[ https://issues.apache.org/jira/browse/RANGER-2936?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17194298#comment-17194298 ]
Velmurugan Periasamy commented on RANGER-2936: ---------------------------------------------- Should this not be derived from the environment, instead of forcing in the client? > Support for policy download mode configuration on plugin > -------------------------------------------------------- > > Key: RANGER-2936 > URL: https://issues.apache.org/jira/browse/RANGER-2936 > Project: Ranger > Issue Type: Improvement > Components: plugins > Reporter: Jalpan Randeri > Priority: Minor > Labels: newbie, pull-request-available > Attachments: > 0001-RANGER-2936-Support-for-policy-download-mode-configu.patch, > 0001-RANGER-2936-Support-for-policy-download-mode-configu.patch.1.patch > > > h3. Description > Ranger Plugins uses RangerAdminRESTClient to download policies. Ranger Admin > server exposes two different endpoints for policy downloads > # Secure mode > # normal mode RangerAdminRESTClient select mode secure mode if Hadoop > cluster is running in Kerberos. > [https://github.com/apache/ranger/blob/master/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java#L129] > Since, Ranger admin server is capable of managing heterogeneous Hadoop > clusters. Ranger plugins are unable to communicate with Ranger admin server > under following scenario > * Ranger Plugin is running on Hadoop cluster protected by Kerberos > * Ranger Admin server is running in non-Kerberos mode > Above mentioned scenario, ranger plugins are observing following error > {quote} > {{2020-06-13 03:47:20 WARN RangerAdminRESTClient:176 - [] Error getting > policies. > secureMode=true, > user=hive (auth:KERBEROS), > response= > {"httpStatusCode":401,"statusCode":401,"msgDesc":"Authentication Failed"} > , > serviceName=hivedev}} > {quote} > h3. How to this patch mitigate issue? > This patch introduces boolean configuration > {{ranger.plugin.\{service}.policyDownload.secureMode}} in > RangerAdminRESTClient. > * true use secure mode to download policies > * false use simple mode to download policies > Plugin will read this configuration to determine policy download mode -- This message was sent by Atlassian Jira (v8.3.4#803005)