[jira] [Commented] (DRILL-8223) Refactor auth modes dropping DRILL_PROCESS and allowing credential providers everywhere

Thu, 12 May 2022 23:20:07 -0700 


    [ 
https://issues.apache.org/jira/browse/DRILL-8223?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17536447#comment-17536447
 ] 

ASF GitHub Bot commented on DRILL-8223:
---------------------------------------

vvysotskyi commented on code in PR #2547:
URL: https://github.com/apache/drill/pull/2547#discussion_r872035895


##########
exec/java-exec/src/main/java/org/apache/drill/exec/server/rest/StorageResources.java:
##########
@@ -276,24 +280,24 @@ public Response updateAccessToken(@PathParam("name") 
String name, OAuthTokenCont
   public Response updateOAuthTokens(@PathParam("name") String name,
                                     OAuthTokenContainer tokenContainer) {
     try {
-      if (storage.getPlugin(name).getConfig() instanceof 
CredentialedStoragePluginConfig) {
-        DrillbitContext context = ((AbstractStoragePlugin) 
storage.getPlugin(name)).getContext();
-        OAuthTokenProvider tokenProvider = context.getoAuthTokenProvider();
-        PersistentTokenTable tokenTable = 
tokenProvider.getOauthTokenRegistry().getTokenTable(name);
-
-        // Set the access and refresh token
-        tokenTable.setAccessToken(tokenContainer.getAccessToken());
-        tokenTable.setRefreshToken(tokenContainer.getRefreshToken());
-
-        return Response.status(Status.OK)
-          .entity("Access tokens have been updated.")
-          .build();
-      } else {
+      StoragePluginConfig config = storage.getPlugin(name).getConfig();
+      if (config.getValue("type") != "http") {

Review Comment:
   But looks like error message below should be fixed





> Refactor auth modes dropping DRILL_PROCESS and allowing credential providers 
> everywhere
> ---------------------------------------------------------------------------------------
>
>                 Key: DRILL-8223
>                 URL: https://issues.apache.org/jira/browse/DRILL-8223
>             Project: Apache Drill
>          Issue Type: Improvement
>          Components: Security
>    Affects Versions: 2.0.0
>            Reporter: James Turton
>            Assignee: James Turton
>            Priority: Major
>             Fix For: 2.0.0
>
>
> Remove the abstract CredentialedStoragePluginConfig (formerly 
> AbstractSecuredStoragePluginConfig) class and promote the credential provider 
> members to the parent StoragePluginConfig. Since having a credential provider 
> provider is optional, there is no harm in giving the capability to every 
> plugin's config.
> Drop the DRILL_PROCESS auth mode since this case is adequately covered by 
> using SHARED_USER with no credentials specified.
> Bug fix. In storage-jdbc and when there are no JDBC credentials for the query 
> user, only forgo an attempt to connect if the auth mode is USER_TRANSLATION. 
> If it is SHARED_USER, proceed with an attempt to connect (examples of this 
> case are unsecured DBs and BigQuery which requires OAuth tokens in the JDBC 
> URL instead of a JDBC username and password).



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

Reply via email to