[DSIP-26][Audit log] Audit log improvement design #15554
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Member
qingwli
commented
Feb 2, 2024
qingwli
commented
- close [DSIP-26][Audit log] Audit log improvement design #15423
# Conflicts: # dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/controller/ClusterController.java # dolphinscheduler-dao/src/test/java/org/apache/dolphinscheduler/dao/mapper/AuditLogMapperTest.java
update audit log ui
update object name
# Conflicts: # dolphinscheduler-dao/src/main/resources/sql/upgrade/3.3.0_schema/mysql/dolphinscheduler_ddl.sql # dolphinscheduler-dao/src/main/resources/sql/upgrade/3.3.0_schema/postgresql/dolphinscheduler_ddl.sql
qingwli
requested review from
songjianet,
Amy0104,
caishunfeng,
zhongjiajie and
SbloodyS
as code owners
ruanwenjun
changed the title
ruanwenjun
requested changes
Apr 1, 2024
Comment on lines
2011
to
2013
| `object_id` bigint(20) DEFAULT NULL COMMENT 'object id', | ||
| `object_name` varchar(100) DEFAULT NULL COMMENT 'object id', | ||
| `object_type` varchar(100) NOT NULL COMMENT 'object type', |
There was a problem hiding this comment.
Suggested change
| `object_id` bigint(20) DEFAULT NULL COMMENT 'object id', | |
| `object_name` varchar(100) DEFAULT NULL COMMENT 'object id', | |
| `object_type` varchar(100) NOT NULL COMMENT 'object type', | |
| `object_id` bigint(20) DEFAULT NULL COMMENT 'object id', | |
| `object_name` varchar(100) DEFAULT NULL COMMENT 'object id', | |
| `object_type` varchar(100) NOT NULL COMMENT 'object type', |
Use domain_id or module_id is better than object_id?
There was a problem hiding this comment.
For this part, I defined object id means the object I modified, task instance it's not a module. File is not a domain, I think object is more suit for this, can cover all the stuff we record, WDYT
|
|
||
| PROJECT("Project", null), // 1 | ||
| PROCESS("Process", PROJECT), | ||
| PROCESS_INSTANCE("Process instance", PROCESS), |
There was a problem hiding this comment.
Suggested change
| PROCESS_INSTANCE("Process instance", PROCESS), | |
| PROCESS_INSTANCE("ProcessInstance", PROCESS), |
Comment on lines
79
to
82
| // Api don't need record log | ||
| if (operatorLog == null) { | ||
| return point.proceed(); | ||
| } |
There was a problem hiding this comment.
The logPointCut should make sure the method exist @OperatorLog.
| return point.proceed(); | ||
| } | ||
|
|
||
| Operation operation = method.getAnnotation(Operation.class); |
There was a problem hiding this comment.
I didn't find the Operation class, is this exist?
There was a problem hiding this comment.
@Operation(summary = "queryAuditObjectTypeList", description = "QUERY_AUDIT_OBJECT_TYPE_LIST")
@GetMapping(value = "/audit-log-object-type")
@ResponseStatus(HttpStatus.OK)
@ApiException(QUERY_AUDIT_LOG_LIST_PAGING)
public Result<List<AuditObjectTypeDto>> queryAuditObjectTypeList() {
return Result.success(AuditObjectTypeDto.getObjectTypeDtoList());
}
| void execute(AuditMessage message); | ||
| import org.aspectj.lang.ProceedingJoinPoint; | ||
|
|
||
| public interface Operator { |
There was a problem hiding this comment.
Suggested change
| public interface Operator { | |
| public interface AuditOperator { |
Comment on lines
48
to
77
| long beginTime = System.currentTimeMillis(); | ||
|
|
||
| MethodSignature signature = (MethodSignature) point.getSignature(); | ||
| Map<String, Object> paramsMap = OperatorUtils.getParamsMap(point, signature); | ||
|
|
||
| User user = OperatorUtils.getUser(paramsMap); | ||
|
|
||
| if (user == null) { | ||
| log.error("user is null"); | ||
| return point.proceed(); | ||
| } | ||
|
|
||
| List<AuditLog> auditLogList = OperatorUtils.buildAuditLogList(describe, auditType, user); | ||
| setRequestParam(auditType, auditLogList, paramsMap); | ||
|
|
||
| Result result = (Result) point.proceed(); | ||
| if (OperatorUtils.resultFail(result)) { | ||
| log.error("request fail, code {}", result.getCode()); | ||
| return result; | ||
| } | ||
|
|
||
| setObjectIdentityFromReturnObject(auditType, result, auditLogList); | ||
|
|
||
| modifyAuditOperationType(auditType, paramsMap, auditLogList); | ||
| modifyAuditObjectType(auditType, paramsMap, auditLogList); | ||
|
|
||
| long latency = System.currentTimeMillis() - beginTime; | ||
| auditService.addAudit(auditLogList, latency); | ||
|
|
||
| return result; |
There was a problem hiding this comment.
We may need to audit the case when proceed throw exception.
| return; | ||
| } | ||
|
|
||
| Long objId = checkNum(returnObjectMap.get(params[0]).toString()); |
There was a problem hiding this comment.
Suggested change
| Long objId = checkNum(returnObjectMap.get(params[0]).toString()); | |
| Long objId = NumberUtils.toLong(returnObjectMap.get(params[0]).toString(), -1); |
| @@ -293,7 +293,7 @@ private void checkMasterExists() { | |||
|
|
|||
| // no master | |||
| if (masterServers.isEmpty()) { | |||
| throw new ServiceException(Status.MASTER_NOT_EXISTS); | |||
| // throw new ServiceException(Status.MASTER_NOT_EXISTS); | |||
There was a problem hiding this comment.
Please rollback this kind of code.
| auditDto.setUserName(auditLog.getUserName()); | ||
| auditDto.setResourceName(auditLogMapper.queryResourceNameByType(resourceType, auditLog.getResourceId())); | ||
| auditDto.setLatency(String.format("%.2f", (double) auditLog.getLatency() / 1000)); |
There was a problem hiding this comment.
Suggested change
| auditDto.setLatency(String.format("%.2f", (double) auditLog.getLatency() / 1000)); | |
| auditDto.setLatency(String.format("%.2f", (double) auditLog.getLatency() / 1000)); |
It's better to use ms.
Please take care of the new issues. |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
...uler-api/src/main/java/org/apache/dolphinscheduler/api/audit/operator/BaseAuditOperator.java
Fixed
Show fixed
Hide fixed
ruanwenjun
previously approved these changes
Apr 14, 2024
|
PTAL @ruanwenjun |
ruanwenjun
approved these changes
Apr 15, 2024
ruanwenjun
requested changes
Apr 15, 2024
dolphinscheduler-dao/src/main/resources/sql/dolphinscheduler_postgresql.sql
Show resolved
Hide resolved
|
ruanwenjun
approved these changes
Apr 15, 2024
2 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.