[
https://issues.apache.org/jira/browse/DRILL-5664?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16215964#comment-16215964
]
ASF GitHub Bot commented on DRILL-5664:
---------------------------------------
Github user sohami closed the pull request at:
https://github.com/apache/drill/pull/870
> Enable security for Drill HiveStoragePlugin based on a config parameter
> -----------------------------------------------------------------------
>
> Key: DRILL-5664
> URL: https://issues.apache.org/jira/browse/DRILL-5664
> Project: Apache Drill
> Issue Type: Improvement
> Affects Versions: 1.11.0
> Reporter: Sorabh Hamirwasia
> Assignee: Sorabh Hamirwasia
>
> For enabling security on DrillClient to Drillbit and Drillbit to Drillbit
> channel we have a configuration. But this doesn't ensure that Storage Plugin
> channel is also configured with security turned on. For example: When
> security is enabled on Drill side then HiveStoragePlugin which Drill uses
> doesn't open secure channel to HiveMetastore by default unless someone
> manually change the HiveStoragePluginConfig.
> With this JIRA we are introducing a new config option
> _security.storage_plugin.enabled: false_ based on which Drill can update the
> StoragePlugin config's to enable/disable security. When this config is set to
> true/false then for now Drill will update the HiveStoragePlugin config to set
> the value of _hive.metastore.sasl.enabled_ as true/false. So that when Drill
> connects to Metastore it does so in secured way. But if an user tries to
> update the config later which is opposite of what the Drill config says then
> we will log a warning before updating.
> Later the same login can be extended for all the other storage plugin's as
> well to do respective setting change based on the configuration on Drill side.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
