laminelam commented on code in PR #826: URL: https://github.com/apache/solr/pull/826#discussion_r868401603
########## solr/modules/aws-secret-provider/README.md: ########## @@ -0,0 +1,80 @@ +Apache Solr - AWS Secret Provider +=========================== + +An implementation of `SecretCredentialsProvider` that pulls Zookeeper credentials from an AWS Secret Manager. + +This plugin uses the [default AWS credentials provider chain](https://docs.aws.amazon.com/sdk-for-java/v2/developer-guide/credentials.html), so ensure that your credentials are set appropriately (e.g., via env var, or in `~/.aws/credentials`, etc.). + +## Usage + +- To enable this feature copy the jar files in `modules/aws-secret-provider/lib` to `SOLR_INSTALL/server/solr-webapp/webapp/WEB-INF/lib/` and add follow the below steps before restarting Solr. Review Comment: > True enough - but that default classloader usage is conditional - SolrZkClient only uses it when [the connection-strategy object doesn't already have a ZkCredentialsProvider](https://github.com/apache/solr/blob/main/solr/solrj/src/java/org/apache/solr/common/cloud/SolrZkClient.java#L155). AFAICT from reading the code and some manual tests, the default classloader block will never run on the Solr server because Solr [always sets a ZkCredentialsProvider](https://github.com/apache/solr/blob/main/solr/core/src/java/org/apache/solr/cloud/ZkController.java#L340) in ZkController. > You're right about about _ZKController_ but if you search for the usage of _SolrZkClient_ you will see there are lot of places where it's called without a connection strategy, in which case it creates the creds locally using the default classLoader. Let me test that branch. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
