Uploaded image for project: 'Ranger'
  1. Ranger
  2. RANGER-561

Ranger YARN plugin should fallback to YARN ACL, instead of creating grants in Ranger

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 0.5.0
    • Fix Version/s: 0.5.0
    • Component/s: plugins
    • Labels:
      None

      Description

      Current implementation of Ranger YARN plugin creates Ranger policies for ACLs specified in YARN configuration files. When the resource manager is restarted with a different ACL configuration, the Ranger policies created for earlier YARN ACLs would still be evaluated and might allow accesses that are not currently configured in YARN ACL.

      To fix this issue, the plugin should keep YARN ACLs in memory, instead of creating Ranger policies for them, and evaluate them only when Ranger policies are unable to determine the authorization.

        Attachments

          Activity

            People

            • Assignee:
              madhan Madhan Neethiraj
              Reporter:
              madhan Madhan Neethiraj
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: