You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@drill.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2022/05/11 16:54:00 UTC
[jira] [Commented] (DRILL-8223) Refactor auth modes dropping DRILL_PROCESS and allowing credential providers everywhere
[ https://issues.apache.org/jira/browse/DRILL-8223?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17535014#comment-17535014 ]
ASF GitHub Bot commented on DRILL-8223:
---------------------------------------
jnturton opened a new pull request, #2547:
URL: https://github.com/apache/drill/pull/2547
# [DRILL-8223](https://issues.apache.org/jira/browse/DRILL-8223): Refactor auth modes dropping DRILL_PROCESS and allowing credential providers everywhere
## Description
Remove the abstract CredentialedStoragePluginConfig (formerly AbstractSecuredStoragePluginConfig) class and promote the credential provider members to the parent StoragePluginConfig. Since having a credential provider provider is optional, there is no harm in giving the capability to every plugin's config.
Drop the DRILL_PROCESS auth mode since this case is adequately covered by using SHARED_USER with no credentials specified.
Bug fix. In storage-jdbc and when there are no JDBC credentials for the query user, only forgo an attempt to connect if the auth mode is USER_TRANSLATION. If it is SHARED_USER, proceed with an attempt to connect (examples of this case are unsecured DBs and BigQuery which requires OAuth tokens in the JDBC URL instead of a JDBC username and password).
## Documentation
New auth mode documentation once the feature has stabilised.
## Testing
TODO
> Refactor auth modes dropping DRILL_PROCESS and allowing credential providers everywhere
> ---------------------------------------------------------------------------------------
>
> Key: DRILL-8223
> URL: https://issues.apache.org/jira/browse/DRILL-8223
> Project: Apache Drill
> Issue Type: Improvement
> Components: Security
> Affects Versions: 2.0.0
> Reporter: James Turton
> Assignee: James Turton
> Priority: Major
> Fix For: 2.0.0
>
>
> Remove the abstract CredentialedStoragePluginConfig (formerly AbstractSecuredStoragePluginConfig) class and promote the credential provider members to the parent StoragePluginConfig. Since having a credential provider provider is optional, there is no harm in giving the capability to every plugin's config.
> Drop the DRILL_PROCESS auth mode since this case is adequately covered by using SHARED_USER with no credentials specified.
> Bug fix. In storage-jdbc and when there are no JDBC credentials for the query user, only forgo an attempt to connect if the auth mode is USER_TRANSLATION. If it is SHARED_USER, proceed with an attempt to connect (examples of this case are unsecured DBs and BigQuery which requires OAuth tokens in the JDBC URL instead of a JDBC username and password).
--
This message was sent by Atlassian Jira
(v8.20.7#820007)