[
https://issues.apache.org/jira/browse/DRILL-8232?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17542635#comment-17542635
]
ASF GitHub Bot commented on DRILL-8232:
---------------------------------------
cgivre commented on code in PR #2558:
URL: https://github.com/apache/drill/pull/2558#discussion_r882962178
##########
docs/dev/PluginCredentialsProvider.md:
##########
@@ -118,7 +121,7 @@ Once it is set, we can configure storage plugin to use this
way of obtaining cre
}
```
-`secretPath` property specifies the Vault key value from which to read
+`secretPath` property specifies the Vault key value from which to read. If the
plugin's `authMode` is set to `user_translation` then the `secretPath` may
include a variable named `$user` which will be replaced with the Drill query
username at query execution time.
Review Comment:
NIT/Question: If `user_translation` mode is enabled, isn't it a requirement
that the `secretPath` contain `$user`?
> Add support for user credentials to VaultCredentialsProvider
> ------------------------------------------------------------
>
> Key: DRILL-8232
> URL: https://issues.apache.org/jira/browse/DRILL-8232
> Project: Apache Drill
> Issue Type: Improvement
> Components: Security
> Reporter: James Turton
> Assignee: James Turton
> Priority: Minor
> Fix For: 2.0.0
>
>
> The VaultCredentialsProvider can join the PlainCredentialsProvider in
> supporting user credentials, credentials that stored for each each Drill
> query user, by constructing a Vault secret path dynamically based on the name
> of the query user.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
