laminelam commented on PR #1994:
URL: https://github.com/apache/solr/pull/1994#issuecomment-2035996505
> Are we sure this fits as a Solr module? Since this is client-side solrj
code, it could be in e.g. `solrj-aws-secret` instead?
Actually, this is a server side code.
When Solr starts, it reads ZK creds from a local (clear) text file and uses
them to connect to ZK.
With this contribution, Solr would get the ZK creds from an AWS Secret
Manager, and then proceed to connect to ZK.
Now, from SolrJ side we have 3 options:
- Use the existing mechanism. Get the ZK creds and set them in System Props
using the standard way
- The client can connect to AWS SM to get the creds before passing them to
System Props.
- This module can be used to connect directly to AWS SM and inject the creds
into SolrJ. Though, the libs have to
be added to class path.
```
System.setProperty("zkACLProvider",
"org.apache.solr.common.cloud.DigestZkACLProvider");
System.setProperty("zkCredentialsProvider",
"org.apache.solr.common.cloud.DigestZkCredentialsProvider");
System.setProperty("zkCredentialsInjector",
"org.apache.solr.secret.zk.AWSSecretManagerCredentialsInjector");
System.setProperty("zkCredentialsAWSSecretName", "myZkSecret");
System.setProperty("zkCredentialsAWSRegion", "us-east-1");
CloudSolrClient client = new CloudHttp2SolrClient.Builder(zkHosts)...
```
Somewhere down the line SolrZkClient [will
instantiate](https://github.com/apache/solr/blob/main/solr/solrj-zookeeper/src/java/org/apache/solr/common/cloud/SolrZkClient.java#L307)
an _AWSSecretManagerCredentialsInjector_
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
