This is an automated email from the ASF dual-hosted git repository.
morningman pushed a commit to branch branch-3.0
in repository https://gitbox.apache.org/repos/asf/doris.git
The following commit(s) were added to refs/heads/branch-3.0 by this push:
new 056159b2557 [feature](audit) add new FE config to skip audit for
certain user (#38310) (#39038)
056159b2557 is described below
commit 056159b2557bda560a2155cdebdccebfd91f66fd
Author: Mingyu Chen <morning...@163.com>
AuthorDate: Wed Aug 7 16:23:17 2024 +0800
[feature](audit) add new FE config to skip audit for certain user (#38310)
(#39038)
bp #38310
---
.../main/java/org/apache/doris/common/Config.java | 7 +++++++
.../org/apache/doris/qe/AuditEventProcessor.java | 22 ++++++++++++++++++++++
2 files changed, 29 insertions(+)
diff --git a/fe/fe-common/src/main/java/org/apache/doris/common/Config.java
b/fe/fe-common/src/main/java/org/apache/doris/common/Config.java
index e7bc6d3c819..17688a7f1bc 100644
--- a/fe/fe-common/src/main/java/org/apache/doris/common/Config.java
+++ b/fe/fe-common/src/main/java/org/apache/doris/common/Config.java
@@ -2531,6 +2531,13 @@ public class Config extends ConfigBase {
@ConfField(mutable = true)
public static int query_audit_log_timeout_ms = 5000;
+ @ConfField(description = {
+ "在这个列表中的用户的操作,不会被记录到审计日志中。多个用户之间用逗号分隔。",
+ "The operations of the users in this list will not be recorded in
the audit log. "
+ + "Multiple users are separated by commas."
+ })
+ public static String skip_audit_user_list = "";
+
@ConfField(mutable = true)
public static int be_report_query_statistics_timeout_ms = 60000;
diff --git
a/fe/fe-core/src/main/java/org/apache/doris/qe/AuditEventProcessor.java
b/fe/fe-core/src/main/java/org/apache/doris/qe/AuditEventProcessor.java
index e2c45ae39ae..12e174ab5d0 100644
--- a/fe/fe-core/src/main/java/org/apache/doris/qe/AuditEventProcessor.java
+++ b/fe/fe-core/src/main/java/org/apache/doris/qe/AuditEventProcessor.java
@@ -17,17 +17,21 @@
package org.apache.doris.qe;
+import org.apache.doris.common.Config;
import org.apache.doris.plugin.AuditPlugin;
import org.apache.doris.plugin.Plugin;
import org.apache.doris.plugin.PluginInfo.PluginType;
import org.apache.doris.plugin.PluginMgr;
import org.apache.doris.plugin.audit.AuditEvent;
+import com.google.common.base.Strings;
import com.google.common.collect.Queues;
+import com.google.common.collect.Sets;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import java.util.List;
+import java.util.Set;
import java.util.concurrent.BlockingQueue;
import java.util.concurrent.TimeUnit;
@@ -49,16 +53,30 @@ public class AuditEventProcessor {
private volatile boolean isStopped = false;
+ private Set<String> skipAuditUsers = Sets.newHashSet();
+
public AuditEventProcessor(PluginMgr pluginMgr) {
this.pluginMgr = pluginMgr;
}
public void start() {
+ initSkipAuditUsers();
workerThread = new Thread(new Worker(), "AuditEventProcessor");
workerThread.setDaemon(true);
workerThread.start();
}
+ private void initSkipAuditUsers() {
+ if (Strings.isNullOrEmpty(Config.skip_audit_user_list)) {
+ return;
+ }
+ String[] users = Config.skip_audit_user_list.replaceAll(" ",
"").split(",");
+ for (String user : users) {
+ skipAuditUsers.add(user);
+ }
+ LOG.info("skip audit users: {}", skipAuditUsers);
+ }
+
public void stop() {
isStopped = true;
if (workerThread != null) {
@@ -75,6 +93,10 @@ public class AuditEventProcessor {
}
public boolean handleAuditEvent(AuditEvent auditEvent, boolean
ignoreQueueFullLog) {
+ if (skipAuditUsers.contains(auditEvent.user)) {
+ // return true to ignore this event
+ return true;
+ }
boolean isAddSucc = true;
try {
eventQueue.add(auditEvent);
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org
For additional commands, e-mail: commits-h...@doris.apache.org
