New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SOLR-15748 : Created v2 equivalent of v1 'CLUSTERSTATUS' command #1061
Conversation
|
This reverts commit 32a37f6.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great; except for one question/suggestion I had. Take a look when you get a chance and let me know what you think.
@@ -261,6 +263,13 @@ public void getNodes(SolrQueryRequest req, SolrQueryResponse rsp) { | |||
rsp.add("nodes", getCoreContainer().getZkController().getClusterState().getLiveNodes()); | |||
} | |||
|
|||
@EndPoint(method = GET, path = "/cluster/cluster-status", permission = COLL_READ_PERM) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[+1] The method body itself here looks great 👍
[Q] My only question is about the path string you chose: "/cluster/cluster-status".
Did you pick this because "/cluster" was already taken by the getCluster
method down below? Or was there another reason?
Assuming the main factor was the conflict with getCluster
, I'd vote to nuke that method and change the path string here to be "/cluster".
For reasons that I don't quite understand, the v2 API has two endpoints that expose the "List Collections" functionality: ClusterAPI.getCluster
which we see below uses the "/cluster" path, and CollectionsAPI.getCollections
here which uses the path "/collections".
There's absolutely no reason for that afaict, and "cluster status" is a very natural thing to expose at "/cluster". So IMO we should be safe to delete getCluster
in this PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Did you pick this because "/cluster" was already taken by the
getCluster
method down below? Or was there another reason?
Yes that's the main reason, "/cluster" had already been mapped to a method.
For reasons that I don't quite understand, the v2 API has two endpoints that expose the "List Collections" functionality:
ClusterAPI.getCluster
which we see below uses the "/cluster" path, andCollectionsAPI.getCollections
here which uses the path "/collections".
Exactly. It was a challenge understing the same while working on the issue.
There's absolutely no reason for that afaict, and "cluster status" is a very natural thing to expose at "/cluster". So IMO we should be safe to delete
getCluster
in this PR.
Will do that
Hey @joshgog - thanks for the PR; looks good so far! A few quick questions for you:
|
There was one failed test. JWT security issues. I'm rerunning the check to note the details of the error. Where is the test log located? To avoid rerunning the check.
I have documented the changes.
I have updated the reference guide |
The ./gradlew check rerun was successful. No failed tests |
@@ -261,6 +257,13 @@ public void getNodes(SolrQueryRequest req, SolrQueryResponse rsp) { | |||
rsp.add("nodes", getCoreContainer().getZkController().getClusterState().getLiveNodes()); | |||
} | |||
|
|||
@EndPoint(method = GET, path = "/cluster", permission = COLL_READ_PERM) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The COLL_READ_PERM
(collection-admin-read
) permission here stems from when CLUSTERSTATUS was a collection-api command.
The content of clusterstatus is mostly collection data, i.e. a list of collections, their shards and replicas and their status. So I'm OK with keeping this permission although it is now located under/api/cluster
. I'm thinking of the CloudSolrClient
SolrJ client that will read cluster status in order to route index/search requests.
Any thoughts?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since I'm still learning the code base and how Solr works, I'll have to look into how the CloudSolrClient
works to better understand your point and put across my thoughts.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not expecting you to have an opinion on this detail. Solr's security framework is a bit involved :) But if a committer has an opinion I'm happy to hear it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are you getting at the fact that COLL_READ_PERM/collection-admin-read is a bad name in the v2 world where /admin/collections no longer exists? Or are you suggesting that it might be nice to give "cluster status" a different permission group so that CSC's can be setup to require fewer permissions? Or something else altogether?
If the former, then I totally agree. I think it still makes sense to have a permission group like COLL_READ_PERM going forward, but the name would need to be rethought. Regardless of the underlying api paths or the permission name though, I think users will still find it valuable to group various admin-read functionality in a single permission-group.
In terms of having a "slimmer" predefined permission group for HttpClusterStateProvider-based CloudSolrClients to use, that seems like it might be useful. Though, to play devil's advocate, IMO HttpClusterStateProvider is sort of a minority use-case, and users that want to run a HCSP without giving it full COLL_READ_PERMs can already do so by defining "custom permissions". So I could go either way I guess 🤷
In either case - IMO making changes to our predefined permissions is definitely a bigger task that we'd want to be a separate JIRA for sure.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No failed tests ... I have updated the reference guide ... I have documented the changes.
🎉 Awesome, thanks for the quick follow up! I made some minor tweaks to the CHANGES.txt wording - primarily to mention where the collection-listing functionality that used to be at /api/cluster
can still be found.
But everything else looks great. I'm going to run tests locally as a double-check, but then I think this is ready to merge. I'll target early next week - should give Jan or whoever else is interested in reviewing a chance to take a look if they want to.
(Tests and 'check' pass for me 👍 ) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
I did also check, the ref guide does mention |
It seems the action |
CLUSTERSTATUS returns a superset of the information returned by list. That is, LIST returns the collection names only. CLUSTERSTATUS returns not just the collection names, but the shards and replicas that make them up, each of their "statuses", the nodes that make up the cluster, etc. Are you seeing them return the same info? If so, can you share |
II had not tested LIST. They do return different info |
https://issues.apache.org/jira/browse/SOLR-15748
Description
Create a v2 equivalent of 'CLUSTERSTATUS' command under the v1 /solr/admin/collections endpoint.
Solution
Added an endpoint @endpoint(method = GET, path = "/cluster", permission = COLL_READ_PERM) to the ClusterAPI
Tests
Tested mapping to the API endpoint.
Checklist
Please review the following and check all that apply:
main
branch../gradlew check
.