You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@lucene.apache.org by "Houston Putman (Jira)" <ji...@apache.org> on 2021/01/12 19:55:00 UTC
[jira] [Commented] (SOLR-14216) Exclude HealthCheck from
authentication
[ https://issues.apache.org/jira/browse/SOLR-14216?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17263651#comment-17263651 ]
Houston Putman commented on SOLR-14216:
---------------------------------------
I think this makes a lot of sense. It'd be ok to make this configurable, but I think the option should absolutely be there to remove auth from the health check handler.
[~janhoy] I see that you deleted your PR. Are you no longer interested in the feature or did you just delete it because it was stale?
> Exclude HealthCheck from authentication
> ---------------------------------------
>
> Key: SOLR-14216
> URL: https://issues.apache.org/jira/browse/SOLR-14216
> Project: Solr
> Issue Type: Improvement
> Components: Authentication
> Reporter: Jan Høydahl
> Assignee: Jan Høydahl
> Priority: Major
> Time Spent: 20m
> Remaining Estimate: 0h
>
> The {{HealthCheckHandler}} on {{/api/node/health}} and {{/solr/admin/info/health}} should by default not be subject to authentication, but be open for all. This allows for load balancers and various monitoring to probe Solr's health without having to support the auth scheme in place. I can't see any reason we need auth on the health endpoint.
> It is possible to achieve the same by setting blockUnknown=false and configuring three RBAC permissions: One for v1 endpoint, one for v2 endpoint and one "all" catch all at the end of the chain. But this is cumbersome so better have this ootb.
> An alternative solution is to create a separate HttpServer for health check, listening on a different port, just like embedded ZK and JMX.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org