Re: [PR] SOLR-15857: Add AWS Secret Manager support for ZK ACL credentials [solr]

Wed, 03 Apr 2024 18:58:43 -0700 


laminelam commented on PR #1994:
URL: https://github.com/apache/solr/pull/1994#issuecomment-2035996505

   > Are we sure this fits as a Solr module? Since this is client-side solrj 
code, it could be in e.g. `solrj-aws-secret` instead?
   
   Actually, this is a server side code.
   When Solr starts, it reads ZK creds from a local (clear) text file and uses 
them to connect to ZK. 
   With this contribution, Solr would get the ZK creds from an AWS Secret 
Manager, and then proceed to connect to ZK.
   
   Now, from SolrJ side we have 3 options:
   - Use the existing mechanism. Get the ZK creds and set them in System Props 
using the standard way
   - The client can connect to AWS SM to get the creds before passing them to 
System Props.
   - This module can be used to connect directly to AWS SM and inject the creds 
into SolrJ. Though, the libs have to
   be added to class path.
   ```    
       System.setProperty("zkACLProvider", 
"org.apache.solr.common.cloud.DigestZkACLProvider");
       System.setProperty("zkCredentialsProvider", 
"org.apache.solr.common.cloud.DigestZkCredentialsProvider");
       System.setProperty("zkCredentialsInjector", 
"org.apache.solr.secret.zk.AWSSecretManagerCredentialsInjector");
       System.setProperty("zkCredentialsAWSSecretName", "myZkSecret");
       System.setProperty("zkCredentialsAWSRegion", "us-east-1");
   
       CloudSolrClient client = new CloudHttp2SolrClient.Builder(zkHosts)...
   ```
   
   Somewhere down the line SolrZkClient [will 
instantiate](https://github.com/apache/solr/blob/main/solr/solrj-zookeeper/src/java/org/apache/solr/common/cloud/SolrZkClient.java#L307)
 an _AWSSecretManagerCredentialsInjector_


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org

Reply via email to