You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@eagle.apache.org by yo...@apache.org on 2016/08/22 23:06:14 UTC

incubator-eagle git commit: EAGLE-476: outdated hbase audit log parser make hbase audit log parser to support more use cases

Repository: incubator-eagle
Updated Branches:
  refs/heads/develop a197eb027 -> 71f253c91


EAGLE-476: outdated hbase audit log parser
    make hbase audit log parser to support more use cases

    https://issues.apache.org/jira/browse/EAGLE-476

    Author: @peterkim95 <pe...@paypal.com>
    Reviewer: @yonzhang <yo...@apache.org>

    Closes: #363


Project: http://git-wip-us.apache.org/repos/asf/incubator-eagle/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-eagle/commit/71f253c9
Tree: http://git-wip-us.apache.org/repos/asf/incubator-eagle/tree/71f253c9
Diff: http://git-wip-us.apache.org/repos/asf/incubator-eagle/diff/71f253c9

Branch: refs/heads/develop
Commit: 71f253c919afbcafbf2d125c56daeab6eec7abaf
Parents: a197eb0
Author: yonzhang <yo...@gmail.com>
Authored: Mon Aug 22 16:10:19 2016 -0700
Committer: yonzhang <yo...@gmail.com>
Committed: Mon Aug 22 16:10:19 2016 -0700

----------------------------------------------------------------------
 .../security/hbase/HbaseAuditLogParser.java     | 57 +++++++++++++++++---
 1 file changed, 49 insertions(+), 8 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-eagle/blob/71f253c9/eagle-security/eagle-security-hbase-auditlog/src/main/java/org/apache/eagle/security/hbase/HbaseAuditLogParser.java
----------------------------------------------------------------------
diff --git a/eagle-security/eagle-security-hbase-auditlog/src/main/java/org/apache/eagle/security/hbase/HbaseAuditLogParser.java b/eagle-security/eagle-security-hbase-auditlog/src/main/java/org/apache/eagle/security/hbase/HbaseAuditLogParser.java
index f9b74e6..bff9c0b 100644
--- a/eagle-security/eagle-security-hbase-auditlog/src/main/java/org/apache/eagle/security/hbase/HbaseAuditLogParser.java
+++ b/eagle-security/eagle-security-hbase-auditlog/src/main/java/org/apache/eagle/security/hbase/HbaseAuditLogParser.java
@@ -18,6 +18,9 @@
 package org.apache.eagle.security.hbase;
 
 import java.io.Serializable;
+import java.util.LinkedList;
+import java.util.Arrays;
+import java.util.List;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
@@ -37,7 +40,7 @@ public class HbaseAuditLogParser implements Serializable {
     private final static String ALLOWED = "allowed";
     private final static String DENIED = "denied";
     private final static Pattern loggerPattern = Pattern.compile("^([\\d\\s\\-:,]+)\\s+(\\w+)\\s+(.*)");
-    private final static Pattern loggerContextPattern = Pattern.compile("\\w+:\\s*\\(user=(.*),\\s*scope=(.*),\\s*family=(.*),\\s*action=(.*)\\)");
+    private final static Pattern loggerContextPattern = Pattern.compile("\\w+:\\s*\\((.*)\\s*\\)");
     private final static Pattern allowedPattern = Pattern.compile(ALLOWED);
 
 
@@ -75,13 +78,53 @@ public class HbaseAuditLogParser implements Serializable {
                 } catch (Exception e) {
                     context = "";
                 }
-                Matcher contextMatcher = loggerContextPattern.matcher(context);
+
+                Matcher contextMatcher = loggerContextPattern.matcher(context.replaceAll("\\s+",""));
                 if(contextMatcher.find()) {
-                    user = contextMatcher.group(1);
-                    scope = contextMatcher.group(2);
-                    family = contextMatcher.group(3);
-                    action = contextMatcher.group(4);
+                    boolean paramsOpen = false;
+
+                    List<String> kvs = new LinkedList<String>(Arrays.asList(contextMatcher.group(1).split(",")));
+
+                    while (!kvs.isEmpty()) {
+                        String kv = kvs.get(0);
+
+                        if (kv.split("=").length < 2) {
+                            kvs.remove(0);
+                            continue;
+                        }
+
+                        String k = kv.split("=")[0];
+                        String v = kv.split("=")[1];
+
+                        if (paramsOpen && kv.substring(kv.length() - 1).equals("]")) {
+                            paramsOpen = false;
+                            v = v.substring(0, v.length() - 1);
+                        }
+
+                        switch (k) {
+                            case "user":
+                                user = v;
+                                break;
+                            case "scope":
+                                scope = v;
+                                break;
+                            case "family":
+                                family = v;
+                                break;
+                            case "action":
+                                action = v;
+                                break;
+                            case "params":
+                                kvs.add(v.substring(1) + "=" + kv.split("=")[2]);
+                                paramsOpen = true;
+                                break;
+                            default: break;
+                        }
+
+                        kvs.remove(0);
+                    }
                 }
+
                 if(StringUtils.isNotEmpty(family)) {
                     if(!scope.contains(":")) scope = "default:" + scope;
                     scope = String.format("%s:%s", scope, family);
@@ -103,5 +146,3 @@ public class HbaseAuditLogParser implements Serializable {
     }
 }
 
-
-