ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Abhishek Shukla (Jira)" <j...@apache.org>
Subject [jira] [Created] (RANGER-3282) [Ranger Yarn Audits] No ranger audit are generated for yarn-acl fallback if all ranger policies are disabled
Date Tue, 11 May 2021 07:30:00 GMT
Abhishek Shukla created RANGER-3282:
---------------------------------------

             Summary: [Ranger Yarn Audits] No ranger audit are generated for yarn-acl fallback
if all ranger policies are disabled
                 Key: RANGER-3282
                 URL: https://issues.apache.org/jira/browse/RANGER-3282
             Project: Ranger
          Issue Type: Bug
          Components: audit, plugins, Ranger
    Affects Versions: 2.2.0
            Reporter: Abhishek Shukla


*Issue Description:*
 - Observed that if all the ranger yarn policies are disabled in a CDP environment, and we
try to submit any yarn application which is allowed via *yarn-acl*.

 - There is no ranger audit generated for this.

[Looks like we should have at least one ranger yarn policy matching the resource or yarn queue
for audit to be generated]

 

*Expectation:*
 - I think for *yarn-acl* fallback we should always generate audit entry irrespective of
ranger yarn policy presence.

 

*Steps to repro the issue:*
 * Disable all yarn ranger policies.
 * Submit yarn app in default queue [by default yarn acl allow everyone to submit the app
in default queue]
 * 
{code:java}
/opt/cloudera/parcels/CDH/bin/hadoop jar /opt/cloudera/parcels/CDH/lib/hadoop-mapreduce/hadoop-mapreduce-examples.jar
pi -Dmapred.job.queue.name=default 2 2{code}

 * Observe ranger audits for the above operation.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message