SOLR-16980 Connect to SOLR standalone with basic authentication #1957
Conversation
|
Awesome work @stillalex .... Have you looked at #1954 (SOLR-14496) where I took a stab at adding credentials to the SolrCLI? It would be great if we used the same patterns in both there AND here... For example, I went with Sigh, in looking, looks like we use net.sourceforge.argparse4j instead of commons-cli... Wish we picked one CLI arg parser for them all! Lastly, are there any improvements here that could be reused in better handling of the CLI stuff? Would that change any of this code? |
There was a problem hiding this comment.
Do we need this class? Probably, but I wonder if it actually is required with all the other builders we have for Solr Clients? Seems a shame to have "YASCB". yet another solr client builder..... ;-)
There was a problem hiding this comment.
it wires the existing builders with params passed via cli, it didn't fee like a big problem to me.
There was a problem hiding this comment.
Maybe I just wished we could use one of the other factory/builders we have.. You are right that this probably isn't a big deal ;-)...
| @@ -96,6 +96,20 @@ public class SolrExporter { | |||
| + ARG_NUM_THREADS_DEFAULT | |||
| + "."; | |||
|
|
|||
| private static final String[] ARG_USER_FLAGS = {"-u", "--user"}; | |||
There was a problem hiding this comment.
at least we have --user instead of -user, over on SolrCLI, we want to get to the -- pattern!
There was a problem hiding this comment.
I moved it all to 'credentials' similar to the example PR.
| @@ -242,6 +256,22 @@ public static void main(String[] args) { | |||
| .setDefault(ARG_CLUSTER_ID_DEFAULT) | |||
| .help(ARG_CLUSTER_ID_HELP); | |||
|
|
|||
| parser | |||
There was a problem hiding this comment.
Curious if we love this parser or not for CLI args??? THoughts on this versus the commons-cli ?
There was a problem hiding this comment.
I used what was there already :( I can take a stab at rewriting this cli code on top of commons-cli
| if (!res.getString(ARG_USER_DEST).isEmpty() && !res.getString(ARG_PASSWORD_DEST).isEmpty()) { | ||
| String user = res.getString(ARG_USER_DEST); | ||
| String password = res.getString(ARG_PASSWORD_DEST); | ||
| scrapeConfiguration.withBasicAuthCredentials(user, password); |
There was a problem hiding this comment.
i ended up littering the #1954 code iwth lots of things that look like this too ;-).
There was a problem hiding this comment.
have you seen the new "sane defaults" security.json? It declares four roles, index, search, admin, and superadmin. I wonder if it would make sense to add a "monitor" role to that as part of this? So you do:
bin/solr auth...
and now you are ready for Prometheus?
There was a problem hiding this comment.
similar to the kubernetes setup (I think)? sounds like a good idea
There was a problem hiding this comment.
Here is the "default" security.json that we now have! https://github.com/apache/solr/blob/main/solr/core/src/resources/security.json
There was a problem hiding this comment.
I see a metrics-read permission here. is this what you were hinting to? like maybe add a role to include this one
There was a problem hiding this comment.
yeah, a "metrics" role or a "monitor" role that has what you would need, that way you don't have to figure that stuff out just to use Prometheus... (assuming there are some logical permissions you need)
| public static void setupSolrHome() throws Exception { | ||
| Path solrHome = LuceneTestCase.createTempDir(); | ||
| Files.copy( | ||
| SolrTestCaseJ4.TEST_PATH().resolve("security.json"), solrHome.resolve("security.json")); |
There was a problem hiding this comment.
a thought... that if security.json isn't special for your test, just use the one that now ships with Solr?
There was a problem hiding this comment.
it only has a user+pass. if one already exists and is available to this module I can try to use it, sure
There was a problem hiding this comment.
trying to find an example for this. would you happen to have one that I could use as a reference?
There was a problem hiding this comment.
https://github.com/apache/solr/blob/main/solr/core/src/resources/security.json is the one that was introduced...
There was a problem hiding this comment.
I thin the trouble is prometheus module does not depend on core (not even for testing)? bringing that in just for access to the security file might be overkill.
There was a problem hiding this comment.
found a cleaner way. removed the file and I am recreating it as needed.
| 25, new SolrNamedThreadFactory("solr-cloud-scraper-tests")); | ||
| solrScraper = new SolrStandaloneScraper(solrClient, executor, "test"); | ||
|
|
||
| Helpers.indexAllDocs(solrClient); |
There was a problem hiding this comment.
don't love this class name? Helpers feels very generic... Also, we don't have the equivaletn of indexAllDocs somewhere already?
There was a problem hiding this comment.
yeah. class name is the existing test class name plus BasicAuth :) I can change if you think there is a better name
There was a problem hiding this comment.
Actually, the class name I didn't love was Helpers... ;-) I feel like that method indexAllDocs must exist already!
There was a problem hiding this comment.
ah right. this was already there. I picked up the SolrStandaloneScraperTest test (cleaned it up a bit) and added basic auth to it. indexAllDocs will actually index a local copy of the solr examples files. I'm pretty sure this was not strictly needed for this, but yeah I didn't add any of it.
| Files.copy(top.resolve("managed-schema.xml"), subHome.resolve("schema.xml")); | ||
| Files.copy(top.resolve("solrconfig.xml"), subHome.resolve("solrconfig.xml")); | ||
|
|
||
| Files.copy(top.resolve("stopwords.txt"), subHome.resolve("stopwords.txt")); |
There was a problem hiding this comment.
wish we had a different more minimal config that dind't drag along stopwords and synnymos....
There was a problem hiding this comment.
trouble with using the minimal config is that the data indexed here uses multi value strings heavily which is not allowed in the existing min config. it will fail indexing, so this is the best I could come up with
There was a problem hiding this comment.
makes sense. Maybe someday we figure out how many tests actually want stopwords, or which ones want stopwords, and only have those tests depend on it!
| @@ -127,7 +136,7 @@ public void metricsForHost() throws Exception { | |||
| assertEquals(1, metricsByHost.size()); | |||
|
|
|||
| List<Collector.MetricFamilySamples> replicaSamples = | |||
| metricsByHost.get(restTestHarness.getAdminURL()).asList(); | |||
| metricsByHost.get(solrRule.getBaseUrl()).asList(); | |||
|
thank you for the review @epugh!
I have not, no. will take a look and try to make it consistent with #1954.
strange. did not even notice this until you said it. will try to see how complicated the refactor to commons-cli would be |
Also, not wedded to commons-cli... I think if the community likes argparse4j, then happy to go that way as well ;-) |
| @@ -96,6 +96,13 @@ public class SolrExporter { | |||
| + ARG_NUM_THREADS_DEFAULT | |||
| + "."; | |||
|
|
|||
| private static final String[] ARG_CREDENTIALS_FLAGS = {"-u", "--credentials"}; | |||
|
@epugh re. |
Awesome! Totally agree! You could link it to https://issues.apache.org/jira/browse/SOLR-16757 which is what I'm using to guide me in trying to get our varous CLI's to a better place. |
|
sure, created SOLR-16996 and linked to umbrella ticket. |
(cherry picked from commit 61d41e5)
https://issues.apache.org/jira/browse/SOLR-16980
Description
Adding support for passing basic auth details to cli command
Solution
Please provide a short description of the approach taken to implement your solution.
Tests
Please describe the tests you've developed or run to confirm this patch implements the feature or solves the problem.
Checklist
Please review the following and check all that apply:
mainbranch../gradlew check.