Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dp auditlog cdap 20852 tms m2 #15727

Draft
wants to merge 8 commits into
base: develop
Choose a base branch
from
Draft

Dp auditlog cdap 20852 tms m2 #15727

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
c052867
Adding AuditLoggerSpi for ext.
sahusanket Oct 22, 2024
1b07333
Adding audit logging service and bindings for AF.
sahusanket Oct 22, 2024
c4b6ef1
Adding LOG WRITER interface and binding it on every pod in auth chann…
sahusanket Oct 22, 2024
4e58000
Adding audit log subscriber to tms topic
sahusanket Oct 23, 2024
2022069
Removing AuditLogPublisherService references
sahusanket Oct 23, 2024
eee5244
Cleaning up.
sahusanket Oct 24, 2024
9eab572
Fixing unit tests
sahusanket Oct 24, 2024
eb0d4b5
Adding NO OP imp in twill runnables for test
sahusanket Oct 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 16 additions & 2 deletions ...st/java/io/cdap/cdap/internal/app/runtime/distributed/ProgramTwillRunnableModuleTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,9 +16,11 @@

package io.cdap.cdap.internal.app.runtime.distributed;

import com.google.inject.AbstractModule;
import com.google.inject.Guice;
import com.google.inject.Injector;
import com.google.inject.Module;
import io.cdap.cdap.api.auditlogging.AuditLogWriter;
import io.cdap.cdap.app.guice.ClusterMode;
import io.cdap.cdap.app.runtime.ProgramOptions;
import io.cdap.cdap.app.runtime.ProgramStateWriter;
Expand Down Expand Up @@ -100,7 +102,7 @@ protected ServiceAnnouncer getServiceAnnouncer() {
}
}.createModule(CConfiguration.create(), new Configuration(),
createProgramOptions(programRunId), programRunId);
Injector injector = Guice.createInjector(module);
Injector injector = Guice.createInjector(module, getAuditLogNoOpModule());
injector.getInstance(ServiceProgramRunner.class);
injector.getInstance(ProgramStateWriter.class);
}
Expand Down Expand Up @@ -151,7 +153,10 @@ protected ServiceAnnouncer getServiceAnnouncer() {
}
}.createModule(CConfiguration.create(), new Configuration(),
createProgramOptions(programRunId), programRunId);
Injector injector = Guice.createInjector(module);



Injector injector = Guice.createInjector(module,getAuditLogNoOpModule());
injector.getInstance(SparkProgramRunner.class);
injector.getInstance(ProgramStateWriter.class);

Expand All @@ -177,4 +182,13 @@ private ProgramOptions createProgramOptions(ProgramRunId programRunId) {

return new SimpleProgramOptions(programRunId.getParent(), new BasicArguments(systemArgs), new BasicArguments());
}

private Module getAuditLogNoOpModule(){
return new AbstractModule() {
@Override
protected void configure() {
bind(AuditLogWriter.class).toInstance(auditLogContexts -> {});
}
};
}
}
3 changes: 3 additions & 0 deletions cdap-app-fabric/src/main/java/io/cdap/cdap/app/preview/DefaultPreviewRunnerManager.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@
import com.google.inject.Scopes;
import com.google.inject.name.Named;
import com.google.inject.util.Modules;
import io.cdap.cdap.api.auditlogging.AuditLogWriter;
import io.cdap.cdap.api.security.store.SecureStore;
import io.cdap.cdap.app.guice.ProgramRunnerRuntimeModule;
import io.cdap.cdap.common.NotFoundException;
Expand Down Expand Up @@ -54,6 +55,7 @@
import io.cdap.cdap.metadata.MetadataReaderWriterModules;
import io.cdap.cdap.metrics.guice.MetricsClientRuntimeModule;
import io.cdap.cdap.proto.id.ApplicationId;
import io.cdap.cdap.security.auth.MessagingAuditLogWriter;
import io.cdap.cdap.security.auth.context.AuthenticationContextModules;
import io.cdap.cdap.security.guice.CoreSecurityRuntimeModule;
import io.cdap.cdap.security.guice.preview.PreviewSecureStoreModule;
Expand Down Expand Up @@ -207,6 +209,7 @@ protected void configure() {
new AbstractModule() {
@Override
protected void configure() {
bind(AuditLogWriter.class).to(MessagingAuditLogWriter.class).in(Scopes.SINGLETON);
}

@Provides
Expand Down
3 changes: 3 additions & 0 deletions cdap-app-fabric/src/main/java/io/cdap/cdap/internal/app/preview/DefaultPreviewManager.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@
import com.google.inject.name.Names;
import com.google.inject.util.Modules;
import io.cdap.cdap.api.annotation.Name;
import io.cdap.cdap.api.auditlogging.AuditLogWriter;
import io.cdap.cdap.api.metrics.MetricsCollectionService;
import io.cdap.cdap.api.security.AccessException;
import io.cdap.cdap.app.preview.PreviewConfigModule;
Expand Down Expand Up @@ -90,6 +91,7 @@
import io.cdap.cdap.proto.id.ProgramId;
import io.cdap.cdap.proto.id.ProgramRunId;
import io.cdap.cdap.proto.security.ApplicationPermission;
import io.cdap.cdap.security.auth.MessagingAuditLogWriter;
import io.cdap.cdap.security.auth.context.AuthenticationContextModules;
import io.cdap.cdap.security.authorization.AccessControllerInstantiator;
import io.cdap.cdap.security.authorization.DefaultContextAccessEnforcer;
Expand Down Expand Up @@ -388,6 +390,7 @@ protected void configure() {
bind(LevelDBTableService.class).toInstance(previewLevelDBTableService);
bind(RemoteExecutionLogProcessor.class).to(LogAppenderLogProcessor.class)
.in(Scopes.SINGLETON);
bind(AuditLogWriter.class).to(MessagingAuditLogWriter.class).in(Scopes.SINGLETON);
}

@Provides
Expand Down
5 changes: 4 additions & 1 deletion ...pp-fabric/src/main/java/io/cdap/cdap/internal/app/preview/PreviewRunnerTwillRunnable.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@
import com.google.inject.Module;
import com.google.inject.Scopes;
import com.google.inject.assistedinject.FactoryModuleBuilder;
import io.cdap.cdap.api.auditlogging.AuditLogWriter;
import io.cdap.cdap.api.common.Bytes;
import io.cdap.cdap.app.deploy.Configurator;
import io.cdap.cdap.app.preview.PreviewConfigModule;
Expand Down Expand Up @@ -68,6 +69,7 @@
import io.cdap.cdap.master.spi.twill.ExtendedTwillContext;
import io.cdap.cdap.messaging.guice.MessagingServiceModule;
import io.cdap.cdap.proto.id.NamespaceId;
import io.cdap.cdap.security.auth.MessagingAuditLogWriter;
import io.cdap.cdap.security.auth.context.AuthenticationContextModules;
import io.cdap.cdap.security.authorization.AuthorizationEnforcementModule;
import io.cdap.cdap.security.guice.SecureStoreClientModule;
Expand All @@ -94,7 +96,7 @@
/**
* The {@link TwillRunnable} for running {@link PreviewRunner}.
*/
public class PreviewRunnerTwillRunnable extends AbstractTwillRunnable {
public class PreviewRunnerTwillRunnable extends AbstractTwillRunnable {

private static final Logger LOG = LoggerFactory.getLogger(PreviewRunnerTwillRunnable.class);

Expand Down Expand Up @@ -267,6 +269,7 @@ protected void configure() {
bind(ArtifactLocalizerClient.class).in(Scopes.SINGLETON);
// Preview runner pods should not have any elevated privileges, so use the current UGI.
bind(UGIProvider.class).to(CurrentUGIProvider.class);
bind(AuditLogWriter.class).to(MessagingAuditLogWriter.class).in(Scopes.SINGLETON);
}
});

Expand Down
58 changes: 32 additions & 26 deletions cdap-app-fabric/src/main/java/io/cdap/cdap/internal/app/services/AppFabricServer.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@
import io.cdap.cdap.internal.sysapp.SystemAppManagementService;
import io.cdap.cdap.proto.id.NamespaceId;
import io.cdap.cdap.scheduler.CoreSchedulerService;
import io.cdap.cdap.security.auth.AuditLogSubscriberService;
import io.cdap.cdap.sourcecontrol.RepositoryCleanupService;
import io.cdap.cdap.sourcecontrol.operationrunner.SourceControlOperationRunner;
import io.cdap.cdap.spi.data.transaction.TransactionRunner;
Expand Down Expand Up @@ -80,6 +81,7 @@ public class AppFabricServer extends AbstractIdleService {
private final ApplicationLifecycleService applicationLifecycleService;
private final Set<String> servicesNames;
private final Set<String> handlerHookNames;
private final AuditLogSubscriberService auditLogSubscriberService;
private final ProgramNotificationSubscriberService programNotificationSubscriberService;
private final ProgramStopSubscriberService programStopSubscriberService;
private final RunRecordCorrectorService runRecordCorrectorService;
Expand Down Expand Up @@ -110,31 +112,32 @@ public class AppFabricServer extends AbstractIdleService {
*/
@Inject
public AppFabricServer(CConfiguration cConf, SConfiguration sConf,
DiscoveryService discoveryService,
@Named(Constants.Service.MASTER_SERVICES_BIND_ADDRESS) InetAddress hostname,
@Named(Constants.AppFabric.HANDLERS_BINDING) Set<HttpHandler> handlers,
@Nullable MetricsCollectionService metricsCollectionService,
ProgramRuntimeService programRuntimeService,
RunRecordCorrectorService runRecordCorrectorService,
ProgramRunStatusMonitorService programRunStatusMonitorService,
ApplicationLifecycleService applicationLifecycleService,
ProgramNotificationSubscriberService programNotificationSubscriberService,
ProgramStopSubscriberService programStopSubscriberService,
@Named("appfabric.services.names") Set<String> servicesNames,
@Named("appfabric.handler.hooks") Set<String> handlerHookNames,
CoreSchedulerService coreSchedulerService,
CredentialProviderService credentialProviderService,
NamespaceCredentialProviderService namespaceCredentialProviderService,
ProvisioningService provisioningService,
BootstrapService bootstrapService,
SystemAppManagementService systemAppManagementService,
TransactionRunner transactionRunner,
RunRecordMonitorService runRecordCounterService,
CommonNettyHttpServiceFactory commonNettyHttpServiceFactory,
RunDataTimeToLiveService runDataTimeToLiveService,
SourceControlOperationRunner sourceControlOperationRunner,
RepositoryCleanupService repositoryCleanupService,
OperationNotificationSubscriberService operationNotificationSubscriberService) {
DiscoveryService discoveryService,
@Named(Constants.Service.MASTER_SERVICES_BIND_ADDRESS) InetAddress hostname,
@Named(Constants.AppFabric.HANDLERS_BINDING) Set<HttpHandler> handlers,
@Nullable MetricsCollectionService metricsCollectionService,
ProgramRuntimeService programRuntimeService,
RunRecordCorrectorService runRecordCorrectorService,
ProgramRunStatusMonitorService programRunStatusMonitorService,
ApplicationLifecycleService applicationLifecycleService,
ProgramNotificationSubscriberService programNotificationSubscriberService,
ProgramStopSubscriberService programStopSubscriberService,
@Named("appfabric.services.names") Set<String> servicesNames,
@Named("appfabric.handler.hooks") Set<String> handlerHookNames,
AuditLogSubscriberService auditLogSubscriberService,
CoreSchedulerService coreSchedulerService,
CredentialProviderService credentialProviderService,
NamespaceCredentialProviderService namespaceCredentialProviderService,
ProvisioningService provisioningService,
BootstrapService bootstrapService,
SystemAppManagementService systemAppManagementService,
TransactionRunner transactionRunner,
RunRecordMonitorService runRecordCounterService,
CommonNettyHttpServiceFactory commonNettyHttpServiceFactory,
RunDataTimeToLiveService runDataTimeToLiveService,
SourceControlOperationRunner sourceControlOperationRunner,
RepositoryCleanupService repositoryCleanupService,
OperationNotificationSubscriberService operationNotificationSubscriberService) {
this.hostname = hostname;
this.discoveryService = discoveryService;
this.handlers = handlers;
Expand All @@ -150,6 +153,7 @@ public AppFabricServer(CConfiguration cConf, SConfiguration sConf,
this.runRecordCorrectorService = runRecordCorrectorService;
this.programRunStatusMonitorService = programRunStatusMonitorService;
this.sslEnabled = cConf.getBoolean(Constants.Security.SSL.INTERNAL_ENABLED);
this.auditLogSubscriberService = auditLogSubscriberService;
this.coreSchedulerService = coreSchedulerService;
this.credentialProviderService = credentialProviderService;
this.namespaceCredentialProviderService = namespaceCredentialProviderService;
Expand Down Expand Up @@ -194,7 +198,8 @@ protected void startUp() throws Exception {
runDataTimeToLiveService.start(),
sourceControlOperationRunner.start(),
repositoryCleanupService.start(),
operationNotificationSubscriberService.start()
operationNotificationSubscriberService.start(),
auditLogSubscriberService.start()
));
Futures.allAsList(futuresList).get();

Expand Down Expand Up @@ -256,6 +261,7 @@ protected void shutDown() throws Exception {
credentialProviderService.stopAndWait();
namespaceCredentialProviderService.stopAndWait();
operationNotificationSubscriberService.stopAndWait();
auditLogSubscriberService.stopAndWait();
}

private Cancellable startHttpService(NettyHttpService httpService) throws Exception {
Expand Down
4 changes: 4 additions & 0 deletions cdap-app-fabric/src/main/java/io/cdap/cdap/internal/app/worker/TaskWorkerTwillRunnable.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,8 @@
import com.google.inject.Guice;
import com.google.inject.Injector;
import com.google.inject.Module;
import com.google.inject.Scopes;
import io.cdap.cdap.api.auditlogging.AuditLogWriter;
import io.cdap.cdap.api.metrics.MetricsCollectionService;
import io.cdap.cdap.common.conf.CConfiguration;
import io.cdap.cdap.common.conf.Constants;
Expand All @@ -47,6 +49,7 @@
import io.cdap.cdap.messaging.guice.MessagingServiceModule;
import io.cdap.cdap.metrics.guice.MetricsClientRuntimeModule;
import io.cdap.cdap.proto.id.NamespaceId;
import io.cdap.cdap.security.auth.MessagingAuditLogWriter;
import io.cdap.cdap.security.auth.context.AuthenticationContextModules;
import io.cdap.cdap.security.guice.CoreSecurityModule;
import io.cdap.cdap.security.guice.CoreSecurityRuntimeModule;
Expand Down Expand Up @@ -115,6 +118,7 @@ protected void configure() {
bind(DiscoveryServiceClient.class)
.toProvider(
new SupplierProviderBridge<>(masterEnv.getDiscoveryServiceClientSupplier()));
bind(AuditLogWriter.class).to(MessagingAuditLogWriter.class).in(Scopes.SINGLETON);
}
});
modules.add(new RemoteLogAppenderModule());
Expand Down
4 changes: 4 additions & 0 deletions ...rc/main/java/io/cdap/cdap/internal/app/worker/sidecar/ArtifactLocalizerTwillRunnable.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,8 @@
import com.google.inject.Guice;
import com.google.inject.Injector;
import com.google.inject.Module;
import com.google.inject.Scopes;
import io.cdap.cdap.api.auditlogging.AuditLogWriter;
import io.cdap.cdap.api.feature.FeatureFlagsProvider;
import io.cdap.cdap.app.guice.DistributedArtifactManagerModule;
import io.cdap.cdap.common.conf.CConfiguration;
Expand All @@ -51,6 +53,7 @@
import io.cdap.cdap.messaging.guice.MessagingServiceModule;
import io.cdap.cdap.metrics.guice.MetricsClientRuntimeModule;
import io.cdap.cdap.proto.id.NamespaceId;
import io.cdap.cdap.security.auth.MessagingAuditLogWriter;
import io.cdap.cdap.security.auth.TokenManager;
import io.cdap.cdap.security.auth.context.AuthenticationContextModules;
import io.cdap.cdap.security.guice.CoreSecurityModule;
Expand Down Expand Up @@ -133,6 +136,7 @@ protected void configure() {
bind(DiscoveryServiceClient.class)
.toProvider(
new SupplierProviderBridge<>(masterEnv.getDiscoveryServiceClientSupplier()));
bind(AuditLogWriter.class).to(MessagingAuditLogWriter.class).in(Scopes.SINGLETON);
}
});
modules.add(new RemoteLogAppenderModule());
Expand Down
3 changes: 3 additions & 0 deletions ...bric/src/main/java/io/cdap/cdap/internal/app/worker/system/SystemWorkerTwillRunnable.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@
import com.google.inject.multibindings.OptionalBinder;
import com.google.inject.util.Modules;
import io.cdap.cdap.api.artifact.ArtifactManager;
import io.cdap.cdap.api.auditlogging.AuditLogWriter;
import io.cdap.cdap.api.metrics.MetricsCollectionService;
import io.cdap.cdap.app.guice.AppFabricServiceRuntimeModule;
import io.cdap.cdap.app.guice.AuthorizationModule;
Expand Down Expand Up @@ -82,6 +83,7 @@
import io.cdap.cdap.metrics.guice.MetricsClientRuntimeModule;
import io.cdap.cdap.proto.id.NamespaceId;
import io.cdap.cdap.security.auth.KeyManager;
import io.cdap.cdap.security.auth.MessagingAuditLogWriter;
import io.cdap.cdap.security.auth.context.AuthenticationContextModules;
import io.cdap.cdap.security.authorization.AuthorizationEnforcementModule;
import io.cdap.cdap.security.guice.CoreSecurityModule;
Expand Down Expand Up @@ -189,6 +191,7 @@ protected void configure() {
protected void configure() {
bind(MetadataPublisher.class).to(MessagingMetadataPublisher.class);
bind(MetadataServiceClient.class).to(DefaultMetadataServiceClient.class);
bind(AuditLogWriter.class).to(MessagingAuditLogWriter.class).in(Scopes.SINGLETON);
}
}
));
Expand Down
9 changes: 9 additions & 0 deletions cdap-app-fabric/src/main/java/io/cdap/cdap/master/environment/k8s/AbstractServiceMain.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,8 @@
import com.google.inject.Injector;
import com.google.inject.Key;
import com.google.inject.Module;
import com.google.inject.Scopes;
import io.cdap.cdap.api.auditlogging.AuditLogWriter;
import io.cdap.cdap.api.metrics.MetricsCollectionService;
import io.cdap.cdap.app.preview.PreviewConfigModule;
import io.cdap.cdap.common.app.MainClassLoader;
Expand Down Expand Up @@ -53,6 +55,7 @@
import io.cdap.cdap.master.spi.environment.MasterEnvironment;
import io.cdap.cdap.master.spi.environment.MasterEnvironmentContext;
import io.cdap.cdap.metrics.guice.MetricsClientRuntimeModule;
import io.cdap.cdap.security.auth.MessagingAuditLogWriter;
import io.cdap.cdap.security.auth.TokenManager;
import io.cdap.cdap.security.auth.context.AuthenticationContextModules;
import io.cdap.cdap.security.guice.CoreSecurityModule;
Expand Down Expand Up @@ -178,6 +181,12 @@ protected void configure() {
new SupplierProviderBridge<>(masterEnv.getDiscoveryServiceClientSupplier()));
}
});
modules.add(new AbstractModule() {
@Override
protected void configure() {
bind(AuditLogWriter.class).to(MessagingAuditLogWriter.class).in(Scopes.SINGLETON);
}
});
modules.add(getLogAppenderModule());

CoreSecurityModule coreSecurityModule = CoreSecurityRuntimeModule.getDistributedModule(cConf);
Expand Down
Loading
Loading