ranger-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rajat Goel <rajat.g...@guavus.com>
Subject Ranger Plugin downloading policies with empty resource{}
Date Thu, 17 Jan 2019 03:20:49 GMT
Hi,

I have a Kerberised HDP (2.6.5) setup and I am using CDAP which is integrated with Ranger
for policy management. When I login to CDAP UI, I don’t see any resources on UI even though
Ranger policies are defined for allowing access to my user. My CDAP ranger plugin is emitting
authorization failed for all requests.

On debugging the issue a bit, I found that the Ranger’s policy cache json file for CDAP
created on local file system has resources{}section empty for all my CDAP policies. Though
rest of the properties in policycache json file such as accesses{}, users{} is present. CDAP
has logs has messages like:

2019-01-16 19:06:25,421 INFO  [leader-election-election-master.services] util.PolicyRefresher:
PolicyRefresher(serviceName=platacc003-reflex-platform_cdap): found updated version. lastKnownVersion=-1;
newVersion=80
2019-01-16 19:06:25,501 WARN  [leader-election-election-master.services] policyresourcematcher.RangerDefaultPolicyResourceMatcher:
RangerDefaultPolicyResourceMatcher.init() failed:  policyResources is null or empty, or serviceDef
is null. (serviceDef=cdap, policyResourceKeys=, validHierarchy=)
2019-01-16 19:06:25,514 WARN  [leader-election-election-master.services] policyresourcematcher.RangerDefaultPolicyResourceMatcher:
RangerDefaultPolicyResourceMatcher.init() failed:  policyResources is null or empty, or serviceDef
is null. (serviceDef=cdap, policyResourceKeys=, validHierarchy=)
2019-01-16 19:06:25,514 WARN  [leader-election-election-master.services] policyresourcematcher.RangerDefaultPolicyResourceMatcher:
RangerDefaultPolicyResourceMatcher.init() failed:  policyResources is null or empty, or serviceDef
is null. (serviceDef=cdap, policyResourceKeys=, validHierarchy=)
2019-01-16 19:06:25,514 WARN  [leader-election-election-master.services] policyresourcematcher.RangerDefaultPolicyResourceMatcher:
RangerDefaultPolicyResourceMatcher.init() failed:  policyResources is null or empty, or serviceDef
is null. (serviceDef=cdap, policyResourceKeys=, validHierarchy=)
2019-01-16 19:06:25,515 WARN  [leader-election-election-master.services] policyresourcematcher.RangerDefaultPolicyResourceMatcher:
RangerDefaultPolicyResourceMatcher.init() failed:  policyResources is null or empty, or serviceDef
is null. (serviceDef=cdap, policyResourceKeys=, validHierarchy=)

I checked Ranger Admin access.log file and saw that Ranger REST request from CDAP to download
policies was successful with 200 response code. If I manually run the same REST request using
curl with admin credentials it works fine and emits json with valid resource{} section.

Can someone please help here in this regard?

Thanks & Regards,
Rajat

Mime
View raw message