[jira] [Commented] (SOLR-15548) Make it easier for to configure/use interconnected ZkACLProvider and ZkCredentialsProvider

Fri, 16 Jul 2021 09:54:11 -0700 


    [ 
https://issues.apache.org/jira/browse/SOLR-15548?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17382200#comment-17382200
 ] 

Chris M. Hostetter commented on SOLR-15548:
-------------------------------------------

FWIW: The {{ZkACLProvider}} API additions (and tweaks to {{ZkController}} ) 
could potentially be more sophisticated, so that  the configured 
{{ZkACLProvider}} could "complain" if the configured {{ZkCredentialsProvider}} 
was incompatible, something like...
{code:java}
String zkCredentialsProviderClass = cloudConfig.getZkCredentialsProviderClass();
if (zkCredentialsProviderClass != null && 
zkCredentialsProviderClass.trim().length() > 0) {
  ZkCredentialsProvider tmp = 
cc.getResourceLoader().newInstance(zkCredentialsProviderClass, 
ZkCredentialsProvider.class);
  // this method could throw an erexception (or log warning) if the credentials 
weren't viable for the ACLs
  // default impl in 'interface ZkACLProvider' would be No-Op...
  this.zkACLProvider.validateZkCredentialsProvider(tmp);
  strat.setZkCredentialsToAddAutomatically(tmp);
} else {
  ZkCredentialsProvider tmp = 
this.zkACLProvider.getDefaultZkCredentialsProvider();
  if (null == tmp) {
    tmp = new DefaultZkCredentialsProvider();
    this.zkACLProvider.validateZkCredentialsProvider(tmp);
  }
  strat.setZkCredentialsToAddAutomatically(tmp);
}
{code}

> Make it easier for to configure/use interconnected ZkACLProvider and 
> ZkCredentialsProvider
> ------------------------------------------------------------------------------------------
>
>                 Key: SOLR-15548
>                 URL: https://issues.apache.org/jira/browse/SOLR-15548
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public) 
>            Reporter: Chris M. Hostetter
>            Priority: Major
>
> I've been learning more about how Solr's {{ZkCredentialsProvider}} and 
> {{ZkACLProvider}} APIs work and are configured in {{solr.xml}}...
> It seems really weird to me that these must be configured completely 
> independently of each other, even though – IIUC – the use of a (non-default) 
> {{ZkACLProvider}} almost certainly means you also want to use a (non-default) 
> {{ZkCredentialsProvider}}
> I think we should make it possible for people to write custom 
> {{ZkACLProvider}} impls that can automatically override the default 
> {{ZkCredentialsProvider}} w/o extra configuration, and change 
> {{VMParamsAllAndReadonlyDigestZkACLProvider}} to automatically specify 
> {{VMParamsSingleSetCredentialsDigestZkCredentialsProvider}} as a default 
> since they are designed to work together.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to