[
https://issues.apache.org/jira/browse/RANGER-4400?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Fateh Singh reopened RANGER-4400:
---------------------------------
The current implementation is causing ConcurrentModificationException which
needs to be fixed:
{code:java}
java.util.ConcurrentModificationException: null
at java.util.ArrayList$Itr.checkForComodification(ArrayList.java:1043)
~[?:?]
at java.util.ArrayList$Itr.next(ArrayList.java:997) ~[?:?]
at
org.apache.ranger.plugin.audit.RangerDefaultAuditHandler.logAuthzAudits(RangerDefaultAuditHandler.java:237)
~[?:?]
at
org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuditHandler.flushAudit(RangerKafkaAuditHandler.java:127)
~[?:?]
at
org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer.callRangerPlugin(RangerKafkaAuthorizer.java:307)
~[ranger-kafka-plugin-shim-2.3.0.7.1.8.3-440.jar:2.3.0.7.1.8.3-440]
at
org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer.wrappedAuthorization(RangerKafkaAuthorizer.java:290)
~[ranger-kafka-plugin-shim-2.3.0.7.1.8.3-440.jar:2.3.0.7.1.8.3-440]
at
org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer.authorize(RangerKafkaAuthorizer.java:248)
~[ranger-kafka-plugin-shim-2.3.0.7.1.8.3-440.jar:2.3.0.7.1.8.3-440]
at
org.apache.ranger.authorization.kafka.authorizer.RangerKafkaAuthorizer.authorize(RangerKafkaAuthorizer.java:137)
~[ranger-kafka-plugin-shim-2.3.0.7.1.8.3-440.jar:2.3.0.7.1.8.3-440]
at kafka.server.AuthHelper.$anonfun$authorize$1(AuthHelper.scala:49)
~[kafka_2.13-3.1.1.7.1.8.3-440.jar:?]
at
kafka.server.AuthHelper.$anonfun$authorize$1$adapted(AuthHelper.scala:46)
~[kafka_2.13-3.1.1.7.1.8.3-440.jar:?]
at scala.Option.forall(Option.scala:420) ~[scala-library-2.13.10.jar:?]
at kafka.server.AuthHelper.authorize(AuthHelper.scala:46)
~[kafka_2.13-3.1.1.7.1.8.3-440.jar:?]
at kafka.server.KafkaApis.handleFetchRequest(KafkaApis.scala:721)
[kafka_2.13-3.1.1.7.1.8.3-440.jar:?]
at kafka.server.KafkaApis.handle(KafkaApis.scala:175)
[kafka_2.13-3.1.1.7.1.8.3-440.jar:?]
at kafka.server.KafkaRequestHandler.run(KafkaRequestHandler.scala:80)
[kafka_2.13-3.1.1.7.1.8.3-440.jar:?]
at java.lang.Thread.run(Thread.java:834) [?:?] {code}
> RangerKafkaAuditHandler broken and multiple authorizations audited
> -------------------------------------------------------------------
>
> Key: RANGER-4400
> URL: https://issues.apache.org/jira/browse/RANGER-4400
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Reporter: Fateh Singh
> Assignee: Fateh Singh
> Priority: Major
> Time Spent: 20m
> Remaining Estimate: 0h
>
> RANGER-2222 https://issues.apache.org/jira/browse/RANGER-2222 added support
> for cluster as new resource.
> RangerKafkaAuditHandler overrides the base implementation of
> RangerDefaultAuditHandler and this implementation overrides the default
> processResult(RangerAccessResult result) method wherein check is applied to
> decide if audit is needed or not ( If Cluster Resource Level Topic Creation
> is not Allowed we don't audit.Subsequent call from Kafka for Topic Creation
> at Topic resource Level will be audited)
> After RANGER-3231, the method processResults(Collection<RangerAccessResult>
> results) is called instead of processResult(RangerAccessResult result).
> Since RangerKafkaAuditHandler does not have
> processResults(Collection<RangerAccessResult> results) i.e. kafka specific
> way to process results, it falls back on the default
> RangerDefaultAuditHandler and all authorizations are audited.
> Bug fix required: processResults(Collection<RangerAccessResult> results) will
> have to be implemented for RangerKafkaAuditHandler to add checks to determine
> if auditing is required or not.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
