Description
This is result of a discussion on KNOX-1628. For secure clusters, in case of services like Ranger and Atlas new service definitions are needed just for trusted proxy support, this is problematic and prone to issues.
lmccay suggested having separate <policy> and <dispatch> elements in service.xml controlled by a secure flag (i.e secure= true|false) such that when Knox detects that the cluster is secure, secure policies and dispatches are picked up, else non-secure policies are picked up. This is similar to OR operator in rewrite.xml rules.
superceded-by is another flag that can be implemented that will allow us to redirect explicit use of one version to another specific version or "latest".
Attachments
Issue Links
- relates to
-
KNOX-1628 Provide new service definitions for Ranger and Atlas to support trusted proxy
- Closed