[jira] [Commented] (RANGER-3231) Ranger should use kafka Authorizer from KIP-504

[alain pellegrino (Jira)]

    [ 
https://issues.apache.org/jira/browse/RANGER-3231?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17511852#comment-17511852
 ] 

alain pellegrino commented on RANGER-3231:
------------------------------------------

Previous error seems to doesn't have an incidence of the installation.

 

So, I still have the same error in the log. Here is the entire log :

 
{code:java}
2022-03-24 13:02:43,635 ERROR [main] 
apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer 
(RangerKafkaAuthorizer.java:214) - Error getting principal.
java.lang.IllegalArgumentException: Could not find a 'KafkaServer' or 
'sasl_plaintext.KafkaServer' entry in the JAAS configuration. System property 
'java.security.auth.login.config' is /etc/kafka/kafka_client_jaas.conf
        at 
org.apache.kafka.common.security.JaasContext.defaultContext(JaasContext.java:131)
        at 
org.apache.kafka.common.security.JaasContext.load(JaasContext.java:96)
        at 
org.apache.kafka.common.security.JaasContext.loadServerContext(JaasContext.java:69)
        at 
org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer.configure(RangerKafkaAuthorizer.java:209)
        at 
org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer.configure(RangerKafkaAuthorizer.java:94)
        at kafka.server.KafkaServer.$anonfun$startup$11(KafkaServer.scala:371)
        at 
kafka.server.KafkaServer.$anonfun$startup$11$adapted(KafkaServer.scala:371)
        at scala.Option.foreach(Option.scala:437)
        at kafka.server.KafkaServer.startup(KafkaServer.scala:371)
        at kafka.Kafka$.main(Kafka.scala:109)
        at kafka.Kafka.main(Kafka.scala)
2022-03-24 13:02:43,713 ERROR [main] 
apache.ranger.authorization.hadoop.config.RangerConfiguration 
(RangerConfiguration.java:61) - 
addResourceIfReadable(ranger-kafka-policymgr-ssl.xml): couldn't find resource 
file location
2022-03-24 13:02:43,755 ERROR [main] 
apache.ranger.authorization.hadoop.config.RangerConfiguration 
(RangerConfiguration.java:61) - 
addResourceIfReadable(ranger-kafka-QVITENG01CFLT_kafka-audit.xml): couldn't 
find resource file location
2022-03-24 13:02:43,755 ERROR [main] 
apache.ranger.authorization.hadoop.config.RangerConfiguration 
(RangerConfiguration.java:61) - 
addResourceIfReadable(ranger-kafka-QVITENG01CFLT_kafka-security.xml): couldn't 
find resource file location
2022-03-24 13:02:43,756 ERROR [main] 
apache.ranger.authorization.hadoop.config.RangerConfiguration 
(RangerConfiguration.java:61) - 
addResourceIfReadable(ranger-kafka-QVITENG01CFLT_kafka-policymgr-ssl.xml): 
couldn't find resource file location
2022-03-24 13:02:45,285 WARN [main] 
org.apache.ranger.plugin.util.ScriptEngineUtil (ScriptEngineUtil.java:62) - 
failed to initialize script engine 'JavaScript' in a default manner. Will try 
to get script-engine from plugin-class-loader
2022-03-24 13:02:45,286 ERROR [main] 
org.apache.ranger.plugin.util.ScriptEngineUtil (ScriptEngineUtil.java:73) - 
Cannot get script-engine from null pluginClassLoader
2022-03-24 13:02:45,286 ERROR [main] 
org.apache.ranger.plugin.conditionevaluator.RangerScriptConditionEvaluator 
(RangerScriptConditionEvaluator.java:77) - failed to initialize condition 
'accessed-after-expiry': script engine 'JavaScript' was not created
2022-03-24 13:02:45,579 ERROR [data-plane-kafka-request-handler-4] 
apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer 
(RangerKafkaAuthorizer.java:167) - Ranger Plugin returned null or empty. 
Returning Denied for all{code}

> Ranger should use kafka Authorizer from KIP-504
> -----------------------------------------------
>
>                 Key: RANGER-3231
>                 URL: https://issues.apache.org/jira/browse/RANGER-3231
>             Project: Ranger
>          Issue Type: Improvement
>          Components: plugins
>            Reporter: Ismael Juma
>            Assignee: Andras Katona
>            Priority: Major
>          Time Spent: 1h 40m
>  Remaining Estimate: 0h
>
> As described in the KIP, `org.apache.kafka.server.authorizer.Authorizer` is 
> an improvement over `kafka.security.auth.Authorizer` and it's a pure Java 
> interface (instead of Scala).
> `kafka.security.auth.Authorizer` has been deprecated since December 2019 and 
> it will be removed in Apache Kafka 3.0 (roughly planned for July/August).
> See the KIP for more details:
> https://cwiki.apache.org/confluence/display/KAFKA/KIP-504+-+Add+new+Java+Authorizer+Interface



--
This message was sent by Atlassian Jira
(v8.20.1#820001)