You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@eagle.apache.org by yo...@apache.org on 2016/08/22 23:06:14 UTC
incubator-eagle git commit: EAGLE-476: outdated hbase audit log
parser make hbase audit log parser to support more use cases
Repository: incubator-eagle
Updated Branches:
refs/heads/develop a197eb027 -> 71f253c91
EAGLE-476: outdated hbase audit log parser
make hbase audit log parser to support more use cases
https://issues.apache.org/jira/browse/EAGLE-476
Author: @peterkim95 <pe...@paypal.com>
Reviewer: @yonzhang <yo...@apache.org>
Closes: #363
Project: http://git-wip-us.apache.org/repos/asf/incubator-eagle/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-eagle/commit/71f253c9
Tree: http://git-wip-us.apache.org/repos/asf/incubator-eagle/tree/71f253c9
Diff: http://git-wip-us.apache.org/repos/asf/incubator-eagle/diff/71f253c9
Branch: refs/heads/develop
Commit: 71f253c919afbcafbf2d125c56daeab6eec7abaf
Parents: a197eb0
Author: yonzhang <yo...@gmail.com>
Authored: Mon Aug 22 16:10:19 2016 -0700
Committer: yonzhang <yo...@gmail.com>
Committed: Mon Aug 22 16:10:19 2016 -0700
----------------------------------------------------------------------
.../security/hbase/HbaseAuditLogParser.java | 57 +++++++++++++++++---
1 file changed, 49 insertions(+), 8 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-eagle/blob/71f253c9/eagle-security/eagle-security-hbase-auditlog/src/main/java/org/apache/eagle/security/hbase/HbaseAuditLogParser.java
----------------------------------------------------------------------
diff --git a/eagle-security/eagle-security-hbase-auditlog/src/main/java/org/apache/eagle/security/hbase/HbaseAuditLogParser.java b/eagle-security/eagle-security-hbase-auditlog/src/main/java/org/apache/eagle/security/hbase/HbaseAuditLogParser.java
index f9b74e6..bff9c0b 100644
--- a/eagle-security/eagle-security-hbase-auditlog/src/main/java/org/apache/eagle/security/hbase/HbaseAuditLogParser.java
+++ b/eagle-security/eagle-security-hbase-auditlog/src/main/java/org/apache/eagle/security/hbase/HbaseAuditLogParser.java
@@ -18,6 +18,9 @@
package org.apache.eagle.security.hbase;
import java.io.Serializable;
+import java.util.LinkedList;
+import java.util.Arrays;
+import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
@@ -37,7 +40,7 @@ public class HbaseAuditLogParser implements Serializable {
private final static String ALLOWED = "allowed";
private final static String DENIED = "denied";
private final static Pattern loggerPattern = Pattern.compile("^([\\d\\s\\-:,]+)\\s+(\\w+)\\s+(.*)");
- private final static Pattern loggerContextPattern = Pattern.compile("\\w+:\\s*\\(user=(.*),\\s*scope=(.*),\\s*family=(.*),\\s*action=(.*)\\)");
+ private final static Pattern loggerContextPattern = Pattern.compile("\\w+:\\s*\\((.*)\\s*\\)");
private final static Pattern allowedPattern = Pattern.compile(ALLOWED);
@@ -75,13 +78,53 @@ public class HbaseAuditLogParser implements Serializable {
} catch (Exception e) {
context = "";
}
- Matcher contextMatcher = loggerContextPattern.matcher(context);
+
+ Matcher contextMatcher = loggerContextPattern.matcher(context.replaceAll("\\s+",""));
if(contextMatcher.find()) {
- user = contextMatcher.group(1);
- scope = contextMatcher.group(2);
- family = contextMatcher.group(3);
- action = contextMatcher.group(4);
+ boolean paramsOpen = false;
+
+ List<String> kvs = new LinkedList<String>(Arrays.asList(contextMatcher.group(1).split(",")));
+
+ while (!kvs.isEmpty()) {
+ String kv = kvs.get(0);
+
+ if (kv.split("=").length < 2) {
+ kvs.remove(0);
+ continue;
+ }
+
+ String k = kv.split("=")[0];
+ String v = kv.split("=")[1];
+
+ if (paramsOpen && kv.substring(kv.length() - 1).equals("]")) {
+ paramsOpen = false;
+ v = v.substring(0, v.length() - 1);
+ }
+
+ switch (k) {
+ case "user":
+ user = v;
+ break;
+ case "scope":
+ scope = v;
+ break;
+ case "family":
+ family = v;
+ break;
+ case "action":
+ action = v;
+ break;
+ case "params":
+ kvs.add(v.substring(1) + "=" + kv.split("=")[2]);
+ paramsOpen = true;
+ break;
+ default: break;
+ }
+
+ kvs.remove(0);
+ }
}
+
if(StringUtils.isNotEmpty(family)) {
if(!scope.contains(":")) scope = "default:" + scope;
scope = String.format("%s:%s", scope, family);
@@ -103,5 +146,3 @@ public class HbaseAuditLogParser implements Serializable {
}
}
-
-