[
https://issues.apache.org/jira/browse/SOLR-15501?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17475589#comment-17475589
]
ASF subversion and git services commented on SOLR-15501:
--------------------------------------------------------
Commit 7069848fda8aa8a7b7b39e9a022464421ecd1a31 in solr's branch
refs/heads/branch_9x from Jason Gerlowski
[ https://gitbox.apache.org/repos/asf?p=solr.git;h=7069848 ]
SOLR-15501: Read GCS creds more permissively
Prior to this commit, GCSBackupRepository required all users to provide
a path to a file containing GCS credentials. It turns out that this was
overly strict, as GCP allows hosted code to authenticate implicitly with
whatever roles/permissions assigned to the the hosting server, VM, or pod.
Solr was unintentionally blocking this usecase.
This commit makes the `gcsCredentialPath` setting optional to better
support this usecase. If the credential path is absent, instead of
throwing an error, a warning is now logged to alert users that they
_might_ be missing this value if they're outside GCP.
Closes: #465
Co-authored-by: Jacek Kikiewicz <pub...@kikiewicz.com>
Co-authored-by: Martin Stocker <martin.knol...@gmail.com>
> GCSBackupRepository - allow bucket connection without credentials
> -----------------------------------------------------------------
>
> Key: SOLR-15501
> URL: https://issues.apache.org/jira/browse/SOLR-15501
> Project: Solr
> Issue Type: Bug
> Components: SolrCloud
> Affects Versions: 8.11
> Reporter: Jacek Kikiewicz
> Assignee: Jason Gerlowski
> Priority: Minor
> Attachments: image-2021-12-09-13-42-23-536.png
>
> Time Spent: 50m
> Remaining Estimate: 0h
>
> As per documentation:
> [https://solr.apache.org/guide/8_9/making-and-restoring-backups.html#gcsbackuprepository]
> states that:
> ??{{gcsCredentialPath}}A path on the local filesystem (accessible by Solr) to
> a [Google Cloud service account
> key|https://cloud.google.com/iam/docs/creating-managing-service-account-keys]
> file. If not specified, GCSBackupRepository will use the value of the
> {{GCS_CREDENTIAL_PATH}} environment variable. If both values are absent, an
> error will be thrown as GCS requires credentials for most usage.??
> This however makes it more complicated if someone (like me) runs solr in GCP
> and uses roles for rights assignment. Long story short, would it be possible
> to allow built-in roles (so credentialless) to access resources without
> providing any creds?
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
