Abhishek Shukla created RANGER-3282:
---------------------------------------
Summary: [Ranger Yarn Audits] No ranger audit are generated for
yarn-acl fallback if all ranger policies are disabled
Key: RANGER-3282
URL: https://issues.apache.org/jira/browse/RANGER-3282
Project: Ranger
Issue Type: Bug
Components: audit, plugins, Ranger
Affects Versions: 2.2.0
Reporter: Abhishek Shukla
*Issue Description:*
- Observed that if all the ranger yarn policies are disabled in a CDP
environment, and we try to submit any yarn application which is allowed via
*yarn-acl*.
- There is no ranger audit generated for this.
[Looks like we should have at least one ranger yarn policy matching the
resource or yarn queue for audit to be generated]
*Expectation:*
- I think for *yarn-acl* fallback we should always generate audit entry
irrespective of ranger yarn policy presence.
*Steps to repro the issue:*
* Disable all yarn ranger policies.
* Submit yarn app in default queue [by default yarn acl allow everyone to
submit the app in default queue]
*
{code:java}
/opt/cloudera/parcels/CDH/bin/hadoop jar
/opt/cloudera/parcels/CDH/lib/hadoop-mapreduce/hadoop-mapreduce-examples.jar pi
-Dmapred.job.queue.name=default 2 2{code}
* Observe ranger audits for the above operation.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
