chatman commented on a change in pull request #1078: SOLR-14071: Untrusted
configsets shouldn't be allowed to use <lib>
URL: https://github.com/apache/lucene-solr/pull/1078#discussion_r357018557
##########
File path: solr/core/src/test/org/apache/solr/cloud/TestConfigSetsAPI.java
##########
@@ -369,13 +370,55 @@ public void testUploadWithScriptUpdateProcessor() throws
Exception {
}
+ @Test
+ public void testUploadWithLibDirective() throws Exception {
+ // Authorization off
+ unprotectConfigsHandler();
+ final String untrustedSuffix = "-untrusted";
+ uploadConfigSetWithAssertions("with-lib-directive", untrustedSuffix, null,
null);
+ // try to create a collection with the uploaded configset
+ Throwable thrown = expectThrows(HttpSolrClient.RemoteSolrException.class,
() -> {
+ createCollection("newcollection3", "with-lib-directive" +
untrustedSuffix,
+ 1, 1, solrCluster.getSolrClient());
+ });
+
+ assertThat(thrown.getMessage(), containsString("Underlying core creation
failed"));
+
+ // Authorization on
+ final String trustedSuffix = "-trusted";
+ protectConfigsHandler();
+ uploadConfigSetWithAssertions("with-lib-directive", trustedSuffix, "solr",
"SolrRocks");
+ // try to create a collection with the uploaded configset
+ CollectionAdminResponse resp = createCollection("newcollection3",
"with-lib-directive" + trustedSuffix,
+ 1, 1, solrCluster.getSolrClient());
+
+ SolrInputDocument doc = sdoc("id", "4055", "subject", "Solr");
+ solrCluster.getSolrClient().add("newcollection3", doc);
+ solrCluster.getSolrClient().commit("newcollection3");
+ assertEquals("4055", solrCluster.getSolrClient().query("newcollection3",
+ params("q", "*:*")).getResults().get(0).get("id"));
+ }
+
protected SolrZkClient zkClient() {
ZkStateReader reader = solrCluster.getSolrClient().getZkStateReader();
if (reader == null)
solrCluster.getSolrClient().connect();
return solrCluster.getSolrClient().getZkStateReader().getZkClient();
}
+ private void unprotectConfigsHandler() throws Exception {
+ HttpClient cl = null;
+ try {
+ cl = HttpClientUtil.createClient(null);
+ zkClient().setData("/security.json", "{}".getBytes(UTF_8), true);
+ } finally {
+ if (cl != null) {
+ HttpClientUtil.close(cl);
+ }
+ }
+ Thread.sleep(5000); // TODO: Without a delay, the test fails. Some problem
with Authc/Authz framework?
Review comment:
Yeah, that is so irritating indeed. I remember we put that sleep of 5s in
for the authentication to kick in. I'll reduce the sleep to 1s and see if it
works or not. Please don't mind the potential noise on Jenkins due to this, if
it fails.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
