[
https://issues.apache.org/jira/browse/DRILL-5664?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16083291#comment-16083291
]
ASF GitHub Bot commented on DRILL-5664:
---------------------------------------
Github user paul-rogers commented on a diff in the pull request:
https://github.com/apache/drill/pull/870#discussion_r126840055
--- Diff: exec/java-exec/src/main/resources/drill-module.conf ---
@@ -155,6 +155,10 @@ drill.exec: {
enabled: false,
max_chained_user_hops: 3
},
+
+ // Setting to control security for storage_plugins. For now this is only
for Hive
--- End diff --
Better:
```
security: {
user.auth.enabled: false,
storage_plugin_enabled: false
}
```
That way, it will be clear that the two properties go together. Move your
comment inside the brackets.
Now, it is a hassle that some previous properties used dots as word
separators: they are actually group separators...
Then, if users must set this option, please add this property as an example
in `drill-override-example.conf`. Provide a user-understandable instruction for
what to do. Also, please mark this JIRA as doc-impacting if it is not already.
> Enable security for Drill HiveStoragePlugin based on a config parameter
> -----------------------------------------------------------------------
>
> Key: DRILL-5664
> URL: https://issues.apache.org/jira/browse/DRILL-5664
> Project: Apache Drill
> Issue Type: Improvement
> Affects Versions: 1.11.0
> Reporter: Sorabh Hamirwasia
> Assignee: Sorabh Hamirwasia
>
> For enabling security on DrillClient to Drillbit and Drillbit to Drillbit
> channel we have a configuration. But this doesn't ensure that Storage Plugin
> channel is also configured with security turned on. For example: When
> security is enabled on Drill side then HiveStoragePlugin which Drill uses
> doesn't open secure channel to HiveMetastore by default unless someone
> manually change the HiveStoragePluginConfig.
> With this JIRA we are introducing a new config option
> _security.storage_plugin.enabled: false_ based on which Drill can update the
> StoragePlugin config's to enable/disable security. When this config is set to
> true/false then for now Drill will update the HiveStoragePlugin config to set
> the value of _hive.metastore.sasl.enabled_ as true/false. So that when Drill
> connects to Metastore it does so in secured way. But if an user tries to
> update the config later which is opposite of what the Drill config says then
> we will log a warning before updating.
> Later the same login can be extended for all the other storage plugin's as
> well to do respective setting change based on the configuration on Drill side.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
