laminelam commented on code in PR #826: URL: https://github.com/apache/solr/pull/826#discussion_r868310160
########## solr/modules/aws-secret-provider/README.md: ########## @@ -0,0 +1,80 @@ +Apache Solr - AWS Secret Provider +=========================== + +An implementation of `SecretCredentialsProvider` that pulls Zookeeper credentials from an AWS Secret Manager. + +This plugin uses the [default AWS credentials provider chain](https://docs.aws.amazon.com/sdk-for-java/v2/developer-guide/credentials.html), so ensure that your credentials are set appropriately (e.g., via env var, or in `~/.aws/credentials`, etc.). + +## Usage + +- To enable this feature copy the jar files in `modules/aws-secret-provider/lib` to `SOLR_INSTALL/server/solr-webapp/webapp/WEB-INF/lib/` and add follow the below steps before restarting Solr. Review Comment: Actually, it’s not only about solr.xml, _ZKController_ also needs to create a zkClient, and the call is made in SolrZKClient (_solrj_) which doesn’t have access to _solr core_ class loaders. Lot (all?) of communications with ZK are made through _solrj_. You were right earlier when you were saying that _SecretCredentialInjector_ is using the default classLoader. That means loading the modules doesn't change anything as long as you’re still using the default classLoader… So a class loader in _solrj_ is needed. Either we pass it from _solr core_ to _solrj_ through solrZkClient constructors (ugly) and by doing so we are creating a dependency between solrj and solr core, which I think goes against the philosophy of _solrj_. Or we create a custom _solrJ_ class loader completely independent from _core_. This is what I did with _ModuleClassLoader_ On the other hand, I would rather ask the admin to copy few jars to some dir before starting than having them manage solr.xml with needs some expertise, not to mention the need to maintain it from different places, instead of having it in one place (zookeeper)… I see only 2 options left: 1- Copy the jars to _solr-webapp/webapp/WEB-INF/lib/_ 2- Use custom class loader (which maybe useful for future features related to solrj including custom credential injectors). I pushed a new commit with a solution based on a custom classLoader. PS: Possible bug in the new feature to pass modules through SOLR_MODULES environment variable. It's not working, only _-Dsolr.modules=listOfModules option works. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
