ranger-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Margusja <mar...@roo.ee>
Subject Re: No topic information attached in case of create in kafka audit log
Date Wed, 23 Jan 2019 04:49:23 GMT
Thank you for a answer.


Br,
Margus Roo

> On 23 Jan 2019, at 00:41, Ramesh Mani <rmani@hortonworks.com> wrote:
> 
> Hi Margus,
> 
> In Ranger 1.1.0 with Kafka 1.1.1, Create TOPIC was not authorized as there
> is no hook in Kafka provided for that. It was done via Kafka ACLs.
> 
> Kafka 2.0 release has the CREATE TOPIC authorization hooks and Ranger is
> authorizing it in Ranger 2.0 release.
> 
> Please refer this 
> https://cwiki.apache.org/confluence/display/KAFKA/KIP-11+-+Authorization+In
> terface#KIP-11-AuthorizationInterface-AclManagement(CLI)
> 
> Thanks,
> Ramesh
> 
> On 1/21/19, 10:54 PM, "margus@roo.ee" <margus@roo.ee> wrote:
> 
>> Hi
>> 
>> I am not sure is it more Ranger or Kafka plugin issue, but I'll try
>> here.
>> 
>> I am using Ranger 1.1.0 and Kafka 1.1.1 packaged into HDF 3.2
>> 
>> Using Ranger and browsing kafka audit log I can see in example
>> action:describe and  resource:[some topic name]
>> 
>> But in case action is create, then there is not topic attached.
>> Even browsing SOLR there is no topics attached.
>> 
>> In example in case of describe:
>>  {
>>        "id":"78622377-0894-4945-8c46-47ff66bf9e1a-8999585",
>>        "access":"describe",
>>        "enforcer":"ranger-acl",
>>        "repo":"devel_kafka",
>>        "reqUser":"app",
>>        "reqData":"Topic1",
>>        "resource":"Topic1",
>>        "cliIP":"10.92.12.22",
>>        "logType":"RangerAudit",
>>        "result":1,
>>        "policy":3,
>>        "repoType":9,
>>        "resType":"topic",
>>        "action":"describe",
>>        "evtTime":"2019-01-07T11:08:03.924Z",
>>        "seq_num":17805502,
>>        "event_count":1,
>>        "event_dur_ms":1,
>>        "cluster":"dataplatform_devel",
>>        "_ttl_":"+90DAYS",
>>        "_expire_at_":"2019-04-07T11:08:06.695Z",
>>        "_version_":1621999523405496320}
>> 
>> In case of create:
>> {
>>        "id":"e67a9b55-44eb-4882-8f2e-4d443e0be80e-127764",
>>        "access":"create",
>>        "enforcer":"ranger-acl",
>>        "repo":"devel_kafka",
>>        "reqUser":"app",
>>        "reqData":"kafka-cluster",
>>        "cliIP":"172.14.255.2",
>>        "logType":"RangerAudit",
>>        "result":1,
>>        "policy":3,
>>        "repoType":9,
>>        "action":"create",
>>        "evtTime":"2019-01-08T15:17:54.134Z",
>>        "seq_num":253822,
>>        "event_count":2,
>>        "event_dur_ms":351,
>>        "cluster":"dataplatform_devel",
>>        "_ttl_":"+90DAYS",
>>        "_expire_at_":"2019-04-08T15:17:57.294Z",
>>        "_version_":1622105839160524811}
>> 
>> 
>> Is it normal?
>> 
>> Br,
>> Margus
>> 
> 


Mime
View raw message