diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/DefaultAuditLogger.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/DefaultAuditLogger.java index 9ac0bec44cae0..75979bbf7a4f3 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/DefaultAuditLogger.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/DefaultAuditLogger.java @@ -90,4 +90,9 @@ public abstract void logAuditEvent(boolean succeeded, String userName, CallerContext callerContext, UserGroupInformation ugi, DelegationTokenSecretManager dtSecretManager); + public abstract void logAuditEvent(boolean succeeded, String userName, + InetAddress addr, String cmd, String src, String dst, FileStatus stat, + CallerContext callerContext, UserGroupInformation ugi, + DelegationTokenSecretManager dtSecretManager, String extra); + } diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java index a9fce49d46f61..7912f479ef05c 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/FSNamesystem.java @@ -415,35 +415,40 @@ private void logAuditEvent(boolean succeeded, String cmd, String src, } } - private void logAuditEvent(boolean succeeded, String cmd, String src, - HdfsFileStatus stat) throws IOException { - if (!isAuditEnabled() || !isExternalInvocation()) { - return; - } - FileStatus status = null; + private FileStatus converHdfsFileStatus(String src, HdfsFileStatus stat) { if (stat != null) { Path symlink = stat.isSymlink() ? new Path(DFSUtilClient.bytes2String(stat.getSymlinkInBytes())) : null; Path path = new Path(src); - status = new FileStatus(stat.getLen(), stat.isDirectory(), + return new FileStatus(stat.getLen(), stat.isDirectory(), stat.getReplication(), stat.getBlockSize(), stat.getModificationTime(), stat.getAccessTime(), stat.getPermission(), stat.getOwner(), stat.getGroup(), symlink, path); } - logAuditEvent(succeeded, cmd, src, null, status); + + return null; } private void logAuditEvent(boolean succeeded, UserGroupInformation ugi, InetAddress addr, String cmd, String src, String dst, FileStatus status) { - final String ugiStr = ugi.toString(); + logAuditEvent(succeeded, ugi, addr, cmd, src, dst, status, null); + } + + private void logAuditEvent(boolean succeeded, + UserGroupInformation ugi, InetAddress addr, String cmd, String src, + String dst, FileStatus status, String extra) { + String ugiStr = null; + if (ugi != null) { + ugiStr = ugi.toString(); + } for (AuditLogger logger : auditLoggers) { if (logger instanceof HdfsAuditLogger) { HdfsAuditLogger hdfsLogger = (HdfsAuditLogger) logger; hdfsLogger.logAuditEvent(succeeded, ugiStr, addr, cmd, src, dst, - status, CallerContext.getCurrent(), ugi, dtSecretManager); + status, CallerContext.getCurrent(), ugi, dtSecretManager, extra); } else { logger.logAuditEvent(succeeded, ugiStr, addr, cmd, src, dst, status); } @@ -2660,10 +2665,12 @@ HdfsFileStatus startFile(String src, PermissionStatus permissions, createParent, replication, blockSize, supportedVersions, ecPolicyName, storagePolicy, logRetryCache); } catch (AccessControlException e) { - logAuditEvent(false, "create", src); + logAuditEvent(false, Server.getRemoteUser(), Server.getRemoteIp(), + "create", src, null, null, flag.toString()); throw e; } - logAuditEvent(true, "create", src, status); + logAuditEvent(true, Server.getRemoteUser(), Server.getRemoteIp(), + "create", src, null, converHdfsFileStatus(src, status), flag.toString()); return status; } @@ -8713,10 +8720,9 @@ public void initialize(Configuration conf) { @Override public void logAuditEvent(boolean succeeded, String userName, - InetAddress addr, String cmd, String src, String dst, - FileStatus status, CallerContext callerContext, UserGroupInformation ugi, - DelegationTokenSecretManager dtSecretManager) { - + InetAddress addr, String cmd, String src, String dst, FileStatus status, + CallerContext callerContext, UserGroupInformation ugi, + DelegationTokenSecretManager dtSecretManager, String extra) { if (auditLog.isDebugEnabled() || (auditLog.isInfoEnabled() && !debugCmdSet.contains(cmd))) { final StringBuilder sb = STRING_BUILDER.get(); @@ -8773,10 +8779,22 @@ public void logAuditEvent(boolean succeeded, String userName, CallerContext.SIGNATURE_ENCODING)); } } + if (extra != null) { + sb.append("\t").append("extra=").append(extra); + } logAuditMessage(sb.toString()); } } + @Override + public void logAuditEvent(boolean succeeded, String userName, + InetAddress addr, String cmd, String src, String dst, + FileStatus status, CallerContext callerContext, UserGroupInformation ugi, + DelegationTokenSecretManager dtSecretManager) { + logAuditEvent(succeeded, userName, addr, cmd, src, dst, status, + callerContext, ugi, dtSecretManager, null/*extra*/); + } + @Override public void logAuditEvent(boolean succeeded, String userName, InetAddress addr, String cmd, String src, String dst, diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/HdfsAuditLogger.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/HdfsAuditLogger.java index 0a355d0ec3e77..8b62486cb4c80 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/HdfsAuditLogger.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/HdfsAuditLogger.java @@ -66,6 +66,17 @@ public abstract void logAuditEvent(boolean succeeded, String userName, FileStatus stat, CallerContext callerContext, UserGroupInformation ugi, DelegationTokenSecretManager dtSecretManager); + /** + * Same as + * {@link #logAuditEvent(boolean, String, InetAddress, String, String, + * String, FileStatus, CallerContext, UserGroupInformation, + * DelegationTokenSecretManager, String)} add {@link String} information. + */ + public abstract void logAuditEvent(boolean succeeded, String userName, + InetAddress addr, String cmd, String src, String dst, + FileStatus stat, CallerContext callerContext, UserGroupInformation ugi, + DelegationTokenSecretManager dtSecretManager, String extra); + /** * Same as * {@link #logAuditEvent(boolean, String, InetAddress, String, String, @@ -76,4 +87,5 @@ public abstract void logAuditEvent(boolean succeeded, String userName, InetAddress addr, String cmd, String src, String dst, FileStatus stat, UserGroupInformation ugi, DelegationTokenSecretManager dtSecretManager); + } diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestAuditLogger.java b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestAuditLogger.java index aa2c7f689766f..c39e1870e814c 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestAuditLogger.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestAuditLogger.java @@ -519,6 +519,26 @@ public void testAuditLogForAcls() throws Exception { } } + @Test + public void testAuditLogWithExtra() throws Exception { + MiniDFSCluster cluster = null; + try { + Configuration conf = new HdfsConfiguration(); + cluster = new MiniDFSCluster.Builder(conf).build(); + cluster.waitClusterUp(); + LogCapturer auditlog = LogCapturer.captureLogs(FSNamesystem.auditLog); + FileSystem fs = cluster.getFileSystem(); + Path p = new Path("/debug.log"); + fs.create(p, true); + String content = auditlog.getOutput(); + assertTrue(content.contains("extra=")); + auditlog.clearOutput(); + } finally { + if (cluster != null) { + cluster.shutdown(); + } + } + } /** * Tests that a broken audit logger causes requests to fail.