[
https://issues.apache.org/jira/browse/DRILL-5664?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16083289#comment-16083289
]
ASF GitHub Bot commented on DRILL-5664:
---------------------------------------
Github user paul-rogers commented on a diff in the pull request:
https://github.com/apache/drill/pull/870#discussion_r126839511
--- Diff:
contrib/storage-hive/core/src/main/java/org/apache/drill/exec/store/hive/HiveStoragePluginConfig.java
---
@@ -66,4 +68,40 @@ public boolean equals(Object o) {
return true;
}
+
+ @Override
+ public boolean enableSecurity() {
+ return compareAndUpdateSecurityConfig("true");
+ }
+
+ @Override
+ public boolean disableSecurity() {
+ return compareAndUpdateSecurityConfig("false");
+ }
+
+ /**
+ * Compare the newValue with current value of security setting for Hive
Plugin
+ *
+ * @param newValue - new value for security setting.
+ * @return true - if modified
+ * false - if not modified
+ */
+ public boolean compareAndUpdateSecurityConfig(String newValue) {
--- End diff --
The `compare` part is an implementation detail. Maybe just call it
`updateSecurity()`.
Then, passing in strings seems strange. Maybe pass in a boolean. Then, in
this method, do `Boolean.toString()` to get the string value.
Finally, why even bother to check fi the value exists? Why not just put the
new value and return it (since it will be a boolean)?
> Enable security for Drill HiveStoragePlugin based on a config parameter
> -----------------------------------------------------------------------
>
> Key: DRILL-5664
> URL: https://issues.apache.org/jira/browse/DRILL-5664
> Project: Apache Drill
> Issue Type: Improvement
> Affects Versions: 1.11.0
> Reporter: Sorabh Hamirwasia
> Assignee: Sorabh Hamirwasia
>
> For enabling security on DrillClient to Drillbit and Drillbit to Drillbit
> channel we have a configuration. But this doesn't ensure that Storage Plugin
> channel is also configured with security turned on. For example: When
> security is enabled on Drill side then HiveStoragePlugin which Drill uses
> doesn't open secure channel to HiveMetastore by default unless someone
> manually change the HiveStoragePluginConfig.
> With this JIRA we are introducing a new config option
> _security.storage_plugin.enabled: false_ based on which Drill can update the
> StoragePlugin config's to enable/disable security. When this config is set to
> true/false then for now Drill will update the HiveStoragePlugin config to set
> the value of _hive.metastore.sasl.enabled_ as true/false. So that when Drill
> connects to Metastore it does so in secured way. But if an user tries to
> update the config later which is opposite of what the Drill config says then
> we will log a warning before updating.
> Later the same login can be extended for all the other storage plugin's as
> well to do respective setting change based on the configuration on Drill side.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
