[jira] [Commented] (SOLR-8415) Provide command to switch between non/secure mode in ZK

Wed, 23 Dec 2015 08:39:12 -0800 

    [ 
https://issues.apache.org/jira/browse/SOLR-8415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15069844#comment-15069844
 ] 

Mike Drob commented on SOLR-8415:
---------------------------------

bq. Let's say you wanted to switch from secure setup old: (old acls, old 
credentials) to secure setup new (new acls, new credentials). You can call 
resetacls with (old acls + new acls, old credentials). Then call reset acls 
with (new acls, new credentials). That requires an intermediate step, but it 
isn't unsecure

I continued working on this and the main "problem" is that 
{{VMParamsAllAndReadonlyDigestZkACLProvider}} and 
{{VMParamsSingleSetCredentialsDigestZkCredentialsProvider}} use the same VM 
properties for the ACLs and Credentials. Normally, this is nice and makes 
things simpler, but when migrating and you want them to be different then that 
doesn't help us much. Since those are the only two out of the box Providers, 
the unsecure route is the only option when using the command line only.

It's pretty straightforward to do this with access to writing some java 
classes, but at that point I'm not sure who our audience is.

> Provide command to switch between non/secure mode in ZK
> -------------------------------------------------------
>
>                 Key: SOLR-8415
>                 URL: https://issues.apache.org/jira/browse/SOLR-8415
>             Project: Solr
>          Issue Type: Improvement
>          Components: security, SolrCloud
>            Reporter: Mike Drob
>            Assignee: Gregory Chanan
>             Fix For: Trunk
>
>         Attachments: SOLR-8415.patch, SOLR-8415.patch
>
>
> We have the ability to run both with and without zk acls, but we don't have a 
> great way to switch between the two modes. Most common use case, I imagine, 
> would be upgrading from an old version that did not support this to a new 
> version that does, and wanting to protect all of the existing content in ZK, 
> but it is conceivable that a user might want to remove ACLs as well.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

Reply via email to