dsmiley commented on code in PR #4320:
URL: https://github.com/apache/solr/pull/4320#discussion_r3258885475
##########
solr/solrj-streaming/src/java/org/apache/solr/client/solrj/io/SolrClientCache.java:
##########
@@ -67,15 +65,19 @@ public void setBasicAuthCredentials(String
basicAuthCredentials) {
this.basicAuthCredentials = basicAuthCredentials;
}
- public void setDefaultZKHost(String zkHost) {
- if (zkHost != null) {
- zkHost = zkHost.split("/")[0];
- if (!zkHost.isEmpty()) {
- defaultZkHost.set(zkHost);
- } else {
- defaultZkHost.set(null);
- }
- }
+ /**
+ * Controls whether ZooKeeper ACL credentials may be propagated to ZooKeeper
hosts used by {@link
+ * CloudSolrClient} instances created by this cache.
+ *
+ * <p>This option is disabled by default for security reasons. Enabling it
may expose ZooKeeper
+ * credentials to external or untrusted ZooKeeper ensembles if arbitrary
cluster connections are
+ * allowed.
+ *
+ * @param useZookeeperACL whether ZooKeeper ACL credentials should be used
by clients created from
+ * this cache
+ */
+ public void setUseZookeeperACL(boolean useZookeeperACL) {
+ this.useZookeeperACL = useZookeeperACL;
}
Review Comment:
Just to clarify the idea that I shared with you & Houston: Use the
*existing* CloudSolrClient on ZkController to put into InternalSolrClientCache.
Then no need for any reverence to ZK ACLs in SCC/ISCC (or even ZK generally)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
