ranger-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ramesh Mani <rm...@hortonworks.com>
Subject Re: No topic information attached in case of create in kafka audit log
Date Tue, 22 Jan 2019 22:41:43 GMT 
Hi Margus,

In Ranger 1.1.0 with Kafka 1.1.1, Create TOPIC was not authorized as there
is no hook in Kafka provided for that. It was done via Kafka ACLs.

Kafka 2.0 release has the CREATE TOPIC authorization hooks and Ranger is
authorizing it in Ranger 2.0 release.

Please refer this 
https://cwiki.apache.org/confluence/display/KAFKA/KIP-11+-+Authorization+In
terface#KIP-11-AuthorizationInterface-AclManagement(CLI)

Thanks,
Ramesh

On 1/21/19, 10:54 PM, "margus@roo.ee" <margus@roo.ee> wrote:

>Hi
>
>I am not sure is it more Ranger or Kafka plugin issue, but I'll try
>here.
>
>I am using Ranger 1.1.0 and Kafka 1.1.1 packaged into HDF 3.2
>
>Using Ranger and browsing kafka audit log I can see in example
>action:describe and  resource:[some topic name]
>
>But in case action is create, then there is not topic attached.
>Even browsing SOLR there is no topics attached.
>
>In example in case of describe:
>   {
>         "id":"78622377-0894-4945-8c46-47ff66bf9e1a-8999585",
>         "access":"describe",
>         "enforcer":"ranger-acl",
>         "repo":"devel_kafka",
>         "reqUser":"app",
>         "reqData":"Topic1",
>         "resource":"Topic1",
>         "cliIP":"10.92.12.22",
>         "logType":"RangerAudit",
>         "result":1,
>         "policy":3,
>         "repoType":9,
>         "resType":"topic",
>         "action":"describe",
>         "evtTime":"2019-01-07T11:08:03.924Z",
>         "seq_num":17805502,
>         "event_count":1,
>         "event_dur_ms":1,
>         "cluster":"dataplatform_devel",
>         "_ttl_":"+90DAYS",
>         "_expire_at_":"2019-04-07T11:08:06.695Z",
>         "_version_":1621999523405496320}
>
>In case of create:
>{
>         "id":"e67a9b55-44eb-4882-8f2e-4d443e0be80e-127764",
>         "access":"create",
>         "enforcer":"ranger-acl",
>         "repo":"devel_kafka",
>         "reqUser":"app",
>         "reqData":"kafka-cluster",
>         "cliIP":"172.14.255.2",
>         "logType":"RangerAudit",
>         "result":1,
>         "policy":3,
>         "repoType":9,
>         "action":"create",
>         "evtTime":"2019-01-08T15:17:54.134Z",
>         "seq_num":253822,
>         "event_count":2,
>         "event_dur_ms":351,
>         "cluster":"dataplatform_devel",
>         "_ttl_":"+90DAYS",
>         "_expire_at_":"2019-04-08T15:17:57.294Z",
>         "_version_":1622105839160524811}
>
>
>Is it normal?
>
>Br,
>Margus
>
Mime
View raw message