[jira] [Commented] (SOLR-15548) Make it easier for to configure/use interconnected ZkACLProvider and ZkCredentialsProvider

Fri, 16 Jul 2021 09:39:33 -0700 


    [ 
https://issues.apache.org/jira/browse/SOLR-15548?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17382195#comment-17382195
 ] 

Chris M. Hostetter commented on SOLR-15548:
-------------------------------------------

psuedo code straw man for what i had in mind ...

{code}
// // // // add to 'interface ZkACLProvider' ...

/**
 * An optional ZkCredentialsProvider to use if there is no explicitly 
configured ZkCredentialsProvider for this cluster
 * May return null, in which case implicit default choices will be made, 
independent of this ZkACLProvider
 */
default ZkCredentialsProvider getDefaultZkCredentialsProvider() { return null; }
{code}

{code}
// // // // add to VMParamsAllAndReadonlyDigestZkACLProvider ...

public ZkCredentialsProvider getDefaultZkCredentialsProvider() {
  // Either this, or add a new ZkCredentialsProvider where we just tell it the 
user & pass to use
  // explicitly in constructor, instead of expecting it to re-read the same 
properties...
  return new 
VMParamsSingleSetCredentialsDigestZkCredentialsProvider(this.zkDigestAllUsernameVMParamName,
                                                                     
this.zkDigestAllPasswordVMParamName)
}
{code}

{code}
// // // // change ZkController's ZkCredentialsProvider init logic to look like 
this...

String zkCredentialsProviderClass = cloudConfig.getZkCredentialsProviderClass();
if (zkCredentialsProviderClass != null && 
zkCredentialsProviderClass.trim().length() > 0) {
  
strat.setZkCredentialsToAddAutomatically(cc.getResourceLoader().newInstance(zkCredentialsProviderClass,
 ZkCredentialsProvider.class));
} else {
  // new logic here....
  ZkCredentialsProvider tmp = 
this.zkACLProvider.getDefaultZkCredentialsProvider();
  if (null == tmp) tmp = new DefaultZkCredentialsProvider()

  strat.setZkCredentialsToAddAutomatically(tmp);
}
{code}


> Make it easier for to configure/use interconnected ZkACLProvider and 
> ZkCredentialsProvider
> ------------------------------------------------------------------------------------------
>
>                 Key: SOLR-15548
>                 URL: https://issues.apache.org/jira/browse/SOLR-15548
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public) 
>            Reporter: Chris M. Hostetter
>            Priority: Major
>
> I've been learning more about how Solr's {{ZkCredentialsProvider}} and 
> {{ZkACLProvider}} APIs work and are configured in {{solr.xml}}...
> It seems really weird to me that these must be configured completely 
> independently of each other, even though – IIUC – the use of a (non-default) 
> {{ZkACLProvider}} almost certainly means you also want to use a (non-default) 
> {{ZkCredentialsProvider}}
> I think we should make it possible for people to write custom 
> {{ZkACLProvider}} impls that can automatically override the default 
> {{ZkCredentialsProvider}} w/o extra configuration, and change 
> {{VMParamsAllAndReadonlyDigestZkACLProvider}} to automatically specify 
> {{VMParamsSingleSetCredentialsDigestZkCredentialsProvider}} as a default 
> since they are designed to work together.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org

Reply via email to