[jira] [Commented] (RANGER-3231) Ranger should use kafka Authorizer from KIP-504

Thu, 31 Mar 2022 06:23:05 -0700 


    [ 
https://issues.apache.org/jira/browse/RANGER-3231?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17515323#comment-17515323
 ] 

alain pellegrino commented on RANGER-3231:
------------------------------------------

I have compiled with the last update and done the installation.

I no longer have the error "Ranger Plugin returned null or empty. Returning 
Denied for all"

But I have this couple of new errors, seems to be raised when downloading the 
policies from ranger-admin :

 
{code:java}
2022-03-31 13:17:14,058 WARN [PolicyRefresher(serviceName=CLUSTER_kafka)-66] 
org.apache.ranger.plugin.util.ScriptEngineUtil (ScriptEngineUtil.java:62) - 
failed to initialize script engine 'JavaScript' in a default manner. Will try 
to get script-engine from plugin-class-loader
2022-03-31 13:17:14,058 ERROR [PolicyRefresher(serviceName=CLUSTER_kafka)-66] 
org.apache.ranger.plugin.util.ScriptEngineUtil (ScriptEngineUtil.java:73) - 
Cannot get script-engine from null pluginClassLoader
2022-03-31 13:17:14,059 ERROR [PolicyRefresher(serviceName=CLUSTER_kafka)-66] 
org.apache.ranger.plugin.conditionevaluator.RangerScriptConditionEvaluator 
(RangerScriptConditionEvaluator.java:77) - failed to initialize condition 
'accessed-after-expiry': script engine 'JavaScript' was not created{code}
But when testing authorization it's working fine.

Have you an idea ? Do you want debug logs ?

> Ranger should use kafka Authorizer from KIP-504
> -----------------------------------------------
>
>                 Key: RANGER-3231
>                 URL: https://issues.apache.org/jira/browse/RANGER-3231
>             Project: Ranger
>          Issue Type: Improvement
>          Components: plugins
>            Reporter: Ismael Juma
>            Assignee: Andras Katona
>            Priority: Major
>         Attachments: ranger_kafka.zip
>
>          Time Spent: 1h 40m
>  Remaining Estimate: 0h
>
> As described in the KIP, `org.apache.kafka.server.authorizer.Authorizer` is 
> an improvement over `kafka.security.auth.Authorizer` and it's a pure Java 
> interface (instead of Scala).
> `kafka.security.auth.Authorizer` has been deprecated since December 2019 and 
> it will be removed in Apache Kafka 3.0 (roughly planned for July/August).
> See the KIP for more details:
> https://cwiki.apache.org/confluence/display/KAFKA/KIP-504+-+Add+new+Java+Authorizer+Interface



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to