[jira] [Commented] (DRILL-5664) Enable security for Drill HiveStoragePlugin based on a config parameter

Tue, 11 Jul 2017 20:10:21 -0700 

    [ 
https://issues.apache.org/jira/browse/DRILL-5664?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16083344#comment-16083344
 ] 

ASF GitHub Bot commented on DRILL-5664:
---------------------------------------

Github user ppadma commented on a diff in the pull request:

    https://github.com/apache/drill/pull/870#discussion_r126854772
  
    --- Diff: 
exec/java-exec/src/main/java/org/apache/drill/exec/store/StoragePluginRegistryImpl.java
 ---
    @@ -260,6 +289,10 @@ public StoragePlugin createOrUpdate(String name, 
StoragePluginConfig config, boo
     
           if (done) {
             if (persist) {
    +          if (!config.isValidSecurityConfig(secureStoragePlugin)) {
    +            logger.warn("Security setting for {} plugin is not recommended 
one. It should be set to: {}",
    --- End diff --
    
    This will cause confusion if we let the user update the storage plugin 
config ignoring the drill security config. I agree with Paul this can be messy, 
with things getting out of sync. We should discuss about this.


> Enable security for Drill HiveStoragePlugin based on a config parameter
> -----------------------------------------------------------------------
>
>                 Key: DRILL-5664
>                 URL: https://issues.apache.org/jira/browse/DRILL-5664
>             Project: Apache Drill
>          Issue Type: Improvement
>    Affects Versions: 1.11.0
>            Reporter: Sorabh Hamirwasia
>            Assignee: Sorabh Hamirwasia
>
> For enabling security on DrillClient to Drillbit and Drillbit to Drillbit 
> channel we have a configuration. But this doesn't ensure that Storage Plugin 
> channel is also configured with security turned on. For example: When 
> security is enabled on Drill side then HiveStoragePlugin which Drill uses 
> doesn't open secure channel to HiveMetastore by default unless someone 
> manually change the HiveStoragePluginConfig. 
> With this JIRA we are introducing a new config option 
> _security.storage_plugin.enabled: false_ based on which Drill can update the 
> StoragePlugin config's to enable/disable security. When this config is set to 
> true/false then for now Drill will update the HiveStoragePlugin config to set 
> the value of _hive.metastore.sasl.enabled_ as true/false. So that when Drill 
> connects to Metastore it does so in secured way. But if an user tries to 
> update the config later which is opposite of what the Drill config says then 
> we will log a warning before updating. 
> Later the same login can be extended for all the other storage plugin's as 
> well to do respective setting change based on the configuration on Drill side.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to