[ https://issues.apache.org/jira/browse/SOLR-8415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15069844#comment-15069844 ]
Mike Drob commented on SOLR-8415: --------------------------------- bq. Let's say you wanted to switch from secure setup old: (old acls, old credentials) to secure setup new (new acls, new credentials). You can call resetacls with (old acls + new acls, old credentials). Then call reset acls with (new acls, new credentials). That requires an intermediate step, but it isn't unsecure I continued working on this and the main "problem" is that {{VMParamsAllAndReadonlyDigestZkACLProvider}} and {{VMParamsSingleSetCredentialsDigestZkCredentialsProvider}} use the same VM properties for the ACLs and Credentials. Normally, this is nice and makes things simpler, but when migrating and you want them to be different then that doesn't help us much. Since those are the only two out of the box Providers, the unsecure route is the only option when using the command line only. It's pretty straightforward to do this with access to writing some java classes, but at that point I'm not sure who our audience is. > Provide command to switch between non/secure mode in ZK > ------------------------------------------------------- > > Key: SOLR-8415 > URL: https://issues.apache.org/jira/browse/SOLR-8415 > Project: Solr > Issue Type: Improvement > Components: security, SolrCloud > Reporter: Mike Drob > Assignee: Gregory Chanan > Fix For: Trunk > > Attachments: SOLR-8415.patch, SOLR-8415.patch > > > We have the ability to run both with and without zk acls, but we don't have a > great way to switch between the two modes. Most common use case, I imagine, > would be upgrading from an old version that did not support this to a new > version that does, and wanting to protect all of the existing content in ZK, > but it is conceivable that a user might want to remove ACLs as well. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org