You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@zookeeper.apache.org by "Beibei Zhao (Jira)" <ji...@apache.org> on 2023/01/24 10:12:00 UTC

[jira] [Updated] (ZOOKEEPER-4648) Add audit log for request process result or response.

     [ https://issues.apache.org/jira/browse/ZOOKEEPER-4648?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Beibei Zhao updated ZOOKEEPER-4648:
-----------------------------------
    Priority: Trivial  (was: Major)

> Add audit log for request process result or response.
> -----------------------------------------------------
>
>                 Key: ZOOKEEPER-4648
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4648
>             Project: ZooKeeper
>          Issue Type: Improvement
>            Reporter: Beibei Zhao
>            Priority: Trivial
>              Labels: pull-request-available
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> FinalRequestProcessor addAuditLog before the process of request and make failedTxn=false. But I think failedTxn should be true if the request can not pass the checkACL and throw KeeperException or other exceptions, since the *err code* after request processing is also important for audit.
> {code:java}
> @param failedTxn whether audit is being done failed transaction for normal transaction
> public void processRequest(Request request) {
>         ......
>         Code err = Code.OK;
>         try {
>             ......
>             AuditHelper.addAuditLog(request, rc);
>             switch (request.type) {
>             ......
>             case OpCode.getAllChildrenNumber: {
>                 lastOp = "GETACN";
>                 ......
>                 zks.checkACL(
>                     request.cnxn,
>                     zks.getZKDatabase().aclForNode(n),
>                     ZooDefs.Perms.READ,
>                     request.authInfo,
>                     path,
>                     null);
>                 ......
>                 break;
>             }
>             ......
>             }
>         } catch (SessionMovedException e) {
>             ......
>         } catch (KeeperException e) {
>             err = e.code();
>         } catch (Exception e) {
>             ......
>         }
> {code}
> if the failedTxn == true or the rc.err != Code.OK, the log result will be FAILURE: 
> {code:java}
>     private static Result getResult(ProcessTxnResult rc, boolean failedTxn) {
>         if (failedTxn) {
>             return Result.FAILURE;
>         } else {
>             return rc.err == KeeperException.Code.OK.intValue() ? Result.SUCCESS : Result.FAILURE;
>         }
>     }
> {code}
> So we could add audit log after request processing and record the err code like below, the log info maybe more accurate. 
> {code:java}
>         Code err = Code.OK;
>         try { 
>              ......
>         } catch (SessionMovedException e) {
>             ......
>         } catch (KeeperException e) {
>             err = e.code();
>         } catch (Exception e) {
>             ......
>         }
>         rc.err = err.intValue();
>         AuditHelper.addAuditLog(request, rc);
> {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)