[jira] [Commented] (SOLR-10869) Make StatelessScriptUpdateProcessorFactory as Runtime URP; take params(s) with request
[ https://issues.apache.org/jira/browse/SOLR-10869?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16047359#comment-16047359 ] David Smiley commented on SOLR-10869: - Please check that we don't introduce new attack vectors. i.e. "script.file" should only resolve to an existing script in conf/... +1 to remove the "stateless" from the name! I've hated that needless verbosity. > Make StatelessScriptUpdateProcessorFactory as Runtime URP; take params(s) > with request > -- > > Key: SOLR-10869 > URL: https://issues.apache.org/jira/browse/SOLR-10869 > Project: Solr > Issue Type: Improvement > Security Level: Public(Default Security Level. Issues are Public) > Components: update >Reporter: Amrit Sarkar >Priority: Minor > > We are trying to get rid of processor definitions in SolrConfig for all URPs > and take parameters in the request itself. > StatelessScriptUpdateProcessorFactory will be able to execute by sample curl > like below: > {code} > curl -X POST -H Content-Type: application/json > http://localhost:8983/solr/test/update/json/docs?processor=StatelessScript&script.file=1.js&script.file=2.js&script.file=3.js&script.params=keyA:valueA&script.params=keyB:valueB&script.params=keyC:valueC&script.engine= > rhino&commit=true --data-binary { "id" : "1" , "title_s" : "title_random" } > {code} > All the param(s) for this URP available can be passed as request handler > param(s). The scripts will be executed in the order the parameters are > received. > Configuration for StatelessScriptUpdateProcessorFactory in solrconfig.xml is > optional. Backcompat is intact. -- This message was sent by Atlassian JIRA (v6.4.14#64029) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-10869) Make StatelessScriptUpdateProcessorFactory as Runtime URP; take params(s) with request
[ https://issues.apache.org/jira/browse/SOLR-10869?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16045921#comment-16045921 ] Amrit Sarkar commented on SOLR-10869: - Thanks [~erikhatcher] {quote} I think the parameter prefix is best as "script" rather than "statelessscript". "script.script" is funny though, so maybe it should be "script.file"? {quote} Fair. "script.file", "script.engine" and "script.params" seems neat. I will go forward with this for now. > Make StatelessScriptUpdateProcessorFactory as Runtime URP; take params(s) > with request > -- > > Key: SOLR-10869 > URL: https://issues.apache.org/jira/browse/SOLR-10869 > Project: Solr > Issue Type: Improvement > Security Level: Public(Default Security Level. Issues are Public) > Components: update >Reporter: Amrit Sarkar >Priority: Minor > > We are trying to get rid of processor definitions in SolrConfig for all URPs > and take parameters in the request itself. > StatelessScriptUpdateProcessorFactory will be able to execute by sample curl > like below: > {code} > curl -X POST -H Content-Type: application/json > http://localhost:8983/solr/test/update/json/docs?processor=StatelessScript&script.file=1.js&script.file=2.js&script.file=3.js&script.params=keyA:valueA&script.params=keyB:valueB&script.params=keyC:valueC&script.engine= > rhino&commit=true --data-binary { "id" : "1" , "title_s" : "title_random" } > {code} > All the param(s) for this URP available can be passed as request handler > param(s). The scripts will be executed in the order the parameters are > received. > Configuration for StatelessScriptUpdateProcessorFactory in solrconfig.xml is > optional. Backcompat is intact. -- This message was sent by Atlassian JIRA (v6.3.15#6346) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-10869) Make StatelessScriptUpdateProcessorFactory as Runtime URP; take params(s) with request
[ https://issues.apache.org/jira/browse/SOLR-10869?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16045905#comment-16045905 ] Erik Hatcher commented on SOLR-10869: - bq. So the initEngines(...) is called at inform(...) to validate the scripts at startup of core and there's no other motive to it? Looks like it, yeah. I think the parameter prefix is best as "script" rather than "statelessscript". "script.script" is funny though, so maybe it should be "script.file"? > Make StatelessScriptUpdateProcessorFactory as Runtime URP; take params(s) > with request > -- > > Key: SOLR-10869 > URL: https://issues.apache.org/jira/browse/SOLR-10869 > Project: Solr > Issue Type: Improvement > Security Level: Public(Default Security Level. Issues are Public) > Components: update >Reporter: Amrit Sarkar >Priority: Minor > > We are trying to get rid of processor definitions in SolrConfig for all URPs > and take parameters in the request itself. > StatelessScriptUpdateProcessorFactory will be able to execute by sample curl > like below: > {code} > curl -X POST -H Content-Type: application/json > http://localhost:8983/solr/test/update/json/docs?processor=StatelessScript&statelessscript.script=1.js&statelessscript.script=2.js&statelessscript.script=3.js&statelessscript.params=keyA:valueA&statelessscript.params=keyB:valueB&statelessscript.params=keyC:valueC&commit=true > --data-binary { "id" : "1" , "title_s" : "title_random" } > {code} > All the param(s) for this URP available can be passed as request handler > param(s). The scripts will be executed in the order the parameters are > received. > Configuration for StatelessScriptUpdateProcessorFactory in solrconfig.xml is > optional. Backcompat is intact. -- This message was sent by Atlassian JIRA (v6.3.15#6346) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-10869) Make StatelessScriptUpdateProcessorFactory as Runtime URP; take params(s) with request
[ https://issues.apache.org/jira/browse/SOLR-10869?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16045879#comment-16045879 ] Amrit Sarkar commented on SOLR-10869: - I have a question on the implementation of this: There are two instances where we are initialising the script engines *initEngines(...)*; 1. In the inform(...) via SolrCoreAware (plugin), which will be executed right after factory.init() with empty request and response => {code} SolrQueryResponse rsp = new SolrQueryResponse(); SolrQueryRequest req = new LocalSolrQueryRequest(core, new ModifiableSolrParams()); try { initEngines(req, rsp); } catch (Exception e) { String msg = "Unable to initialize scripts: " + e.getMessage(); log.error(msg, e); throw new SolrException(SolrException.ErrorCode.SERVER_ERROR, msg, e); } finally { req.close(); } {code} 2. and then with request and response in getInstance() again => {code} @Override public UpdateRequestProcessor getInstance(SolrQueryRequest req, SolrQueryResponse rsp, UpdateRequestProcessor next) { List scriptEngines = null; scriptEngines = initEngines(req, rsp); return new ScriptUpdateProcessor(req, rsp, scriptEngines, next); } {code} initEngines(...) have => {code} try { Reader scriptSrc = scriptFile.openReader(resourceLoader); try { engine.eval(scriptSrc); } catch (ScriptException e) { throw new SolrException(SolrException.ErrorCode.SERVER_ERROR, "Unable to evaluate script: " + scriptFile.getFileName(), e); } finally { IOUtils.closeQuietly(scriptSrc); } } {code} So the initEngines(...) is called at inform(...) to validate the scripts at startup of core and there's no other motive to it? > Make StatelessScriptUpdateProcessorFactory as Runtime URP; take params(s) > with request > -- > > Key: SOLR-10869 > URL: https://issues.apache.org/jira/browse/SOLR-10869 > Project: Solr > Issue Type: Improvement > Security Level: Public(Default Security Level. Issues are Public) > Components: update >Reporter: Amrit Sarkar >Priority: Minor > > We are trying to get rid of processor definitions in SolrConfig for all URPs > and take parameters in the request itself. > StatelessScriptUpdateProcessorFactory will be able to execute by sample curl > like below: > {code} > curl -X POST -H Content-Type: application/json > http://localhost:8983/solr/test/update/json/docs?processor=StatelessScript&statelessscript.script=1.js&statelessscript.script=2.js&statelessscript.script=3.js&statelessscript.params=keyA:valueA&statelessscript.params=keyB:valueB&statelessscript.params=keyC:valueC&commit=true > --data-binary { "id" : "1" , "title_s" : "title_random" } > {code} > All the param(s) for this URP available can be passed as request handler > param(s). The scripts will be executed in the order the parameters are > received. > Configuration for StatelessScriptUpdateProcessorFactory in solrconfig.xml is > optional. Backcompat is intact. -- This message was sent by Atlassian JIRA (v6.3.15#6346) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org