David Smiley created SOLR-14915:
-----------------------------------
Summary: Prometheus-exporter should not depend on Solr-core
Key: SOLR-14915
URL: https://issues.apache.org/jira/browse/SOLR-14915
Project: Solr
Issue Type: Improvement
Security Level: Public (Default Security Level. Issues are Public)
Components: contrib - prometheus-exporter
Reporter: David Smiley
Assignee: David Smiley
I think it's *crazy* that our Prometheus exporter depends on Solr-core -- this
thing is a _client_ of Solr; it does not live within Solr. The exporter ought
to be fairly lean. One consequence of this dependency is that, for example,
security vulnerabilities reported against Solr (e.g. Jetty) can (and do, where
I work) wind up being reported against this module even though Prometheus isn't
using Jetty.
>From my evaluation today of what's going on, it appears the crux of the
>problem is that the prometheus exporter uses some utility mechanisms in
>Solr-core like XmlConfig (which depends on SolrResourceLoader and the rabbit
>hole goes deeper...) and DOMUtils (further depends on PropertiesUtil). It can
>easy be made to not use XmlConfig. DOMUtils & PropertiesUtil could move to
>SolrJ which already has lots of little dependency-free utilities needed by
>SolrJ and Solr-core alike.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
