Uploaded image for project: 'Ranger'
  1. Ranger
  2. RANGER-426

Ranger KMS policy not matching the right resource name

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 0.5.0
    • Fix Version/s: 0.5.0
    • Component/s: None
    • Labels:
      None

      Description

      Steps to reproduce :

      1. Create a ranger kms policy with keyname as test*
      2. Provide create_key permission to the testuser
      3. Execute hadoop key create command as the testuser (with a keyname test1)

      Expected result: Key should be created
      Actual result: Key is not created, failing with error message user does not have permission.

      Issue seems to be caused by resource_name is calculated wrongly and apparently "kms" comes as the resource name for all requests. Verified this via audit page.

        Attachments

        1. RANGER-426.patch
          16 kB
          Gautam Borad

          Issue Links

            Activity

              People

              • Assignee:
                gautamborad Gautam Borad
                Reporter:
                gautamborad Gautam Borad
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: