You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by "alain pellegrino (Jira)" <ji...@apache.org> on 2022/04/21 14:29:00 UTC
[jira] [Comment Edited] (RANGER-3231) Ranger should use kafka Authorizer from KIP-504
[ https://issues.apache.org/jira/browse/RANGER-3231?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17525716#comment-17525716 ]
alain pellegrino edited comment on RANGER-3231 at 4/21/22 2:28 PM:
-------------------------------------------------------------------
[~akatona] I got this error with one of our tooling since we upgrade from ranger 2.2 to ranger 3.0 with your modification, but I don't know if it's due to your modifications :
{code:java}
java.util.concurrent.ExecutionException: org.apache.kafka.common.errors.UnknownServerException: (getting) acls is not supported by Ranger for Kafka{code}
{code:java}
ERROR [KafkaApi-2] Unexpected error handling request RequestHeader(apiKey=DESCRIBE_ACLS, apiVersion=1, clientId=adminclient-2, correlationId=506) -- DescribeAclsRequestData(resourceTypeFilter=2, resourceNameFilter='XXXXXXXX', patternTypeFilter=1, principalFilter=null, hostFilter=null, operation=1, permissionType=1) with context RequestContext(header=RequestHeader(apiKey=DESCRIBE_ACLS, apiVersion=1, clientId=adminclient-2, correlationId=506), connectionId='11.11.11.11:6668-11.11.11.22:49450-0', clientAddress=/11.11.11.22, principal=User:kafka, listenerName=ListenerName(SASL_PLAINTEXT), securityProtocol=SASL_PLAINTEXT, clientInformation=ClientInformation(softwareName=apache-kafka-java, softwareVersion=2.4.0), fromPrivilegedListener=false, principalSerde=Optional[org.apache.kafka.common.security.authenticator.DefaultKafkaPrincipalBuilder@5a850dfb]) (kafka.server.KafkaApis)
java.lang.UnsupportedOperationException: (getting) acls is not supported by Ranger for Kafka
at org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer.acls(RangerKafkaAuthorizer.java:334)
at org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer.acls(RangerKafkaAuthorizer.java:185)
at kafka.server.AclApis.handleDescribeAcls(AclApis.scala:70)
at kafka.server.KafkaApis.handleDescribeAcls(KafkaApis.scala:2521)
at kafka.server.KafkaApis.handle(KafkaApis.scala:198)
at kafka.server.KafkaRequestHandler.run(KafkaRequestHandler.scala:75)
at java.base/java.lang.Thread.run(Thread.java:829){code}
Thansk for your help
was (Author: alain.pellegrino@alithya.com):
[~akatona] I got this error with one of our tooling since we upgrade from ranger 2.2 to ranger 3.0 with your modification, but I don't know if it's due to your modifications :
{code:java}
java.util.concurrent.ExecutionException: org.apache.kafka.common.errors.UnknownServerException: (getting) acls is not supported by Ranger for Kafka{code}
Thansk for your help
> Ranger should use kafka Authorizer from KIP-504
> -----------------------------------------------
>
> Key: RANGER-3231
> URL: https://issues.apache.org/jira/browse/RANGER-3231
> Project: Ranger
> Issue Type: Improvement
> Components: plugins
> Reporter: Ismael Juma
> Assignee: Andras Katona
> Priority: Major
> Fix For: 3.0.0
>
> Attachments: ranger_kafka.zip
>
> Time Spent: 2h
> Remaining Estimate: 0h
>
> As described in the KIP, `org.apache.kafka.server.authorizer.Authorizer` is an improvement over `kafka.security.auth.Authorizer` and it's a pure Java interface (instead of Scala).
> `kafka.security.auth.Authorizer` has been deprecated since December 2019 and it will be removed in Apache Kafka 3.0 (roughly planned for July/August).
> See the KIP for more details:
> https://cwiki.apache.org/confluence/display/KAFKA/KIP-504+-+Add+new+Java+Authorizer+Interface
--
This message was sent by Atlassian Jira
(v8.20.7#820007)