[
https://issues.apache.org/jira/browse/DRILL-8232?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17542640#comment-17542640
]
ASF GitHub Bot commented on DRILL-8232:
---------------------------------------
jnturton commented on code in PR #2558:
URL: https://github.com/apache/drill/pull/2558#discussion_r882972296
##########
docs/dev/PluginCredentialsProvider.md:
##########
@@ -118,7 +121,7 @@ Once it is set, we can configure storage plugin to use this
way of obtaining cre
}
```
-`secretPath` property specifies the Vault key value from which to read
+`secretPath` property specifies the Vault key value from which to read. If the
plugin's `authMode` is set to `user_translation` then the `secretPath` may
include a variable named `$user` which will be replaced with the Drill query
username at query execution time.
Review Comment:
@cgivre it's still optional and you could deliberately omit it as a trick to
make user_translation translate to a single shared set of creds. To me me it
seemed okay to allow that...
> Add support for user credentials to VaultCredentialsProvider
> ------------------------------------------------------------
>
> Key: DRILL-8232
> URL: https://issues.apache.org/jira/browse/DRILL-8232
> Project: Apache Drill
> Issue Type: Improvement
> Components: Security
> Reporter: James Turton
> Assignee: James Turton
> Priority: Minor
> Fix For: 2.0.0
>
>
> The VaultCredentialsProvider can join the PlainCredentialsProvider in
> supporting user credentials, credentials that stored for each each Drill
> query user, by constructing a Vault secret path dynamically based on the name
> of the query user.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
