ZOOKEEPER-1260:Audit logging in ZooKeeper servers. #1105
Conversation
eolivelli
left a comment
eolivelli
left a comment
There was a problem hiding this comment.
Very interesting and useful.
I left a few comments, please take a look
|
|
||
| public class ZKUtil { | ||
| private static final Logger LOG = LoggerFactory.getLogger(ZKUtil.class); | ||
| private static final Map<Integer, String> permCache = new HashMap<Integer, String>(); |
|
|
||
| ## ZooKeeper Audit Logs | ||
|
|
||
| Apache ZooKeeper supports audit logs form version 3.5.7. By default audit logs are disabled. To enable audit logs configure audit.enable=true in conf/zoo.cfg. Audit logs are not logged on all the ZooKeeper servers, but logged only on the servers where client is connected as depicted in below figure. |
There was a problem hiding this comment.
Typo: form -> from.
I think we should say 3.6.0
There was a problem hiding this comment.
This PR I have raised for branch-3.5. After commit I will raise PR for master branch that time I will change this to 3.6.0. Branch releases are independent. I think this way we can be bit more accurate. In last PR was discussed but on second thought this would be the better way.
are you ok with 3.5.7 for branch-5 and 3.6..0 for master?
There was a problem hiding this comment.
corrected typo
|
|
||
| public String getUserName() { | ||
| if (principal == null || principal.isEmpty()) { | ||
| return System.getProperty("user.name", "<NA>"); |
There was a problem hiding this comment.
You can sample the value as a static variable. You will save an access to the system properties map
| * @return string representation of permissions | ||
| */ | ||
| public static String getPermString(int perms) { | ||
| String permString = permCache.get(perms); |
There was a problem hiding this comment.
what about using computeIfAbsent?
| */ | ||
| package org.apache.zookeeper.audit; | ||
|
|
||
| public class AuditConstants { |
There was a problem hiding this comment.
final
Please also add a private constructor
| } | ||
|
|
||
| private String getACLs(Request request) { | ||
| ByteBuffer reqData = request.request.duplicate(); |
There was a problem hiding this comment.
good point, done
| String address = null; | ||
| String acls = null; | ||
| String createMode = null; | ||
| ByteBuffer reqData = request.request.duplicate(); |
| */ | ||
| static final ByteBuffer closeConn = ByteBuffer.allocate(0); | ||
|
|
||
| private static String loginUser = System.getProperty("user.name", "<NA>"); |
There was a problem hiding this comment.
I think loginUser can not be marked as final
| /** | ||
| * Audit log performance reading | ||
| */ | ||
| public class AuditLogPerfReading { |
| return parentPath + "zNode" + i; | ||
| } | ||
|
|
||
| public static void main(String[] args) { |
There was a problem hiding this comment.
Is this program really needed? Or is it just a tool you used to profile this new code?
There was a problem hiding this comment.
This program was just to see the performance impact of audit log. I added here so anybody can run and see the audit log impact on their environment. Also it is added test folder.
anmolnar
left a comment
anmolnar
left a comment
There was a problem hiding this comment.
@arshadmohammad This is a very useful and long awaited feature. Thanks for working on this.
Without going into the implementation details, I believe it would be better to finalize and submit the code into master and we can talk about backporting to 3.5 after that. We have to ask the community, because 3.5 is already locked down for new features and release process of 3.6 has already been started.
|
In terms of the implementation: would you please make the |
|
@arshadmohammad Fyi. I'm happy to take this over and continue working on it, if you don't have cycles for that. Please let me know. |
I think it is locked for backward incompatible features, not for all features and this feature is not backward incompatible. |
Sure, I will make it configurable. |
|
@arshadmohammad PR hasn't been updated for 24 days. How are you getting on? |
|
@anmolnar, I will update the patch soon, hopefully by tomorrow. Will try to wind up this work by this weekend |
|
Addressed all the comments and created PR for master branch. |
|
Feature is merged in PR #1133 |
3 participants
Original PR: #338