You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by ps...@apache.org on 2019/08/06 09:44:22 UTC

[hbase] branch branch-2.1 updated: HBASE-22759 Extended grant and revoke audit events with caller info - ADDENDUM

This is an automated email from the ASF dual-hosted git repository.

psomogyi pushed a commit to branch branch-2.1
in repository https://gitbox.apache.org/repos/asf/hbase.git


The following commit(s) were added to refs/heads/branch-2.1 by this push:
     new 9a6494f  HBASE-22759 Extended grant and revoke audit events with caller info - ADDENDUM
9a6494f is described below

commit 9a6494f02f28b635ad4150122903d1d6e1f4ef00
Author: Andor Molnár <an...@cloudera.com>
AuthorDate: Tue Aug 6 11:44:13 2019 +0200

    HBASE-22759 Extended grant and revoke audit events with caller info - ADDENDUM
    
    Added remote address to grant/revoke audit log messages
---
 .../org/apache/hadoop/hbase/security/access/AccessController.java  | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
index 082f112..e7d2aae 100644
--- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
+++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java
@@ -23,6 +23,7 @@ import com.google.protobuf.RpcCallback;
 import com.google.protobuf.RpcController;
 import com.google.protobuf.Service;
 import java.io.IOException;
+import java.net.InetAddress;
 import java.security.PrivilegedExceptionAction;
 import java.util.ArrayList;
 import java.util.Collection;
@@ -2072,7 +2073,8 @@ public class AccessController implements MasterCoprocessor, RegionCoprocessor,
 
         if (AUDITLOG.isTraceEnabled()) {
           // audit log should store permission changes in addition to auth results
-          AUDITLOG.trace("User {} granted permission {}", caller, perm);
+          String remoteAddress = RpcServer.getRemoteAddress().map(InetAddress::toString).orElse("");
+          AUDITLOG.trace("User {} (remote address: {}) granted permission {}", caller, remoteAddress, perm);
         }
       } else {
         throw new CoprocessorException(AccessController.class, "This method "
@@ -2129,7 +2131,8 @@ public class AccessController implements MasterCoprocessor, RegionCoprocessor,
 
         if (AUDITLOG.isTraceEnabled()) {
           // audit log should record all permission changes
-          AUDITLOG.trace("User {} revoked permission {}", caller, perm);
+          String remoteAddress = RpcServer.getRemoteAddress().map(InetAddress::toString).orElse("");
+          AUDITLOG.trace("User {} (remote address: {}) revoked permission {}", caller, remoteAddress, perm);
         }
       } else {
         throw new CoprocessorException(AccessController.class, "This method "