: - case USE_TRIGGER: - case EXTEND_TEMPLATE: - default: - return PrivilegeLevel.GLOBAL; - } - } - - public static Boolean isLoginEvent(AuditEventType type) { - switch (type) { - case LOGIN: - case LOGIN_FINAL: - case MODIFY_PASSWD: - case LOGIN_EXCEED_LIMIT: - case LOGIN_FAILED_TRIES: - case LOGIN_REJECT_IP: - case LOGIN_FAIL_MAX_TIMES: - case LOGIN_RESOURCE_RESTRICT: - return true; - default: - return false; - } + return true; } }