Bump rat-plugin to 0.16.1

.github/workflows/maven.yml

@@ -26,41 +26,61 @@ name: CI
 
 on:
   push:
-    branches: [ "master" ]
   pull_request:
     branches: [ "master" ]
 
+env:
+  MAVEN_OPTS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.http.retryHandler.class=standard -Dmaven.wagon.http.retryHandler.count=3
+
 jobs:
   build-8:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
+      - name: Cache for maven dependencies
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.m2/repository/*/*/*
+            !~/.m2/repository/org/apache/ranger
+          key: maven-repo-${{ hashFiles('**/pom.xml') }}
+          restore-keys: |
+            maven-repo-
       - name: Set up JDK 8
         uses: actions/setup-java@v4
         with:
           java-version: '8'
           distribution: 'temurin'
-          cache: maven
       - name: build (8)
-        run: mvn -T 8 clean install --no-transfer-progress -B -V
+        run: mvn -T 8 clean verify --no-transfer-progress -B -V
       - name: Upload artifacts
         uses: actions/upload-artifact@v4
         with:
           name: target-8
           path: target/*
 
   build-11:
+    needs:
+      - build-8
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
+      - name: Cache for maven dependencies
+        uses: actions/cache/restore@v4
+        with:
+          path: |
+            ~/.m2/repository/*/*/*
+            !~/.m2/repository/org/apache/ranger
+          key: maven-repo-${{ hashFiles('**/pom.xml') }}
+          restore-keys: |
+            maven-repo-
       - name: Set up JDK 11
         uses: actions/setup-java@v4
         with:
           java-version: '11'
           distribution: 'temurin'
-          cache: maven
       - name: build (11)
-        run: mvn -T 8 clean install -pl '!knox-agent' --no-transfer-progress -B -V
+        run: mvn -T 8 clean verify -pl '!knox-agent' --no-transfer-progress -B -V
       - name: Upload artifacts
         uses: actions/upload-artifact@v4
         with:
@@ -70,7 +90,6 @@ jobs:
   docker-build:
     needs:
       - build-8
-      - build-11
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
@@ -85,7 +104,7 @@ jobs:
           cp version dev-support/ranger-docker/dist
 
       - name: Cache downloaded archives
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: dev-support/ranger-docker/downloads
           key: ${{ runner.os }}-ranger-downloads-${{ hashFiles('dev-support/ranger-docker/.env') }}

agents-audit/pom.xml

@@ -28,6 +28,8 @@
     <name>Audit Component</name>
     <description>Auth Audit</description>
     <properties>
+        <checkstyle.failOnViolation>true</checkstyle.failOnViolation>
+        <checkstyle.skip>false</checkstyle.skip>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <securesm.version>1.2</securesm.version>
     </properties>

agents-audit/src/main/java/org/apache/ranger/audit/destination/AmazonCloudWatchAuditDestination.java

@@ -19,11 +19,6 @@
 
 package org.apache.ranger.audit.destination;
 
-import java.util.Collection;
-import java.util.Comparator;
-import java.util.Properties;
-import java.util.stream.Collectors;
-
 import com.amazonaws.services.logs.AWSLogs;
 import com.amazonaws.services.logs.AWSLogsClientBuilder;
 import com.amazonaws.services.logs.model.CreateLogStreamRequest;
@@ -32,7 +27,6 @@
 import com.amazonaws.services.logs.model.PutLogEventsRequest;
 import com.amazonaws.services.logs.model.PutLogEventsResult;
 import com.amazonaws.services.logs.model.ResourceNotFoundException;
-
 import org.apache.commons.lang.StringUtils;
 import org.apache.ranger.audit.model.AuditEventBase;
 import org.apache.ranger.audit.provider.MiscUtil;
@@ -41,59 +35,84 @@
 
 import javax.annotation.concurrent.ThreadSafe;
 
+import java.util.Collection;
+import java.util.Comparator;
+import java.util.Properties;
+import java.util.stream.Collectors;
+
 /**
  * Writes audit events to Amazon CloudWatch Logs.
  * <p>
  * Two properties are required: LogGroupName and LogStreamPrefix
  * <p>
  * Thread-safety is ensured by making the log method synchronized.
  * This is to avoid possible race condition on {@link #sequenceToken} which is required in PutLogEvents API.
+ *
  * @see <a href="https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutLogEvents.html">PutLogEvents API Reference</a>
  * <p>
  * Note: Amazon CloudWatch has limits on the payload size and request rate.
  * Based on the traffic, adjust the batch size and flush interval accordingly.
  * <p>
- *
  * @see <a href="https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/cloudwatch_limits_cwl.html">Amazon CloudWatch Logs Service Limits</a>
  */
 @ThreadSafe
 public class AmazonCloudWatchAuditDestination extends AuditDestination {
-
     private static final Logger LOG = LoggerFactory.getLogger(AmazonCloudWatchAuditDestination.class);
 
-    public static final String PROP_LOG_GROUP_NAME = "log_group";
+    public static final String PROP_LOG_GROUP_NAME    = "log_group";
     public static final String PROP_LOG_STREAM_PREFIX = "log_stream_prefix";
-    public static final String CONFIG_PREFIX = "ranger.audit.amazon_cloudwatch";
-    public static final String PROP_REGION = "region";
+    public static final String CONFIG_PREFIX          = "ranger.audit.amazon_cloudwatch";
+    public static final String PROP_REGION            = "region";
 
-    private String logGroupName;
-    private String logStreamName;
-    private AWSLogs logsClient;
-    private String sequenceToken;
-    private String regionName;
+    private String   logGroupName;
+    private          String  logStreamName;
+    private volatile AWSLogs logsClient;
+    private          String  sequenceToken;
+    private String   regionName;
+
+    static Collection<InputLogEvent> toInputLogEvent(Collection<AuditEventBase> collection) {
+        return collection.stream()
+                .map(e -> new InputLogEvent()
+                        .withMessage(MiscUtil.stringify(e))
+                        .withTimestamp(e.getEventTime().getTime()))
+                .sorted(Comparator.comparingLong(InputLogEvent::getTimestamp))
+                .collect(Collectors.toList());
+    }
 
     @Override
     public void init(Properties props, String propPrefix) {
         LOG.info("init() called for CloudWatchAuditDestination");
+
         super.init(props, propPrefix);
 
-        this.logGroupName = MiscUtil.getStringProperty(props, propPrefix + "." + PROP_LOG_GROUP_NAME, "ranger_audits");
+        this.logGroupName  = MiscUtil.getStringProperty(props, propPrefix + "." + PROP_LOG_GROUP_NAME, "ranger_audits");
         this.logStreamName = MiscUtil.getStringProperty(props, propPrefix + "." + PROP_LOG_STREAM_PREFIX) + MiscUtil.generateUniqueId();
-        this.regionName = MiscUtil.getStringProperty(props, propPrefix + "." + PROP_REGION);
+        this.regionName    = MiscUtil.getStringProperty(props, propPrefix + "." + PROP_REGION);
 
         logsClient = getClient(); // Initialize client
+
         createLogStream();
     }
 
     @Override
     public void stop() {
         super.stop();
+
         logStatus();
     }
 
+    /*
+     * (non-Javadoc)
+     *
+     * @see org.apache.ranger.audit.provider.AuditProvider#flush()
+     */
+    @Override
+    public void flush() {
+    }
+
     @Override
     public synchronized boolean log(Collection<AuditEventBase> collection) {
-        boolean ret = false;
+        boolean ret    = false;
         AWSLogs client = getClient();
 
         PutLogEventsRequest req = new PutLogEventsRequest()
@@ -107,92 +126,88 @@ public synchronized boolean log(Collection<AuditEventBase> collection) {
 
         try {
             sequenceToken = pushLogEvents(req, false, client);
+
             addSuccessCount(collection.size());
+
             ret = true;
         } catch (Throwable e) {
             addFailedCount(collection.size());
+
             LOG.error("Failed to send audit events", e);
         }
 
         return ret;
     }
 
-    private String pushLogEvents(PutLogEventsRequest req,
-                                  boolean retryingOnInvalidSeqToken,
-                                  AWSLogs client) {
+    private String pushLogEvents(PutLogEventsRequest req, boolean retryingOnInvalidSeqToken, AWSLogs client) {
         String sequenceToken;
+
         try {
             PutLogEventsResult re = client.putLogEvents(req);
+
             sequenceToken = re.getNextSequenceToken();
         } catch (ResourceNotFoundException ex) {
             if (!retryingOnInvalidSeqToken) {
                 createLogStream();
+
                 return pushLogEvents(req, true, client);
             }
+
             throw ex;
         } catch (InvalidSequenceTokenException ex) {
             if (retryingOnInvalidSeqToken) {
                 LOG.error("Unexpected invalid sequence token. Possible race condition occurred");
+
                 throw ex;
             }
 
             // LogStream may exist before first push attempt, re-obtain the sequence token
-            if (LOG.isDebugEnabled()) {
-                LOG.debug("Invalid sequence token. Plugin possibly restarted. Updating the sequence token and retrying");
-            }
+            LOG.debug("Invalid sequence token. Plugin possibly restarted. Updating the sequence token and retrying");
+
             sequenceToken = ex.getExpectedSequenceToken();
+
             req.setSequenceToken(sequenceToken);
+
             return pushLogEvents(req, true, client);
         }
 
         return sequenceToken;
     }
 
-    /*
-     * (non-Javadoc)
-     *
-     * @see org.apache.ranger.audit.provider.AuditProvider#flush()
-     */
-    @Override
-    public void flush() {
-
-    }
-
-    static Collection<InputLogEvent> toInputLogEvent(Collection<AuditEventBase> collection) {
-        return collection.stream()
-                .map(e -> new InputLogEvent()
-                        .withMessage(MiscUtil.stringify(e))
-                        .withTimestamp(e.getEventTime().getTime()))
-                .sorted(Comparator.comparingLong(InputLogEvent::getTimestamp))
-                .collect(Collectors.toList());
-    }
-
     private void createLogStream() {
         AWSLogs client = getClient();
+
         CreateLogStreamRequest req = new CreateLogStreamRequest()
                 .withLogGroupName(logGroupName)
                 .withLogStreamName(logStreamName);
 
-        LOG.info(String.format("Creating Log Stream `%s` in Log Group `%s`", logStreamName, logGroupName));
+        LOG.info("Creating Log Stream `{}` in Log Group `{}`", logStreamName, logGroupName);
+
         client.createLogStream(req);
     }
 
     private AWSLogs getClient() {
-        if (logsClient == null) {
+        AWSLogs ret = logsClient;
+
+        if (ret == null) {
             synchronized (AmazonCloudWatchAuditDestination.class) {
-                if (logsClient == null) {
-                    logsClient = newClient();
+                ret = logsClient;
+
+                if (ret == null) {
+                    ret        = newClient();
+                    logsClient = ret;
                 }
             }
         }
 
-        return logsClient;
+        return ret;
     }
 
     private AWSLogs newClient() {
         if (StringUtils.isBlank(regionName)) {
             return AWSLogsClientBuilder.standard().build();
         }
+
         return AWSLogsClientBuilder.standard().withRegion(regionName).build();
     }
 }