[jira] [Commented] (RANGER-2936) Support for policy download mode configuration on plugin

Fri, 11 Sep 2020 07:42:10 -0700 


    [ 
https://issues.apache.org/jira/browse/RANGER-2936?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17194298#comment-17194298
 ] 

Velmurugan Periasamy commented on RANGER-2936:
----------------------------------------------

Should this not be derived from the environment, instead of forcing in the 
client? 

> Support for policy download mode configuration on plugin
> --------------------------------------------------------
>
>                 Key: RANGER-2936
>                 URL: https://issues.apache.org/jira/browse/RANGER-2936
>             Project: Ranger
>          Issue Type: Improvement
>          Components: plugins
>            Reporter: Jalpan Randeri
>            Priority: Minor
>              Labels: newbie, pull-request-available
>         Attachments: 
> 0001-RANGER-2936-Support-for-policy-download-mode-configu.patch, 
> 0001-RANGER-2936-Support-for-policy-download-mode-configu.patch.1.patch
>
>
> h3. Description
> Ranger Plugins uses RangerAdminRESTClient to download policies. Ranger Admin 
> server exposes two different endpoints for policy downloads
>  # Secure mode
>  # normal mode RangerAdminRESTClient select mode secure mode if Hadoop 
> cluster is running in Kerberos. 
> [https://github.com/apache/ranger/blob/master/agents-common/src/main/java/org/apache/ranger/admin/client/RangerAdminRESTClient.java#L129]
> Since, Ranger admin server is capable of managing heterogeneous Hadoop 
> clusters. Ranger plugins are unable to communicate with Ranger admin server 
> under following scenario
>  * Ranger Plugin is running on Hadoop cluster protected by Kerberos
>  * Ranger Admin server is running in non-Kerberos mode
> Above mentioned scenario, ranger plugins are observing following error
> {quote} 
>  {{2020-06-13 03:47:20 WARN RangerAdminRESTClient:176 - [] Error getting 
> policies.
>  secureMode=true,
>  user=hive (auth:KERBEROS),
>  response=
> {"httpStatusCode":401,"statusCode":401,"msgDesc":"Authentication Failed"}
> ,
>  serviceName=hivedev}}
> {quote}
> h3. How to this patch mitigate issue?
> This patch introduces boolean configuration 
> {{ranger.plugin.\{service}.policyDownload.secureMode}} in 
> RangerAdminRESTClient.
>  * true use secure mode to download policies
>  * false use simple mode to download policies
> Plugin will read this configuration to determine policy download mode



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to