drill-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DRILL-5664) Enable security for Drill HiveStoragePlugin based on a config parameter
Date Tue, 11 Jul 2017 17:41:00 GMT

    [ https://issues.apache.org/jira/browse/DRILL-5664?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16082615#comment-16082615
] 

ASF GitHub Bot commented on DRILL-5664:
---------------------------------------

Github user sohami commented on the issue:

    https://github.com/apache/drill/pull/870
  
    @ppadma - 
    1) For the ease of use. Once the security is being configured for Drill then it's better
if all the config changes are done in single place (which is drill-override.conf) and then
make sure that all communications are secure. With this option user doesn't have to explicitly
go and edit the Storage Plugin configuration to enable security.
    2) It will take care of enabling/disabling security both for active and inactive plugins.
    3) This can be extended for handling security of all the storage plugin. Hence this config
can be a single place to enable/disable security for all the plugins in one go rather than
doing it manually for each and every plugin one by one.


> Enable security for Drill HiveStoragePlugin based on a config parameter
> -----------------------------------------------------------------------
>
>                 Key: DRILL-5664
>                 URL: https://issues.apache.org/jira/browse/DRILL-5664
>             Project: Apache Drill
>          Issue Type: Improvement
>    Affects Versions: 1.11.0
>            Reporter: Sorabh Hamirwasia
>            Assignee: Sorabh Hamirwasia
>
> For enabling security on DrillClient to Drillbit and Drillbit to Drillbit channel we
have a configuration. But this doesn't ensure that Storage Plugin channel is also configured
with security turned on. For example: When security is enabled on Drill side then HiveStoragePlugin
which Drill uses doesn't open secure channel to HiveMetastore by default unless someone manually
change the HiveStoragePluginConfig. 
> With this JIRA we are introducing a new config option 
> _security.storage_plugin.enabled: false_ based on which Drill can update the StoragePlugin
config's to enable/disable security. When this config is set to true/false then for now Drill
will update the HiveStoragePlugin config to set the value of _hive.metastore.sasl.enabled_
as true/false. So that when Drill connects to Metastore it does so in secured way. But if
an user tries to update the config later which is opposite of what the Drill config says then
we will log a warning before updating. 
> Later the same login can be extended for all the other storage plugin's as well to do
respective setting change based on the configuration on Drill side.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message