[
https://issues.apache.org/jira/browse/RANGER-3282?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Abhishek Shukla resolved RANGER-3282.
-------------------------------------
Resolution: Information Provided
> [Ranger Yarn Audits] No ranger audit are generated for yarn-acl fallback if
> all ranger policies are disabled
> ------------------------------------------------------------------------------------------------------------
>
> Key: RANGER-3282
> URL: https://issues.apache.org/jira/browse/RANGER-3282
> Project: Ranger
> Issue Type: Bug
> Components: audit, plugins, Ranger
> Affects Versions: 2.2.0
> Reporter: Abhishek Shukla
> Priority: Major
>
> *Issue Description:*
> - Observed that if all the ranger yarn policies are disabled in a CDP
> environment, and we try to submit any yarn application which is allowed via
> *yarn-acl*.
> - There is no ranger audit generated for this.
> [Looks like we should have at least one ranger yarn policy matching the
> resource or yarn queue for audit to be generated]
>
> *Expectation:*
> - I think for *yarn-acl* fallback we should always generate audit entry
> irrespective of ranger yarn policy presence.
>
> *Steps to repro the issue:*
> * Disable all yarn ranger policies.
> * Submit yarn app in default queue [by default yarn acl allow everyone to
> submit the app in default queue]
> *
> {code:java}
> /opt/cloudera/parcels/CDH/bin/hadoop jar
> /opt/cloudera/parcels/CDH/lib/hadoop-mapreduce/hadoop-mapreduce-examples.jar
> pi -Dmapred.job.queue.name=default 2 2{code}
> * Observe ranger audits for the above operation.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
