Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SOLR-16491: Create v2 equivalent for /admin/info/key #1123

Merged
merged 8 commits into from Oct 31, 2022
Merged

SOLR-16491: Create v2 equivalent for /admin/info/key #1123

merged 8 commits into from Oct 31, 2022

Conversation

gerlowskija
Copy link
Contributor

@gerlowskija gerlowskija commented Oct 25, 2022
edited

https://issues.apache.org/jira/browse/SOLR-16491

Description

The /admin/info/key API used to retrieve a node's public key has no v2 equivalent.

Solution

This PR adds a v2 equivalent using the JAX-RS framework, the new endpoint is GET /api/node/key. In implementing this, some shared logic around key-creation was refactored into a separate class, SolrNodeKeyPair, which is created by CoreContainer and made injectable to the JAX-RS framework to that a single instance (i.e. same key) can be used by both the existing v1 RH, and the new v2 binding.

Tests

A new simple unit test in PublicKeyAPITest; existing tests for pki-auth and the PublicKeyHandler continue to pass.

Checklist

Please review the following and check all that apply:

  • I have reviewed the guidelines for How to Contribute and my code conforms to the standards described there to the best of my ability.
  • I have created a Jira issue and added the issue ID to my pull request title.
  • I have given Solr maintainers access to contribute to my PR branch. (optional but recommended)
  • I have developed this patch against the main branch.
  • I have run ./gradlew check.
  • I have added tests for my changes.
  • I have added documentation for the Reference Guide

@gerlowskija
SOLR-16491: v2 /admin/info/key equivalent, step 1
9afe766 
Note that the PublicKeyAPI constructor needs an injected class that's
new to our framework: CloudConfig.  The changes to CoreContainer add a
factory that makes CloudConfig injectable (though the same instance is
used on all calls).
@gerlowskija
SOLR-16491: v2 /admin/info/key equivalent, step 3
4270e46 
The response of the existing /admin/info/key endpoint looks like:

    {
      "responseHeader":{
        "status":0,
        "QTime":0},
      "key":"<some-key-string>"}

The only field here that's new over the SolrJerseyResponse base is
'key'.
@gerlowskija
SOLR-16491: v2 /admin/info/key equivalent, step 4
f805c02
@gerlowskija
SOLR-16491: v2 /admin/info/key equiv, steps 5,7
79fdf47 
This commit combines together steps 5 and 7 of creating new JAX-RS APIs.
This is done primarily so we can get to a point where the API is
available for manual testing.  After this commit, a hit on `GET
/api/node/key` will return something like:

```
  {"responseHeader":{"status":0,"QTime":12},"key":"hello-world"}
```

Some notes on this commit:
  - The @PermissionName annotation takes its value from
    PublicKeyHandler.getPermissionName.
  - PublicKeyAPI is the first v2 API to be associated with
    PublicKeyHandler, so a few additional methods need to be added to
    PKH in order for v2 registrations there to take effect: `registerV2`
    tells Solr that this RequestHandler has v2 APIs associated, and
    `getApis` is returns an empty list to indicate that PKH has no
    associated v2 APIs using the 'traditional' framework.
@gerlowskija
SOLR-16491: v2 /admin/info/key equivalent, step 6
dc98e84 
There's not a ton of logic in PublicKeyHandler that needs refactored
out; the primary bit was a method `createKeyPair` which generates a RSA
key based on some passed in config values.  And the only complicating
issue here is lifecycle: we want to make sure that the key we use in
PublicKeyAPI matches the key used by PublicKeyHandler code, and shares
its lifecycle.

The best way to refactor this code (IMO) was to create a new class that
is primarily responsible for key-generation.  We can then instantiate
this in CoreContainer and make it available to PKAPI via injection.
(This is a small departure from our guess in step 1 that we would want
to make the CloudConfig type injectable, but not a big issue.)

This change bled into a third class, PKIAuthenticationPlugin, which
historically has kept a reference to PublicKeyHandler in order to access
the key pair.  Should we refactor this class to use our new
key-generation utility, or should we let it keep its reference to PKH
for now?

I chose the latter: both out of concerns of scope-creep, and because
PKIAuthPlugin is a public interface that seems more likely than most to
be extended by plugin developers, and there's a slight risk that (e.g.)
changing the ctor signature for that class would cause issues for that
group of users.  Not incredibly likely, and we don't technically promise
backcompat for public classes in solr-core, but it seemed prudent at the
time.
@gerlowskija
SOLR-16491: v2 /admin/info/key equivalent: tests
af948aa 
A tiny unit test for the new v2 binding.  We're relying pretty heavily
here on the existing PKIAuth and PublicKeyHandler tests catching any
regressions here, but that's fine given the extremely limited
functionality offered at this endpoint.
@gerlowskija
Make tidy happy
8ae3b39
@gerlowskija
Make check happy
fd222ba
@gerlowskija gerlowskija merged commit c861288 into apache:main Oct 31, 2022
@gerlowskija gerlowskija deleted the SOLR-16491-v2-equivalent-for-key-api branch October 31, 2022 18:42
gerlowskija added a commit that referenced this pull request Oct 31, 2022
@gerlowskija
SOLR-16491: Create v2 equivalent for /admin/info/key (#1123)
57cc71e
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
1 participant
@gerlowskija