[jira] [Commented] (DRILL-8223) Refactor auth modes dropping DRILL_PROCESS and allowing credential providers everywhere

Wed, 11 May 2022 09:54:04 -0700 


    [ 
https://issues.apache.org/jira/browse/DRILL-8223?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17535014#comment-17535014
 ] 

ASF GitHub Bot commented on DRILL-8223:
---------------------------------------

jnturton opened a new pull request, #2547:
URL: https://github.com/apache/drill/pull/2547

   # [DRILL-8223](https://issues.apache.org/jira/browse/DRILL-8223): Refactor 
auth modes dropping DRILL_PROCESS and allowing credential providers everywhere
   
   ## Description
   
   Remove the abstract CredentialedStoragePluginConfig (formerly 
AbstractSecuredStoragePluginConfig) class and promote the credential provider 
members to the parent StoragePluginConfig. Since having a credential provider 
provider is optional, there is no harm in giving the capability to every 
plugin's config.
   
   Drop the DRILL_PROCESS auth mode since this case is adequately covered by 
using SHARED_USER with no credentials specified.
   
   Bug fix. In storage-jdbc and when there are no JDBC credentials for the 
query user, only forgo an attempt to connect if the auth mode is 
USER_TRANSLATION. If it is SHARED_USER, proceed with an attempt to connect 
(examples of this case are unsecured DBs and BigQuery which requires OAuth 
tokens in the JDBC URL instead of a JDBC username and password).
   
   ## Documentation
   New auth mode documentation once the feature has stabilised.
   
   ## Testing
   TODO
   




> Refactor auth modes dropping DRILL_PROCESS and allowing credential providers 
> everywhere
> ---------------------------------------------------------------------------------------
>
>                 Key: DRILL-8223
>                 URL: https://issues.apache.org/jira/browse/DRILL-8223
>             Project: Apache Drill
>          Issue Type: Improvement
>          Components: Security
>    Affects Versions: 2.0.0
>            Reporter: James Turton
>            Assignee: James Turton
>            Priority: Major
>             Fix For: 2.0.0
>
>
> Remove the abstract CredentialedStoragePluginConfig (formerly 
> AbstractSecuredStoragePluginConfig) class and promote the credential provider 
> members to the parent StoragePluginConfig. Since having a credential provider 
> provider is optional, there is no harm in giving the capability to every 
> plugin's config.
> Drop the DRILL_PROCESS auth mode since this case is adequately covered by 
> using SHARED_USER with no credentials specified.
> Bug fix. In storage-jdbc and when there are no JDBC credentials for the query 
> user, only forgo an attempt to connect if the auth mode is USER_TRANSLATION. 
> If it is SHARED_USER, proceed with an attempt to connect (examples of this 
> case are unsecured DBs and BigQuery which requires OAuth tokens in the JDBC 
> URL instead of a JDBC username and password).



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

Reply via email to