You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@drill.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2017/07/07 01:27:00 UTC

[jira] [Commented] (DRILL-5664) Enable security for Drill HiveStoragePlugin based on a config parameter

    [ https://issues.apache.org/jira/browse/DRILL-5664?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16077452#comment-16077452 ] 

ASF GitHub Bot commented on DRILL-5664:
---------------------------------------

GitHub user sohami opened a pull request:

    https://github.com/apache/drill/pull/870

    DRILL-5664: Enable security for Drill HiveStoragePlugin based on a co…

    …nfig parameter
    
             Change to enable/disable HiveStoragePlugin security configuration based on Drill's "security.storage_plugin.enabled" configuration. This will help to open secure channel between Drill's HiveClient and HiveMetastore

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/sohami/drill DRILL-5664

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/drill/pull/870.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #870
    
----
commit 52618f7d319b9b9314a25e3bad872453be19d04d
Author: Sorabh Hamirwasia <sh...@maprtech.com>
Date:   2017-06-21T01:26:06Z

    DRILL-5664: Enable security for Drill HiveStoragePlugin based on a config parameter
             Change to enable/disable HiveStoragePlugin security configuration based on Drill's "security.storage_plugin.enabled" configuration. This will help to open secure channel between Drill's HiveClient and HiveMetastore

----


> Enable security for Drill HiveStoragePlugin based on a config parameter
> -----------------------------------------------------------------------
>
>                 Key: DRILL-5664
>                 URL: https://issues.apache.org/jira/browse/DRILL-5664
>             Project: Apache Drill
>          Issue Type: Improvement
>    Affects Versions: 1.11.0
>            Reporter: Sorabh Hamirwasia
>            Assignee: Sorabh Hamirwasia
>
> For enabling security on DrillClient to Drillbit and Drillbit to Drillbit channel we have a configuration. But this doesn't ensure that Storage Plugin channel is also configured with security turned on. For example: When security is enabled on Drill side then HiveStoragePlugin which Drill uses doesn't open secure channel to HiveMetastore by default unless someone manually change the HiveStoragePluginConfig. 
> With this JIRA we are introducing a new config option 
> _security.storage_plugin.enabled: false_ based on which Drill can update the StoragePlugin config's to enable/disable security. When this config is set to true/false then for now Drill will update the HiveStoragePlugin config to set the value of _hive.metastore.sasl.enabled_ as true/false. So that when Drill connects to Metastore it does so in secured way. But if an user tries to update the config later which is opposite of what the Drill config says then we will log a warning before updating. 
> Later the same login can be extended for all the other storage plugin's as well to do respective setting change based on the configuration on Drill side.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)