Merge pull request #17768 from taosdata/feat/audit

feat: add audit db for DDL storage

packaging/cfg/taos.cfg

@@ -191,6 +191,9 @@ keepColumnName            1
 # enable/disable system monitor
 # monitor               1
 
+# enable/disable system audit
+# audit                 0
+
 # enable/disable recording the SQL statements via restful interface
 # httpEnableRecordSql   0
 

src/common/inc/tglobal.h

@@ -154,6 +154,10 @@ extern char    tsMonitorDbName[];
 extern char    tsInternalPass[];
 extern int32_t tsMonitorInterval;
 
+// audit
+extern int8_t  tsEnableAudit;
+extern char    tsAuditDbName[];
+
 // stream
 extern int8_t tsEnableStream;
 

src/common/src/tglobal.c

@@ -205,6 +205,10 @@ char    tsMonitorDbName[TSDB_DB_NAME_LEN] = "log";
 char    tsInternalPass[] = "secretkey";
 int32_t tsMonitorInterval = 30;  // seconds
 
+// audit
+int8_t  tsEnableAudit = 0;
+char    tsAuditDbName[TSDB_DB_NAME_LEN] = "audit";
+
 // stream
 int8_t tsEnableStream = 1;
 
@@ -1292,6 +1296,16 @@ static void doInitGlobalConfig(void) {
   cfg.unitType = TAOS_CFG_UTYPE_NONE;
   taosInitConfigOption(cfg);
 
+  cfg.option = "audit";
+  cfg.ptr = &tsEnableAudit;
+  cfg.valType = TAOS_CFG_VTYPE_INT8;
+  cfg.cfgType = TSDB_CFG_CTYPE_B_CONFIG | TSDB_CFG_CTYPE_B_SHOW;
+  cfg.minValue = 0;
+  cfg.maxValue = 1;
+  cfg.ptrLength = 1;
+  cfg.unitType = TAOS_CFG_UTYPE_NONE;
+  taosInitConfigOption(cfg);
+
   cfg.option = "stream";
   cfg.ptr = &tsEnableStream;
   cfg.valType = TAOS_CFG_VTYPE_INT8;

src/inc/monitor.h

@@ -27,6 +27,27 @@ extern "C" {
   monSaveDnodeLog(level, __VA_ARGS__); \
 }
 
+typedef enum {
+  // create
+  MON_DDL_CMD_CREATE_DATABASE,
+  MON_DDL_CMD_CREATE_TABLE,
+  MON_DDL_CMD_CREATE_CHILD_TABLE,
+  MON_DDL_CMD_CREATE_SUPER_TABLE,
+  // drop
+  MON_DDL_CMD_DROP_DATABASE,
+  MON_DDL_CMD_DROP_TABLE,
+  MON_DDL_CMD_DROP_CHILD_TABLE,
+  MON_DDL_CMD_DROP_SUPER_TABLE,
+  // alter
+  MON_DDL_CMD_ALTER_DATABASE,
+  MON_DDL_CMD_ADD_COLUMN,
+  MON_DDL_CMD_DROP_COLUMN,
+  MON_DDL_CMD_MODIFY_COLUMN,
+  MON_DDL_CMD_ADD_TAG,
+  MON_DDL_CMD_DROP_TAG,
+  MON_DDL_CMD_CHANGE_TAG,
+} EMonDDLCmdType;
+
 typedef struct {
   const char * name;
   int32_t code;
@@ -62,6 +83,7 @@ int32_t monInitSystem();
 int32_t monStartSystem();
 void    monStopSystem();
 void    monCleanupSystem();
+void    monSaveAuditLog(int8_t type, const char *user, const char *obj, bool result);
 void    monSaveAcctLog(SAcctMonitorObj *pMonObj);
 void    monSaveLog(int32_t level, const char *const format, ...);
 void    monSaveDnodeLog(int32_t level, const char *const format, ...);

src/mnode/src/mnodeDb.c

@@ -409,6 +409,7 @@ static int32_t mnodeCreateDbCb(SMnodeMsg *pMsg, int32_t code) {
   } else {
     mError("db:%s, failed to create by %s, reason:%s", pDb->name, mnodeGetUserFromMsg(pMsg), tstrerror(code));
   }
+  monSaveAuditLog(MON_DDL_CMD_CREATE_DATABASE, mnodeGetUserFromMsg(pMsg), pDb->name, !code);
 
   return code;
 }
@@ -1127,6 +1128,8 @@ static int32_t mnodeAlterDbFp(SMnodeMsg *pMsg) {
   mDebug("db:%s, all vgroups is altered", pDb->name);
   mLInfo("db:%s, is alterd by %s", pDb->name, mnodeGetUserFromMsg(pMsg));
 
+  monSaveAuditLog(MON_DDL_CMD_ALTER_DATABASE, mnodeGetUserFromMsg(pMsg), pDb->name, true);
+
   // in case there is no vnode for this db currently(no table in db,etc.)
   if (pMsg->expected == 0) {
     SSdbRow row = {
@@ -1183,7 +1186,7 @@ static int32_t mnodeAlterDb(SDbObj *pDb, SAlterDbMsg *pAlter, void *pMsg) {
     if (code != TSDB_CODE_SUCCESS && code != TSDB_CODE_MND_ACTION_IN_PROGRESS) {
       mError("db:%s, failed to alter, reason:%s", pDb->name, tstrerror(code));
     }
-}
+  }
 
   return code;
 }
@@ -1213,6 +1216,7 @@ static int32_t mnodeDropDbCb(SMnodeMsg *pMsg, int32_t code) {
   } else {
     mLInfo("db:%s, is dropped by %s", pDb->name, mnodeGetUserFromMsg(pMsg));
   }
+  monSaveAuditLog(MON_DDL_CMD_DROP_DATABASE, mnodeGetUserFromMsg(pMsg), pDb->name, !code);
 
   return code;
 }

src/mnode/src/mnodeTable.c

@@ -38,6 +38,7 @@
 #include "mnodeSdb.h"
 #include "mnodeShow.h"
 #include "mnodeTable.h"
+#include "mnodeUser.h"
 #include "mnodeVgroup.h"
 #include "mnodeWrite.h"
 #include "mnodeRead.h"
@@ -1056,6 +1057,7 @@ static int32_t mnodeCreateSuperTableCb(SMnodeMsg *pMsg, int32_t code) {
     if(pMsg->pBatchMasterMsg)
       pMsg->pBatchMasterMsg->received ++;
   }
+  monSaveAuditLog(MON_DDL_CMD_CREATE_SUPER_TABLE, mnodeGetUserFromMsg(pMsg), pTable->info.tableId, !code);
 
   // if super table create by batch msg, check done and send finished to client
   if(pMsg->pBatchMasterMsg) {
@@ -1171,11 +1173,12 @@ static int32_t mnodeDropSuperTableCb(SMnodeMsg *pMsg, int32_t code) {
   SSTableObj *pTable = (SSTableObj *)pMsg->pTable;
   if (code != TSDB_CODE_SUCCESS) {
     mError("msg:%p, app:%p stable:%s, failed to drop, sdb error", pMsg, pMsg->rpcMsg.ahandle, pTable->info.tableId);
-
+    monSaveAuditLog(MON_DDL_CMD_DROP_SUPER_TABLE, mnodeGetUserFromMsg(pMsg), pTable->info.tableId, false);
     return code;
   }
 
   mLInfo("msg:%p, app:%p stable:%s, is dropped from sdb", pMsg, pMsg->rpcMsg.ahandle, pTable->info.tableId);
+  monSaveAuditLog(MON_DDL_CMD_DROP_SUPER_TABLE, mnodeGetUserFromMsg(pMsg), pTable->info.tableId, true);
 
   SSTableObj *pStable = (SSTableObj *)pMsg->pTable;
   if (pStable->vgHash != NULL /*pStable->numOfTables != 0*/) {
@@ -1250,6 +1253,8 @@ static int32_t mnodeAddSuperTableTagCb(SMnodeMsg *pMsg, int32_t code) {
   if (code == TSDB_CODE_SUCCESS) {
     code = mnodeGetSuperTableMeta(pMsg);
   }
+  monSaveAuditLog(MON_DDL_CMD_ADD_TAG, mnodeGetUserFromMsg(pMsg), pStable->info.tableId, !code);
+
   return code;
 }
 
@@ -1308,6 +1313,8 @@ static int32_t mnodeDropSuperTableTagCb(SMnodeMsg *pMsg, int32_t code) {
   if (code == TSDB_CODE_SUCCESS) {
     code = mnodeGetSuperTableMeta(pMsg);
   }
+  monSaveAuditLog(MON_DDL_CMD_DROP_TAG, mnodeGetUserFromMsg(pMsg), pStable->info.tableId, !code);
+
   return code;
 }
 
@@ -1345,6 +1352,8 @@ static int32_t mnodeModifySuperTableTagNameCb(SMnodeMsg *pMsg, int32_t code) {
   if (code == TSDB_CODE_SUCCESS) {
     code = mnodeGetSuperTableMeta(pMsg);
   }
+  monSaveAuditLog(MON_DDL_CMD_CHANGE_TAG, mnodeGetUserFromMsg(pMsg), pStable->info.tableId, !code);
+
   return code;
 }
 
@@ -1403,6 +1412,8 @@ static int32_t mnodeAddSuperTableColumnCb(SMnodeMsg *pMsg, int32_t code) {
   if (code == TSDB_CODE_SUCCESS) {
     code = mnodeGetSuperTableMeta(pMsg);
   }
+
+  monSaveAuditLog(MON_DDL_CMD_ADD_COLUMN, mnodeGetUserFromMsg(pMsg), pStable->info.tableId, !code);
   return code;
 }
 
@@ -1474,6 +1485,8 @@ static int32_t mnodeDropSuperTableColumnCb(SMnodeMsg *pMsg, int32_t code) {
   if (code == TSDB_CODE_SUCCESS) {
     code = mnodeGetSuperTableMeta(pMsg);
   }
+  monSaveAuditLog(MON_DDL_CMD_DROP_COLUMN, mnodeGetUserFromMsg(pMsg), pStable->info.tableId, !code);
+
   return code;
 }
 
@@ -1522,6 +1535,8 @@ static int32_t mnodeChangeSuperTableColumnCb(SMnodeMsg *pMsg, int32_t code) {
   if (code == TSDB_CODE_SUCCESS) {
     code = mnodeGetSuperTableMeta(pMsg);
   }
+  monSaveAuditLog(MON_DDL_CMD_MODIFY_COLUMN, mnodeGetUserFromMsg(pMsg), pStable->info.tableId, !code);
+
   return code;
 }
 
@@ -2073,6 +2088,9 @@ static int32_t mnodeDoCreateChildTableCb(SMnodeMsg *pMsg, int32_t code) {
   SCreateTableMsg *pCreate = (SCreateTableMsg*) ((char*)pMsg->rpcMsg.pCont + sizeof(SCMCreateTableMsg));
   assert(pTable);
 
+  monSaveAuditLog((pTable->info.type == TSDB_CHILD_TABLE) ? MON_DDL_CMD_CREATE_CHILD_TABLE : MON_DDL_CMD_CREATE_TABLE,
+                  mnodeGetUserFromMsg(pMsg), pTable->info.tableId, !code);
+
   if (code == TSDB_CODE_SUCCESS) {
     if (pCreate->getMeta) {
       mDebug("msg:%p, app:%p table:%s, created in dnode and continue to get meta, thandle:%p", pMsg,
@@ -2101,6 +2119,7 @@ static int32_t mnodeDoCreateChildTableCb(SMnodeMsg *pMsg, int32_t code) {
   } else {
     mError("msg:%p, app:%p table:%s, failed to create table sid:%d, uid:%" PRIu64 ", reason:%s", pMsg,
            pMsg->rpcMsg.ahandle, pTable->info.tableId, pTable->tid, pTable->uid, tstrerror(code));
+
     SSdbRow desc = {.type = SDB_OPER_GLOBAL, .pObj = pTable, .pTable = tsChildTableSdb};
     sdbDeleteRow(&desc);
 
@@ -2294,6 +2313,8 @@ static int32_t mnodeSendDropChildTableMsg(SMnodeMsg *pMsg, bool needReturn) {
   if (pDrop == NULL) {
     mError("msg:%p, app:%p ctable:%s, failed to drop ctable, no enough memory", pMsg, pMsg->rpcMsg.ahandle,
            pTable->info.tableId);
+    monSaveAuditLog((pTable->info.type == TSDB_CHILD_TABLE) ? MON_DDL_CMD_DROP_CHILD_TABLE : MON_DDL_CMD_DROP_TABLE,
+                    mnodeGetUserFromMsg(pMsg), pTable->info.tableId, false);
     return TSDB_CODE_MND_OUT_OF_MEMORY;
   }
 
@@ -2308,6 +2329,9 @@ static int32_t mnodeSendDropChildTableMsg(SMnodeMsg *pMsg, bool needReturn) {
   mInfo("msg:%p, app:%p ctable:%s, send drop ctable msg, vgId:%d sid:%d uid:%" PRIu64, pMsg, pMsg->rpcMsg.ahandle,
         pDrop->tableFname, pTable->vgId, pTable->tid, pTable->uid);
 
+  monSaveAuditLog((pTable->info.type == TSDB_CHILD_TABLE) ? MON_DDL_CMD_DROP_CHILD_TABLE : MON_DDL_CMD_DROP_TABLE,
+                  mnodeGetUserFromMsg(pMsg), pTable->info.tableId, true);
+
   SRpcMsg rpcMsg = {
     .ahandle = pMsg,
     .pCont   = pDrop,
@@ -2327,6 +2351,8 @@ static int32_t mnodeDropChildTableCb(SMnodeMsg *pMsg, int32_t code) {
   if (code != TSDB_CODE_SUCCESS) {
     SCTableObj *pTable = (SCTableObj *)pMsg->pTable;
     mError("msg:%p, app:%p ctable:%s, failed to drop, sdb error", pMsg, pMsg->rpcMsg.ahandle, pTable->info.tableId);
+    monSaveAuditLog((pTable->info.type == TSDB_CHILD_TABLE) ? MON_DDL_CMD_DROP_CHILD_TABLE : MON_DDL_CMD_DROP_TABLE,
+                    mnodeGetUserFromMsg(pMsg), pTable->info.tableId, false);
     return code;
   }
 
@@ -2414,6 +2440,7 @@ static int32_t mnodeAddNormalTableColumn(SMnodeMsg *pMsg, SSchema schema[], int3
   SDbObj *pDb = pMsg->pDb;
   if (ncols <= 0) {
     mError("msg:%p, app:%p ctable:%s, add column, ncols:%d <= 0", pMsg, pMsg->rpcMsg.ahandle, pTable->info.tableId, ncols);
+    monSaveAuditLog(MON_DDL_CMD_ADD_COLUMN, mnodeGetUserFromMsg(pMsg), pTable->info.tableId, false);
     return TSDB_CODE_MND_APP_ERROR;
   }
 
@@ -2421,6 +2448,7 @@ static int32_t mnodeAddNormalTableColumn(SMnodeMsg *pMsg, SSchema schema[], int3
     if (mnodeFindNormalTableColumnIndex(pTable, schema[i].name) > 0) {
       mError("msg:%p, app:%p ctable:%s, add column, column:%s already exist", pMsg, pMsg->rpcMsg.ahandle,
              pTable->info.tableId, schema[i].name);
+      monSaveAuditLog(MON_DDL_CMD_ADD_COLUMN, mnodeGetUserFromMsg(pMsg), pTable->info.tableId, false);
       return TSDB_CODE_MND_FIELD_ALREAY_EXIST;
     }
   }
@@ -2445,6 +2473,7 @@ static int32_t mnodeAddNormalTableColumn(SMnodeMsg *pMsg, SSchema schema[], int3
   }
 
   mInfo("msg:%p, app:%p ctable %s, start to add column", pMsg, pMsg->rpcMsg.ahandle, pTable->info.tableId);
+  monSaveAuditLog(MON_DDL_CMD_ADD_COLUMN, mnodeGetUserFromMsg(pMsg), pTable->info.tableId, true);
 
   SSdbRow row = {
     .type   = SDB_OPER_GLOBAL,
@@ -2464,6 +2493,7 @@ static int32_t mnodeDropNormalTableColumn(SMnodeMsg *pMsg, char *colName) {
   if (col <= 0) {
     mError("msg:%p, app:%p ctable:%s, drop column, column:%s not exist", pMsg, pMsg->rpcMsg.ahandle,
            pTable->info.tableId, colName);
+    monSaveAuditLog(MON_DDL_CMD_DROP_COLUMN, mnodeGetUserFromMsg(pMsg), pTable->info.tableId, false);
     return TSDB_CODE_MND_FIELD_NOT_EXIST;
   }
 
@@ -2478,6 +2508,7 @@ static int32_t mnodeDropNormalTableColumn(SMnodeMsg *pMsg, char *colName) {
   }
 
   mInfo("msg:%p, app:%p ctable %s, start to drop column %s", pMsg, pMsg->rpcMsg.ahandle, pTable->info.tableId, colName);
+  monSaveAuditLog(MON_DDL_CMD_DROP_COLUMN, mnodeGetUserFromMsg(pMsg), pTable->info.tableId, true);
 
   SSdbRow row = {
     .type   = SDB_OPER_GLOBAL,
@@ -2498,6 +2529,7 @@ static int32_t mnodeChangeNormalTableColumn(SMnodeMsg *pMsg) {
   if (col < 0) {
     mError("msg:%p, app:%p ctable:%s, change column, name: %s", pMsg, pMsg->rpcMsg.ahandle,
            pTable->info.tableId, name);
+    monSaveAuditLog(MON_DDL_CMD_MODIFY_COLUMN, mnodeGetUserFromMsg(pMsg), pTable->info.tableId, false);
     return TSDB_CODE_MND_FIELD_NOT_EXIST;
   }
 
@@ -2508,6 +2540,7 @@ static int32_t mnodeChangeNormalTableColumn(SMnodeMsg *pMsg) {
 
   mInfo("msg:%p, app:%p ctable %s, start to modify column %s len to %d", pMsg, pMsg->rpcMsg.ahandle, pTable->info.tableId,
          name, schema->bytes);
+  monSaveAuditLog(MON_DDL_CMD_MODIFY_COLUMN, mnodeGetUserFromMsg(pMsg), pTable->info.tableId, true);
 
   SSdbRow row = {
     .type   = SDB_OPER_GLOBAL,

src/plugins/monitor/src/monMain.c

@@ -41,6 +41,9 @@
 #define DNODE_INFO_LEN      128
 #define QUERY_ID_LEN        24
 #define CHECK_INTERVAL      1000
+#define AUDIT_MAX_RETRIES   10
+#define MAX_DDL_TYPE_LEN    32
+#define MAX_DDL_OBJ_LEN     512
 
 #define SQL_STR_FMT "\"%s\""
 
@@ -161,6 +164,7 @@ typedef struct {
 } SMonStat;
 
 static void *monHttpStatusHashTable;
+static void *auditConn;
 
 static SMonConn tsMonitor = {0};
 static SMonStat tsMonStat = {{0}};
@@ -176,6 +180,7 @@ static void  monSaveGrantsInfo();
 static void  monSaveHttpReqInfo();
 static void  monGetSysStats();
 static void  *monThreadFunc(void *param);
+static void  *monAuditFunc(void *param);
 static void  monBuildMonitorSql(char *sql, int32_t cmd);
 static void  monInitHttpStatusHashTable();
 static void  monCleanupHttpStatusHashTable();
@@ -185,6 +190,13 @@ extern void    (*monStopSystemFp)();
 extern void    (*monExecuteSQLFp)(char *sql);
 extern char *  strptime(const char *buf, const char *fmt, struct tm *tm); //make the compilation pass
 
+#ifdef _STORAGE
+  char *keepValue = "30,30,30";
+#else
+  char *keepValue = "30";
+#endif
+
+
 int32_t monInitSystem() {
   if (tsMonitor.ep[0] == 0) {
     strcpy(tsMonitor.ep, tsLocalEp);
@@ -203,12 +215,20 @@ int32_t monInitSystem() {
   pthread_attr_setdetachstate(&thAttr, PTHREAD_CREATE_JOINABLE);
 
   if (pthread_create(&tsMonitor.thread, &thAttr, monThreadFunc, NULL)) {
-    monError("failed to create thread to for monitor module, reason:%s", strerror(errno));
+    monError("failed to create thread for monitor module, reason:%s", strerror(errno));
+    return -1;
+  }
+  monDebug("monitor thread is launched");
+
+  pthread_t auditThread;
+  pthread_attr_setdetachstate(&thAttr, PTHREAD_CREATE_DETACHED);
+  if (pthread_create(&auditThread, &thAttr, monAuditFunc, NULL)) {
+    monError("failed to create audit thread, reason:%s", strerror(errno));
     return -1;
   }
 
+  monDebug("audit thread is launched");
   pthread_attr_destroy(&thAttr);
-  monDebug("monitor thread is launched");
 
   monStartSystemFp = monStartSystem;
   monStopSystemFp = monStopSystem;
@@ -250,6 +270,70 @@ SMonHttpStatus *monGetHttpStatusHashTableEntry(int32_t code) {
   return (SMonHttpStatus*)taosHashGet(monHttpStatusHashTable, &code, sizeof(int32_t));
 }
 
+static void *monAuditFunc(void *param) {
+  if (!tsEnableAudit) {
+    return NULL;
+  }
+
+  monDebug("starting to initialize audit database...");
+  setThreadName("audit");
+  taosMsleep(1000);
+
+  int32_t try = 0;
+  for (; try < AUDIT_MAX_RETRIES; ++try) {
+    auditConn = taos_connect(NULL, "monitor", tsInternalPass, "", 0);
+    if (auditConn == NULL) {
+      monDebug("audit retry connect, tries: %d", try);
+      taosMsleep(1000);
+    } else {
+      monDebug("audit successfuly connect to database");
+      break;
+    }
+  }
+
+  if (try == AUDIT_MAX_RETRIES) {
+    monError("audit failed to connect to database, reason:%s", tstrerror(terrno));
+    return NULL;
+  }
+
+  // create database
+  char sql[512] = {0};
+  snprintf(sql, sizeof(sql),
+           "create database if not exists %s replica 1 days 10 keep %s cache %d "
+           "blocks %d precision 'us'",
+           tsAuditDbName, keepValue, TSDB_MIN_CACHE_BLOCK_SIZE, TSDB_MIN_TOTAL_BLOCKS);
+
+  void *res = taos_query(auditConn, sql);
+  int32_t code = taos_errno(res);
+  taos_free_result(res);
+
+  if (code != 0) {
+    monError("failed to create database: %s, sql:%s, reason:%s", tsAuditDbName, sql, tstrerror(code));
+    return NULL;
+  }
+
+  // create table
+  memset(sql, 0, sizeof(sql));
+  snprintf(sql, sizeof(sql),
+           "create table if not exists %s.ddl(ts timestamp"
+           ", user_name binary(%d), ip_addr binary(%d), type binary(%d)"
+           ", object binary(%d), result binary(10)"
+           ")",
+           tsAuditDbName, TSDB_USER_LEN, IP_LEN_STR,
+           MAX_DDL_TYPE_LEN, MAX_DDL_OBJ_LEN);
+
+  res = taos_query(auditConn, sql);
+  code = taos_errno(res);
+  taos_free_result(res);
+
+  if (code != 0) {
+    monError("failed to create table: ddl, exec sql:%s, reason:%s", sql, tstrerror(code));
+    return NULL;
+  }
+
+  return NULL;
+}
+
 static void *monThreadFunc(void *param) {
   monDebug("starting to initialize monitor module ...");
   setThreadName("monitor");
@@ -335,12 +419,6 @@ static void *monThreadFunc(void *param) {
 static void monBuildMonitorSql(char *sql, int32_t cmd) {
   memset(sql, 0, SQL_LENGTH);
 
-#ifdef _STORAGE
-  char *keepValue = "30,30,30";
-#else
-  char *keepValue = "30";
-#endif
-
   if (cmd == MON_CMD_CREATE_DB) {
     snprintf(sql, SQL_LENGTH,
              "create database if not exists %s replica %d days 10 keep %s cache %d "
@@ -494,6 +572,11 @@ void monCleanupSystem() {
     pthread_join(tsMonitor.thread, NULL);
   }
 
+  if (auditConn != NULL) {
+    taos_close(tsMonitor.conn);
+    auditConn = NULL;
+  }
+
   if (tsMonitor.conn != NULL) {
     taos_close(tsMonitor.conn);
     tsMonitor.conn = NULL;
@@ -1323,6 +1406,116 @@ static void monExecSqlCb(void *param, TAOS_RES *result, int32_t code) {
   taos_free_result(result);
 }
 
+static bool monConvDDLType2Str(int8_t type, char *buf, int32_t len) {
+  if (buf == NULL) {
+    return false;
+  }
+
+  switch (type) {
+    case MON_DDL_CMD_CREATE_DATABASE: {
+      strncpy(buf, "CREATE DATABASE", len);
+      break;
+    }
+    case MON_DDL_CMD_CREATE_TABLE: {
+      strncpy(buf, "CREATE TABLE", len);
+      break;
+    }
+    case MON_DDL_CMD_CREATE_CHILD_TABLE: {
+      strncpy(buf, "CREATE CHILD TABLE", len);
+      break;
+    }
+    case MON_DDL_CMD_CREATE_SUPER_TABLE: {
+      strncpy(buf, "CREATE SUPER TABLE", len);
+      break;
+    }
+    case MON_DDL_CMD_DROP_DATABASE: {
+      strncpy(buf, "DROP DATABASE", len);
+      break;
+    }
+    case MON_DDL_CMD_DROP_TABLE: {
+      strncpy(buf, "DROP TABLE", len);
+      break;
+    }
+    case MON_DDL_CMD_DROP_CHILD_TABLE: {
+      strncpy(buf, "DROP CHILD TABLE", len);
+      break;
+    }
+    case MON_DDL_CMD_DROP_SUPER_TABLE: {
+      strncpy(buf, "DROP SUPER TABLE", len);
+      break;
+    }
+    case MON_DDL_CMD_DROP_COLUMN: {
+      strncpy(buf, "DROP COLUMN", len);
+      break;
+    }
+    case MON_DDL_CMD_DROP_TAG: {
+      strncpy(buf, "DROP TAG", len);
+      break;
+    }
+    case MON_DDL_CMD_ALTER_DATABASE: {
+      strncpy(buf, "ALTER DATABASE", len);
+      break;
+    }
+    case MON_DDL_CMD_ADD_COLUMN: {
+      strncpy(buf, "ADD COLUMN", len);
+      break;
+    }
+    case MON_DDL_CMD_ADD_TAG: {
+      strncpy(buf, "ADD TAG", len);
+      break;
+    }
+    case MON_DDL_CMD_MODIFY_COLUMN: {
+      strncpy(buf, "MODIFY COLUMN/TAG LENGTH", len);
+      break;
+    }
+    case MON_DDL_CMD_CHANGE_TAG: {
+      strncpy(buf, "CHANGE TAG NAME", len);
+      break;
+    }
+    default: {
+      return false;
+    }
+  }
+  return true;
+}
+
+void monSaveAuditLog(int8_t type, const char *user, const char *obj, bool result) {
+  if (tsEnableAudit == 0) { //audit not enabled
+    return;
+  }
+
+  char sql[1024] = {0};
+  char typeStr[64] = {0};
+
+  if (!monConvDDLType2Str(type, typeStr, (int32_t)sizeof(typeStr))) {
+    monError("unknown DDL type: %d ", type);
+    return;
+  }
+
+  snprintf(sql, 1023,
+          "insert into %s.ddl values(now, "
+          SQL_STR_FMT", "SQL_STR_FMT", "
+          SQL_STR_FMT", "SQL_STR_FMT", "
+          SQL_STR_FMT")",
+          tsAuditDbName,
+          (user != NULL) ? user : "NULL",
+          tsLocalEp,
+          typeStr,
+          (obj != NULL) ? obj : "NULL",
+          result ? "success" : "fail");
+
+  monDebug("save ddl info, sql:%s", sql);
+  void *res = taos_query(auditConn, sql);
+  int32_t code = taos_errno(res);
+  taos_free_result(res);
+
+  if (code != 0) {
+    monError("failed to save audit ddl info, reason:%s, sql:%s", tstrerror(code), sql);
+  } else {
+    monDebug("successfully save audit ddl info, sql:%s", sql);
+  }
+}
+
 void monSaveAcctLog(SAcctMonitorObj *pMon) {
   if (tsMonitor.state != MON_STATE_INITED) return;
 
@@ -1399,6 +1592,7 @@ void monSaveDnodeLog(int32_t level, const char *const format, ...) {
   taos_query_a(tsMonitor.conn, sql, monExecSqlCb, "log");
 }
 
+
 void monExecuteSQL(char *sql) {
   if (tsMonitor.state != MON_STATE_INITED) return;
 

src/util/inc/tconfig.h

@@ -20,7 +20,7 @@
 extern "C" {
 #endif
 
-#define TSDB_CFG_MAX_NUM    140
+#define TSDB_CFG_MAX_NUM    141
 #define TSDB_CFG_PRINT_LEN  23
 #define TSDB_CFG_OPTION_LEN 24
 #define TSDB_CFG_VALUE_LEN  41

tests/pytest/util/dnodes.py

@@ -142,6 +142,7 @@ class TDDnode:
             "numOfMnodes": "3",
             "numOfThreadsPerCore": "2.0",
             "monitor": "0",
+            "audit": "0",
             "maxVnodeConnections": "30000",
             "maxMgmtConnections": "30000",
             "maxMeterConnections": "30000",

tests/script/sh/deploy.bat

@@ -85,6 +85,7 @@ echo wdebugFlag             135                >> %TAOS_CFG%
 echo cqdebugFlag            135                >> %TAOS_CFG%
 echo monitor                0                  >> %TAOS_CFG%
 echo monitorInterval        1                  >> %TAOS_CFG%
+echo audit                  0                  >> %TAOS_CFG%
 echo http                   0                  >> %TAOS_CFG%
 echo slaveQuery             0                  >> %TAOS_CFG%
 echo numOfThreadsPerCore    2.0                >> %TAOS_CFG%

tests/script/sh/deploy.sh

@@ -139,6 +139,7 @@ echo "wdebugFlag             143"                >> $TAOS_CFG
 echo "cqdebugFlag            143"                >> $TAOS_CFG
 echo "monitor                0"                  >> $TAOS_CFG
 echo "monitorInterval        1"                  >> $TAOS_CFG
+echo "audit                  0"                  >> $TAOS_CFG
 echo "http                   0"                  >> $TAOS_CFG
 echo "slaveQuery             0"                  >> $TAOS_CFG
 echo "numOfThreadsPerCore    2.0"                >> $TAOS_CFG

tests/system-test/0-others/audit.py

+###################################################################
+#           Copyright (c) 2016 by TAOS Technologies, Inc.
+#                     All rights reserved.
+#
+#  This file is proprietary and confidential to TAOS Technologies.
+#  No part of this file may be reproduced, stored, transmitted,
+#  disclosed or used in any form or by any means other than as
+#  expressly provided by the written permission from Jianhui Tao
+#
+###################################################################
+
+# -*- coding: utf-8 -*-
+
+import sys
+import taos
+import time
+import os
+from util.log import tdLog
+from util.cases import tdCases
+from util.sql import tdSql
+
+
+class TDTestCase:
+
+    updatecfgDict = {'audit': 1}
+
+    def caseDescription(self):
+        '''
+        TS-1887 Create Audit db for DDL storage
+        '''
+        return
+
+    def init(self, conn, logSql):
+        tdLog.debug("start to execute %s" % __file__)
+        tdSql.init(conn.cursor(), logSql)
+
+        now = time.time()
+        self.ts = int(round(now * 1000))
+
+    def run(self):
+
+        #tdSql.prepare()
+        time.sleep(3)
+
+        print("==============step1 test CREATE DDL")
+
+        # CREATE DATABASE
+        tdSql.execute("create database db")
+        tdSql.execute("use db")
+
+        tdSql.query("select last(*) from audit.ddl");
+        tdSql.checkData(0, 3, 'CREATE DATABASE')
+        tdSql.checkData(0, 4, '0.db')
+        tdSql.checkData(0, 5, 'success')
+
+        # CREATE NORMAL TABLE
+        tdSql.execute("create table tb (ts timestamp, c0 int)")
+
+        tdSql.query("select last(*) from audit.ddl");
+        tdSql.checkData(0, 3, 'CREATE TABLE')
+        tdSql.checkData(0, 4, '0.db.tb')
+        tdSql.checkData(0, 5, 'success')
+
+        # CREATE SUPER TABLE
+        tdSql.execute("create table stb (ts timestamp, c0 int) tags (t0 int)")
+
+        tdSql.query("select last(*) from audit.ddl");
+        tdSql.checkData(0, 3, 'CREATE SUPER TABLE')
+        tdSql.checkData(0, 4, '0.db.stb')
+        tdSql.checkData(0, 5, 'success')
+
+        # CREATE CHILD TABLE
+        tdSql.execute("create table ctb using stb tags (1)")
+
+        tdSql.query("select last(*) from audit.ddl");
+        tdSql.checkData(0, 3, 'CREATE CHILD TABLE')
+        tdSql.checkData(0, 4, '0.db.ctb')
+        tdSql.checkData(0, 5, 'success')
+
+        # CREATE CHILD TABLE(AUTO)
+        tdSql.execute("insert into ctb_auto using stb tags (2) values (now, 2)")
+
+        tdSql.query("select last(*) from audit.ddl");
+        tdSql.checkData(0, 3, 'CREATE CHILD TABLE')
+        tdSql.checkData(0, 4, '0.db.ctb_auto')
+        tdSql.checkData(0, 5, 'success')
+
+        print("==============step2 test ALTER DDL")
+
+        # ALTER ATABASE
+        tdSql.execute("alter database db keep 354")
+
+        tdSql.query("select last(*) from audit.ddl");
+        tdSql.checkData(0, 3, 'ALTER DATABASE')
+        tdSql.checkData(0, 4, '0.db')
+        tdSql.checkData(0, 5, 'success')
+
+        tdSql.execute("alter database db cachelast 1")
+
+        tdSql.query("select last(*) from audit.ddl");
+        tdSql.checkData(0, 3, 'ALTER DATABASE')
+        tdSql.checkData(0, 4, '0.db')
+        tdSql.checkData(0, 5, 'success')
+
+        # ADD COLUMN NORMAL TABLE
+        tdSql.execute("alter table tb add column c1 binary(4)")
+
+        tdSql.query("select last(*) from audit.ddl");
+        tdSql.checkData(0, 3, 'ADD COLUMN')
+        tdSql.checkData(0, 4, '0.db.tb')
+        tdSql.checkData(0, 5, 'success')
+
+        # MODIFY COLUMN NORMAL TABLE
+        tdSql.execute("alter table tb modify column c1 binary(10)")
+
+        tdSql.query("select last(*) from audit.ddl");
+        tdSql.checkData(0, 3, 'MODIFY COLUMN/TAG LENGTH')
+        tdSql.checkData(0, 4, '0.db.tb')
+        tdSql.checkData(0, 5, 'success')
+
+        # ADD COLUMN SUPER TABLE
+        tdSql.execute("alter table stb add column c1 binary(4)")
+
+        tdSql.query("select last(*) from audit.ddl");
+        tdSql.checkData(0, 3, 'ADD COLUMN')
+        tdSql.checkData(0, 4, '0.db.stb')
+        tdSql.checkData(0, 5, 'success')
+
+        # ADD TAG SUPER TABLE
+        tdSql.execute("alter table stb add tag t1 binary(4)")
+
+        tdSql.query("select last(*) from audit.ddl");
+        tdSql.checkData(0, 3, 'ADD TAG')
+        tdSql.checkData(0, 4, '0.db.stb')
+        tdSql.checkData(0, 5, 'success')
+
+        # MODIFY COLUMN SUPER TABLE
+        tdSql.execute("alter table stb modify column c1 binary(10)")
+
+        tdSql.query("select last(*) from audit.ddl");
+        tdSql.checkData(0, 3, 'MODIFY COLUMN/TAG LENGTH')
+        tdSql.checkData(0, 4, '0.db.stb')
+        tdSql.checkData(0, 5, 'success')
+
+        # MODIFY TAG SUPER TABLE
+        tdSql.execute("alter table stb modify tag t1 binary(10)")
+
+        tdSql.query("select last(*) from audit.ddl");
+        tdSql.checkData(0, 3, 'MODIFY COLUMN/TAG LENGTH')
+        tdSql.checkData(0, 4, '0.db.stb')
+        tdSql.checkData(0, 5, 'success')
+
+        # CHANGE TAG NAME SUPER TABLE
+        tdSql.execute("alter table stb change tag t1 t2")
+
+        tdSql.query("select last(*) from audit.ddl");
+        tdSql.checkData(0, 3, 'CHANGE TAG NAME')
+        tdSql.checkData(0, 4, '0.db.stb')
+        tdSql.checkData(0, 5, 'success')
+
+
+        print("==============step3 test DROP DDL")
+        # DROP COLUMN NORMAL TABLE
+        tdSql.execute("alter table tb drop column c1")
+
+        tdSql.query("select last(*) from audit.ddl");
+        tdSql.checkData(0, 3, 'DROP COLUMN')
+        tdSql.checkData(0, 4, '0.db.tb')
+        tdSql.checkData(0, 5, 'success')
+
+        # DROP COLUMN SUPER TABLE
+        tdSql.execute("alter table stb drop column c1")
+
+        tdSql.query("select last(*) from audit.ddl");
+        tdSql.checkData(0, 3, 'DROP COLUMN')
+        tdSql.checkData(0, 4, '0.db.stb')
+        tdSql.checkData(0, 5, 'success')
+
+        # DROP TAG SUPER TABLE
+        tdSql.execute("alter table stb drop tag t2")
+
+        tdSql.query("select last(*) from audit.ddl");
+        tdSql.checkData(0, 3, 'DROP TAG')
+        tdSql.checkData(0, 4, '0.db.stb')
+        tdSql.checkData(0, 5, 'success')
+
+        # DROP NORMAL TABLE
+        tdSql.execute("drop table tb")
+
+        tdSql.query("select last(*) from audit.ddl");
+        tdSql.checkData(0, 3, 'DROP TABLE')
+        tdSql.checkData(0, 4, '0.db.tb')
+        tdSql.checkData(0, 5, 'success')
+
+        # DROP CHILD TABLE
+        tdSql.execute("drop table ctb")
+
+        tdSql.query("select last(*) from audit.ddl");
+        tdSql.checkData(0, 3, 'DROP CHILD TABLE')
+        tdSql.checkData(0, 4, '0.db.ctb')
+        tdSql.checkData(0, 5, 'success')
+
+        # DROP SUPER TABLE
+        tdSql.execute("drop table stb")
+
+        tdSql.query("select last(*) from audit.ddl");
+        tdSql.checkData(0, 3, 'DROP SUPER TABLE')
+        tdSql.checkData(0, 4, '0.db.stb')
+        tdSql.checkData(0, 5, 'success')
+
+        # DROP DATABASE
+        tdSql.execute("drop database db")
+
+        tdSql.query("select last(*) from audit.ddl");
+        tdSql.checkData(0, 3, 'DROP DATABASE')
+        tdSql.checkData(0, 4, '0.db')
+        tdSql.checkData(0, 5, 'success')
+
+    def stop(self):
+        tdSql.close()
+        tdLog.success("%s successfully executed" % __file__)
+
+
+tdCases.addWindows(__file__, TDTestCase())
+tdCases.addLinux(__file__, TDTestCase())

tests/system-test/fulltest-others.sh

 python3 ./test.py -f 0-others/create_col_tag.py
+python3 ./test.py -f 0-others/audit.py