drill-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sorabh Hamirwasia (JIRA)" <j...@apache.org>
Subject [jira] [Created] (DRILL-5664) Enable security for Drill HiveStoragePlugin based on a config parameter
Date Fri, 07 Jul 2017 01:12:00 GMT
Sorabh Hamirwasia created DRILL-5664:

             Summary: Enable security for Drill HiveStoragePlugin based on a config parameter
                 Key: DRILL-5664
                 URL: https://issues.apache.org/jira/browse/DRILL-5664
             Project: Apache Drill
          Issue Type: Improvement
    Affects Versions: 1.11.0
            Reporter: Sorabh Hamirwasia
            Assignee: Sorabh Hamirwasia

For enabling security on DrillClient to Drillbit and Drillbit to Drillbit channel we have
a configuration. But this doesn't ensure that Storage Plugin channel is also configured with
security turned on. For example: When security is enabled on Drill side then HiveStoragePlugin
which Drill uses doesn't open secure channel to HiveMetastore by default unless someone manually
change the HiveStoragePluginConfig. 

With this JIRA we are introducing a new config option 
_security.storage_plugin.enabled: false_ based on which Drill can update the StoragePlugin
config's to enable/disable security. When this config is set to true/false then for now Drill
will update the HiveStoragePlugin config to set the value of _hive.metastore.sasl.enabled_
as true/false. So that when Drill connects to Metastore it does so in secured way. But if
an user tries to update the config later which is opposite of what the Drill config says then
we will log a warning before updating. 
Later the same login can be extended for all the other storage plugin's as well to do respective
setting change based on the configuration on Drill side.

This message was sent by Atlassian JIRA

View raw message