Community Articles
Find and share helpful community-sourced technical articles
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.
Contributor

Summary

Using Apache Solr as the indexing and search engine for Metron requires the Metron REST service to perform queries to multple collections. If the Ranger plugin is active there is currently a gotcha ( = Ranger Solr plugin bug). If you don't want to give the Metron user full access to all Solr collections here is a workaround.

The Problem

  • 2+ Solr collections that are being queried: metaalert, cef,.... (and other parser collections):
  • 1 user: metron
  • 1 Ranger policy: user: "metron", access type: "Read", "Write", collections: "metaalert", "cef"

Query of metaalert collection returns content of metaalert collection as expected and logs event successfully in Ranger audit.

curl -k --negotiate -u : "http://solr_url:solr_port/solr/metaalert/search?q=*"

Query of cef collection returns content of cef collection as expected and logs it successfully in Ranger audit.

curl -k --negotiate -u : "http://solr_url:solr_port/solr/cef/search?q=*"

Query of metaalert and cef will return a "403 Unauthorized request". This is what the Metron REST server does:

curl -k --negotiate -u : "http://solr_url:solr_port/solr/metaalert/select?q=*&collections=metaalert,cef"

In Ranger audit we now see 3 lines:
  • user: metron, resource: metaalert,cef, Result: Denied
  • user: metron, resource: metaalert, Result: Allowed
  • user: metron, resource: cef, Result: Allowed

Expectation would be that query is successfull!

Workaround(s)

  • One workaround would be to give metron access to all collections: "*" . We usually don't want that on clusters, that are being used by other use cases.
  • Another workaround would be to give metron access to "*metaalert*" collection.
695 Views
0 Kudos
Don't have an account?
Coming from Hortonworks? Activate your account here
Version history
Revision #:
1 of 1
Last update:
‎07-13-2018 08:10 AM
Updated by:
 
Contributors
Top Kudoed Authors