[ https://issues.apache.org/jira/browse/SOLR-15548?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17382200#comment-17382200 ]
Chris M. Hostetter commented on SOLR-15548: ------------------------------------------- FWIW: The {{ZkACLProvider}} API additions (and tweaks to {{ZkController}} ) could potentially be more sophisticated, so that the configured {{ZkACLProvider}} could "complain" if the configured {{ZkCredentialsProvider}} was incompatible, something like... {code:java} String zkCredentialsProviderClass = cloudConfig.getZkCredentialsProviderClass(); if (zkCredentialsProviderClass != null && zkCredentialsProviderClass.trim().length() > 0) { ZkCredentialsProvider tmp = cc.getResourceLoader().newInstance(zkCredentialsProviderClass, ZkCredentialsProvider.class); // this method could throw an erexception (or log warning) if the credentials weren't viable for the ACLs // default impl in 'interface ZkACLProvider' would be No-Op... this.zkACLProvider.validateZkCredentialsProvider(tmp); strat.setZkCredentialsToAddAutomatically(tmp); } else { ZkCredentialsProvider tmp = this.zkACLProvider.getDefaultZkCredentialsProvider(); if (null == tmp) { tmp = new DefaultZkCredentialsProvider(); this.zkACLProvider.validateZkCredentialsProvider(tmp); } strat.setZkCredentialsToAddAutomatically(tmp); } {code} > Make it easier for to configure/use interconnected ZkACLProvider and > ZkCredentialsProvider > ------------------------------------------------------------------------------------------ > > Key: SOLR-15548 > URL: https://issues.apache.org/jira/browse/SOLR-15548 > Project: Solr > Issue Type: Improvement > Security Level: Public(Default Security Level. Issues are Public) > Reporter: Chris M. Hostetter > Priority: Major > > I've been learning more about how Solr's {{ZkCredentialsProvider}} and > {{ZkACLProvider}} APIs work and are configured in {{solr.xml}}... > It seems really weird to me that these must be configured completely > independently of each other, even though – IIUC – the use of a (non-default) > {{ZkACLProvider}} almost certainly means you also want to use a (non-default) > {{ZkCredentialsProvider}} > I think we should make it possible for people to write custom > {{ZkACLProvider}} impls that can automatically override the default > {{ZkCredentialsProvider}} w/o extra configuration, and change > {{VMParamsAllAndReadonlyDigestZkACLProvider}} to automatically specify > {{VMParamsSingleSetCredentialsDigestZkCredentialsProvider}} as a default > since they are designed to work together. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org