Uploaded image for project: 'Ranger'
  1. Ranger
  2. RANGER-1329

Update Ranger plugin handling of service-not-found error



    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 0.7.0
    • plugins
    • None


      Ranger plugins download policies from Ranger Admin for a specific service (like hivedev, hadoopdev, ..) as configured in plugin configuration files. Downloaded policies are cached in-memory and this cache is used to determine authorization of resource accesses. In addition, the plugins also save the downloaded polices in a configured policy-cache location - which are used during component-restart - if the plugin couldn't download policies from Ranger Admin.

      If the service is deleted or renamed in Ranger Admin, the plugins will continue to use the cached policies in memory; and on restart, the plugins will load and use the policies saved in policy-cache. This may not be the desired or intended behavior; the expectation would be that the plugins run with no policy to determine authorization of resource-accesses. This would require the plugin to clear its in-memory cache and also clear the saved policy-cache. Please note that clearing of cached policies should be done only if the plugins can determine that the configured service (like hivedev, hadoopdev, ..) doesn't exist in Ranger Admin. On all other cases where the policy download fails (like network issue, Ranger Admin not reachable, etc), the plugin should continue to use the cached policies.




            abhayk Abhay Kulkarni
            madhan Madhan Neethiraj
            0 Vote for this issue
            3 Start watching this issue