lucene-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From is...@apache.org
Subject lucene-solr:branch_6_6: SOLR-12530: Ability to disable configset upload
Date Fri, 29 Jun 2018 14:23:41 GMT
Repository: lucene-solr
Updated Branches:
  refs/heads/branch_6_6 d1baf6ba5 -> 23c4d03c3


SOLR-12530: Ability to disable configset upload


Project: http://git-wip-us.apache.org/repos/asf/lucene-solr/repo
Commit: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/23c4d03c
Tree: http://git-wip-us.apache.org/repos/asf/lucene-solr/tree/23c4d03c
Diff: http://git-wip-us.apache.org/repos/asf/lucene-solr/diff/23c4d03c

Branch: refs/heads/branch_6_6
Commit: 23c4d03c304a039f18f8cc1d9f1057c0f5b41997
Parents: d1baf6b
Author: Ishan Chattopadhyaya <ishan@apache.org>
Authored: Fri Jun 29 19:12:07 2018 +0530
Committer: Ishan Chattopadhyaya <ishan@apache.org>
Committed: Fri Jun 29 19:53:07 2018 +0530

----------------------------------------------------------------------
 solr/CHANGES.txt                                |  6 ++
 .../solr/handler/admin/ConfigSetsHandler.java   |  5 ++
 .../apache/solr/cloud/TestConfigSetsAPI.java    | 60 ++++++++++++++------
 solr/solr-ref-guide/src/configsets-api.adoc     |  6 +-
 4 files changed, 58 insertions(+), 19 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/23c4d03c/solr/CHANGES.txt
----------------------------------------------------------------------
diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index 83f1512..0bf68fe 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -29,6 +29,12 @@ Apache UIMA 2.3.1
 Apache ZooKeeper 3.4.10
 Jetty 9.3.14.v20161028
 
+New Features
+----------------------
+
+* SOLR-12530: Ability to disable configset upload via -Dconfigset.upload.enabled=false startup
parameter
+  (Ishan Chattopadhyaya)
+
 Bug Fixes
 ----------------------
 

http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/23c4d03c/solr/core/src/java/org/apache/solr/handler/admin/ConfigSetsHandler.java
----------------------------------------------------------------------
diff --git a/solr/core/src/java/org/apache/solr/handler/admin/ConfigSetsHandler.java b/solr/core/src/java/org/apache/solr/handler/admin/ConfigSetsHandler.java
index 3f857e7..387f260 100644
--- a/solr/core/src/java/org/apache/solr/handler/admin/ConfigSetsHandler.java
+++ b/solr/core/src/java/org/apache/solr/handler/admin/ConfigSetsHandler.java
@@ -137,6 +137,11 @@ public class ConfigSetsHandler extends RequestHandlerBase implements
PermissionN
   }
 
   private void handleConfigUploadRequest(SolrQueryRequest req, SolrQueryResponse rsp) throws
Exception {
+    if (!"true".equals(System.getProperty("configset.upload.enabled", "true"))) {
+      throw new SolrException(ErrorCode.BAD_REQUEST,
+          "Configset upload feature is disabled. To enable this, start Solr with '-Dconfigset.upload.enabled=true'.");
+    }
+
     String configSetName = req.getParams().get(NAME);
     if (StringUtils.isBlank(configSetName)) {
       throw new SolrException(ErrorCode.BAD_REQUEST,

http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/23c4d03c/solr/core/src/test/org/apache/solr/cloud/TestConfigSetsAPI.java
----------------------------------------------------------------------
diff --git a/solr/core/src/test/org/apache/solr/cloud/TestConfigSetsAPI.java b/solr/core/src/test/org/apache/solr/cloud/TestConfigSetsAPI.java
index 6c20ccc..5a01c6c 100644
--- a/solr/core/src/test/org/apache/solr/cloud/TestConfigSetsAPI.java
+++ b/solr/core/src/test/org/apache/solr/cloud/TestConfigSetsAPI.java
@@ -321,9 +321,27 @@ public class TestConfigSetsAPI extends SolrTestCaseJ4 {
   }
 
   @Test
+  public void testUploadDisabled() throws Exception {
+    try (SolrZkClient zkClient = new SolrZkClient(solrCluster.getZkServer().getZkAddress(),
+        AbstractZkTestCase.TIMEOUT, 45000, null)) {
+
+      for (boolean enabled: new boolean[] {true, false}) {
+        System.setProperty("configset.upload.enabled", String.valueOf(enabled));
+        try {
+          long statusCode = uploadConfigSet("regular", "test-enabled-is-" + enabled, null,
null, zkClient);
+          assertEquals("ConfigSet upload enabling/disabling not working as expected for enabled="
+ enabled + ".",
+              enabled? 0l: 400l, statusCode);
+        } finally {
+          System.clearProperty("configset.upload.enabled");
+        }
+      }
+    }
+  }
+
+  @Test
   public void testUpload() throws Exception {
     String suffix = "-untrusted";
-    uploadConfigSet("regular", suffix, null, null);
+    uploadConfigSetWithAssertions("regular", suffix, null, null);
     // try to create a collection with the uploaded configset
     createCollection("newcollection", "regular" + suffix, 1, 1, solrCluster.getSolrClient());
     xsltRequest("newcollection");
@@ -332,7 +350,7 @@ public class TestConfigSetsAPI extends SolrTestCaseJ4 {
   @Test
   public void testUploadWithRunExecutableListener() throws Exception {
     String suffix = "-untrusted";
-    uploadConfigSet("with-run-executable-listener", suffix, null, null);
+    uploadConfigSetWithAssertions("with-run-executable-listener", suffix, null, null);
     // try to create a collection with the uploaded configset
     CollectionAdminResponse resp = createCollection("newcollection3", "with-run-executable-listener"
+ suffix, 1, 1, solrCluster.getSolrClient());
     log.info("Client saw errors: "+resp.getErrorMessages());
@@ -348,10 +366,10 @@ public class TestConfigSetsAPI extends SolrTestCaseJ4 {
       if (withAuthorization) {
         suffix = "-trusted";
         protectConfigsHandler();
-        uploadConfigSet("with-script-processor", suffix, "solr", "SolrRocks");
+        uploadConfigSetWithAssertions("with-script-processor", suffix, "solr", "SolrRocks");
       } else {
         suffix = "-untrusted";
-        uploadConfigSet("with-script-processor", suffix, null, null);
+        uploadConfigSetWithAssertions("with-script-processor", suffix, null, null);
       }
       // try to create a collection with the uploaded configset
       CollectionAdminResponse resp = createCollection("newcollection2", "with-script-processor"+suffix,
@@ -405,23 +423,11 @@ public class TestConfigSetsAPI extends SolrTestCaseJ4 {
     Thread.sleep(5000); // TODO: Without a delay, the test fails. Some problem with Authc/Authz
framework?
   }
 
-  private void uploadConfigSet(String configSetName, String suffix, String username, String
password) throws Exception {
-    // Read zipped sample config
-    ByteBuffer sampleZippedConfig = TestDynamicLoading
-        .getFileContent(
-            createTempZipFile("solr/configsets/upload/"+configSetName), false);
-
+  private void uploadConfigSetWithAssertions(String configSetName, String suffix, String
username, String password) throws Exception {
     SolrZkClient zkClient = new SolrZkClient(solrCluster.getZkServer().getZkAddress(),
         AbstractZkTestCase.TIMEOUT, 45000, null);
     try {
-      ZkConfigManager configManager = new ZkConfigManager(zkClient);
-      assertFalse(configManager.configExists(configSetName+suffix));
-
-      Map map = postDataAndGetResponse(solrCluster.getSolrClient(),
-          solrCluster.getJettySolrRunners().get(0).getBaseUrl().toString() + "/admin/configs?action=UPLOAD&wt=json&name="+configSetName+suffix,
-          sampleZippedConfig, username, password);
-      assertNotNull(map);
-      long statusCode = (long) getObjectByPath(map, false, Arrays.asList("responseHeader",
"status"));
+      long statusCode = uploadConfigSet(configSetName, suffix, username, password, zkClient);
       assertEquals(0l, statusCode);
 
       assertTrue("managed-schema file should have been uploaded",
@@ -441,6 +447,24 @@ public class TestConfigSetsAPI extends SolrTestCaseJ4 {
       zkClient.close();
     }
   }
+
+  private long uploadConfigSet(String configSetName, String suffix, String username, String
password,
+      SolrZkClient zkClient) throws IOException {
+    // Read zipped sample config
+    ByteBuffer sampleZippedConfig = TestDynamicLoading
+        .getFileContent(
+            createTempZipFile("solr/configsets/upload/"+configSetName), false);
+
+    ZkConfigManager configManager = new ZkConfigManager(zkClient);
+    assertFalse(configManager.configExists(configSetName+suffix));
+
+    Map map = postDataAndGetResponse(solrCluster.getSolrClient(),
+        solrCluster.getJettySolrRunners().get(0).getBaseUrl().toString() + "/admin/configs?wt=json&action=UPLOAD&name="+configSetName+suffix,
+        sampleZippedConfig, username, password);
+    assertNotNull(map);
+    long statusCode = (long) getObjectByPath(map, false, Arrays.asList("responseHeader",
"status"));
+    return statusCode;
+  }
   
   /**
    * Create a zip file (in the temp directory) containing all the files within the specified
directory

http://git-wip-us.apache.org/repos/asf/lucene-solr/blob/23c4d03c/solr/solr-ref-guide/src/configsets-api.adoc
----------------------------------------------------------------------
diff --git a/solr/solr-ref-guide/src/configsets-api.adoc b/solr/solr-ref-guide/src/configsets-api.adoc
index 97d3163..1ec574f 100644
--- a/solr/solr-ref-guide/src/configsets-api.adoc
+++ b/solr/solr-ref-guide/src/configsets-api.adoc
@@ -174,7 +174,11 @@ http://localhost:8983/solr/admin/configs?action=LIST&wt=json
 
 `/admin/configs?action=UPLOAD&name=_name_`
 
-Upload a ConfigSet, sent in as a zipped file. Please note that a ConfigSet is uploaded in
a "trusted" mode if authentication is enabled and this upload operation is performed as an
authenticated request. Without authentication, a ConfigSet is uploaded in an "untrusted" mode.
Upon creation of a collection using an "untrusted" ConfigSet, the following functionality
would not work:
+Upload a ConfigSet, sent in as a zipped file.
+
+This functionality is enabled by default, but can be disabled via a runtime parameter `-Dconfigset.upload.enabled=false`.
Disabling this feature is advisable if you want to expose Solr installation to untrusted users
(even though you should never do that!).
+
+Please note that a ConfigSet is uploaded in a "trusted" mode if authentication is enabled
and this upload operation is performed as an authenticated request. Without authentication,
a ConfigSet is uploaded in an "untrusted" mode. Upon creation of a collection using an "untrusted"
ConfigSet, the following functionality would not work:
 
  * RunExecutableListener does not initialize, if specified in the ConfigSet.
  * DataImportHandler's ScriptTransformer does not initialize, if specified in the ConfigSet.


Mime
View raw message