[GitHub] [solr] laminelam commented on a diff in pull request #857: SOLR-16192: Add ZK credentials injectors support

Sat, 06 Aug 2022 15:17:28 -0700 


laminelam commented on code in PR #857:
URL: https://github.com/apache/solr/pull/857#discussion_r939580684


##########
solr/solrj/src/java/org/apache/solr/common/cloud/SolrZkClient.java:
##########
@@ -256,18 +261,44 @@ protected ZkACLProvider createZkACLProvider() {
     if (!StringUtils.isEmpty(zkACLProviderClassName)) {
       try {
         log.info("Using ZkACLProvider: {}", zkACLProviderClassName);
-        return (ZkACLProvider) 
Class.forName(zkACLProviderClassName).getConstructor().newInstance();
+        ZkACLProvider zkACLProvider =
+            (ZkACLProvider) 
Class.forName(zkACLProviderClassName).getConstructor().newInstance();
+        zkACLProvider.setZkCredentialsInjector(zkCredentialsInjector);
+        return zkACLProvider;
       } catch (Throwable t) {
         // just ignore - go default
         log.warn(
             "VM param zkACLProvider does not point to a class implementing 
ZkACLProvider and with a non-arg constructor",
             t);
       }
     }
-    log.debug("Using default ZkACLProvider");
+    log.warn(
+        "Using default ZkACLProvider. DefaultZkACLProvider is not secure, it 
creates 'OPEN_ACL_UNSAFE' ACLs to Zookeeper nodes");
     return new DefaultZkACLProvider();
   }
 
+  public static final String ZK_CREDENTIALS_INJECTOR_CLASS_NAME_VM_PARAM_NAME =
+      "zkCredentialsInjector";
+
+  protected ZkCredentialsInjector createZkCredentialsInjector() {
+    String zkCredentialsInjectorClassName =
+        System.getProperty(ZK_CREDENTIALS_INJECTOR_CLASS_NAME_VM_PARAM_NAME);

Review Comment:
   These 3 methods are only called if _SolrZkClient_ is called without a 
_ZkClientConnectionStrategy_ and a _ZkACLProvider_ which doesn't happen when 
SolrZkClient constructor is called from _ZKController_ class that holds a 
_CloudConfig_ wrapping solr.xml info. Which means the 3 ZK class names is 
always read from solr.xml (not directly from System Props).
   If solr.xml is not found in ZK it would be loaded from local home, if still 
not found an exception is raised.
   In nutshell, in terms of precedence, solr.xml > default System Props 



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org

Reply via email to