[
https://issues.apache.org/jira/browse/SOLR-8440?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16007297#comment-16007297
]
Ishan Chattopadhyaya edited comment on SOLR-8440 at 5/11/17 10:22 PM:
----------------------------------------------------------------------
bq. The new sub command auth is not advertised in help
Fixed
bq. Running solr auth -enable without starting Solr throws a stack trace
instead of printing usage.
Done, printed a message to the effect that Solr should've been started in cloud
mode or zkHost should've been provided.
bq. If you move the getZkHost(cli) check to after the credentials check, then
it's a bit better.
Done
bq. it should be -Dbasicauth= without uppercase "A".
Fixed
bq. Method updateIncludeFileEnableAuth takes username, password as args but
they are never used
Fixed.
bq. Wrong code indent in SolrCLI#3629-3671
Fixed.
bq. Guess we have to move the SOLR_HOME resolution lines higher up in the script
I found that using $SOLR_PID_DIR was much simpler than the $SOLR_HOME (which
more or less point to the same location). On Windows, used $SOLR_TIP/bin.
bq. Are you confident that this feature will have good enough quality to go in
6.6?
This is a new feature. So long as it doesn't trip up any existing parts of
Solr, and it works for the cases we've tested manually, I am confident to have
it in 6.6. Any bugs, if they escape attention, can be fixed later. Not putting
it in 6x would delay the actual adoption by users, who are more likely, in the
short term, to upgrade to 6.6 than 7.0.
bq. I would expect it to be possible to cover most of the SolrCLI functionality
in with unit tests.
Actually, I found it quite difficult to test the changes I've introduced to
SolrCLI without writing some fundamental support to test external systems here.
For example, I would've liked to test if the correct security.json is being
uploaded to ZK or not. But without significant effort in building such
scaffolding in our test framework, I couldn't see a way to test for that. Did I
miss something obvious? Can you point me to any existing tests which I can
derive any clues from? I didn't find the tests for the Examples very useful.
For this patch, I have tested manually on Linux, and still testing on Windows.
was (Author: ichattopadhyaya):
bq. The new sub command auth is not advertised in help
Fixed
bq. Running solr auth -enable without starting Solr throws a stack trace
instead of printing usage.
Done, brought up the usage
bq. If you move the getZkHost(cli) check to after the credentials check, then
it's a bit better.
Done
bq. it should be -Dbasicauth= without uppercase "A".
Fixed
bq. Method updateIncludeFileEnableAuth takes username, password as args but
they are never used
Fixed.
bq. Wrong code indent in SolrCLI#3629-3671
Fixed.
bq. Guess we have to move the SOLR_HOME resolution lines higher up in the script
I found that using $SOLR_PID_DIR was much simpler than the $SOLR_HOME (which
more or less point to the same location). On Windows, used $SOLR_TIP/bin.
bq. Are you confident that this feature will have good enough quality to go in
6.6?
This is a new feature. So long as it doesn't trip up any existing parts of
Solr, and it works for the cases we've tested manually, I am confident to have
it in 6.6. Any bugs, if they escape attention, can be fixed later. Not putting
it in 6x would delay the actual adoption by users, who are more likely, in the
short term, to upgrade to 6.6 than 7.0.
bq. I would expect it to be possible to cover most of the SolrCLI functionality
in with unit tests.
Actually, I found it quite difficult to test the changes I've introduced to
SolrCLI without writing some fundamental support to test external systems here.
For example, I would've liked to test if the correct security.json is being
uploaded to ZK or not. But without significant effort in building such
scaffolding in our test framework, I couldn't see a way to test for that. Did I
miss something obvious? Can you point me to any existing tests which I can
derive any clues from? I didn't find the tests for the Examples very useful.
For this patch, I have tested manually on Linux, and still testing on Windows.
> Script support for enabling basic auth
> --------------------------------------
>
> Key: SOLR-8440
> URL: https://issues.apache.org/jira/browse/SOLR-8440
> Project: Solr
> Issue Type: New Feature
> Components: scripts and tools
> Reporter: Jan Høydahl
> Assignee: Ishan Chattopadhyaya
> Labels: authentication, security
> Fix For: 6.6, master (7.0)
>
> Attachments: SOLR-8440-follow-up.patch, SOLR-8440.patch,
> SOLR-8440.patch, SOLR-8440.patch, SOLR-8440.patch, SOLR-8440.patch,
> SOLR-8440.patch, SOLR-8440.patch, SOLR-8440.patch
>
>
> Now that BasicAuthPlugin will be able to work without an AuthorizationPlugin
> (SOLR-8429), it would be sweet to provide a super simple way to "Password
> protect Solr"™ right from the command line:
> {noformat}
> bin/solr basicAuth -adduser -user solr -pass SolrRocks
> {noformat}
> It would take the mystery out of enabling one single password across the
> board. The command would do something like this
> # Check if HTTPS is enabled, and if not, print a friendly warning
> # Check if {{/security.json}} already exists
> ## NO => create one with only plugin class defined
> ## YES => Abort if exists but plugin is not {{BasicAuthPlugin}}
> # Using security REST API, add the new user
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
