v2 Authc/Authz apispec files

[Jason Gerlowski <ge...@gmail.com>]

Hi all,

I posted this question in Slack a few days ago, but I didn't get any
bites so I'm copying here as well for the larger set of eyes:

Does anyone have a good understanding of how the v2
authentication/authorization APIs work?  I’d like to convert them to
over to the annotation framework (SOLR-15738), but I’m having a hard
time understanding what each of the "cluster.security.*"  apispec
files is actually for.

- The plugin-specific apispec’s (e.g.
cluster.security.JwtAuth.Commands) are pretty self explanatory, and
what I would expect to see.
- The remaining 4 look like they’re used as defaults or fallbacks in
SecurityConfHandler, but the logic in how they’re registered looks
more involved than I’d expect if that were true.  SecurityConfHandler
registers two of the apispecs ( cluster.security.authentication and
cluster.security.authorization ) unconditionally, while it registers
the other two only if the Authc/AuthzPlugins don’t have an API/spec
that they provide themselves.

It looks like this was all setup in the same mega-JIRA (SOLR-8029)
that added all the v2 APIs, so there was too much else going on for it
to merit discussion there apparently.

Anyway, if anyone can shed any light on the 4 "fallback" or "default"
apispecs and why they're registered differently, I'd love to hear it.
Thanks all!

Best,

Jason

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@solr.apache.org
For additional commands, e-mail: dev-help@solr.apache.org

Re: v2 Authc/Authz apispec files

[Jason Gerlowski <ge...@gmail.com>]

There is, yep: https://issues.apache.org/jira/browse/SOLR-15738

Thanks Noble; would appreciate any help or clarification you can lend
there.  I haven't gotten into any code there yet, mostly because I've
been uncertain what those 4 apispec files actually "do", or what
purpose they served initially.

Best,

Jason

On Sun, Feb 20, 2022 at 8:01 PM Noble Paul <no...@gmail.com> wrote:
>
>
>
> On Sat, Feb 19, 2022 at 10:59 PM Jason Gerlowski <ge...@gmail.com> wrote:
> >
> > Hi all,
> >
> > I posted this question in Slack a few days ago, but I didn't get any
> > bites so I'm copying here as well for the larger set of eyes:
> >
> > Does anyone have a good understanding of how the v2
> > authentication/authorization APIs work?  I’d like to convert them to
> > over to the annotation framework (SOLR-15738), but I’m having a hard
> > time understanding what each of the "cluster.security.*"  apispec
> > files is actually for.
> >
> > - The plugin-specific apispec’s (e.g.
> > cluster.security.JwtAuth.Commands) are pretty self explanatory, and
> > what I would expect to see.
> > - The remaining 4 look like they’re used as defaults or fallbacks in
> > SecurityConfHandler, but the logic in how they’re registered looks
> > more involved than I’d expect if that were true.  SecurityConfHandler
> > registers two of the apispecs ( cluster.security.authentication and
> > cluster.security.authorization ) unconditionally, while it registers
> > the other two only if the Authc/AuthzPlugins don’t have an API/spec
> > that they provide themselves.
> >
> > It looks like this was all setup in the same mega-JIRA (SOLR-8029)
> > that added all the v2 APIs, so there was too much else going on for it
> > to merit discussion there apparently.
> >
> We should get rid of the defaults spec files. It actually does not do anything.
> Is there a JIRA where you are tracking these where I can collaborate?
>
> > Anyway, if anyone can shed any light on the 4 "fallback" or "default"
> > apispecs and why they're registered differently, I'd love to hear it.
> > Thanks all!
> >
> > Best,
> >
> > Jason
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@solr.apache.org
> > For additional commands, e-mail: dev-help@solr.apache.org
> >
>
>
> --
> -----------------------------------------------------
> Noble Paul

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@solr.apache.org
For additional commands, e-mail: dev-help@solr.apache.org

Re: v2 Authc/Authz apispec files

[Noble Paul <no...@gmail.com>]

On Sat, Feb 19, 2022 at 10:59 PM Jason Gerlowski <ge...@gmail.com>
wrote:
>
> Hi all,
>
> I posted this question in Slack a few days ago, but I didn't get any
> bites so I'm copying here as well for the larger set of eyes:
>
> Does anyone have a good understanding of how the v2
> authentication/authorization APIs work?  I’d like to convert them to
> over to the annotation framework (SOLR-15738), but I’m having a hard
> time understanding what each of the "cluster.security.*"  apispec
> files is actually for.
>
> - The plugin-specific apispec’s (e.g.
> cluster.security.JwtAuth.Commands) are pretty self explanatory, and
> what I would expect to see.
> - The remaining 4 look like they’re used as defaults or fallbacks in
> SecurityConfHandler, but the logic in how they’re registered looks
> more involved than I’d expect if that were true.  SecurityConfHandler
> registers two of the apispecs ( cluster.security.authentication and
> cluster.security.authorization ) unconditionally, while it registers
> the other two only if the Authc/AuthzPlugins don’t have an API/spec
> that they provide themselves.
>
> It looks like this was all setup in the same mega-JIRA (SOLR-8029)
> that added all the v2 APIs, so there was too much else going on for it
> to merit discussion there apparently.
>
We should get rid of the defaults spec files. It actually does not do
anything.
Is there a JIRA where you are tracking these where I can collaborate?

> Anyway, if anyone can shed any light on the 4 "fallback" or "default"
> apispecs and why they're registered differently, I'd love to hear it.
> Thanks all!
>
> Best,
>
> Jason
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@solr.apache.org
> For additional commands, e-mail: dev-help@solr.apache.org
>


-- 
-----------------------------------------------------
Noble Paul