public _Callable_161(string key, string user, KMS.KMSOp op, string extraMsg) { this.key = key; this.user = user; this.op = op; this.extraMsg = extraMsg; }
private AuditEvent(string keyName, string user, KMS.KMSOp op, string msg) { this.keyName = keyName; this.user = user; this.op = op; this.extraMsg = msg; }
private void Op(KMSAudit.OpStatus opStatus, KMS.KMSOp op, string user, string key , string extraMsg) { if (!Strings.IsNullOrEmpty(user) && !Strings.IsNullOrEmpty(key) && (op != null) && AggregateOpsWhitelist.Contains(op)) { string cacheKey = CreateCacheKey(user, key, op); if (opStatus == KMSAudit.OpStatus.Unauthorized) { cache.Invalidate(cacheKey); AuditLog.Info("UNAUTHORIZED[op={}, key={}, user={}] {}", op, key, user, extraMsg); } else { try { KMSAudit.AuditEvent @event = cache.Get(cacheKey, new _Callable_161(key, user, op, extraMsg)); // Log first access (initialized as -1 so // incrementAndGet() == 0 implies first access) if (@event.GetAccessCount().IncrementAndGet() == 0) { @event.GetAccessCount().IncrementAndGet(); LogEvent(@event); } } catch (ExecutionException ex) { throw new RuntimeException(ex); } } } else { IList <string> kvs = new List <string>(); if (op != null) { kvs.AddItem("op=" + op); } if (!Strings.IsNullOrEmpty(key)) { kvs.AddItem("key=" + key); } if (!Strings.IsNullOrEmpty(user)) { kvs.AddItem("user="******"{} {}", opStatus.ToString(), extraMsg); } else { string join = Joiner.On(", ").Join(kvs); AuditLog.Info("{}[{}] {}", opStatus.ToString(), join, extraMsg); } } }
/// <exception cref="Org.Apache.Hadoop.Security.AccessControlException"/> public virtual void AssertAccess(KMSACLs.Type aclType, UserGroupInformation ugi, KMS.KMSOp operation, string key) { if (!KMSWebApp.GetACLs().HasAccess(aclType, ugi)) { KMSWebApp.GetUnauthorizedCallsMeter().Mark(); KMSWebApp.GetKMSAudit().Unauthorized(ugi, operation, key); throw new AuthorizationException(string.Format((key != null) ? UnauthorizedMsgWithKey : UnauthorizedMsgWithoutKey, ugi.GetShortUserName(), operation, key)); } }
private static string CreateCacheKey(string user, string key, KMS.KMSOp op) { return(user + "#" + key + "#" + op); }
public virtual void Unauthorized(UserGroupInformation user, KMS.KMSOp op, string key) { Op(KMSAudit.OpStatus.Unauthorized, op, user.GetShortUserName(), key, string.Empty ); }
public virtual void Ok(UserGroupInformation user, KMS.KMSOp op, string extraMsg) { Op(KMSAudit.OpStatus.Ok, op, user.GetShortUserName(), null, extraMsg); }
/// <exception cref="Org.Apache.Hadoop.Security.AccessControlException"/> private void AssertAccess(KMSACLs.Type aclType, UserGroupInformation ugi, KMS.KMSOp operation, string key) { KMSWebApp.GetACLs().AssertAccess(aclType, ugi, operation, key); }