User, group, privilege auditlog event creators
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/2c6dc8b7 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/2c6dc8b7 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/2c6dc8b7 Branch: refs/heads/audit_logging Commit: 2c6dc8b7aacd81e18492dd0c0a97efef0c08b684 Parents: eb48d7f Author: Daniel Gergely <dgerg...@hortonworks.com> Authored: Wed Feb 17 15:25:07 2016 +0100 Committer: Toader, Sebastian <stoa...@hortonworks.com> Committed: Thu Mar 24 13:06:44 2016 +0100 ---------------------------------------------------------------------- .../server/audit/AbstractUserAuditEvent.java | 2 +- .../ConfigurationChangeRequestAuditEvent.java | 91 ---------- .../ambari/server/audit/RequestAuditEvent.java | 138 -------------- .../request/ActivateUserRequestAuditEvent.java | 85 +++++++++ .../AddUserToGroupRequestAuditEvent.java | 84 +++++++++ .../request/AdminUserRequestAuditEvent.java | 85 +++++++++ ...ClusterPrivilegeChangeRequestAuditEvent.java | 106 +++++++++++ .../ConfigurationChangeRequestAuditEvent.java | 88 +++++++++ .../request/CreateGroupRequestAuditEvent.java | 75 ++++++++ .../request/CreateUserRequestAuditEvent.java | 94 ++++++++++ .../request/DeleteGroupRequestAuditEvent.java | 75 ++++++++ .../request/DeleteUserRequestAuditEvent.java | 75 ++++++++ .../MembershipChangeRequestAuditEvent.java | 93 ++++++++++ .../PrivilegeChangeRequestAuditEvent.java | 94 ++++++++++ .../RemoveUserFromGroupRequestAuditEvent.java | 81 +++++++++ .../server/audit/request/RequestAuditEvent.java | 139 ++++++++++++++ .../audit/request/RequestAuditLoggerImpl.java | 4 +- .../UserPasswordChangeRequestAuditEvent.java | 75 ++++++++ .../ConfigurationChangeEventCreator.java | 3 +- .../eventcreator/DefaultEventCreator.java | 2 +- .../request/eventcreator/GroupEventCreator.java | 123 +++++++++++++ .../eventcreator/MemberEventCreator.java | 155 ++++++++++++++++ .../eventcreator/PrivilegeEventCreator.java | 142 +++++++++++++++ .../eventcreator/ServiceEventCreator.java | 2 +- .../request/eventcreator/UserEventCreator.java | 181 +++++++++++++++++++ .../server/controller/ControllerModule.java | 8 + 26 files changed, 1865 insertions(+), 235 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/2c6dc8b7/ambari-server/src/main/java/org/apache/ambari/server/audit/AbstractUserAuditEvent.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/AbstractUserAuditEvent.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/AbstractUserAuditEvent.java index a7f5b0d..721f1fc 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/AbstractUserAuditEvent.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/AbstractUserAuditEvent.java @@ -26,7 +26,7 @@ package org.apache.ambari.server.audit; */ public abstract class AbstractUserAuditEvent extends AbstractAuditEvent { - static abstract class AbstractUserAuditEventBuilder<T extends AbstractUserAuditEvent, TBuilder extends AbstractUserAuditEventBuilder<T, TBuilder>> + public static abstract class AbstractUserAuditEventBuilder<T extends AbstractUserAuditEvent, TBuilder extends AbstractUserAuditEventBuilder<T, TBuilder>> extends AbstractAuditEventBuilder<T, TBuilder> { private String userName; http://git-wip-us.apache.org/repos/asf/ambari/blob/2c6dc8b7/ambari-server/src/main/java/org/apache/ambari/server/audit/ConfigurationChangeRequestAuditEvent.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/ConfigurationChangeRequestAuditEvent.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/ConfigurationChangeRequestAuditEvent.java deleted file mode 100644 index 922a161..0000000 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/ConfigurationChangeRequestAuditEvent.java +++ /dev/null @@ -1,91 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.ambari.server.audit; - -import org.apache.ambari.server.api.services.Request; -import org.apache.ambari.server.api.services.ResultStatus; - -/** - * Base class for start operation audit events. - */ -public class ConfigurationChangeRequestAuditEvent extends RequestAuditEvent { - - public static class ConfigurationChangeRequestAuditEventBuilder extends RequestAuditEventBuilder<ConfigurationChangeRequestAuditEvent, ConfigurationChangeRequestAuditEventBuilder> { - - private String versionNumber; - - private String versionNote; - - public ConfigurationChangeRequestAuditEventBuilder() { - super.withOperation("Configuration change"); - } - - @Override - protected ConfigurationChangeRequestAuditEvent newAuditEvent() { - return new ConfigurationChangeRequestAuditEvent(this); - } - - /** - * Appends to the event the details of the incoming request. - * @param builder builder for the audit event details. - */ - @Override - protected void buildAuditMessage(StringBuilder builder) { - super.buildAuditMessage(builder); - - builder - .append(", VersionNumber(V") - .append(versionNumber) - .append("), ") - .append("VersionNote(") - .append(versionNote) - .append(")"); - } - - public ConfigurationChangeRequestAuditEventBuilder withVersionNumber(String versionNumber) { - this.versionNumber = versionNumber; - return this; - } - - public ConfigurationChangeRequestAuditEventBuilder withVersionNote(String versionNote) { - this.versionNote = versionNote; - return this; - } - - } - - protected ConfigurationChangeRequestAuditEvent() { - } - - /** - * {@inheritDoc} - */ - protected ConfigurationChangeRequestAuditEvent(ConfigurationChangeRequestAuditEventBuilder builder) { - super(builder); - } - - /** - * Returns an builder for {@link ConfigurationChangeRequestAuditEvent} - * @return a builder instance - */ - public static ConfigurationChangeRequestAuditEventBuilder builder() { - return new ConfigurationChangeRequestAuditEventBuilder(); - } - -} http://git-wip-us.apache.org/repos/asf/ambari/blob/2c6dc8b7/ambari-server/src/main/java/org/apache/ambari/server/audit/RequestAuditEvent.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/RequestAuditEvent.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/RequestAuditEvent.java deleted file mode 100644 index 5e14075..0000000 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/RequestAuditEvent.java +++ /dev/null @@ -1,138 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.ambari.server.audit; - -import org.apache.ambari.server.api.services.Request; -import org.apache.ambari.server.api.services.ResultStatus; - -/** - * Base class for start operation audit events. - */ -public class RequestAuditEvent extends AbstractUserAuditEvent { - - public static class RequestAuditEventBuilder<T extends RequestAuditEvent, TBuilder extends RequestAuditEventBuilder<T, TBuilder>> extends AbstractUserAuditEventBuilder<T, TBuilder> { - - private Request.Type requestType; - - private ResultStatus resultStatus; - - private String url; - - private String operation; - - @Override - protected T newAuditEvent() { - return (T)new RequestAuditEvent(this); - } - - /** - * Appends to the event the details of the incoming request. - * @param builder builder for the audit event details. - */ - @Override - protected void buildAuditMessage(StringBuilder builder) { - super.buildAuditMessage(builder); - if (operation != null) { - builder - .append(", Operation(") - .append(operation) - .append(")"); - } - builder - .append(", RequestType(") - .append(requestType) - .append("), ") - .append("url(") - .append(url) - .append("), ResultStatus(") - .append(resultStatus.getStatusCode()) - .append(" ") - .append(resultStatus.getStatus()) - .append(")"); - - if (resultStatus.isErrorState()) { - builder.append(", Reason(") - .append(resultStatus.getMessage()) - .append(")"); - } - } - - /** - * Sets the request type to be added to the audit event. - * @param requestType request type to be added to the audit event. - * @return this builder - */ - public TBuilder withRequestType(Request.Type requestType) { - this.requestType = requestType; - - return (TBuilder)this; - } - - /** - * Sets the url to be added to the audit event. - * @param url url to be added to the audit event. - * @return this builder - */ - public TBuilder withUrl(String url) { - this.url = url; - - return (TBuilder)this; - } - - /** - * Sets the result status to be added to the audit event. - * @param resultStatus result status to be added to the audit event. - * @return this builder - */ - public TBuilder withResultStatus(ResultStatus resultStatus) { - this.resultStatus = resultStatus; - - return (TBuilder)this; - } - - /** - * Sets the operation to be added to the audit event. - * @param operation operation to be added to the audit event. - * @return this builder - */ - public TBuilder withOperation(String operation) { - this.operation = operation; - - return (TBuilder)this; - } - } - - protected RequestAuditEvent() { - } - - /** - * {@inheritDoc} - */ - protected RequestAuditEvent(RequestAuditEventBuilder<?,?> builder) { - super(builder); - } - - /** - * Returns an builder for {@link RequestAuditEvent} - * @return a builder instance - */ - public static RequestAuditEventBuilder<?,?> builder() { - return new RequestAuditEventBuilder(); - } - -} http://git-wip-us.apache.org/repos/asf/ambari/blob/2c6dc8b7/ambari-server/src/main/java/org/apache/ambari/server/audit/request/ActivateUserRequestAuditEvent.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/ActivateUserRequestAuditEvent.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/ActivateUserRequestAuditEvent.java new file mode 100644 index 0000000..c80444f --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/ActivateUserRequestAuditEvent.java @@ -0,0 +1,85 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.audit.request; + +public class ActivateUserRequestAuditEvent extends RequestAuditEvent { + + public static class ActivateUserRequestAuditEventBuilder extends RequestAuditEventBuilder<ActivateUserRequestAuditEvent, ActivateUserRequestAuditEventBuilder> { + + private boolean active; + + private String username; + + public ActivateUserRequestAuditEventBuilder() { + super.withOperation("Set user activate"); + } + + @Override + protected ActivateUserRequestAuditEvent newAuditEvent() { + return new ActivateUserRequestAuditEvent(this); + } + + /** + * Appends to the event the details of the incoming request. + * @param builder builder for the audit event details. + */ + @Override + protected void buildAuditMessage(StringBuilder builder) { + super.buildAuditMessage(builder); + + builder + .append(", Affected username(") + .append(username) + .append("), ") + .append("Active(") + .append(active ? "yes" : "no") + .append(")"); + } + + public ActivateUserRequestAuditEventBuilder withActive(boolean active) { + this.active = active; + return this; + } + + public ActivateUserRequestAuditEventBuilder withAffectedUsername(String username) { + this.username = username; + return this; + } + + } + + protected ActivateUserRequestAuditEvent() { + } + + /** + * {@inheritDoc} + */ + protected ActivateUserRequestAuditEvent(ActivateUserRequestAuditEventBuilder builder) { + super(builder); + } + + /** + * Returns an builder for {@link ActivateUserRequestAuditEvent} + * @return a builder instance + */ + public static ActivateUserRequestAuditEventBuilder builder() { + return new ActivateUserRequestAuditEventBuilder(); + } + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/2c6dc8b7/ambari-server/src/main/java/org/apache/ambari/server/audit/request/AddUserToGroupRequestAuditEvent.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/AddUserToGroupRequestAuditEvent.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/AddUserToGroupRequestAuditEvent.java new file mode 100644 index 0000000..37e33a1 --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/AddUserToGroupRequestAuditEvent.java @@ -0,0 +1,84 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.audit.request; + +import java.util.List; +import java.util.Map; + +public class AddUserToGroupRequestAuditEvent extends RequestAuditEvent { + + public static class AddUserToGroupRequestAuditEventBuilder extends RequestAuditEventBuilder<AddUserToGroupRequestAuditEvent, AddUserToGroupRequestAuditEventBuilder> { + + private String groupName; + private String affectedUserName; + + public AddUserToGroupRequestAuditEventBuilder() { + super.withOperation("User addition to group"); + } + + @Override + protected AddUserToGroupRequestAuditEvent newAuditEvent() { + return new AddUserToGroupRequestAuditEvent(this); + } + + /** + * Appends to the event the details of the incoming request. + * @param builder builder for the audit event details. + */ + @Override + protected void buildAuditMessage(StringBuilder builder) { + super.buildAuditMessage(builder); + + builder.append(", Group("); + builder.append(groupName); + builder.append("), Affected username("); + builder.append(affectedUserName); + builder.append(")"); + } + + public AddUserToGroupRequestAuditEventBuilder withGroupName(String groupName) { + this.groupName = groupName; + return this; + } + + public AddUserToGroupRequestAuditEventBuilder withAffectedUserName(String userName) { + this.affectedUserName = userName; + return this; + } + } + + protected AddUserToGroupRequestAuditEvent() { + } + + /** + * {@inheritDoc} + */ + protected AddUserToGroupRequestAuditEvent(AddUserToGroupRequestAuditEventBuilder builder) { + super(builder); + } + + /** + * Returns an builder for {@link AddUserToGroupRequestAuditEvent} + * @return a builder instance + */ + public static AddUserToGroupRequestAuditEventBuilder builder() { + return new AddUserToGroupRequestAuditEventBuilder(); + } + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/2c6dc8b7/ambari-server/src/main/java/org/apache/ambari/server/audit/request/AdminUserRequestAuditEvent.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/AdminUserRequestAuditEvent.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/AdminUserRequestAuditEvent.java new file mode 100644 index 0000000..71a73b3 --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/AdminUserRequestAuditEvent.java @@ -0,0 +1,85 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.audit.request; + +public class AdminUserRequestAuditEvent extends RequestAuditEvent { + + public static class AdminUserRequestAuditEventBuilder extends RequestAuditEventBuilder<AdminUserRequestAuditEvent, AdminUserRequestAuditEventBuilder> { + + private boolean admin; + + private String username; + + public AdminUserRequestAuditEventBuilder() { + super.withOperation("Set user admin"); + } + + @Override + protected AdminUserRequestAuditEvent newAuditEvent() { + return new AdminUserRequestAuditEvent(this); + } + + /** + * Appends to the event the details of the incoming request. + * @param builder builder for the audit event details. + */ + @Override + protected void buildAuditMessage(StringBuilder builder) { + super.buildAuditMessage(builder); + + builder + .append(", Affeted username(") + .append(username) + .append("), ") + .append("Administrator(") + .append(admin ? "yes" : "no") + .append(")"); + } + + public AdminUserRequestAuditEventBuilder withAdmin(boolean admin) { + this.admin = admin; + return this; + } + + public AdminUserRequestAuditEventBuilder withAffectedUsername(String username) { + this.username = username; + return this; + } + + } + + protected AdminUserRequestAuditEvent() { + } + + /** + * {@inheritDoc} + */ + protected AdminUserRequestAuditEvent(AdminUserRequestAuditEventBuilder builder) { + super(builder); + } + + /** + * Returns an builder for {@link AdminUserRequestAuditEvent} + * @return a builder instance + */ + public static AdminUserRequestAuditEventBuilder builder() { + return new AdminUserRequestAuditEventBuilder(); + } + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/2c6dc8b7/ambari-server/src/main/java/org/apache/ambari/server/audit/request/ClusterPrivilegeChangeRequestAuditEvent.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/ClusterPrivilegeChangeRequestAuditEvent.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/ClusterPrivilegeChangeRequestAuditEvent.java new file mode 100644 index 0000000..883b1e3 --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/ClusterPrivilegeChangeRequestAuditEvent.java @@ -0,0 +1,106 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.audit.request; + +import java.util.HashSet; +import java.util.LinkedList; +import java.util.List; +import java.util.Map; +import java.util.Set; + +import org.apache.commons.lang.StringUtils; + +public class ClusterPrivilegeChangeRequestAuditEvent extends RequestAuditEvent { + + public static class ClusterPrivilegeChangeRequestAuditEventBuilder extends RequestAuditEventBuilder<ClusterPrivilegeChangeRequestAuditEvent, ClusterPrivilegeChangeRequestAuditEventBuilder> { + + private Map<String, List<String>> users; + private Map<String, List<String>> groups; + + public ClusterPrivilegeChangeRequestAuditEventBuilder() { + super.withOperation("Role change"); + } + + @Override + protected ClusterPrivilegeChangeRequestAuditEvent newAuditEvent() { + return new ClusterPrivilegeChangeRequestAuditEvent(this); + } + + /** + * Appends to the event the details of the incoming request. + * @param builder builder for the audit event details. + */ + @Override + protected void buildAuditMessage(StringBuilder builder) { + super.buildAuditMessage(builder); + + Set<String> roleSet = new HashSet<String>(); + roleSet.addAll(users.keySet()); + roleSet.addAll(groups.keySet()); + + builder.append(", Roles("); + builder.append(System.lineSeparator()); + + List<String> lines = new LinkedList<String>(); + + for(String role : roleSet) { + lines.add(role + ": "); + if(users.get(role) != null && !users.get(role).isEmpty()) { + lines.add(" Users: " + StringUtils.join(users.get(role), ", ")); + } + if(groups.get(role) != null && !groups.get(role).isEmpty()) { + lines.add(" Groups: " + StringUtils.join(groups.get(role), ", ")); + } + } + + builder.append(StringUtils.join(lines,System.lineSeparator())); + + builder.append(")"); + } + + public ClusterPrivilegeChangeRequestAuditEventBuilder withUsers(Map<String, List<String>> users) { + this.users = users; + return this; + } + + public ClusterPrivilegeChangeRequestAuditEventBuilder withGroups(Map<String, List<String>> groups) { + this.groups = groups; + return this; + } + } + + protected ClusterPrivilegeChangeRequestAuditEvent() { + } + + /** + * {@inheritDoc} + */ + protected ClusterPrivilegeChangeRequestAuditEvent(ClusterPrivilegeChangeRequestAuditEventBuilder builder) { + super(builder); + } + + /** + * Returns an builder for {@link ClusterPrivilegeChangeRequestAuditEvent} + * @return a builder instance + */ + public static ClusterPrivilegeChangeRequestAuditEventBuilder builder() { + return new ClusterPrivilegeChangeRequestAuditEventBuilder(); + } + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/2c6dc8b7/ambari-server/src/main/java/org/apache/ambari/server/audit/request/ConfigurationChangeRequestAuditEvent.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/ConfigurationChangeRequestAuditEvent.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/ConfigurationChangeRequestAuditEvent.java new file mode 100644 index 0000000..bb6cc3b --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/ConfigurationChangeRequestAuditEvent.java @@ -0,0 +1,88 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.audit.request; + +/** + * Base class for start operation audit events. + */ +public class ConfigurationChangeRequestAuditEvent extends RequestAuditEvent { + + public static class ConfigurationChangeRequestAuditEventBuilder extends RequestAuditEventBuilder<ConfigurationChangeRequestAuditEvent, ConfigurationChangeRequestAuditEventBuilder> { + + private String versionNumber; + + private String versionNote; + + public ConfigurationChangeRequestAuditEventBuilder() { + super.withOperation("Configuration change"); + } + + @Override + protected ConfigurationChangeRequestAuditEvent newAuditEvent() { + return new ConfigurationChangeRequestAuditEvent(this); + } + + /** + * Appends to the event the details of the incoming request. + * @param builder builder for the audit event details. + */ + @Override + protected void buildAuditMessage(StringBuilder builder) { + super.buildAuditMessage(builder); + + builder + .append(", VersionNumber(V") + .append(versionNumber) + .append("), ") + .append("VersionNote(") + .append(versionNote) + .append(")"); + } + + public ConfigurationChangeRequestAuditEventBuilder withVersionNumber(String versionNumber) { + this.versionNumber = versionNumber; + return this; + } + + public ConfigurationChangeRequestAuditEventBuilder withVersionNote(String versionNote) { + this.versionNote = versionNote; + return this; + } + + } + + protected ConfigurationChangeRequestAuditEvent() { + } + + /** + * {@inheritDoc} + */ + protected ConfigurationChangeRequestAuditEvent(ConfigurationChangeRequestAuditEventBuilder builder) { + super(builder); + } + + /** + * Returns an builder for {@link ConfigurationChangeRequestAuditEvent} + * @return a builder instance + */ + public static ConfigurationChangeRequestAuditEventBuilder builder() { + return new ConfigurationChangeRequestAuditEventBuilder(); + } + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/2c6dc8b7/ambari-server/src/main/java/org/apache/ambari/server/audit/request/CreateGroupRequestAuditEvent.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/CreateGroupRequestAuditEvent.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/CreateGroupRequestAuditEvent.java new file mode 100644 index 0000000..d1298f3 --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/CreateGroupRequestAuditEvent.java @@ -0,0 +1,75 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.audit.request; + +public class CreateGroupRequestAuditEvent extends RequestAuditEvent { + + public static class CreateGroupRequestAuditEventBuilder extends RequestAuditEventBuilder<CreateGroupRequestAuditEvent, CreateGroupRequestAuditEventBuilder> { + + private String groupName; + + public CreateGroupRequestAuditEventBuilder() { + super.withOperation("Group create"); + } + + @Override + protected CreateGroupRequestAuditEvent newAuditEvent() { + return new CreateGroupRequestAuditEvent(this); + } + + /** + * Appends to the event the details of the incoming request. + * @param builder builder for the audit event details. + */ + @Override + protected void buildAuditMessage(StringBuilder builder) { + super.buildAuditMessage(builder); + + builder + .append(", Group(") + .append(groupName) + .append(")"); + } + + public CreateGroupRequestAuditEventBuilder withGroupName(String groupName) { + this.groupName = groupName; + return this; + } + + } + + protected CreateGroupRequestAuditEvent() { + } + + /** + * {@inheritDoc} + */ + protected CreateGroupRequestAuditEvent(CreateGroupRequestAuditEventBuilder builder) { + super(builder); + } + + /** + * Returns an builder for {@link CreateGroupRequestAuditEvent} + * @return a builder instance + */ + public static CreateGroupRequestAuditEventBuilder builder() { + return new CreateGroupRequestAuditEventBuilder(); + } + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/2c6dc8b7/ambari-server/src/main/java/org/apache/ambari/server/audit/request/CreateUserRequestAuditEvent.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/CreateUserRequestAuditEvent.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/CreateUserRequestAuditEvent.java new file mode 100644 index 0000000..eb12bae --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/CreateUserRequestAuditEvent.java @@ -0,0 +1,94 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.audit.request; + +public class CreateUserRequestAuditEvent extends RequestAuditEvent { + + public static class CreateUserRequestAuditEventBuilder extends RequestAuditEventBuilder<CreateUserRequestAuditEvent, CreateUserRequestAuditEventBuilder> { + + private boolean admin; + + private boolean active; + + private String username; + + public CreateUserRequestAuditEventBuilder() { + super.withOperation("User create"); + } + + @Override + protected CreateUserRequestAuditEvent newAuditEvent() { + return new CreateUserRequestAuditEvent(this); + } + + /** + * Appends to the event the details of the incoming request. + * @param builder builder for the audit event details. + */ + @Override + protected void buildAuditMessage(StringBuilder builder) { + super.buildAuditMessage(builder); + + builder + .append(", Created Username(") + .append(username) + .append("), Active(") + .append(active ? "yes" : "no") + .append("), ") + .append("Administrator(") + .append(admin ? "yes" : "no") + .append(")"); + } + + public CreateUserRequestAuditEventBuilder withAdmin(boolean admin) { + this.admin = admin; + return this; + } + + public CreateUserRequestAuditEventBuilder withActive(boolean active) { + this.active = active; + return this; + } + + public CreateUserRequestAuditEventBuilder withCreatedUsername(String username) { + this.username = username; + return this; + } + + } + + protected CreateUserRequestAuditEvent() { + } + + /** + * {@inheritDoc} + */ + protected CreateUserRequestAuditEvent(CreateUserRequestAuditEventBuilder builder) { + super(builder); + } + + /** + * Returns an builder for {@link CreateUserRequestAuditEvent} + * @return a builder instance + */ + public static CreateUserRequestAuditEventBuilder builder() { + return new CreateUserRequestAuditEventBuilder(); + } + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/2c6dc8b7/ambari-server/src/main/java/org/apache/ambari/server/audit/request/DeleteGroupRequestAuditEvent.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/DeleteGroupRequestAuditEvent.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/DeleteGroupRequestAuditEvent.java new file mode 100644 index 0000000..7265def --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/DeleteGroupRequestAuditEvent.java @@ -0,0 +1,75 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.audit.request; + +public class DeleteGroupRequestAuditEvent extends RequestAuditEvent { + + public static class DeleteGroupRequestAuditEventBuilder extends RequestAuditEventBuilder<DeleteGroupRequestAuditEvent, DeleteGroupRequestAuditEventBuilder> { + + private String groupName; + + public DeleteGroupRequestAuditEventBuilder() { + super.withOperation("Group delete"); + } + + @Override + protected DeleteGroupRequestAuditEvent newAuditEvent() { + return new DeleteGroupRequestAuditEvent(this); + } + + /** + * Appends to the event the details of the incoming request. + * @param builder builder for the audit event details. + */ + @Override + protected void buildAuditMessage(StringBuilder builder) { + super.buildAuditMessage(builder); + + builder + .append(", Group(") + .append(groupName) + .append(")"); + } + + public DeleteGroupRequestAuditEventBuilder withGroupName(String groupName) { + this.groupName = groupName; + return this; + } + + } + + protected DeleteGroupRequestAuditEvent() { + } + + /** + * {@inheritDoc} + */ + protected DeleteGroupRequestAuditEvent(DeleteGroupRequestAuditEventBuilder builder) { + super(builder); + } + + /** + * Returns an builder for {@link DeleteGroupRequestAuditEvent} + * @return a builder instance + */ + public static DeleteGroupRequestAuditEventBuilder builder() { + return new DeleteGroupRequestAuditEventBuilder(); + } + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/2c6dc8b7/ambari-server/src/main/java/org/apache/ambari/server/audit/request/DeleteUserRequestAuditEvent.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/DeleteUserRequestAuditEvent.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/DeleteUserRequestAuditEvent.java new file mode 100644 index 0000000..2e67829 --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/DeleteUserRequestAuditEvent.java @@ -0,0 +1,75 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.audit.request; + +public class DeleteUserRequestAuditEvent extends RequestAuditEvent { + + public static class DeleteUserRequestAuditEventBuilder extends RequestAuditEventBuilder<DeleteUserRequestAuditEvent, DeleteUserRequestAuditEventBuilder> { + + private String username; + + public DeleteUserRequestAuditEventBuilder() { + super.withOperation("User delete"); + } + + @Override + protected DeleteUserRequestAuditEvent newAuditEvent() { + return new DeleteUserRequestAuditEvent(this); + } + + /** + * Appends to the event the details of the incoming request. + * @param builder builder for the audit event details. + */ + @Override + protected void buildAuditMessage(StringBuilder builder) { + super.buildAuditMessage(builder); + + builder + .append(", Deleted Username(") + .append(username) + .append(")"); + } + + public DeleteUserRequestAuditEventBuilder withDeletedUsername(String username) { + this.username = username; + return this; + } + + } + + protected DeleteUserRequestAuditEvent() { + } + + /** + * {@inheritDoc} + */ + protected DeleteUserRequestAuditEvent(DeleteUserRequestAuditEventBuilder builder) { + super(builder); + } + + /** + * Returns an builder for {@link DeleteUserRequestAuditEvent} + * @return a builder instance + */ + public static DeleteUserRequestAuditEventBuilder builder() { + return new DeleteUserRequestAuditEventBuilder(); + } + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/2c6dc8b7/ambari-server/src/main/java/org/apache/ambari/server/audit/request/MembershipChangeRequestAuditEvent.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/MembershipChangeRequestAuditEvent.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/MembershipChangeRequestAuditEvent.java new file mode 100644 index 0000000..a407f4b --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/MembershipChangeRequestAuditEvent.java @@ -0,0 +1,93 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.audit.request; + +import java.util.List; + +import org.apache.commons.lang.StringUtils; + +public class MembershipChangeRequestAuditEvent extends RequestAuditEvent { + + public static class AddUserToGroupRequestAuditEventBuilder extends RequestAuditEventBuilder<MembershipChangeRequestAuditEvent, AddUserToGroupRequestAuditEventBuilder> { + + private List<String> userNameList; + + private String groupName; + + public AddUserToGroupRequestAuditEventBuilder() { + super.withOperation("Membership change"); + } + + @Override + protected MembershipChangeRequestAuditEvent newAuditEvent() { + return new MembershipChangeRequestAuditEvent(this); + } + + /** + * Appends to the event the details of the incoming request. + * @param builder builder for the audit event details. + */ + @Override + protected void buildAuditMessage(StringBuilder builder) { + super.buildAuditMessage(builder); + + builder.append(", Group(") + .append(groupName) + .append("), Members("); + + if(userNameList.isEmpty()) { + builder.append("<empty>"); + } + + StringUtils.join(userNameList, ", "); + + builder.append(")"); + } + + public AddUserToGroupRequestAuditEventBuilder withUserNameList(List<String> users) { + this.userNameList = users; + return this; + } + + public AddUserToGroupRequestAuditEventBuilder withGroupName(String groupName) { + this.groupName = groupName; + return this; + } + + } + + protected MembershipChangeRequestAuditEvent() { + } + + /** + * {@inheritDoc} + */ + protected MembershipChangeRequestAuditEvent(AddUserToGroupRequestAuditEventBuilder builder) { + super(builder); + } + + /** + * Returns an builder for {@link MembershipChangeRequestAuditEvent} + * @return a builder instance + */ + public static AddUserToGroupRequestAuditEventBuilder builder() { + return new AddUserToGroupRequestAuditEventBuilder(); + } + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/2c6dc8b7/ambari-server/src/main/java/org/apache/ambari/server/audit/request/PrivilegeChangeRequestAuditEvent.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/PrivilegeChangeRequestAuditEvent.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/PrivilegeChangeRequestAuditEvent.java new file mode 100644 index 0000000..ffc75e1 --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/PrivilegeChangeRequestAuditEvent.java @@ -0,0 +1,94 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.audit.request; + +public class PrivilegeChangeRequestAuditEvent extends RequestAuditEvent { + + public static class PrivilegeChangeRequestAuditEventBuilder extends RequestAuditEventBuilder<PrivilegeChangeRequestAuditEvent, PrivilegeChangeRequestAuditEventBuilder> { + + private String user; + + private String group; + + private String role; + + public PrivilegeChangeRequestAuditEventBuilder() { + super.withOperation("Role change"); + } + + @Override + protected PrivilegeChangeRequestAuditEvent newAuditEvent() { + return new PrivilegeChangeRequestAuditEvent(this); + } + + /** + * Appends to the event the details of the incoming request. + * @param builder builder for the audit event details. + */ + @Override + protected void buildAuditMessage(StringBuilder builder) { + super.buildAuditMessage(builder); + + builder.append(", Role(") + .append(role) + .append(")"); + + if(user != null) { + builder.append(", User(").append(user).append(")"); + } + if(group != null) { + builder.append(", Group(").append(group).append(")"); + } + } + + public PrivilegeChangeRequestAuditEventBuilder withUser(String user) { + this.user = user; + return this; + } + + public PrivilegeChangeRequestAuditEventBuilder withGroup(String group) { + this.group = group; + return this; + } + + public PrivilegeChangeRequestAuditEventBuilder withRole(String role) { + this.role = role; + return this; + } + } + + protected PrivilegeChangeRequestAuditEvent() { + } + + /** + * {@inheritDoc} + */ + protected PrivilegeChangeRequestAuditEvent(PrivilegeChangeRequestAuditEventBuilder builder) { + super(builder); + } + + /** + * Returns an builder for {@link PrivilegeChangeRequestAuditEvent} + * @return a builder instance + */ + public static PrivilegeChangeRequestAuditEventBuilder builder() { + return new PrivilegeChangeRequestAuditEventBuilder(); + } + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/2c6dc8b7/ambari-server/src/main/java/org/apache/ambari/server/audit/request/RemoveUserFromGroupRequestAuditEvent.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/RemoveUserFromGroupRequestAuditEvent.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/RemoveUserFromGroupRequestAuditEvent.java new file mode 100644 index 0000000..0bd977f --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/RemoveUserFromGroupRequestAuditEvent.java @@ -0,0 +1,81 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.audit.request; + +public class RemoveUserFromGroupRequestAuditEvent extends RequestAuditEvent { + + public static class AddUserToGroupRequestAuditEventBuilder extends RequestAuditEventBuilder<RemoveUserFromGroupRequestAuditEvent, AddUserToGroupRequestAuditEventBuilder> { + + private String groupName; + private String affectedUserName; + + public AddUserToGroupRequestAuditEventBuilder() { + super.withOperation("User removal from group"); + } + + @Override + protected RemoveUserFromGroupRequestAuditEvent newAuditEvent() { + return new RemoveUserFromGroupRequestAuditEvent(this); + } + + /** + * Appends to the event the details of the incoming request. + * @param builder builder for the audit event details. + */ + @Override + protected void buildAuditMessage(StringBuilder builder) { + super.buildAuditMessage(builder); + + builder.append(", Group("); + builder.append(groupName); + builder.append("), Affected username("); + builder.append(affectedUserName); + builder.append(")"); + } + + public AddUserToGroupRequestAuditEventBuilder withGroupName(String groupName) { + this.groupName = groupName; + return this; + } + + public AddUserToGroupRequestAuditEventBuilder withAffectedUserName(String userName) { + this.affectedUserName = userName; + return this; + } + } + + protected RemoveUserFromGroupRequestAuditEvent() { + } + + /** + * {@inheritDoc} + */ + protected RemoveUserFromGroupRequestAuditEvent(AddUserToGroupRequestAuditEventBuilder builder) { + super(builder); + } + + /** + * Returns an builder for {@link RemoveUserFromGroupRequestAuditEvent} + * @return a builder instance + */ + public static AddUserToGroupRequestAuditEventBuilder builder() { + return new AddUserToGroupRequestAuditEventBuilder(); + } + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/2c6dc8b7/ambari-server/src/main/java/org/apache/ambari/server/audit/request/RequestAuditEvent.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/RequestAuditEvent.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/RequestAuditEvent.java new file mode 100644 index 0000000..e3cd39d --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/RequestAuditEvent.java @@ -0,0 +1,139 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.ambari.server.audit.request; + +import org.apache.ambari.server.api.services.Request; +import org.apache.ambari.server.api.services.ResultStatus; +import org.apache.ambari.server.audit.AbstractUserAuditEvent; + +/** + * Base class for start operation audit events. + */ +public class RequestAuditEvent extends AbstractUserAuditEvent { + + public static class RequestAuditEventBuilder<T extends RequestAuditEvent, TBuilder extends RequestAuditEventBuilder<T, TBuilder>> extends AbstractUserAuditEventBuilder<T, TBuilder> { + + private Request.Type requestType; + + private ResultStatus resultStatus; + + private String url; + + private String operation; + + @Override + protected T newAuditEvent() { + return (T)new RequestAuditEvent(this); + } + + /** + * Appends to the event the details of the incoming request. + * @param builder builder for the audit event details. + */ + @Override + protected void buildAuditMessage(StringBuilder builder) { + super.buildAuditMessage(builder); + if (operation != null) { + builder + .append(", Operation(") + .append(operation) + .append(")"); + } + builder + .append(", RequestType(") + .append(requestType) + .append("), ") + .append("url(") + .append(url) + .append("), ResultStatus(") + .append(resultStatus.getStatusCode()) + .append(" ") + .append(resultStatus.getStatus()) + .append(")"); + + if (resultStatus.isErrorState()) { + builder.append(", Reason(") + .append(resultStatus.getMessage()) + .append(")"); + } + } + + /** + * Sets the request type to be added to the audit event. + * @param requestType request type to be added to the audit event. + * @return this builder + */ + public TBuilder withRequestType(Request.Type requestType) { + this.requestType = requestType; + + return (TBuilder)this; + } + + /** + * Sets the url to be added to the audit event. + * @param url url to be added to the audit event. + * @return this builder + */ + public TBuilder withUrl(String url) { + this.url = url; + + return (TBuilder)this; + } + + /** + * Sets the result status to be added to the audit event. + * @param resultStatus result status to be added to the audit event. + * @return this builder + */ + public TBuilder withResultStatus(ResultStatus resultStatus) { + this.resultStatus = resultStatus; + + return (TBuilder)this; + } + + /** + * Sets the operation to be added to the audit event. + * @param operation operation to be added to the audit event. + * @return this builder + */ + public TBuilder withOperation(String operation) { + this.operation = operation; + + return (TBuilder)this; + } + } + + protected RequestAuditEvent() { + } + + /** + * {@inheritDoc} + */ + protected RequestAuditEvent(RequestAuditEventBuilder<?,?> builder) { + super(builder); + } + + /** + * Returns an builder for {@link RequestAuditEvent} + * @return a builder instance + */ + public static RequestAuditEventBuilder<?,?> builder() { + return new RequestAuditEventBuilder(); + } + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/2c6dc8b7/ambari-server/src/main/java/org/apache/ambari/server/audit/request/RequestAuditLoggerImpl.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/RequestAuditLoggerImpl.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/RequestAuditLoggerImpl.java index adcc17b..1feb3ad 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/RequestAuditLoggerImpl.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/RequestAuditLoggerImpl.java @@ -79,7 +79,9 @@ public class RequestAuditLoggerImpl implements RequestAuditLogger { RequestAuditEventCreator creator = selectCreator(resourceType, resultStatus, requestType); if (creator != null) { AuditEvent ae = creator.createAuditEvent(request, result); - auditLogger.log(ae); + if(ae != null) { + auditLogger.log(ae); + } } } http://git-wip-us.apache.org/repos/asf/ambari/blob/2c6dc8b7/ambari-server/src/main/java/org/apache/ambari/server/audit/request/UserPasswordChangeRequestAuditEvent.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/UserPasswordChangeRequestAuditEvent.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/UserPasswordChangeRequestAuditEvent.java new file mode 100644 index 0000000..a4a53da --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/UserPasswordChangeRequestAuditEvent.java @@ -0,0 +1,75 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.audit.request; + +public class UserPasswordChangeRequestAuditEvent extends RequestAuditEvent { + + public static class UserPasswordChangeRequestAuditEventBuilder extends RequestAuditEventBuilder<UserPasswordChangeRequestAuditEvent, UserPasswordChangeRequestAuditEventBuilder> { + + private String username; + + public UserPasswordChangeRequestAuditEventBuilder() { + super.withOperation("Password change"); + } + + @Override + protected UserPasswordChangeRequestAuditEvent newAuditEvent() { + return new UserPasswordChangeRequestAuditEvent(this); + } + + /** + * Appends to the event the details of the incoming request. + * @param builder builder for the audit event details. + */ + @Override + protected void buildAuditMessage(StringBuilder builder) { + super.buildAuditMessage(builder); + + builder + .append(", Affected username(") + .append(username) + .append(")"); + } + + + public UserPasswordChangeRequestAuditEventBuilder withAffectedUsername(String username) { + this.username = username; + return this; + } + } + + protected UserPasswordChangeRequestAuditEvent() { + } + + /** + * {@inheritDoc} + */ + protected UserPasswordChangeRequestAuditEvent(UserPasswordChangeRequestAuditEventBuilder builder) { + super(builder); + } + + /** + * Returns an builder for {@link UserPasswordChangeRequestAuditEvent} + * @return a builder instance + */ + public static UserPasswordChangeRequestAuditEventBuilder builder() { + return new UserPasswordChangeRequestAuditEventBuilder(); + } + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/2c6dc8b7/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/ConfigurationChangeEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/ConfigurationChangeEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/ConfigurationChangeEventCreator.java index 94eb35d..332f386 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/ConfigurationChangeEventCreator.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/ConfigurationChangeEventCreator.java @@ -27,8 +27,7 @@ import org.apache.ambari.server.api.services.Request; import org.apache.ambari.server.api.services.Result; import org.apache.ambari.server.api.services.ResultStatus; import org.apache.ambari.server.audit.AuditEvent; -import org.apache.ambari.server.audit.ConfigurationChangeRequestAuditEvent; -import org.apache.ambari.server.audit.RequestAuditEvent; +import org.apache.ambari.server.audit.request.ConfigurationChangeRequestAuditEvent; import org.apache.ambari.server.audit.request.RequestAuditEventCreator; import org.apache.ambari.server.controller.spi.Resource; import org.joda.time.DateTime; http://git-wip-us.apache.org/repos/asf/ambari/blob/2c6dc8b7/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/DefaultEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/DefaultEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/DefaultEventCreator.java index 2059f37..78011d7 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/DefaultEventCreator.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/DefaultEventCreator.java @@ -26,7 +26,7 @@ import org.apache.ambari.server.api.services.Request; import org.apache.ambari.server.api.services.Result; import org.apache.ambari.server.api.services.ResultStatus; import org.apache.ambari.server.audit.AuditEvent; -import org.apache.ambari.server.audit.RequestAuditEvent; +import org.apache.ambari.server.audit.request.RequestAuditEvent; import org.apache.ambari.server.audit.request.RequestAuditEventCreator; import org.apache.ambari.server.controller.spi.Resource; import org.joda.time.DateTime; http://git-wip-us.apache.org/repos/asf/ambari/blob/2c6dc8b7/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/GroupEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/GroupEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/GroupEventCreator.java new file mode 100644 index 0000000..616cd4f --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/GroupEventCreator.java @@ -0,0 +1,123 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.audit.request.eventcreator; + +import java.util.Collections; +import java.util.HashSet; +import java.util.Map; +import java.util.Set; + +import org.apache.ambari.server.api.services.Request; +import org.apache.ambari.server.api.services.Result; +import org.apache.ambari.server.api.services.ResultStatus; +import org.apache.ambari.server.audit.AuditEvent; +import org.apache.ambari.server.audit.request.ActivateUserRequestAuditEvent; +import org.apache.ambari.server.audit.request.AdminUserRequestAuditEvent; +import org.apache.ambari.server.audit.request.CreateGroupRequestAuditEvent; +import org.apache.ambari.server.audit.request.CreateUserRequestAuditEvent; +import org.apache.ambari.server.audit.request.DeleteGroupRequestAuditEvent; +import org.apache.ambari.server.audit.request.DeleteUserRequestAuditEvent; +import org.apache.ambari.server.audit.request.RequestAuditEventCreator; +import org.apache.ambari.server.audit.request.UserPasswordChangeRequestAuditEvent; +import org.apache.ambari.server.controller.spi.Resource; +import org.apache.ambari.server.controller.utilities.PropertyHelper; +import org.joda.time.DateTime; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.core.userdetails.User; + +/** + * This creator handles group requests + * For resource type {@link Resource.Type#Group} + * and request types {@link Request.Type#POST} and {@link Request.Type#DELETE} + */ +public class GroupEventCreator implements RequestAuditEventCreator { + + /** + * Set of {@link Request.Type}s that are handled by this plugin + */ + private Set<Request.Type> requestTypes = new HashSet<Request.Type>(); + + { + requestTypes.add(Request.Type.POST); + requestTypes.add(Request.Type.DELETE); + } + + /** + * {@inheritDoc} + */ + @Override + public Set<Request.Type> getRequestTypes() { + return requestTypes; + } + + /** + * {@inheritDoc} + */ + @Override + public Set<Resource.Type> getResourceTypes() { + return Collections.singleton(Resource.Type.Group); + } + + /** + * {@inheritDoc} + */ + @Override + public Set<ResultStatus.STATUS> getResultStatuses() { + return null; + } + + @Override + public AuditEvent createAuditEvent(Request request, Result result) { + String username = ((User) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername(); + + switch(request.getRequestType()) { + case POST: + return CreateGroupRequestAuditEvent.builder() + .withTimestamp(DateTime.now()) + .withRequestType(request.getRequestType()) + .withResultStatus(result.getStatus()) + .withUrl(request.getURI()) + .withRemoteIp(request.getRemoteAddress()) + .withUserName(username) + .withGroupName(getGroupName(request)) + .build(); + case DELETE: + return DeleteGroupRequestAuditEvent.builder() + .withTimestamp(DateTime.now()) + .withRequestType(request.getRequestType()) + .withResultStatus(result.getStatus()) + .withUrl(request.getURI()) + .withRemoteIp(request.getRemoteAddress()) + .withUserName(username) + .withGroupName(request.getResource().getKeyValueMap().get(Resource.Type.Group)) + .build(); + default: + break; + } + return null; + } + + private String getGroupName(Request request) { + if(!request.getBody().getPropertySets().isEmpty()) { + return String.valueOf(request.getBody().getPropertySets().iterator().next().get(PropertyHelper.getPropertyId("Groups", "group_name"))); + } + return null; + } + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/2c6dc8b7/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/MemberEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/MemberEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/MemberEventCreator.java new file mode 100644 index 0000000..5b9f254 --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/MemberEventCreator.java @@ -0,0 +1,155 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.audit.request.eventcreator; + +import java.util.AbstractMap; +import java.util.Collections; +import java.util.HashSet; +import java.util.LinkedList; +import java.util.List; +import java.util.Map; +import java.util.Set; + +import org.apache.ambari.server.api.services.Request; +import org.apache.ambari.server.api.services.Result; +import org.apache.ambari.server.api.services.ResultStatus; +import org.apache.ambari.server.audit.AuditEvent; +import org.apache.ambari.server.audit.request.AddUserToGroupRequestAuditEvent; +import org.apache.ambari.server.audit.request.MembershipChangeRequestAuditEvent; +import org.apache.ambari.server.audit.request.RemoveUserFromGroupRequestAuditEvent; +import org.apache.ambari.server.audit.request.RequestAuditEventCreator; +import org.apache.ambari.server.controller.spi.Resource; +import org.apache.ambari.server.controller.utilities.PropertyHelper; +import org.joda.time.DateTime; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.core.userdetails.User; + +/** + * This creator handles member requests + * For resource type {@link Resource.Type#Member} + * and request types {@link Request.Type#POST}, {@link Request.Type#PUT} and {@link Request.Type#DELETE} + */ +public class MemberEventCreator implements RequestAuditEventCreator { + + /** + * Set of {@link Request.Type}s that are handled by this plugin + */ + private Set<Request.Type> requestTypes = new HashSet<Request.Type>(); + + { + requestTypes.add(Request.Type.PUT); + requestTypes.add(Request.Type.POST); + requestTypes.add(Request.Type.DELETE); + } + + /** + * {@inheritDoc} + */ + @Override + public Set<Request.Type> getRequestTypes() { + return requestTypes; + } + + /** + * {@inheritDoc} + */ + @Override + public Set<Resource.Type> getResourceTypes() { + return Collections.singleton(Resource.Type.Member); + } + + /** + * {@inheritDoc} + */ + @Override + public Set<ResultStatus.STATUS> getResultStatuses() { + return null; + } + + @Override + public AuditEvent createAuditEvent(Request request, Result result) { + String username = ((User) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername(); + + switch(request.getRequestType()) { + case POST: + return AddUserToGroupRequestAuditEvent.builder() + .withTimestamp(DateTime.now()) + .withRequestType(request.getRequestType()) + .withResultStatus(result.getStatus()) + .withUrl(request.getURI()) + .withRemoteIp(request.getRemoteAddress()) + .withUserName(username) + .withAffectedUserName(getUserName(request)) + .withGroupName(getGroupName(request)) + .build(); + case DELETE: + return RemoveUserFromGroupRequestAuditEvent.builder() + .withTimestamp(DateTime.now()) + .withRequestType(request.getRequestType()) + .withResultStatus(result.getStatus()) + .withUrl(request.getURI()) + .withRemoteIp(request.getRemoteAddress()) + .withUserName(username) + .withAffectedUserName(getUserName(request)) + .withGroupName(getGroupName(request)) + .build(); + case PUT: + return MembershipChangeRequestAuditEvent.builder() + .withTimestamp(DateTime.now()) + .withRequestType(request.getRequestType()) + .withResultStatus(result.getStatus()) + .withUrl(request.getURI()) + .withRemoteIp(request.getRemoteAddress()) + .withUserName(username) + .withGroupName(getGroupNameForPut(request)) + .withUserNameList(getUsers(request)) + .build(); + default: + return null; + } + } + + private List<String> getUsers(Request request) { + List<String> users = new LinkedList<String>(); + + for(Map<String, Object> propertyMap : request.getBody().getPropertySets()) { + String userName = String.valueOf(propertyMap.get(PropertyHelper.getPropertyId("MemberInfo", "user_name"))); + users.add(userName); + } + return users; + } + + private String getGroupNameForPut(Request request) { + + for(Map<String, Object> propertyMap : request.getBody().getPropertySets()) { + return String.valueOf(propertyMap.get(PropertyHelper.getPropertyId("MemberInfo", "group_name"))); + } + return null; + } + + private String getUserName(Request request) { + return request.getResource().getKeyValueMap().get(Resource.Type.Member); + } + + private String getGroupName(Request request) { + return request.getResource().getKeyValueMap().get(Resource.Type.Group); + } + + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/2c6dc8b7/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/PrivilegeEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/PrivilegeEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/PrivilegeEventCreator.java new file mode 100644 index 0000000..a786346 --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/PrivilegeEventCreator.java @@ -0,0 +1,142 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.audit.request.eventcreator; + +import java.util.Collections; +import java.util.HashMap; +import java.util.HashSet; +import java.util.LinkedList; +import java.util.List; +import java.util.Map; +import java.util.Set; + +import org.apache.ambari.server.api.services.Request; +import org.apache.ambari.server.api.services.Result; +import org.apache.ambari.server.api.services.ResultStatus; +import org.apache.ambari.server.audit.AuditEvent; +import org.apache.ambari.server.audit.request.AddUserToGroupRequestAuditEvent; +import org.apache.ambari.server.audit.request.ClusterPrivilegeChangeRequestAuditEvent; +import org.apache.ambari.server.audit.request.MembershipChangeRequestAuditEvent; +import org.apache.ambari.server.audit.request.PrivilegeChangeRequestAuditEvent; +import org.apache.ambari.server.audit.request.RemoveUserFromGroupRequestAuditEvent; +import org.apache.ambari.server.audit.request.RequestAuditEventCreator; +import org.apache.ambari.server.controller.spi.Resource; +import org.apache.ambari.server.controller.utilities.PropertyHelper; +import org.joda.time.DateTime; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.core.userdetails.User; + +/** + * This creator handles privilege requests + * For resource type {@link Resource.Type#ClusterPrivilege} + * and request types {@link Request.Type#POST}, {@link Request.Type#PUT} + */ +public class PrivilegeEventCreator implements RequestAuditEventCreator { + + /** + * Set of {@link Request.Type}s that are handled by this plugin + */ + private Set<Request.Type> requestTypes = new HashSet<Request.Type>(); + + { + requestTypes.add(Request.Type.PUT); + requestTypes.add(Request.Type.POST); + } + + /** + * {@inheritDoc} + */ + @Override + public Set<Request.Type> getRequestTypes() { + return requestTypes; + } + + /** + * {@inheritDoc} + */ + @Override + public Set<Resource.Type> getResourceTypes() { + return Collections.singleton(Resource.Type.ClusterPrivilege); + } + + /** + * {@inheritDoc} + */ + @Override + public Set<ResultStatus.STATUS> getResultStatuses() { + return null; + } + + @Override + public AuditEvent createAuditEvent(Request request, Result result) { + String username = ((User) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getUsername(); + + Map<String, List<String>> users = getEntities(request, "USER"); + Map<String, List<String>> groups = getEntities(request, "GROUP"); + + switch(request.getRequestType()) { + case PUT: + return ClusterPrivilegeChangeRequestAuditEvent.builder() + .withTimestamp(DateTime.now()) + .withRequestType(request.getRequestType()) + .withResultStatus(result.getStatus()) + .withUrl(request.getURI()) + .withRemoteIp(request.getRemoteAddress()) + .withUserName(username) + .withUsers(users) + .withGroups(groups) + .build(); + case POST: + String role = users.isEmpty() ? (groups.isEmpty() ? null : groups.keySet().iterator().next()) : users.keySet().iterator().next(); + return PrivilegeChangeRequestAuditEvent.builder() + .withTimestamp(DateTime.now()) + .withRequestType(request.getRequestType()) + .withResultStatus(result.getStatus()) + .withUrl(request.getURI()) + .withRemoteIp(request.getRemoteAddress()) + .withUserName(username) + .withRole(role) + .withGroup(groups.get(role) == null ? null : groups.get(role).get(0)) + .withUser(users.get(role) == null ? null : users.get(role).get(0)) + .withOperation((users.isEmpty() ? (groups.isEmpty() ? "" : "Group ") : "User ") + "role change") + .build(); + default: + return null; + } + } + + private Map<String, List<String>> getEntities(final Request request, final String type) { + Map<String, List<String>> entities = new HashMap<String,List<String>>(); + + for(Map<String, Object> propertyMap : request.getBody().getPropertySets()) { + String ptype = String.valueOf(propertyMap.get(PropertyHelper.getPropertyId("PrivilegeInfo", "principal_type"))); + if(type.equals(ptype)) { + String role = String.valueOf(propertyMap.get(PropertyHelper.getPropertyId("PrivilegeInfo", "permission_name"))); + String name = String.valueOf(propertyMap.get(PropertyHelper.getPropertyId("PrivilegeInfo", "principal_name"))); + if (!entities.containsKey(role)) { + entities.put(role, new LinkedList<String>()); + } + + entities.get(role).add(name); + } + } + return entities; + } + +} http://git-wip-us.apache.org/repos/asf/ambari/blob/2c6dc8b7/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/ServiceEventCreator.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/ServiceEventCreator.java b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/ServiceEventCreator.java index d8e15a74..ad0c381 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/ServiceEventCreator.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/audit/request/eventcreator/ServiceEventCreator.java @@ -38,7 +38,7 @@ import org.springframework.security.core.userdetails.User; /** * This creator handles operation requests (start, stop, install, etc) - * For resource type {@link Resource.Type#HostComponent} + * For resource type {@link Resource.Type#Service} * and request types {@link Request.Type#POST}, {@link Request.Type#PUT} and {@link Request.Type#DELETE} */ public class ServiceEventCreator implements RequestAuditEventCreator {