[impala] 02/03: IMPALA-10401: Enable Ranger audit logs to log4j

[bo...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

boroknagyz pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/impala.git

commit 986e236939256349474528d9ec48e5cb4ced34e6
Author: stiga-huang <hu...@gmail.com>
AuthorDate: Mon May 10 17:04:52 2021 +0800

    IMPALA-10401: Enable Ranger audit logs to log4j
    
    This patch enables audit logging to log4j for Ranger plugins, which
    provides us with more info in debugging flaky test failures. The audits
    are logged by Log4JAuditDestination. Each line shows which policy takes
    effect and whether the access is allowed.
    
    For FE tests, the log file is in logs/fe_tests/FeSupport.INFO. For e2e
    and custom cluster tests, the audits are logged in log files of
    processes that have ranger plugins (e.g. catalogd, cooridnator).
    
    Tests:
     - Manually verify the audit logs exist.
    
    Change-Id: I9e6850882594f31dc2250fe205fa6cad26a30571
    Reviewed-on: http://gerrit.cloudera.org:8080/17416
    Reviewed-by: Impala Public Jenkins <im...@cloudera.com>
    Tested-by: Impala Public Jenkins <im...@cloudera.com>
---
 fe/src/test/resources/ranger-hive-audit.xml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/fe/src/test/resources/ranger-hive-audit.xml b/fe/src/test/resources/ranger-hive-audit.xml
index 84b0369..28121a7 100644
--- a/fe/src/test/resources/ranger-hive-audit.xml
+++ b/fe/src/test/resources/ranger-hive-audit.xml
@@ -18,7 +18,11 @@
 <configuration>
   <property>
     <name>xasecure.audit.is.enabled</name>
-    <value>false</value>
+    <value>true</value>
+  </property>
+  <property>
+    <name>xasecure.audit.destination.log4j</name>
+    <value>true</value>
   </property>
   <property>
     <name>ranger.plugin.hive.access.cluster.name</name>