[jira] [Commented] (DRILL-5664) Enable security for Drill HiveStoragePlugin based on a config parameter

Thu, 06 Jul 2017 18:27:19 -0700 

    [ 
https://issues.apache.org/jira/browse/DRILL-5664?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16077452#comment-16077452
 ] 

ASF GitHub Bot commented on DRILL-5664:
---------------------------------------

GitHub user sohami opened a pull request:

    https://github.com/apache/drill/pull/870

    DRILL-5664: Enable security for Drill HiveStoragePlugin based on a co…

    …nfig parameter
    
             Change to enable/disable HiveStoragePlugin security configuration 
based on Drill's "security.storage_plugin.enabled" configuration. This will 
help to open secure channel between Drill's HiveClient and HiveMetastore

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/sohami/drill DRILL-5664

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/drill/pull/870.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #870
    
----
commit 52618f7d319b9b9314a25e3bad872453be19d04d
Author: Sorabh Hamirwasia <[email protected]>
Date:   2017-06-21T01:26:06Z

    DRILL-5664: Enable security for Drill HiveStoragePlugin based on a config 
parameter
             Change to enable/disable HiveStoragePlugin security configuration 
based on Drill's "security.storage_plugin.enabled" configuration. This will 
help to open secure channel between Drill's HiveClient and HiveMetastore

----


> Enable security for Drill HiveStoragePlugin based on a config parameter
> -----------------------------------------------------------------------
>
>                 Key: DRILL-5664
>                 URL: https://issues.apache.org/jira/browse/DRILL-5664
>             Project: Apache Drill
>          Issue Type: Improvement
>    Affects Versions: 1.11.0
>            Reporter: Sorabh Hamirwasia
>            Assignee: Sorabh Hamirwasia
>
> For enabling security on DrillClient to Drillbit and Drillbit to Drillbit 
> channel we have a configuration. But this doesn't ensure that Storage Plugin 
> channel is also configured with security turned on. For example: When 
> security is enabled on Drill side then HiveStoragePlugin which Drill uses 
> doesn't open secure channel to HiveMetastore by default unless someone 
> manually change the HiveStoragePluginConfig. 
> With this JIRA we are introducing a new config option 
> _security.storage_plugin.enabled: false_ based on which Drill can update the 
> StoragePlugin config's to enable/disable security. When this config is set to 
> true/false then for now Drill will update the HiveStoragePlugin config to set 
> the value of _hive.metastore.sasl.enabled_ as true/false. So that when Drill 
> connects to Metastore it does so in secured way. But if an user tries to 
> update the config later which is opposite of what the Drill config says then 
> we will log a warning before updating. 
> Later the same login can be extended for all the other storage plugin's as 
> well to do respective setting change based on the configuration on Drill side.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to