This is an automated email from the ASF dual-hosted git repository.
dzamo pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/drill-site.git
The following commit(s) were added to refs/heads/asf-site by this push:
new 57c76a3 Fix broken links under securing-drill/
57c76a3 is described below
commit 57c76a325db5a3f3b51c567bc6a6faaa7f83b425
Author: James Turton <[email protected]>
AuthorDate: Tue Mar 30 16:27:15 2021 +0200
Fix broken links under securing-drill/
---
data/index.html | 6 +
.../index.html | 197 ++-------------------
docs/secure-communication-paths/index.html | 6 +-
feed.xml | 4 +-
4 files changed, 23 insertions(+), 190 deletions(-)
diff --git a/data/index.html b/data/index.html
index d9d5326..b28cdaf 100644
--- a/data/index.html
+++ b/data/index.html
@@ -276,6 +276,12 @@
"relative_path":
"_docs/configure-drill/securing-drill/060-configuring-user-impersonation-with-hive-authorization.md"
},
{
+ "url": "/docs/configuring-user-security/",
+ "title": "Configuring User Security",
+ "parent": "Securing Drill",
+ "relative_path":
"_docs/configure-drill/securing-drill/070-configuring-user-security.md"
+},
+{
"url": "/docs/configuring-plain-security/",
"title": "Configuring Plain Security",
"parent": "Securing Drill",
diff --git a/docs/secure-communication-paths/index.html
b/docs/configuring-user-security/index.html
similarity index 88%
copy from docs/secure-communication-paths/index.html
copy to docs/configuring-user-security/index.html
index 7014e89..28ae07a 100644
--- a/docs/secure-communication-paths/index.html
+++ b/docs/configuring-user-security/index.html
@@ -7,7 +7,7 @@
<meta name=viewport content="width=device-width, initial-scale=1">
-<title>Secure Communication Paths - Apache Drill</title>
+<title>Configuring User Security - Apache Drill</title>
<link
href="//maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css"
rel="stylesheet" type="text/css"/>
<link href='//fonts.googleapis.com/css?family=PT+Sans' rel='stylesheet'
type='text/css'/>
@@ -338,8 +338,8 @@
- <li class="toctree-l1 current_section "><a href="javascript:
void(0);">Configure Drill</a></li>
- <ul class="current_section">
+ <li class="toctree-l1"><a href="javascript: void(0);">Configure
Drill</a></li>
+ <ul style="display: none">
<li class="toctree-l2"><a class="reference internal"
href="/docs/configure-drill-introduction/">Configure Drill Introduction</a></li>
@@ -351,11 +351,11 @@
<li class="toctree-l2"><a href="javascript: void(0);">Securing
Drill</a></li>
- <ul style="">
+ <ul style="display: none">
<li class="toctree-l3"><a class="reference internal"
href="/docs/securing-drill-introduction/">Securing Drill Introduction</a></li>
- <li class="toctree-l3 current"><a class="reference internal"
href="/docs/secure-communication-paths/">Secure Communication Paths</a></li>
+ <li class="toctree-l3"><a class="reference internal"
href="/docs/secure-communication-paths/">Secure Communication Paths</a></li>
<li class="toctree-l3"><a class="reference internal"
href="/docs/roles-and-privileges/">Roles and Privileges</a></li>
@@ -1364,22 +1364,18 @@
<li><a href="/docs/">Docs</a></li>
- <li><a href="/docs/configure-drill/">Configure Drill</a></li>
-
- <li><a href="/docs/securing-drill/">Securing Drill</a></li>
-
- <li>Secure Communication Paths</li>
+ <li>Configuring User Security</li>
</nav>
<div class="main-content-wrapper">
<div class="main-content">
- <a class="edit-link"
href="https://github.com/apache/drill/blob/gh-pages/_docs/configure-drill/securing-drill/020-secure-communication-paths.md";
target="_blank"><i class="fa fa-pencil-square-o"></i></a>
+ <a class="edit-link"
href="https://github.com/apache/drill/blob/gh-pages/_docs/configure-drill/securing-drill/070-configuring-user-security.md";
target="_blank"><i class="fa fa-pencil-square-o"></i></a>
<div class="int_title left">
- <h1>Secure Communication Paths</h1>
+ <h1>Configuring User Security</h1>
</div>
@@ -1389,183 +1385,14 @@
<div class="int_text" align="left">
- <p>As illustrated in the following figure, Drill features five secure
communication paths. Drill 1.11 introduces encryption between a Drill client
and Drillbit.</p>
-
-<ol>
- <li><a href="/docs/secure-communication-paths/#web-client-to-drillbit">Web
Client to Drillbit</a></li>
- <li>
- <table>
- <tbody>
- <tr>
- <td>[Java and C++ Client to
Drillbit](/docs/secure-communication-paths/#java-and-c+</td>
- <td>-client-to-drillbit)</td>
- </tr>
- </tbody>
- </table>
- </li>
- <li><a
href="/docs/secure-communication-paths/#drill-client-and-drillbit-to-zookeeper">Java
Client and Drillbit to ZooKeeper</a></li>
- <li><a
href="/docs/secure-communication-paths/#drillbit-to-hive-storage-plugin">Drillbit
to Hive Storage Plugin</a></li>
-</ol>
-
-<p><img src="/images/docs/secure-communication-paths.png" alt="secure comm
paths" /></p>
-
-<hr />
-<p><strong>Note</strong></p>
-
-<p>Drillbit-to-drillbit encryption is not available yet.</p>
-
-<h2 id="web-client-to-drillbit">Web Client to Drillbit</h2>
-
-<p>The Web UI and REST API clients are web clients. Web clients can:</p>
-
-<ul>
- <li>Submit and monitor queries</li>
- <li>Configure storage plugins</li>
-</ul>
-
-<hr />
-<p><strong>Note</strong></p>
-
-<p>Impersonation and authorization are available through the web clients only
when authentication is enabled. Otherwise, the user identity is unknown.</p>
-
-<hr />
-
-<table>
- <thead>
- <tr>
- <th>Security Capability</th>
- <th>Description</th>
- <th>Reference</th>
- </tr>
- </thead>
- <tbody>
- <tr>
- <td>Authentication</td>
- <td>Users authenticate to a drillbit using a username and password form
authenticator. By default, authentication is disabled.</td>
- <td><a
href="/docs/configuring-web-console-and-rest-api-security">Configuring Web UI
and REST API Security</a></td>
- </tr>
- <tr>
- <td>Encryption</td>
- <td>Drill usese SSL for HTTPS access to the Web UI.</td>
- <td><a
href="/docs/configuring-web-console-and-rest-api-security">Configuring Web UI
and REST API Security</a></td>
- </tr>
- <tr>
- <td>Impersonation</td>
- <td>Drill acts on behalf of the user on the session. This is usually the
connection user (or the user that authenticates). This user can impersonate
another user, which is allowed if the connection user is authorized to
impersonate the target user based on the inbound impersonation policies (USER
role). By default, impersonation is disabled.</td>
- <td><a
href="/docs/configuring-user-impersonation/#impersonation-and-views">Configuring
User Impersonation</a> and <a
href="/docs/configuring-inbound-impersonation">Configuring Inbound
Impersonation</a></td>
- </tr>
- <tr>
- <td>Authorization</td>
- <td>Queries execute on behalf of the web user. Users and administrators
have different navigation bars. Various tabs are shown based on privileges. For
example, only administrators can see the Storage tab and
create/read/update/delete storage plugin configuration.</td>
- <td><a
href="/docs/configuring-web-console-and-rest-api-security">Configuring Web UI
and REST API Security</a></td>
- </tr>
- </tbody>
-</table>
-
-<h2 id="java-and-c-client-to-drillbit">Java and C++ Client to Drillbit</h2>
-
-<p>Java (native or JDBC) and C++ (native or ODBC) clients submit queries to
Drill. BI tools use the ODBC or JDBC API.</p>
-
-<table>
- <thead>
- <tr>
- <th>Security Capability</th>
- <th>Description</th>
- <th>Reference</th>
- </tr>
- </thead>
- <tbody>
- <tr>
- <td>Authentication</td>
- <td>Users authenticate to a drillbit using Kerberos, Plain (username and
password through PAM), and Custom authenticator (username and password). By
default, user authentication is disabled.</td>
- <td><a href="/docs/configuring-user-security">Configuring User
Security</a></td>
- </tr>
- <tr>
- <td>Encryption</td>
- <td>Drill 1.11 supports encryption between a Drill client and a Drillbit
with the Kerberos mechanism over a Java SASL framework. Encrypting the
client-to-drillbit communication path ensures data integrity and privacy and
prevents data tampering and snooping. If encryption is enabled on a drillbit,
it will not allow a client without encryption capabilities to connect. By
default, encryption is disabled.</td>
- <td><a href="/docs/configuring-kerberos-security">Configuring Kerberos
Security</a></td>
- </tr>
- <tr>
- <td>Impersonation</td>
- <td>Drill acts on behalf of the user on the session. This is usually the
connection user (or the user that authenticates). This user can impersonate
another user. This is allowed if the connection user is authorized to
impersonate the target user based on the inbound impersonation policies (USER
role). By default, impersonation is disabled.</td>
- <td><a href="/docs/configuring-user-impersonation">Configuring User
Impersonation</a> and <a
href="/docs/configuring-inbound-impersonation">Configuring Inbound
Impersonation</a></td>
- </tr>
- <tr>
- <td>Authorization</td>
- <td>A user can execute queries on data that he/she has access to. Each
storage plugin manages the read/write permissions. Users can create views on
top of data to provide granular access to that data. The user sets read
permissions to appropriate users and/or groups. System-level options can only
be changed by administrators (USER role). By default, only the process user is
an administrator. This is available if authentication is enabled.</td>
- <td><a href="/docs/configuring-user-impersonation">Configuring User
Impersonation</a></td>
- </tr>
- </tbody>
-</table>
-
-<h2 id="drill-client-and-drillbit-to-zookeeper">Drill Client and Drillbit to
ZooKeeper</h2>
-
-<p>Drill clients and drillbits communicate with ZooKeeper to obtain the list
of active drillbits. Drillbits store system-level options and running query
profiles.</p>
-
-<table>
- <thead>
- <tr>
- <th>Security Capability</th>
- <th>Description</th>
- <th>Reference</th>
- </tr>
- </thead>
- <tbody>
- <tr>
- <td>Authentication</td>
- <td>Not fully supported.</td>
- <td><a href="/docs/configuring-user-security">Configuring User
Security</a></td>
- </tr>
- <tr>
- <td>Authorization</td>
- <td>Drill does not set ACLs on ZooKeeper nodes (znode).</td>
- <td> </td>
- </tr>
- <tr>
- <td>Encryption</td>
- <td>Not fully supported.</td>
- <td><a
href="https://cwiki.apache.org/confluence/display/ZOOKEEPER/ZooKeeper+SSL+User+Guide";
title="ZooKeeper SSL User Guide">ZooKeeper SSL User Guide</a></td>
- </tr>
- </tbody>
-</table>
-
-<h2 id="drillbit-to-hive-storage-plugin">Drillbit to Hive Storage Plugin</h2>
-
-<p>The planner accesses the Hive Metastore for metadata. During execution,
query fragments scan data from Hive using the Hive storage plugin.</p>
-
-<table>
- <thead>
- <tr>
- <th>Security Capability</th>
- <th>Description</th>
- <th>Reference</th>
- </tr>
- </thead>
- <tbody>
- <tr>
- <td>Authentication</td>
- <td>Drillbit is a client to the Hive Metastore. Authentication options
include Kerberos and DIGEST. By default, authentication is disabled.</td>
- <td>Kerberos (if Hive impersonation is disabled and Kerberos principal
is mentioned) and DIGEST (the only supported mechanism when Hive
impersonation is enabled and SASL is enabled).</td>
- </tr>
- <tr>
- <td>Impersonation</td>
- <td>While accessing Hive Metastore, Hive impersonation setting in the
storage plugin configuration overrides Drill’s impersonation setting. While
scanning data in Hive, Drill impersonation is applied.</td>
- <td><a href="/docs/configuring-user-impersonation">Configuring User
Impersonation</a></td>
- </tr>
- <tr>
- <td>Authorization</td>
- <td>Drill supports SQL standard-based authorization and storage-based
authorization.</td>
- <td><a
href="/docs/configuring-user-impersonation-with-hive-authorization">Configuring
User Impersonation with Hive Authorization</a></td>
- </tr>
- </tbody>
-</table>
-
-
+ <ul>
+
+ </ul>
<div class="doc-nav">
- <span class="previous-toc"><a href="/docs/securing-drill-introduction/">←
Securing Drill Introduction</a></span><span class="next-toc"><a
href="/docs/roles-and-privileges/">Roles and Privileges →</a></span>
+ <span class="previous-toc"><a href="">← </a></span><span class="next-toc"><a
href=""> →</a></span>
</div>
diff --git a/docs/secure-communication-paths/index.html
b/docs/secure-communication-paths/index.html
index 7014e89..c792948 100644
--- a/docs/secure-communication-paths/index.html
+++ b/docs/secure-communication-paths/index.html
@@ -1442,12 +1442,12 @@
<tr>
<td>Authentication</td>
<td>Users authenticate to a drillbit using a username and password form
authenticator. By default, authentication is disabled.</td>
- <td><a
href="/docs/configuring-web-console-and-rest-api-security">Configuring Web UI
and REST API Security</a></td>
+ <td><a href="/docs/configuring-web-ui-and-rest-api-security">Configuring
Web UI and REST API Security</a></td>
</tr>
<tr>
<td>Encryption</td>
<td>Drill usese SSL for HTTPS access to the Web UI.</td>
- <td><a
href="/docs/configuring-web-console-and-rest-api-security">Configuring Web UI
and REST API Security</a></td>
+ <td><a href="/docs/configuring-web-ui-and-rest-api-security">Configuring
Web UI and REST API Security</a></td>
</tr>
<tr>
<td>Impersonation</td>
@@ -1457,7 +1457,7 @@
<tr>
<td>Authorization</td>
<td>Queries execute on behalf of the web user. Users and administrators
have different navigation bars. Various tabs are shown based on privileges. For
example, only administrators can see the Storage tab and
create/read/update/delete storage plugin configuration.</td>
- <td><a
href="/docs/configuring-web-console-and-rest-api-security">Configuring Web UI
and REST API Security</a></td>
+ <td><a href="/docs/configuring-web-ui-and-rest-api-security">Configuring
Web UI and REST API Security</a></td>
</tr>
</tbody>
</table>
diff --git a/feed.xml b/feed.xml
index 39ea75c..ecce24c 100644
--- a/feed.xml
+++ b/feed.xml
@@ -6,8 +6,8 @@
</description>
<link>/</link>
<atom:link href="/feed.xml" rel="self" type="application/rss+xml"/>
- <pubDate>Tue, 30 Mar 2021 16:06:59 +0200</pubDate>
- <lastBuildDate>Tue, 30 Mar 2021 16:06:59 +0200</lastBuildDate>
+ <pubDate>Tue, 30 Mar 2021 16:23:54 +0200</pubDate>
+ <lastBuildDate>Tue, 30 Mar 2021 16:23:54 +0200</lastBuildDate>
<generator>Jekyll v3.9.0</generator>
<item>
