[
https://issues.apache.org/jira/browse/SOLR-16820?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17736096#comment-17736096
]
ASF subversion and git services commented on SOLR-16820:
--------------------------------------------------------
Commit dbf78da59e79716979c29261913c4661e342ac9b in solr's branch
refs/heads/branch_9x from Will White
[ https://gitbox.apache.org/repos/asf?p=solr.git;h=dbf78da59e7 ]
SOLR-16820: Allow semVer style collection names (amongst others) (#1688)
The previous collection name validation didn't match the validation
used in the CreateCollectionAPI, so it was possible to create a
collection name (e.g. `foobar-1.2.3`) that wouldn't pass validation
at this stage via the PackageTool deploy/undeploy commands.
---------
Co-authored-by: Eric Pugh <ep...@opensourceconnections.com>
Co-authored-by: Kevin Risden <kris...@apache.org>
> PackageUtils collection validation is more restrictive than
> CreateCollectionAPI allows
> --------------------------------------------------------------------------------------
>
> Key: SOLR-16820
> URL: https://issues.apache.org/jira/browse/SOLR-16820
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: Package Manager
> Reporter: Will White
> Priority: Minor
> Labels: packagemanager
> Time Spent: 4h 10m
> Remaining Estimate: 0h
>
> It's possible to create a collection via the CreateCollectionAPI which
> [passes validation from the
> SolrIdentifierValidation|https://github.com/apache/solr/blob/main/solr/solrj/src/java/org/apache/solr/client/solrj/util/SolrIdentifierValidator.java#L50-L52]
> (a regex which among other elements includes the '.' character), but that
> same collection name won't then pass validation when deployed/undeployed via
> the PackageTool because of the [packagemanager.PackageUtils
> validateCollection()
> method|https://github.com/apache/solr/blob/main/solr/core/src/java/org/apache/solr/packagemanager/PackageUtils.java#L271].
> A change [like this, using the existing
> SolrIdentifierValidator|https://github.com/apache/solr/commit/638fd768ebd7ed7908029ced08e56bed05a4a2a5]
> would bring the two validation steps back in line, although there's
> presumably a better approach.
> *Potential risks*
> As highlighted by Gus Heck [in this
> thread|https://lists.apache.org/thread/h7hnksgqwxxl7nkwkhn01r6jn8xjkjjs]
> changing the validation of collection names could be a risky change to make.
> The source of the PackageUtils regex appears to be
> [https://github.com/apache/lucene-solr/pull/994] from before Solr split from
> the Lucene project, and it seems that the regex wasn't crafted for a specific
> subset of use cases that specifically excluded the '.' character - it just
> appears to be the regex implemented at the time.
> Using the {{SolrIdentifierValidator}} approach mentioned above as an example,
> other than disallowing a collection name that begins with a '-' character,
> the {{SolrIdentifierValidator.identifierPattern}} would be a strict expansion
> of the allowed collection names for the
> {{{}PackageUtils.validateCollections{}}}. Any other solution (such as [this
> more naive
> example|https://github.com/apache/solr/blame/998fffdccf51a0560589e2cb413e9da127a5f26e/solr/core/src/java/org/apache/solr/packagemanager/PackageUtils.java#L271])
> could similarly mitigate a lot of the potential risk by only expanding the
> allowed collection names.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
