[
https://issues.apache.org/jira/browse/KNOX-844?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15804860#comment-15804860
]
Josh Elser commented on KNOX-844:
---------------------------------
bq. I believed it was making calls solely over HTTP, and thus applications
which required to go over an ODBC driver for Phoenix would still need support
added to Knox
I don't understand what you mean by this. Let me try to state how things work
and maybe that will correct your confusion.
PQS defines an RPC protocol using HTTP as the transport. PQS has multiple
client implementations, one of which includes an ODBC driver. All of these
clients use HTTP as the transport and implement the protocol in their
respective language's bindings. The Knox Gateway acts as a Gateway for *all*
traffic, not just some of the traffic (concretely, what's the point of only
encrypting some of the traffic if other parts of the traffic are in plaintext?).
In short, the three arrows you have coming out of the ODBC box can be collapsed
into one single arrow that goes into the Knox box. The ODBC driver should never
be talking directly to PQS if you want to use the authentication and privacy
features of the Knox Gateway.
While I haven't tested it myself, I have no reason to believe that what is
currently in Knox wouldn't work for your setup.
> Add support for Apache Phoenix via Knox
> ---------------------------------------
>
> Key: KNOX-844
> URL: https://issues.apache.org/jira/browse/KNOX-844
> Project: Apache Knox
> Issue Type: Improvement
> Components: Server
> Affects Versions: 0.11.0
> Reporter: John McParland
> Assignee: John McParland
> Attachments: Knox_Phoenix.png
>
>
> We would like to access data stored in Hadoop (especially HBase) using
> traditional tools which rely on ODBC connections and SQL.
> Phoenix provides the SQL interface to HBase, and Hortonworks have an [ODSC
> Connector for
> Phoenix|http://hortonworks.com/hadoop-tutorial/bi-apache-phoenix-odbc/]
> However this is unsecured - in so far as accessing from outside of the
> perimeter of the Big Data Platform.
> This ticket should address that by allowing the ODBC connection to Phoenix to
> be proxied through Knox, to enforce perimeter level security.
> h4. Acceptance Criteria
> - Connections to Phoenix via Knox are only allowed with valid credentials, as
> enforced by Knox
> - Connections to Phoenix via Knox are NOT allowed if Knox finds invalid
> credentials.
> - Connection to Phoenix via Knox can are made via an ODBC connector
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
