[
https://issues.apache.org/jira/browse/DRILL-5664?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16083292#comment-16083292
]
ASF GitHub Bot commented on DRILL-5664:
---------------------------------------
Github user paul-rogers commented on a diff in the pull request:
https://github.com/apache/drill/pull/870#discussion_r126839078
--- Diff:
contrib/storage-hive/core/src/main/java/org/apache/drill/exec/store/hive/HiveStoragePluginConfig.java
---
@@ -33,6 +33,8 @@
public static final String NAME = "hive";
+ public static final String HIVE_SECURITY_CONFIG =
"hive.metastore.sasl.enabled";
--- End diff --
Fine to define this config option here. But, since this is Hive, and Hive
has its own `drill-module.conf` file, please provide a default option value in
that file. (The config system will throw an exception if the requested option
is undefined.)
Then, if you expect users to change this, please provide an example and
description in `drill-override-example.conf`.
> Enable security for Drill HiveStoragePlugin based on a config parameter
> -----------------------------------------------------------------------
>
> Key: DRILL-5664
> URL: https://issues.apache.org/jira/browse/DRILL-5664
> Project: Apache Drill
> Issue Type: Improvement
> Affects Versions: 1.11.0
> Reporter: Sorabh Hamirwasia
> Assignee: Sorabh Hamirwasia
>
> For enabling security on DrillClient to Drillbit and Drillbit to Drillbit
> channel we have a configuration. But this doesn't ensure that Storage Plugin
> channel is also configured with security turned on. For example: When
> security is enabled on Drill side then HiveStoragePlugin which Drill uses
> doesn't open secure channel to HiveMetastore by default unless someone
> manually change the HiveStoragePluginConfig.
> With this JIRA we are introducing a new config option
> _security.storage_plugin.enabled: false_ based on which Drill can update the
> StoragePlugin config's to enable/disable security. When this config is set to
> true/false then for now Drill will update the HiveStoragePlugin config to set
> the value of _hive.metastore.sasl.enabled_ as true/false. So that when Drill
> connects to Metastore it does so in secured way. But if an user tries to
> update the config later which is opposite of what the Drill config says then
> we will log a warning before updating.
> Later the same login can be extended for all the other storage plugin's as
> well to do respective setting change based on the configuration on Drill side.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
