From 11dfee08a5e19f86e89523757829677767e457ea Mon Sep 17 00:00:00 2001 From: Andor Molnar Date: Fri, 2 Aug 2019 17:37:43 +0200 Subject: [PATCH] HBASE-22759. Added remote address to grant/revoke audit log messages --- .../hadoop/hbase/security/access/AccessController.java | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java index 082f11239ede..e7d2aae96e97 100644 --- a/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java +++ b/hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/AccessController.java @@ -23,6 +23,7 @@ import com.google.protobuf.RpcController; import com.google.protobuf.Service; import java.io.IOException; +import java.net.InetAddress; import java.security.PrivilegedExceptionAction; import java.util.ArrayList; import java.util.Collection; @@ -2072,7 +2073,8 @@ public Void run() throws Exception { if (AUDITLOG.isTraceEnabled()) { // audit log should store permission changes in addition to auth results - AUDITLOG.trace("User {} granted permission {}", caller, perm); + String remoteAddress = RpcServer.getRemoteAddress().map(InetAddress::toString).orElse(""); + AUDITLOG.trace("User {} (remote address: {}) granted permission {}", caller, remoteAddress, perm); } } else { throw new CoprocessorException(AccessController.class, "This method " @@ -2129,7 +2131,8 @@ public Void run() throws Exception { if (AUDITLOG.isTraceEnabled()) { // audit log should record all permission changes - AUDITLOG.trace("User {} revoked permission {}", caller, perm); + String remoteAddress = RpcServer.getRemoteAddress().map(InetAddress::toString).orElse(""); + AUDITLOG.trace("User {} (remote address: {}) revoked permission {}", caller, remoteAddress, perm); } } else { throw new CoprocessorException(AccessController.class, "This method "