lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lucene/Solr QA (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SOLR-13566) REINDEXCOLLECTION does not work with (basic) authentication
Date Sun, 23 Jun 2019 02:51:00 GMT

    [ https://issues.apache.org/jira/browse/SOLR-13566?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16870415#comment-16870415
] 

Lucene/Solr QA commented on SOLR-13566:
---------------------------------------

| (x) *{color:red}-1 overall{color}* |
\\
\\
|| Vote || Subsystem || Runtime || Comment ||
|| || || || {color:brown} Prechecks {color} ||
| {color:green}+1{color} | {color:green} test4tests {color} | {color:green}  0m  0s{color}
| {color:green} The patch appears to include 1 new or modified test files. {color} |
|| || || || {color:brown} master Compile Tests {color} ||
| {color:green}+1{color} | {color:green} compile {color} | {color:green}  3m 46s{color} |
{color:green} master passed {color} |
|| || || || {color:brown} Patch Compile Tests {color} ||
| {color:green}+1{color} | {color:green} compile {color} | {color:green}  3m  0s{color} |
{color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} javac {color} | {color:green}  3m  0s{color} | {color:green}
the patch passed {color} |
| {color:green}+1{color} | {color:green} Release audit (RAT) {color} | {color:green}  3m 
0s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} Check forbidden APIs {color} | {color:green}  3m
 0s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} Validate source patterns {color} | {color:green}
 3m  0s{color} | {color:green} the patch passed {color} |
|| || || || {color:brown} Other Tests {color} ||
| {color:red}-1{color} | {color:red} unit {color} | {color:red} 93m 18s{color} | {color:red}
core in the patch failed. {color} |
| {color:black}{color} | {color:black} {color} | {color:black}104m 55s{color} | {color:black}
{color} |
\\
\\
|| Reason || Tests ||
| Failed junit tests | solr.security.BasicAuthIntegrationTest |
\\
\\
|| Subsystem || Report/Notes ||
| JIRA Issue | SOLR-13566 |
| JIRA Patch URL | https://issues.apache.org/jira/secure/attachment/12972594/SOLR-13566.patch
|
| Optional Tests |  compile  javac  unit  ratsources  checkforbiddenapis  validatesourcepatterns
 |
| uname | Linux lucene2-us-west.apache.org 4.4.0-112-generic #135-Ubuntu SMP Fri Jan 19 11:48:36
UTC 2018 x86_64 x86_64 x86_64 GNU/Linux |
| Build tool | ant |
| Personality | /home/jenkins/jenkins-slave/workspace/PreCommit-SOLR-Build/sourcedir/dev-tools/test-patch/lucene-solr-yetus-personality.sh
|
| git revision | master / 559abd8 |
| ant | version: Apache Ant(TM) version 1.9.6 compiled on July 20 2018 |
| Default Java | LTS |
| unit | https://builds.apache.org/job/PreCommit-SOLR-Build/451/artifact/out/patch-unit-solr_core.txt
|
|  Test Results | https://builds.apache.org/job/PreCommit-SOLR-Build/451/testReport/ |
| modules | C: solr/core U: solr/core |
| Console output | https://builds.apache.org/job/PreCommit-SOLR-Build/451/console |
| Powered by | Apache Yetus 0.7.0   http://yetus.apache.org |


This message was automatically generated.



> REINDEXCOLLECTION does not work with (basic) authentication
> -----------------------------------------------------------
>
>                 Key: SOLR-13566
>                 URL: https://issues.apache.org/jira/browse/SOLR-13566
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>    Affects Versions: 8.1.1
>            Reporter: Colvin Cowie
>            Priority: Major
>         Attachments: SOLR-13566.patch, responses.txt, security.json, solr.log
>
>
> I'm on the Solr 8.1 branch off commit f26388d034fe5eadca7416aa63b509b8db2c7688 so I have
the authentication fixes from SOLR-13510 (intermittent 401s for internode requests)
>   
>  When trying to use the new REINDEXCOLLECTION command introduced in SOLR-11127 with basic
auth enabled, the daemon stream fails with repeated 401s when trying to access the target
collection.
>   
>  This might be the same problem as SOLR-13472, except it applies even with a single node,
and this doesn't require role based configuration.
>   
>  Repro: I added a reindex request in BasicAuthIntegrationTest and it is reproducible
in there... I don't know what effect it should have on the auth metrics, if it were working
correctly, so I don't know how to update the test properly. But you can add the request towards
the end of org.apache.solr.security.BasicAuthIntegrationTest.testBasicAuth()
>   
>        _CollectionAdminRequest.ReindexCollection reindexReq = CollectionAdminRequest.reindexCollection(COLLECTION);_
>        _reindexReq.setBasicAuthCredentials("harry", "HarryIsUberCool");_
>        _cluster.getSolrClient().request(reindexReq, COLLECTION);_
>   
>  Manual Repro:
>  run bin/solr -e cloud
>  Choose 1 node / 1 shard / 1 replica
>  In browser GET [http://localhost:8983/solr/admin/collections?action=REINDEXCOLLECTION&name=gettingstarted]
will succeed
>  Enable security: server\scripts\cloud-scripts\zkcli -zkhost localhost:9983 -cmd putfile
/security.json <path to file with this>
>   
>  {
>      "authentication": {
>          "blockUnknown": true,
>          "class": "solr.BasicAuthPlugin",
>          "credentials":
> {             "solradmin": "fskh17INKrOTSRCJ8HkamA0L6Uiq1dSMgn4OVy8htME= /Q4VgOkwVlP6AMVY+ML+IuodbfV81WEfZ3lFb390bws="
        }
>     }
>  }
>   
>   
>  In browser authenticate (as solradmin : solradmin) and GET [http://localhost:8983/solr/admin/collections?action=REINDEXCOLLECTION&name=gettingstarted]
will time out after 180 seconds
>   
>  The solr log will show repeated 401s
>   
>  Setting "forwardCredentials" : true in the security.json does not appear to change the
outcome.
>   
>   
>  The daemon stream should probably be using PKI auth for the internal request.
>   



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message