[
https://issues.apache.org/jira/browse/SOLR-7576?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14660392#comment-14660392
]
Noble Paul commented on SOLR-7576:
----------------------------------
bq.We've had JS, we've had XSLT, etc, in our config directory for a long time.
What is different about this new approach that it demands a more secure
approach in all situations
We don't give an HTTP API to upload any executable (XSLT/JS). You need direct
access to ZK. Solr is moving deeper and deeper into the enterprise and security
cannot be an afterthought. So, if there are security hole sin our system, we
should close them instead of opening new ones.
bq. I know that a lot of normal users will find the .system and the HTTP post
part hard to understand
I miss that point. Users do not need to know anything about {{.system}}
collection or anything. They should just blindly run a curl command to upload a
new version of their JS. That is just one step. The problem starts when you
start explaining the innards of the system. You should just say
"If you want to upload a new version of your JS, this is the command". {{curl
-X POST -H 'Content-Type: application/octet-stream' --data-binary @test.js
http://localhost:8983/solr/.system/blob/test}}
It does not matter to the user whether the JS is going to live in the cloud, ZK
, filesystem or whatever, it just works. Solr is managing it for them
BTW I'm not saying this is the best design possible. Please suggest a simpler
way to submit code to SolrCloud and we can adopt that
> Implement RequestHandler in Javascript
> --------------------------------------
>
> Key: SOLR-7576
> URL: https://issues.apache.org/jira/browse/SOLR-7576
> Project: Solr
> Issue Type: New Feature
> Reporter: Noble Paul
> Attachments: SOLR-7576.patch, SOLR-7576.patch
>
>
> Solr now support dynamic loading (SOLR-7073) of components and it is secured
> in SOLR-7126
> We can extend the same functionality with JS as well
> the handler {{/js}} is implicitly registered
> To make this work
> * Solr should be started with {{-Denable.js.loading=true}}
> * The javascript must be loaded to the {{.system}} collection using the blob
> store API
> * Sign the javascript and pass the signature in a param called {{_sig}}
> The {{JSRequestHandler}} is implicitly defined and it can be accessed by
> hitting {{/js/<jsname>/<version>}}
> Steps for developing scripts
> # start the cluster with the {{enable.js.loading}} . If you are starting
> using our script it would be {{bin/solr start -e cloud -a
> "-Denable.js.loading=true"}} . You would not need security during development
> , so don't add the private keys to Solr
> # create {{.system}} collection {{bin/solr create -c .system}}
> # Write your javascript code . (say {{test.js}} )
> # post it to {{.system}} collection . {{curl -X POST -H 'Content-Type:
> application/octet-stream' --data-binary @test.js
> http://localhost:8983/solr/.system/blob/test}}
> # run your script {{http://host:8983/solr/gettingstarted/js/test/1}}
> # Edit your script and repeat from step #4 . Keep in mind that the version
> would be bumped up every time you post a new script . So, the second time the
> url would be {{http://host:8983/solr/gettingstarted/js/test/2}} . So on and
> so forth
> sample programs
> 1) writes a val to output
> {code:javascript}
> //empty line
> $.response().add('testkey','Test Val');
> {code}
> 2) manipulate the output to add an extra field to each doc
> {code}
> //empty line
> var l = [];
> $.query({
> q: '*:*',
> qt: '/select',
> start:0,
> }).forEach('response', function(doc) {
> doc.put('script', 'Added this
> value');
> l.push(doc);
> });
> $.response().add('alldocs', l);
> {code}
> 3) stream through all the docs
> {code:Javascript}
> //empty line
> $.query({
> q: '*:*',
> qt: '/select',
> start:0,
> distrib:'false'
> }).pipe('response', 'docs', function(doc) { // the pipe function is
> executed right before the response writer and right after the transformers
> if('IT'== doc.get('genre_s')) return
> null;
> doc.put('script', 'Added this
> value');
> return doc;
> });
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
