subject:"\[jira\] \[Commented\] \(NIFI\-12765\) Nifi and nifi registry ranger audit is broken"

[jira] [Commented] (NIFI-12765) Nifi and nifi registry ranger audit is broken

2024-02-14 Thread ASF subversion and git services (Jira)



[ 
https://issues.apache.org/jira/browse/NIFI-12765?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17817560#comment-17817560
 ] 

ASF subversion and git services commented on NIFI-12765:


Commit 4d5f33804b4a0cc22e35cab8de5e2678271d7766 in nifi's branch 
refs/heads/main from David Handermann
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=4d5f33804b ]

NIFI-12765 Removed Apache Ranger modules
This closes #8389

- Removed nifi-ranger-bundle modules
- Removed nifi-registry-ranger modules

Signed-off-by: Joseph Witt 


> Nifi and nifi registry ranger audit is broken
> -
>
> Key: NIFI-12765
> URL: https://issues.apache.org/jira/browse/NIFI-12765
> Project: Apache NiFi
>  Issue Type: Bug
>Affects Versions: 2.0.0-M2, 2.0.0
>Reporter: Zoltán Kornél Török
>Assignee: Zoltán Kornél Török
>Priority: Major
>  Time Spent: 1h 20m
>  Remaining Estimate: 0h
>
> h3. Bug description
> Currently ranger plugins are not reporting audit events into ranger.
> h2. Investigation
> In the nifi log I found the following ("classic") NoClassDefFoundError:
> {code:java}
> ERROR org.apache.ranger.audit.destination.SolrAuditDestination: Can't connect 
> to Solr server. 
> ZooKeepers=cfm-oudjal-dd-master0.cfm-5pax.svbr-nqvp.int.cldr.work:2181/solr-infrajava.lang.NoClassDefFoundError:
>  org/eclipse/jetty/client/util/SPNEGOAuthentication
>   at 
> org.apache.ranger.audit.destination.SolrAuditDestination.connect(SolrAuditDestination.java:168)
>   at 
> org.apache.ranger.audit.destination.SolrAuditDestination.log(SolrAuditDestination.java:227)
>   at 
> org.apache.ranger.audit.queue.AuditBatchQueue.runLogAudit(AuditBatchQueue.java:309)
>   at 
> org.apache.ranger.audit.queue.AuditBatchQueue.run(AuditBatchQueue.java:215)
>   at java.base/java.lang.Thread.run(Thread.java:1583)
> Caused by: java.lang.ClassNotFoundException: 
> org.eclipse.jetty.client.util.SPNEGOAuthentication
>   at java.base/java.net.URLClassLoader.findClass(URLClassLoader.java:445)
>   at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:593)
>   at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:526)
>   ... 5 common frames omitted {code}
> As you can see ranger-audit depends on solr client which depends on jetty 
> client.
> The problem is that solr client class use 
> org.eclipse.jetty.client.util.SPNEGOAuthentication - 
> [https://github.infra.cloudera.com/CDH/solr/blob/solr9-master/solr/solrj/src/java/org/apache/solr/client/solrj/impl/Krb5HttpClientBuilder.java#L46]
> However in case jetty 12.x line, this class is moved to another package: 
> [https://github.com/jetty/jetty.project/commit/a1c5cefd0d5657df04e5364cca9315aa4e2a1aef]
>  
> So the problem exist, since jetty version upgraded to 12
> h2. Proposed solution
> Sadly there is no available solr client (or ranger client), which haven't had 
> this dependency. The only solution what I found (and propose in my pr) is to 
> override jetty version in case of ranger plugins to jetty line 11, where this 
> class is not moved. I tested it on my environment and the audit logging to 
> ranger worked well with that version.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (NIFI-12765) Nifi and nifi registry ranger audit is broken

2024-02-09 Thread Joe Witt (Jira)



[ 
https://issues.apache.org/jira/browse/NIFI-12765?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17816227#comment-17816227
 ] 

Joe Witt commented on NIFI-12765:
-

This JIRA seems strongly related to NIFI-12738 and should probably be combined.

The comments on that JIRA apply here as well 
https://issues.apache.org/jira/browse/NIFI-12738

Based on my recent reading it appears Ranger depends on Jetty 9 so it is 
actually surprising Jetty 10 or 11 works for it in any capacity but notably we 
clearly seem to have no such tests/validations for this and it is not being 
maintained in our apache nifi codebase. Also notably Jetty 9, 10, 11 are all 
end of life from a community support point of view.   My recommendations on the 
other JIRA apply here as well. 

> Nifi and nifi registry ranger audit is broken
> -
>
> Key: NIFI-12765
> URL: https://issues.apache.org/jira/browse/NIFI-12765
> Project: Apache NiFi
>  Issue Type: Bug
>Affects Versions: 2.0.0-M2, 2.0.0
>Reporter: Zoltán Kornél Török
>Assignee: Zoltán Kornél Török
>Priority: Major
>  Time Spent: 10m
>  Remaining Estimate: 0h
>
> h3. Bug description
> Currently ranger plugins are not reporting audit events into ranger.
> h2. Investigation
> In the nifi log I found the following ("classic") NoClassDefFoundError:
> {code:java}
> ERROR org.apache.ranger.audit.destination.SolrAuditDestination: Can't connect 
> to Solr server. 
> ZooKeepers=cfm-oudjal-dd-master0.cfm-5pax.svbr-nqvp.int.cldr.work:2181/solr-infrajava.lang.NoClassDefFoundError:
>  org/eclipse/jetty/client/util/SPNEGOAuthentication
>   at 
> org.apache.ranger.audit.destination.SolrAuditDestination.connect(SolrAuditDestination.java:168)
>   at 
> org.apache.ranger.audit.destination.SolrAuditDestination.log(SolrAuditDestination.java:227)
>   at 
> org.apache.ranger.audit.queue.AuditBatchQueue.runLogAudit(AuditBatchQueue.java:309)
>   at 
> org.apache.ranger.audit.queue.AuditBatchQueue.run(AuditBatchQueue.java:215)
>   at java.base/java.lang.Thread.run(Thread.java:1583)
> Caused by: java.lang.ClassNotFoundException: 
> org.eclipse.jetty.client.util.SPNEGOAuthentication
>   at java.base/java.net.URLClassLoader.findClass(URLClassLoader.java:445)
>   at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:593)
>   at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:526)
>   ... 5 common frames omitted {code}
> As you can see ranger-audit depends on solr client which depends on jetty 
> client.
> The problem is that solr client class use 
> org.eclipse.jetty.client.util.SPNEGOAuthentication - 
> [https://github.infra.cloudera.com/CDH/solr/blob/solr9-master/solr/solrj/src/java/org/apache/solr/client/solrj/impl/Krb5HttpClientBuilder.java#L46]
> However in case jetty 12.x line, this class is moved to another package: 
> [https://github.com/jetty/jetty.project/commit/a1c5cefd0d5657df04e5364cca9315aa4e2a1aef]
>  
> So the problem exist, since jetty version upgraded to 12
> h2. Proposed solution
> Sadly there is no available solr client (or ranger client), which haven't had 
> this dependency. The only solution what I found (and propose in my pr) is to 
> override jetty version in case of ranger plugins to jetty line 11, where this 
> class is not moved. I tested it on my environment and the audit logging to 
> ranger worked well with that version.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (NIFI-12765) Nifi and nifi registry ranger audit is broken

[jira] [Commented] (NIFI-12765) Nifi and nifi registry ranger audit is broken

2 matches

Site Navigation

Mail list logo

Footer information