[ https://issues.apache.org/jira/browse/SOLR-15548?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17382195#comment-17382195 ]
Chris M. Hostetter commented on SOLR-15548: ------------------------------------------- psuedo code straw man for what i had in mind ... {code} // // // // add to 'interface ZkACLProvider' ... /** * An optional ZkCredentialsProvider to use if there is no explicitly configured ZkCredentialsProvider for this cluster * May return null, in which case implicit default choices will be made, independent of this ZkACLProvider */ default ZkCredentialsProvider getDefaultZkCredentialsProvider() { return null; } {code} {code} // // // // add to VMParamsAllAndReadonlyDigestZkACLProvider ... public ZkCredentialsProvider getDefaultZkCredentialsProvider() { // Either this, or add a new ZkCredentialsProvider where we just tell it the user & pass to use // explicitly in constructor, instead of expecting it to re-read the same properties... return new VMParamsSingleSetCredentialsDigestZkCredentialsProvider(this.zkDigestAllUsernameVMParamName, this.zkDigestAllPasswordVMParamName) } {code} {code} // // // // change ZkController's ZkCredentialsProvider init logic to look like this... String zkCredentialsProviderClass = cloudConfig.getZkCredentialsProviderClass(); if (zkCredentialsProviderClass != null && zkCredentialsProviderClass.trim().length() > 0) { strat.setZkCredentialsToAddAutomatically(cc.getResourceLoader().newInstance(zkCredentialsProviderClass, ZkCredentialsProvider.class)); } else { // new logic here.... ZkCredentialsProvider tmp = this.zkACLProvider.getDefaultZkCredentialsProvider(); if (null == tmp) tmp = new DefaultZkCredentialsProvider() strat.setZkCredentialsToAddAutomatically(tmp); } {code} > Make it easier for to configure/use interconnected ZkACLProvider and > ZkCredentialsProvider > ------------------------------------------------------------------------------------------ > > Key: SOLR-15548 > URL: https://issues.apache.org/jira/browse/SOLR-15548 > Project: Solr > Issue Type: Improvement > Security Level: Public(Default Security Level. Issues are Public) > Reporter: Chris M. Hostetter > Priority: Major > > I've been learning more about how Solr's {{ZkCredentialsProvider}} and > {{ZkACLProvider}} APIs work and are configured in {{solr.xml}}... > It seems really weird to me that these must be configured completely > independently of each other, even though – IIUC – the use of a (non-default) > {{ZkACLProvider}} almost certainly means you also want to use a (non-default) > {{ZkCredentialsProvider}} > I think we should make it possible for people to write custom > {{ZkACLProvider}} impls that can automatically override the default > {{ZkCredentialsProvider}} w/o extra configuration, and change > {{VMParamsAllAndReadonlyDigestZkACLProvider}} to automatically specify > {{VMParamsSingleSetCredentialsDigestZkCredentialsProvider}} as a default > since they are designed to work together. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org