Uploaded image for project: 'Ranger'
  1. Ranger
  2. RANGER-499

Ranger-KMS policy creation fail's with User 'keyadmin' does not have delegated-admin privilege on given resources when installed manually

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 0.5.0
    • Fix Version/s: 0.5.0
    • Component/s: admin
    • Labels:
      None

      Description

      Ranger-KMS policy creation fail's with User 'keyadmin' does not have delegated-admin privilege on given resources when installed manually or did via yum install.
      Also install.properties have read only permission even for root. This has to be consistent with other plugin

      2015-05-18 20:32:26,729 [http-bio-6080-exec-2] INFO apache.ranger.services.kms.client.KMSClient (KMSClient.java:116) - getKeyList():response.getStatus()= 403 for URL http://ranger01.example.com:9292/kms/v1/keys/names?user.name=admin, so returning null list
      2015-05-18 20:32:34,370 [http-bio-6080-exec-4] INFO org.apache.ranger.common.RESTErrorUtil (RESTErrorUtil.java:323) - Request failed. SessionId=125, loginId=keyadmin, logMessage=User 'keyadmin' does not have delegated-admin privilege on given resources
      javax.ws.rs.WebApplicationException
      at org.apache.ranger.common.RESTErrorUtil.createRESTException(RESTErrorUtil.java:313)
      at org.apache.ranger.rest.ServiceREST.ensureAdminAccess(ServiceREST.java:1442)
      at org.apache.ranger.rest.ServiceREST.createPolicy(ServiceREST.java:864)
      at org.apache.ranger.rest.ServiceREST$$FastClassByCGLIB$$92dab672.invoke(<generated>)
      at net.sf.cglib.proxy.MethodProxy.invoke(MethodProxy.java:191)
      at org.springframework.aop.framework.Cglib2AopProxy$CglibMethodInvocation.invokeJoinpoint(Cglib2AopProxy.java:689)
      at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
      at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:110)
      at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
      at org.springframework.aop.framework.Cglib2AopProxy$DynamicAdvisedInterceptor.intercept(Cglib2AopProxy.java:622)
      at org.apache.ranger.rest.ServiceREST$$EnhancerByCGLIB$$65fdb8df.createPolicy(<generated>)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:606)
      at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:168)
      at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:70)
      at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:279)
      at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:136)
      at com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:86)
      at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:136)
      at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:74)
      at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1357)
      at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1289)
      at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1239)
      at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1229)
      at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:420)
      at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:497)
      at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:684)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
      at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applicatio

        Attachments

          Activity

            People

            • Assignee:
              gautamborad Gautam Borad
              Reporter:
              rmani Ramesh Mani
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: