tessl/maven-org-apache-ranger--ranger-plugins-audit
Apache Ranger Audit Plugin Framework providing centralized audit logging capabilities for Apache Ranger security plugins across various big data components.
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
'%3e%3cpath%20d='m7.15%205.779.281.877c-.001.502.003.991.124%201.48l.116-.082.229-1.265c.723%201.422%202.78%203.325%202.53%205.008-.022.154-.082.3-.158.435.349-.014.375-.38.578-.56.187%201.005.17%201.975-.22%202.932l1.428%203.159c-.007.07-.626.285-.744.226-.087-.044-.629-1.506-.742-1.754-.103-.224-.457-1.044-.592-1.165-.592-.534-2.033-.183-2.773-.256l.488-.115.148-.109c-.68-.08-1.363-.34-1.85-.815.531.046%201.052.121%201.592.087.1-.006.378-.02.432-.114-1.338-.016-2.398-.569-3.16-1.62-1.03-1.422-1.646-3.215-2.658-4.662-.203-.289-.474-.68-.776-.847-.015-.092.076-.054.137-.049.375.034.778.157%201.148.234l1.26.462c-.404-.737-1.332-.637-1.984-.994-.759-.416-1.2-1.386-1.487-2.149-.258-.68-.536-1.495-.492-2.217.282.262.529.573.896.73.087-.102-.838-1.102-.867-1.323C-.051.673.656-.051%201.328.003c1.128.09%202.44%201.953%202.87%202.886.074.069.145-.23.149-.25.029-.154.01-.306.054-.452.67.932%201.64%201.722%202.122%202.768l.626%201.778V5.78Z'/%3e%3cpath%20d='m10.851%206.733.626-1.778c.483-1.047%201.451-1.836%202.122-2.769.045.147.025.299.054.452.005.021.075.32.149.25.43-.932%201.742-2.796%202.87-2.885.672-.054%201.38.67%201.294%201.31-.03.22-.954%201.221-.867%201.322.367-.156.614-.467.896-.729.044.722-.234%201.536-.49%202.218-.288.763-.73%201.733-1.488%202.149-.652.356-1.58.256-1.984.993l1.26-.461c.37-.077.772-.2%201.148-.234.06-.006.152-.044.136.049-.301.166-.573.557-.775.847-.794%201.135-1.347%202.488-2.049%203.68-.635%201.081-1.285%202.087-2.613%202.432.148-.768.005-1.562-.173-2.316l-.32-.092c-.219-1.088-.84-2.001-1.466-2.908l.919-1.475.229%201.265.116.082c.12-.489.125-.979.123-1.48l.283-.877v.955ZM8.017%2014.984c-.238.57-.531%201.119-.78%201.686-.089.204-.446%201.24-.518%201.295-.145.114-.622-.087-.777-.2l1.207-2.78h.868ZM12.008%2013.75c-.059.174-.949.7-1.04.617l.12-.5.92-.117Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h18v18H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
To install, run
npx @tessl/cli install tessl/maven-org-apache-ranger--ranger-plugins-audit@2.7.0index.mddocs/
Apache Ranger Audit Plugin Framework
Apache Ranger Audit Plugin Framework provides centralized audit logging capabilities for Apache Ranger security plugins across various big data components (HDFS, Hive, HBase, Knox, etc.). It implements a configurable audit queue system with support for batching, buffering, and multiple destination types including HDFS, Solr, Elasticsearch, Kafka, CloudWatch, and Log4j.
Package Information
- Package Name: org.apache.ranger:ranger-plugins-audit
- Package Type: maven
- Language: Java
- Installation: Add to Maven dependencies:
<groupId>org.apache.ranger</groupId><artifactId>ranger-plugins-audit</artifactId><version>2.7.0</version>
Core Imports
import org.apache.ranger.audit.provider.AuditProviderFactory;
import org.apache.ranger.audit.provider.AuditHandler;
import org.apache.ranger.audit.model.AuthzAuditEvent;Basic Usage
import org.apache.ranger.audit.provider.AuditProviderFactory;
import org.apache.ranger.audit.provider.AuditHandler;
import org.apache.ranger.audit.model.AuthzAuditEvent;
import java.util.Properties;
// Initialize audit framework
Properties auditProps = new Properties();
auditProps.setProperty("xasecure.audit.is.enabled", "true");
auditProps.setProperty("xasecure.audit.hdfs.is.enabled", "true");
auditProps.setProperty("xasecure.audit.hdfs.destination.directory", "/ranger/audit");
AuditProviderFactory factory = AuditProviderFactory.getInstance();
factory.init(auditProps, "myapp");
// Get audit provider
AuditHandler auditProvider = factory.getAuditProvider();
// Create and log audit event
AuthzAuditEvent auditEvent = new AuthzAuditEvent();
auditEvent.setRepositoryName("myservice");
auditEvent.setRepositoryType(EnumRepositoryType.HDFS);
auditEvent.setUser("john.doe");
auditEvent.setAccessType("read");
auditEvent.setResourceType("path");
auditEvent.setResourcePath("/data/sensitive");
auditEvent.setAccessResult(1); // ALLOWED
auditEvent.setEventTime(new Date());
// Log the audit event
auditProvider.log(auditEvent);
// Shutdown
factory.shutdown();Architecture
The framework is organized as a multi-module Maven project with a layered architecture:
- Core Framework: Base classes, interfaces, and factory patterns for audit handling
- Event Model: Rich audit event structures with extensive metadata support
- Queue System: Asynchronous processing with configurable batching and file spooling
- Destination Plugins: Multiple audit destinations (HDFS, Solr, Kafka, ElasticSearch, CloudWatch, Log4j, local files)
- Writer Implementations: Support for JSON and ORC file formats
- Security Integration: Kerberos authentication support across destinations
This design enables reliable audit trails across the entire Hadoop ecosystem through standardized audit event processing with configurable reliability, performance, and destination options.
Capabilities
Core Audit Framework
Primary audit framework components including factories, handlers, and event models that form the foundation of the audit system.
// Main factory for audit providers
public class AuditProviderFactory {
public static AuditProviderFactory getInstance();
public void init(Properties props, String appType);
public AuditHandler getAuditProvider();
public void shutdown();
}
// Primary interface for audit handlers
public interface AuditHandler {
public boolean log(AuditEventBase event);
public boolean log(Collection<AuditEventBase> events);
public boolean logJSON(String event);
public boolean logJSON(Collection<String> events);
public boolean logFile(File file);
public void init(Properties props);
public void init(Properties props, String basePropertyName);
public void start();
public void stop();
public void waitToComplete();
public void waitToComplete(long timeout);
public String getName();
public void flush();
}
// Primary audit event model
public class AuthzAuditEvent extends AuditEventBase {
// Comprehensive getters/setters for audit event data
}Audit Destinations
Pluggable audit destination implementations for sending audit events to various storage and messaging systems.
// Base class for audit destinations
public abstract class AuditDestination extends BaseAuditHandler {
public abstract void init(Properties props, String basePropertyName);
public abstract void start();
public abstract void stop();
public abstract void flush();
}
// HDFS audit destination
public class HDFSAuditDestination extends AuditDestination {
public void init(Properties props, String basePropertyName);
public void logJSON(Collection<String> events);
public void logFile(File file);
}
// Solr audit destination
public class SolrAuditDestination extends AuditDestination {
public void init(Properties props, String basePropertyName);
public void log(Collection<AuditEventBase> events);
}Queue and Async Processing
Asynchronous audit processing with configurable queues, batching, and file spooling for reliability.
// Asynchronous audit provider
public class AsyncAuditProvider extends BaseAuditHandler {
public AsyncAuditProvider(String name, int maxQueueSize, int maxBatchInterval);
public void init(Properties props);
public void log(AuditEventBase event);
public void start();
public void stop();
public void waitToComplete();
}
// Base class for audit queues
public abstract class AuditQueue extends AuditDestination {
// Queue configuration and drain management methods
}
// Multi-destination audit provider
public class MultiDestAuditProvider extends BaseAuditHandler {
public void addAuditProvider(AuditHandler provider);
public void addAuditProviders(List<AuditHandler> providers);
}File Writers and Formats
Audit file writers supporting multiple output formats including JSON and ORC.
// Interface for audit file writers
public interface RangerAuditWriter {
public void init(Properties props, String basePropertyName, String auditProviderName, Map<String,String> auditConfigs);
public void log(Collection<String> events);
public void logFile(File file);
public void start();
public void stop();
public void flush();
}
// JSON audit writer for HDFS
public class RangerJSONAuditWriter extends AbstractRangerAuditWriter {
public void init(Properties props, String basePropertyName, String auditProviderName, Map<String,String> auditConfigs);
public void log(Collection<String> events);
}
// ORC audit writer
public class RangerORCAuditWriter extends AbstractRangerAuditWriter {
public void init(Properties props, String basePropertyName, String auditProviderName, Map<String,String> auditConfigs);
public void log(Collection<String> events);
}Types
// Base abstract class for all audit events
public abstract class AuditEventBase {
public abstract String getEventKey();
public Date getEventTime();
public void setEventCount(long eventCount);
public void setEventDurationMS(long eventDurationMS);
}
// Repository type constants
public final class EnumRepositoryType {
public static final int HDFS = 1;
public static final int HBASE = 2;
public static final int HIVE = 3;
public static final int XAAGENT = 4;
public static final int KNOX = 5;
public static final int STORM = 6;
}
// Spool file status enumeration
public enum SPOOL_FILE_STATUS {
pending, write_inprogress, read_inprogress, done
}
// Audit exception type
public class AuditMessageException extends Exception {
public AuditMessageException(String message);
public AuditMessageException(String message, Throwable cause);
}