lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gregory Chanan (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SOLR-8415) Provide command to switch between non/secure mode in ZK
Date Tue, 12 Jan 2016 20:25:40 GMT

    [ https://issues.apache.org/jira/browse/SOLR-8415?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15094863#comment-15094863
] 

Gregory Chanan commented on SOLR-8415:
--------------------------------------

bq. Aside: There has to be a better way to share this than just pasting my proposed changes
in a comment each time.

Hmm, you could just go ahead and change the wiki I guess?  Don't know of a better way.

Patch looks good.  Some comments:
1) Provide javadoc for {code}+  public Stat setACL(String path, List<ACL> acls, boolean
retryOnConnLoss) throws InterruptedException, KeeperException  {
{code}
2) Using the @FunctionalInterface stuff means I can't commit this to 5.x, are you okay with
that?
3) The set vs reset in SolrZkClient is kind of confusing.  As it stands, set means a single
node, reset means recursive.  That's not the common usage of the words, e.g. we don't have
clean vs reclean to mean a single node vs recursively (there it's delete vs clean).  I don't
know which terminology to use; reset seems to imply changing from ACLs that existed (either
from secure-> other secure or secure->unsecure), while set seems to imply changing from
unsecure to secure.  This is really a problem with ZooKeeper lacking declarative APIs (what
you actually want is an API that says "after this runs, the ACLs are this" -- you don't really
care how it actually happens).  Given that, what makes the most sense to me is to just call
everything "set", since this matches the ZK API that you are calling.  Maybe instead of setAcl
vs resetACLs you should have setAcl vs setAcls or setAcl vs setAclsRecursively.  Thoughts?

> Provide command to switch between non/secure mode in ZK
> -------------------------------------------------------
>
>                 Key: SOLR-8415
>                 URL: https://issues.apache.org/jira/browse/SOLR-8415
>             Project: Solr
>          Issue Type: Improvement
>          Components: security, SolrCloud
>            Reporter: Mike Drob
>            Assignee: Gregory Chanan
>             Fix For: Trunk
>
>         Attachments: SOLR-8415.patch, SOLR-8415.patch, SOLR-8415.patch, SOLR-8415.patch
>
>
> We have the ability to run both with and without zk acls, but we don't have a great way
to switch between the two modes. Most common use case, I imagine, would be upgrading from
an old version that did not support this to a new version that does, and wanting to protect
all of the existing content in ZK, but it is conceivable that a user might want to remove
ACLs as well.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message