[
https://issues.apache.org/jira/browse/SOLR-7576?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14660560#comment-14660560
]
Noble Paul commented on SOLR-7576:
----------------------------------
bq.For sure, offer the more secure, enterprise friendly version, but is there a
valid reason not to support the method we are already using e.g. for update
processors?
So you suggest that the way we are doing it today is good and we should follow
the same path. Can you just list the steps involved for doing development
process for the same ? if I'm doing iterative development of JS how do I do it
bq.I dislike the idea that we are going to split ourselves in half - JS for an
update processor can just be edited in place, or can be pushed to ZK via zkcli
I would like to give a big -1 for any feature which requires direct access to
ZK. In all our security feaatures we assume that ZK writes are protected. So
anyone who has access to ZK can compromise security .If it is already there we
should slowly remove it. This JS RequestHandler can actually make a
scriptupdateprocessor redundant
> Implement RequestHandler in Javascript
> --------------------------------------
>
> Key: SOLR-7576
> URL: https://issues.apache.org/jira/browse/SOLR-7576
> Project: Solr
> Issue Type: New Feature
> Reporter: Noble Paul
> Attachments: SOLR-7576.patch, SOLR-7576.patch
>
>
> Solr now support dynamic loading (SOLR-7073) of components and it is secured
> in SOLR-7126
> We can extend the same functionality with JS as well
> the handler {{/js}} is implicitly registered
> To make this work
> * Solr should be started with {{-Denable.js.loading=true}}
> * The javascript must be loaded to the {{.system}} collection using the blob
> store API
> * Sign the javascript and pass the signature in a param called {{_sig}}
> The {{JSRequestHandler}} is implicitly defined and it can be accessed by
> hitting {{/js/<jsname>/<version>}}
> Steps for developing scripts
> # start the cluster with the {{enable.js.loading}} . If you are starting
> using our script it would be {{bin/solr start -e cloud -a
> "-Denable.js.loading=true"}} . You would not need security during development
> , so don't add the private keys to Solr
> # create {{.system}} collection {{bin/solr create -c .system}}
> # Write your javascript code . (say {{test.js}} )
> # post it to {{.system}} collection . {{curl -X POST -H 'Content-Type:
> application/octet-stream' --data-binary @test.js
> http://localhost:8983/solr/.system/blob/test}}
> # run your script {{http://host:8983/solr/gettingstarted/js/test/1}}
> # Edit your script and repeat from step #4 . Keep in mind that the version
> would be bumped up every time you post a new script . So, the second time the
> url would be {{http://host:8983/solr/gettingstarted/js/test/2}} . So on and
> so forth
> sample programs
> 1) writes a val to output
> {code:javascript}
> //empty line
> $.response().add('testkey','Test Val');
> {code}
> 2) manipulate the output to add an extra field to each doc
> {code}
> //empty line
> var l = [];
> $.query({
> q: '*:*',
> qt: '/select',
> start:0,
> }).forEach('response', function(doc) {
> doc.put('script', 'Added this
> value');
> l.push(doc);
> });
> $.response().add('alldocs', l);
> {code}
> 3) stream through all the docs
> {code:Javascript}
> //empty line
> $.query({
> q: '*:*',
> qt: '/select',
> start:0,
> distrib:'false'
> }).pipe('response', 'docs', function(doc) { // the pipe function is
> executed right before the response writer and right after the transformers
> if('IT'== doc.get('genre_s')) return
> null;
> doc.put('script', 'Added this
> value');
> return doc;
> });
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
