sentry-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Prasad Mujumdar (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SENTRY-347) Generate the audit log in Json format
Date Tue, 22 Jul 2014 01:56:38 GMT

    [ https://issues.apache.org/jira/browse/SENTRY-347?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14069694#comment-14069694
] 

Prasad Mujumdar commented on SENTRY-347:
----------------------------------------


bq. 1. impersonator: I'm wondering how to get this field, do you have any idea?
This would be the user connecting at thirft level

bq. 2. ipAddress: From the thrift server, I can get the client IP if I extends SentryPolicyService.Processor,
but I didn’t find a way to pass the IP to the method. Does this field must be included in
the audit log?
yes, the thrift server can extract the IP address and connecting user by extending the processor
and storing the information in thread local variables. For example, https://github.com/apache/hive/blob/trunk/service/src/java/org/apache/hive/service/auth/TSetIpAddressProcessor.java

bq. 3. objectType: For this field, currently, I set the value as “PRINCIPAL” for every
command(eg, "create role....", "grant role....." etc). Is it ok for this field or there is
a map between command and this field.
hmm I think it should be ROLE

bq. 1. The audit log is in json format, because the audit server can parse the log in json
only, right?
that is correct.

bq. 2. If the operation is failed, there is no message in the audit log except "allowed":
"false". Do I need to add another field like "failedMessage" to the audit log?
no, I don't think so. just "allowed": "false" should be sufficient.

> Generate the audit log in Json format 
> --------------------------------------
>
>                 Key: SENTRY-347
>                 URL: https://issues.apache.org/jira/browse/SENTRY-347
>             Project: Sentry
>          Issue Type: Sub-task
>    Affects Versions: 1.4.0
>            Reporter: Colin Ma
>            Assignee: Colin Ma
>         Attachments: sentry-347.v1.patch
>
>
> The audit log should be in json format for other component to read.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message