Madhan Neethiraj created RANGER-1329:
----------------------------------------
Summary: Upate Ranger plugin handling of service not-found error
Key: RANGER-1329
URL: https://issues.apache.org/jira/browse/RANGER-1329
Project: Ranger
Issue Type: Bug
Components: plugins
Reporter: Madhan Neethiraj
Ranger plugins download policies from Ranger Admin for a specific service (like
hivedev, hadoopdev, ..) as configured in plugin configuration files. Downloaded
policies are cached in-memory and this cache is used to determine authorization
of resource accesses. In addition, the plugins also save the downloaded polices
in a configured policy-cache location - which are used during component-restart
- if the plugin couldn't download policies from Ranger Admin.
If the service is deleted or renamed in Ranger Admin, the plugins will continue
to use the cached policies in memory; and on restart, the plugins will load and
use the policies saved in policy-cache. This may not be the desired or intended
behavior; the expectation would be that the plugins run with no policy to
determine authorization of resource-accesses. This would require the plugin to
clear its in-memory cache and also clear the saved policy-cache. Please note
that clearing of cached policies should be done only if the plugins can
determine that the configured service (like hivedev, hadoopdev, ..) doesn't
exist in Ranger Admin. On all other cases where the policy download fails (like
network issue, Ranger Admin not reachable, etc), the plugin should continue to
use the cached policies.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
