[ https://issues.apache.org/jira/browse/SOLR-11623?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17446667#comment-17446667 ]
Chris M. Hostetter commented on SOLR-11623: ------------------------------------------- This seems to related to a lot of constantly failing tests (both in jenkins and locally for me) ... {noformat} > Task :solr:core:test FAILEDERROR: The following test(s) have failed: - org.apache.solr.common.cloud.TestCloudCollectionsListeners.testCollectionDeletion (:solr:solrj) Test output: /home/hossman/lucene/solr/solr/solrj/build/test-results/test/outputs/OUTPUT-org.apache.solr.common.cloud.TestCloudCollectionsListeners.txt Reproduce with: gradlew :solr:solrj:test --tests "org.apache.solr.common.cloud.TestCloudCollectionsListeners.testCollectionDeletion" -Ptests.jvms=5 -Ptests.jvmargs=-XX:TieredStopAtLevel=1 -Ptests.seed=7AACF1A83CDAD4CD -Ptests.file.encoding=UTF-8 - org.apache.solr.security.BaseTestRuleBasedAuthorizationPlugin.testBasicPermissions (:solr:core) Test output: /home/hossman/lucene/solr/solr/core/build/test-results/test/outputs/OUTPUT-org.apache.solr.security.BaseTestRuleBasedAuthorizationPlugin.txt Reproduce with: gradlew :solr:core:test --tests "org.apache.solr.security.BaseTestRuleBasedAuthorizationPlugin.testBasicPermissions" -Ptests.jvms=5 -Ptests.jvmargs=-XX:TieredStopAtLevel=1 -Ptests.seed=7AACF1A83CDAD4CD -Ptests.file.encoding=UTF-8 - org.apache.solr.security.BaseTestRuleBasedAuthorizationPlugin.testAllPermissionAllowsActionsWhenUserHasCorrectRole (:solr:core) Test output: /home/hossman/lucene/solr/solr/core/build/test-results/test/outputs/OUTPUT-org.apache.solr.security.BaseTestRuleBasedAuthorizationPlugin.txt Reproduce with: gradlew :solr:core:test --tests "org.apache.solr.security.BaseTestRuleBasedAuthorizationPlugin.testAllPermissionAllowsActionsWhenUserHasCorrectRole" -Ptests.jvms=5 -Ptests.jvmargs=-XX:TieredStopAtLevel=1 -Ptests.seed=7AACF1A83CDAD4CD -Ptests.file.encoding=UTF-8 - org.apache.solr.security.BaseTestRuleBasedAuthorizationPlugin.testAllPermissionDeniesActionsWhenUserIsNotCorrectRole (:solr:core) Test output: /home/hossman/lucene/solr/solr/core/build/test-results/test/outputs/OUTPUT-org.apache.solr.security.BaseTestRuleBasedAuthorizationPlugin.txt Reproduce with: gradlew :solr:core:test --tests "org.apache.solr.security.BaseTestRuleBasedAuthorizationPlugin.testAllPermissionDeniesActionsWhenUserIsNotCorrectRole" -Ptests.jvms=5 -Ptests.jvmargs=-XX:TieredStopAtLevel=1 -Ptests.seed=7AACF1A83CDAD4CD -Ptests.file.encoding=UTF-8 - org.apache.solr.security.BaseTestRuleBasedAuthorizationPlugin.testAllPermissionAllowsActionsWhenAssociatedRoleIsWildcard (:solr:core) Test output: /home/hossman/lucene/solr/solr/core/build/test-results/test/outputs/OUTPUT-org.apache.solr.security.BaseTestRuleBasedAuthorizationPlugin.txt Reproduce with: gradlew :solr:core:test --tests "org.apache.solr.security.BaseTestRuleBasedAuthorizationPlugin.testAllPermissionAllowsActionsWhenAssociatedRoleIsWildcard" -Ptests.jvms=5 -Ptests.jvmargs=-XX:TieredStopAtLevel=1 -Ptests.seed=7AACF1A83CDAD4CD -Ptests.file.encoding=UTF-8 - org.apache.solr.security.TestExternalRoleRuleBasedAuthorizationPlugin.testBasicPermissions (:solr:core) Test output: /home/hossman/lucene/solr/solr/core/build/test-results/test/outputs/OUTPUT-org.apache.solr.security.TestExternalRoleRuleBasedAuthorizationPlugin.txt Reproduce with: gradlew :solr:core:test --tests "org.apache.solr.security.TestExternalRoleRuleBasedAuthorizationPlugin.testBasicPermissions" -Ptests.jvms=5 -Ptests.jvmargs=-XX:TieredStopAtLevel=1 -Ptests.seed=7AACF1A83CDAD4CD -Ptests.file.encoding=UTF-8 - org.apache.solr.security.TestExternalRoleRuleBasedAuthorizationPlugin.testAllPermissionAllowsActionsWhenUserHasCorrectRole (:solr:core) Test output: /home/hossman/lucene/solr/solr/core/build/test-results/test/outputs/OUTPUT-org.apache.solr.security.TestExternalRoleRuleBasedAuthorizationPlugin.txt Reproduce with: gradlew :solr:core:test --tests "org.apache.solr.security.TestExternalRoleRuleBasedAuthorizationPlugin.testAllPermissionAllowsActionsWhenUserHasCorrectRole" -Ptests.jvms=5 -Ptests.jvmargs=-XX:TieredStopAtLevel=1 -Ptests.seed=7AACF1A83CDAD4CD -Ptests.file.encoding=UTF-8 - org.apache.solr.security.TestExternalRoleRuleBasedAuthorizationPlugin.testAllPermissionDeniesActionsWhenUserIsNotCorrectRole (:solr:core) Test output: /home/hossman/lucene/solr/solr/core/build/test-results/test/outputs/OUTPUT-org.apache.solr.security.TestExternalRoleRuleBasedAuthorizationPlugin.txt Reproduce with: gradlew :solr:core:test --tests "org.apache.solr.security.TestExternalRoleRuleBasedAuthorizationPlugin.testAllPermissionDeniesActionsWhenUserIsNotCorrectRole" -Ptests.jvms=5 -Ptests.jvmargs=-XX:TieredStopAtLevel=1 -Ptests.seed=7AACF1A83CDAD4CD -Ptests.file.encoding=UTF-8 - org.apache.solr.security.TestExternalRoleRuleBasedAuthorizationPlugin.testAllPermissionAllowsActionsWhenAssociatedRoleIsWildcard (:solr:core) Test output: /home/hossman/lucene/solr/solr/core/build/test-results/test/outputs/OUTPUT-org.apache.solr.security.TestExternalRoleRuleBasedAuthorizationPlugin.txt Reproduce with: gradlew :solr:core:test --tests "org.apache.solr.security.TestExternalRoleRuleBasedAuthorizationPlugin.testAllPermissionAllowsActionsWhenAssociatedRoleIsWildcard" -Ptests.jvms=5 -Ptests.jvmargs=-XX:TieredStopAtLevel=1 -Ptests.seed=7AACF1A83CDAD4CD -Ptests.file.encoding=UTF-8 {noformat} > Every request handler in Solr should implement PermissionNameProvider > interface > ------------------------------------------------------------------------------- > > Key: SOLR-11623 > URL: https://issues.apache.org/jira/browse/SOLR-11623 > Project: Solr > Issue Type: Improvement > Affects Versions: 7.1 > Reporter: Hrishikesh Gadre > Assignee: Jan Høydahl > Priority: Blocker > Fix For: main (9.0) > > Time Spent: 7h > Remaining Estimate: 0h > > Solr authorization framework expects request handler to implement > PermissionNameProvider interface so that the type of the permission for the > request can be extracted. Currently not all request handlers implement > PermissionNameProvider, requiring authorization plugin implementation to > check this case explicitly and return OK. During code review of SENTRY-1475, > this issue was discussed. Since PermissionNameProvider.Name enum provides > "ALL" permission type, it should be possible to have every request handler to > implement PermissionNameProvider interface and provide "ALL" permission type > if no authorization checks are necessary. > The secondary benefit of this work would be that we can review all the > request handlers and ensure that we aren't missing authorization support for > any request handlers which provide sensitive information. -- This message was sent by Atlassian Jira (v8.20.1#820001) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org