Sorabh Hamirwasia created DRILL-5664:
----------------------------------------
Summary: Enable security for Drill HiveStoragePlugin based on a
config parameter
Key: DRILL-5664
URL: https://issues.apache.org/jira/browse/DRILL-5664
Project: Apache Drill
Issue Type: Improvement
Affects Versions: 1.11.0
Reporter: Sorabh Hamirwasia
Assignee: Sorabh Hamirwasia
For enabling security on DrillClient to Drillbit and Drillbit to Drillbit
channel we have a configuration. But this doesn't ensure that Storage Plugin
channel is also configured with security turned on. For example: When security
is enabled on Drill side then HiveStoragePlugin which Drill uses doesn't open
secure channel to HiveMetastore by default unless someone manually change the
HiveStoragePluginConfig.
With this JIRA we are introducing a new config option
_security.storage_plugin.enabled: false_ based on which Drill can update the
StoragePlugin config's to enable/disable security. When this config is set to
true/false then for now Drill will update the HiveStoragePlugin config to set
the value of _hive.metastore.sasl.enabled_ as true/false. So that when Drill
connects to Metastore it does so in secured way. But if an user tries to update
the config later which is opposite of what the Drill config says then we will
log a warning before updating.
Later the same login can be extended for all the other storage plugin's as well
to do respective setting change based on the configuration on Drill side.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
