Vikas Kumar created RANGER-5530:
-----------------------------------
Summary: [KMS]: dev_kms TestConnection from keyAdmin UI is failing
after Kerberos implementation
Key: RANGER-5530
URL: https://issues.apache.org/jira/browse/RANGER-5530
Project: Ranger
Issue Type: Bug
Components: kms, Ranger
Reporter: Vikas Kumar
*Issue:* TestConnection for "dev_kms" from keyAdmin UI is failing due to
Kerberos authentication.
*Exception in Admin log:*
{code:java}
2026-03-26 15:38:52,982 [timed-executor-pool-0] INFO [KMSClient.java:223] Init
Lookup Login: security enabled, using rangerPrincipal/rangerKeytab
2026-03-26 15:38:52,986 [timed-executor-pool-0] INFO [KMSClient.java:278]
getKeyList():response.getStatus()= 401 for URL
http://ranger-kms.rangernw:9292/kms/v1/keys/names?doAs=rangeradmin, so
returning null list
2026-03-26 15:38:52,987 [timed-executor-pool-0] ERROR [KMSResourceMgr.java:44]
<== KMSResourceMgr.validateConfig Error:
org.apache.ranger.plugin.client.HadoopException: <!doctype html><html
lang="en"><head><title>HTTP Status 401 – Unauthorized</title><style
type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b
{color:white;background-color:#525D76;} h1 {font-size:22px;} h2
{font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;}
.line
{height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP
Status 401 – Unauthorized</h1></body></html>
2026-03-26 15:38:52,987 [timed-executor-pool-0] ERROR
[RangerServiceKMS.java:67] <== RangerServiceKMS.validateConfig
Error:org.apache.ranger.plugin.client.HadoopException: <!doctype html><html
lang="en"><head><title>HTTP Status 401 – Unauthorized</title><style
type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b
{color:white;background-color:#525D76;} h1 {font-size:22px;} h2
{font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;}
.line
{height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP
Status 401 – Unauthorized</h1></body></html>
2026-03-26 15:38:52,987 [timed-executor-pool-0] ERROR [ServiceMgr.java:664]
TimedCallable.call: Error:org.apache.ranger.plugin.client.HadoopException:
<!doctype html><html lang="en"><head><title>HTTP Status 401 –
Unauthorized</title><style type="text/css">body
{font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b
{color:white;background-color:#525D76;} h1 {font-size:22px;} h2
{font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;}
.line
{height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP
Status 401 – Unauthorized</h1></body></html>
2026-03-26 15:38:52,987 [http-nio-6080-exec-1] ERROR [ServiceMgr.java:237] ==>
ServiceMgr.validateConfig
Error:org.apache.ranger.plugin.client.HadoopException:
org.apache.ranger.plugin.client.HadoopException: <!doctype html><html
lang="en"><head><title>HTTP Status 401 – Unauthorized</title><style
type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b
{color:white;background-color:#525D76;} h1 {font-size:22px;} h2
{font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;}
.line
{height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP
Status 401 – Unauthorized</h1></body></html>
2026-03-26 15:39:02,343 [http-nio-6080-exec-4] INFO [RESTErrorUtil.java:62]
Request failed. loginId=rangerkms, logMessage=Logged in user is not allowed to
read service, name: dev_kms
javax.ws.rs.WebApplicationException: null
at
org.apache.ranger.common.RESTErrorUtil.createRESTException(RESTErrorUtil.java:53)
at
org.apache.ranger.common.RESTErrorUtil.createRESTException(RESTErrorUtil.java:316)
at
org.apache.ranger.biz.ServiceDBStore.getServiceByName(ServiceDBStore.java:1368)
at
org.apache.ranger.rest.RoleREST.getSecureRangerRolesIfUpdated(RoleREST.java:1097)
at
org.apache.ranger.rest.RoleREST$$FastClassBySpringCGLIB$$d1176b81.invoke(<generated>)
at {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
