You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@zookeeper.apache.org by "Beibei Zhao (Jira)" <ji...@apache.org> on 2023/01/24 10:12:00 UTC
[jira] [Updated] (ZOOKEEPER-4648) Add audit log for request process result or response.
[ https://issues.apache.org/jira/browse/ZOOKEEPER-4648?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Beibei Zhao updated ZOOKEEPER-4648:
-----------------------------------
Priority: Trivial (was: Major)
> Add audit log for request process result or response.
> -----------------------------------------------------
>
> Key: ZOOKEEPER-4648
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4648
> Project: ZooKeeper
> Issue Type: Improvement
> Reporter: Beibei Zhao
> Priority: Trivial
> Labels: pull-request-available
> Time Spent: 20m
> Remaining Estimate: 0h
>
> FinalRequestProcessor addAuditLog before the process of request and make failedTxn=false. But I think failedTxn should be true if the request can not pass the checkACL and throw KeeperException or other exceptions, since the *err code* after request processing is also important for audit.
> {code:java}
> @param failedTxn whether audit is being done failed transaction for normal transaction
> public void processRequest(Request request) {
> ......
> Code err = Code.OK;
> try {
> ......
> AuditHelper.addAuditLog(request, rc);
> switch (request.type) {
> ......
> case OpCode.getAllChildrenNumber: {
> lastOp = "GETACN";
> ......
> zks.checkACL(
> request.cnxn,
> zks.getZKDatabase().aclForNode(n),
> ZooDefs.Perms.READ,
> request.authInfo,
> path,
> null);
> ......
> break;
> }
> ......
> }
> } catch (SessionMovedException e) {
> ......
> } catch (KeeperException e) {
> err = e.code();
> } catch (Exception e) {
> ......
> }
> {code}
> if the failedTxn == true or the rc.err != Code.OK, the log result will be FAILURE:
> {code:java}
> private static Result getResult(ProcessTxnResult rc, boolean failedTxn) {
> if (failedTxn) {
> return Result.FAILURE;
> } else {
> return rc.err == KeeperException.Code.OK.intValue() ? Result.SUCCESS : Result.FAILURE;
> }
> }
> {code}
> So we could add audit log after request processing and record the err code like below, the log info maybe more accurate.
> {code:java}
> Code err = Code.OK;
> try {
> ......
> } catch (SessionMovedException e) {
> ......
> } catch (KeeperException e) {
> err = e.code();
> } catch (Exception e) {
> ......
> }
> rc.err = err.intValue();
> AuditHelper.addAuditLog(request, rc);
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)