You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@drill.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2022/05/11 16:54:00 UTC

[jira] [Commented] (DRILL-8223) Refactor auth modes dropping DRILL_PROCESS and allowing credential providers everywhere

    [ https://issues.apache.org/jira/browse/DRILL-8223?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17535014#comment-17535014 ] 

ASF GitHub Bot commented on DRILL-8223:
---------------------------------------

jnturton opened a new pull request, #2547:
URL: https://github.com/apache/drill/pull/2547

   # [DRILL-8223](https://issues.apache.org/jira/browse/DRILL-8223): Refactor auth modes dropping DRILL_PROCESS and allowing credential providers everywhere
   
   ## Description
   
   Remove the abstract CredentialedStoragePluginConfig (formerly AbstractSecuredStoragePluginConfig) class and promote the credential provider members to the parent StoragePluginConfig. Since having a credential provider provider is optional, there is no harm in giving the capability to every plugin's config.
   
   Drop the DRILL_PROCESS auth mode since this case is adequately covered by using SHARED_USER with no credentials specified.
   
   Bug fix. In storage-jdbc and when there are no JDBC credentials for the query user, only forgo an attempt to connect if the auth mode is USER_TRANSLATION. If it is SHARED_USER, proceed with an attempt to connect (examples of this case are unsecured DBs and BigQuery which requires OAuth tokens in the JDBC URL instead of a JDBC username and password).
   
   ## Documentation
   New auth mode documentation once the feature has stabilised.
   
   ## Testing
   TODO
   




> Refactor auth modes dropping DRILL_PROCESS and allowing credential providers everywhere
> ---------------------------------------------------------------------------------------
>
>                 Key: DRILL-8223
>                 URL: https://issues.apache.org/jira/browse/DRILL-8223
>             Project: Apache Drill
>          Issue Type: Improvement
>          Components: Security
>    Affects Versions: 2.0.0
>            Reporter: James Turton
>            Assignee: James Turton
>            Priority: Major
>             Fix For: 2.0.0
>
>
> Remove the abstract CredentialedStoragePluginConfig (formerly AbstractSecuredStoragePluginConfig) class and promote the credential provider members to the parent StoragePluginConfig. Since having a credential provider provider is optional, there is no harm in giving the capability to every plugin's config.
> Drop the DRILL_PROCESS auth mode since this case is adequately covered by using SHARED_USER with no credentials specified.
> Bug fix. In storage-jdbc and when there are no JDBC credentials for the query user, only forgo an attempt to connect if the auth mode is USER_TRANSLATION. If it is SHARED_USER, proceed with an attempt to connect (examples of this case are unsecured DBs and BigQuery which requires OAuth tokens in the JDBC URL instead of a JDBC username and password).



--
This message was sent by Atlassian Jira
(v8.20.7#820007)