You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by Noble Paul <no...@gmail.com> on 2020/08/11 13:55:33 UTC
Survey on ManagedResources feature
Hi all,
The end-point for Managed resources is not secured. So it needs to be
fixed/eliminated.
I would like to know what is the level of adoption for that feature
and if it is a critical feature for users.
Another possibility is to offer a replacement for the feature using a
different API
Your feedback will help us decide on what a potential solution should be
--
-----------------------------------------------------
Noble Paul
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org
Re: Survey on ManagedResources feature
Posted by Jan Høydahl <ja...@cominvent.com>.
I imagine that some users have build custom UIs to manage stopwords or synonyms over REST instead of having to copy files to Solr or Zookeeper.
Question is whether to try improve the security of the APIs, or disable them by default and document the limitations related to using them, which could be tradeoff for users to make until we come up with a better set of APIs to replace it?
Jan
> 14. aug. 2020 kl. 09:32 skrev Matthias Krueger <mk...@mkr.io>:
>
>
>
> As authentication is plugged into the SolrDispatchFilter I would assume that you would need to be authenticated to read/write Managed Resources but no authorization is checked (i.e. any authenticated user can read/write them), correct?
>
> Anyway, I came across Managed Resources in at least two scenarios:
>
> The LTR plugin is using them for updating model/features.
> I use MangedResource#StorageIO and its implementations as a convenient way to abstract away the underlying config storage when creating plugins that need to support both, SolrCloud and Solr Standalone.
> IMO an abstraction that allows distributing configuration (ML models, configuration snippets, external file fields...) that exceeds the typical ZK size limits to SolrCloud while also supporting Solr Standalone would be nice to have.
>
> Matt
>
>
>
> On 12.08.20 02:08, Noble Paul wrote:
>> The end point is served by restlet. So, your rules are not going to be honored. The rules work only if it is served by a Solr request handler
>>
>> On Wed, Aug 12, 2020, 12:46 AM Jason Gerlowski <gerlowskija@gmail.com <ma...@gmail.com>> wrote:
>> Hey Noble,
>>
>> Can you explain what you mean when you say it's not secured? Just for
>> those of us who haven't been following the discussion so far? On the
>> surface of things users taking advantage of our RuleBasedAuth plugin
>> can secure this API like they can any other HTTP API. Or are you
>> talking about some other security aspect here?
>>
>> Jason
>>
>> On Tue, Aug 11, 2020 at 9:55 AM Noble Paul <noble.paul@gmail.com <ma...@gmail.com>> wrote:
>> >
>> > Hi all,
>> > The end-point for Managed resources is not secured. So it needs to be
>> > fixed/eliminated.
>> >
>> > I would like to know what is the level of adoption for that feature
>> > and if it is a critical feature for users.
>> >
>> > Another possibility is to offer a replacement for the feature using a
>> > different API
>> >
>> > Your feedback will help us decide on what a potential solution should be
>> >
>> > --
>> > -----------------------------------------------------
>> > Noble Paul
Re: Survey on ManagedResources feature
Posted by Erick Erickson <er...@gmail.com>.
ZkMaintenanceUtils has the basic file manipulations between Zk and “someplace else”,
although it’s pretty much file based. Does that have any bearing on the problem?
> On Aug 19, 2020, at 2:49 AM, Noble Paul <no...@gmail.com> wrote:
>
> So, it's not very different from directly reading a file from ZK?
>
> what benefit do you get by using the ManagedResourceStorage?
>
> On Sun, Aug 16, 2020 at 7:08 PM Matthias Krueger <mk...@mkr.io> wrote:
>>
>>
>> In a custom SolrRequestHandler#handleRequest something like this:
>>
>> final ManagedResourceStorage.StorageIO storageIO =
>> ManagedResourceStorage.newStorageIO(core.getCoreDescriptor().getCollectionName(),
>> resourceLoader, new NamedList<>());
>>
>> And then using
>>
>> storageIO.openOutputStream(resourceName)
>>
>> to store some (well-known) resources.
>>
>> Matt
>>
>>
>> On 15.08.20 11:38, Noble Paul wrote:
>>>> I use MangedResource#StorageIO and its implementations as a convenient way to abstract away the underlying config storage when creating plugins that need to support both, SolrCloud and Solr Standalone.
>>> Can you give us some more details on how you use it?
>>>
>>> On Sat, Aug 15, 2020 at 7:32 PM Noble Paul <no...@gmail.com> wrote:
>>>>> As authentication is plugged into the SolrDispatchFilter I would assume that you would need to be authenticated to read/write Managed Resources
>>>> I'm talking about the authorization plugins
>>>>
>>>> On Fri, Aug 14, 2020 at 10:20 PM Matthias Krueger <mk...@mkr.io> wrote:
>>>>>
>>>>> As authentication is plugged into the SolrDispatchFilter I would assume that you would need to be authenticated to read/write Managed Resources but no authorization is checked (i.e. any authenticated user can read/write them), correct?
>>>>>
>>>>> Anyway, I came across Managed Resources in at least two scenarios:
>>>>>
>>>>> The LTR plugin is using them for updating model/features.
>>>>> I use MangedResource#StorageIO and its implementations as a convenient way to abstract away the underlying config storage when creating plugins that need to support both, SolrCloud and Solr Standalone.
>>>>>
>>>>> IMO an abstraction that allows distributing configuration (ML models, configuration snippets, external file fields...) that exceeds the typical ZK size limits to SolrCloud while also supporting Solr Standalone would be nice to have.
>>>>>
>>>>> Matt
>>>>>
>>>>>
>>>>> On 12.08.20 02:08, Noble Paul wrote:
>>>>>
>>>>> The end point is served by restlet. So, your rules are not going to be honored. The rules work only if it is served by a Solr request handler
>>>>>
>>>>> On Wed, Aug 12, 2020, 12:46 AM Jason Gerlowski <ge...@gmail.com> wrote:
>>>>>> Hey Noble,
>>>>>>
>>>>>> Can you explain what you mean when you say it's not secured? Just for
>>>>>> those of us who haven't been following the discussion so far? On the
>>>>>> surface of things users taking advantage of our RuleBasedAuth plugin
>>>>>> can secure this API like they can any other HTTP API. Or are you
>>>>>> talking about some other security aspect here?
>>>>>>
>>>>>> Jason
>>>>>>
>>>>>> On Tue, Aug 11, 2020 at 9:55 AM Noble Paul <no...@gmail.com> wrote:
>>>>>>> Hi all,
>>>>>>> The end-point for Managed resources is not secured. So it needs to be
>>>>>>> fixed/eliminated.
>>>>>>>
>>>>>>> I would like to know what is the level of adoption for that feature
>>>>>>> and if it is a critical feature for users.
>>>>>>>
>>>>>>> Another possibility is to offer a replacement for the feature using a
>>>>>>> different API
>>>>>>>
>>>>>>> Your feedback will help us decide on what a potential solution should be
>>>>>>>
>>>>>>> --
>>>>>>> -----------------------------------------------------
>>>>>>> Noble Paul
>>>>
>>>>
>>>> --
>>>> -----------------------------------------------------
>>>> Noble Paul
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
>> For additional commands, e-mail: dev-help@lucene.apache.org
>>
>
>
> --
> -----------------------------------------------------
> Noble Paul
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
> For additional commands, e-mail: dev-help@lucene.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org
Re: Survey on ManagedResources feature
Posted by Noble Paul <no...@gmail.com>.
You just needed a standard interface that abstracts out storing files
(ZK/File system)
On Thu, Aug 20, 2020 at 6:02 PM Matthias Krueger <mk...@mkr.io> wrote:
>
>
> I don't use ManagedResourceStorage, just the StorageIO interface and its
> implementations. The benefit is ZK AND filesystem support for WRITING
> configuration file updates. Otherwise I would have to come up with
> something like the common interface (StorageIO), its implementations for
> ZK and FS and the dispatching code (ManagedResourceStorage#newStorageIO)
> myself. I guess the LTR plugin had similar reasons to go that route.
>
>
> On 19.08.20 08:49, Noble Paul wrote:
> > So, it's not very different from directly reading a file from ZK?
> >
> > what benefit do you get by using the ManagedResourceStorage?
> >
> > On Sun, Aug 16, 2020 at 7:08 PM Matthias Krueger <mk...@mkr.io> wrote:
> >>
> >> In a custom SolrRequestHandler#handleRequest something like this:
> >>
> >> final ManagedResourceStorage.StorageIO storageIO =
> >> ManagedResourceStorage.newStorageIO(core.getCoreDescriptor().getCollectionName(),
> >> resourceLoader, new NamedList<>());
> >>
> >> And then using
> >>
> >> storageIO.openOutputStream(resourceName)
> >>
> >> to store some (well-known) resources.
> >>
> >> Matt
> >>
> >>
> >> On 15.08.20 11:38, Noble Paul wrote:
> >>>> I use MangedResource#StorageIO and its implementations as a convenient way to abstract away the underlying config storage when creating plugins that need to support both, SolrCloud and Solr Standalone.
> >>> Can you give us some more details on how you use it?
> >>>
> >>> On Sat, Aug 15, 2020 at 7:32 PM Noble Paul <no...@gmail.com> wrote:
> >>>>> As authentication is plugged into the SolrDispatchFilter I would assume that you would need to be authenticated to read/write Managed Resources
> >>>> I'm talking about the authorization plugins
> >>>>
> >>>> On Fri, Aug 14, 2020 at 10:20 PM Matthias Krueger <mk...@mkr.io> wrote:
> >>>>> As authentication is plugged into the SolrDispatchFilter I would assume that you would need to be authenticated to read/write Managed Resources but no authorization is checked (i.e. any authenticated user can read/write them), correct?
> >>>>>
> >>>>> Anyway, I came across Managed Resources in at least two scenarios:
> >>>>>
> >>>>> The LTR plugin is using them for updating model/features.
> >>>>> I use MangedResource#StorageIO and its implementations as a convenient way to abstract away the underlying config storage when creating plugins that need to support both, SolrCloud and Solr Standalone.
> >>>>>
> >>>>> IMO an abstraction that allows distributing configuration (ML models, configuration snippets, external file fields...) that exceeds the typical ZK size limits to SolrCloud while also supporting Solr Standalone would be nice to have.
> >>>>>
> >>>>> Matt
> >>>>>
> >>>>>
> >>>>> On 12.08.20 02:08, Noble Paul wrote:
> >>>>>
> >>>>> The end point is served by restlet. So, your rules are not going to be honored. The rules work only if it is served by a Solr request handler
> >>>>>
> >>>>> On Wed, Aug 12, 2020, 12:46 AM Jason Gerlowski <ge...@gmail.com> wrote:
> >>>>>> Hey Noble,
> >>>>>>
> >>>>>> Can you explain what you mean when you say it's not secured? Just for
> >>>>>> those of us who haven't been following the discussion so far? On the
> >>>>>> surface of things users taking advantage of our RuleBasedAuth plugin
> >>>>>> can secure this API like they can any other HTTP API. Or are you
> >>>>>> talking about some other security aspect here?
> >>>>>>
> >>>>>> Jason
> >>>>>>
> >>>>>> On Tue, Aug 11, 2020 at 9:55 AM Noble Paul <no...@gmail.com> wrote:
> >>>>>>> Hi all,
> >>>>>>> The end-point for Managed resources is not secured. So it needs to be
> >>>>>>> fixed/eliminated.
> >>>>>>>
> >>>>>>> I would like to know what is the level of adoption for that feature
> >>>>>>> and if it is a critical feature for users.
> >>>>>>>
> >>>>>>> Another possibility is to offer a replacement for the feature using a
> >>>>>>> different API
> >>>>>>>
> >>>>>>> Your feedback will help us decide on what a potential solution should be
> >>>>>>>
> >>>>>>> --
> >>>>>>> -----------------------------------------------------
> >>>>>>> Noble Paul
> >>>>
> >>>> --
> >>>> -----------------------------------------------------
> >>>> Noble Paul
> >>>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
> >> For additional commands, e-mail: dev-help@lucene.apache.org
> >>
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
> For additional commands, e-mail: dev-help@lucene.apache.org
>
--
-----------------------------------------------------
Noble Paul
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org
Re: Survey on ManagedResources feature
Posted by Matthias Krueger <mk...@mkr.io>.
I don't use ManagedResourceStorage, just the StorageIO interface and its
implementations. The benefit is ZK AND filesystem support for WRITING
configuration file updates. Otherwise I would have to come up with
something like the common interface (StorageIO), its implementations for
ZK and FS and the dispatching code (ManagedResourceStorage#newStorageIO)
myself. I guess the LTR plugin had similar reasons to go that route.
On 19.08.20 08:49, Noble Paul wrote:
> So, it's not very different from directly reading a file from ZK?
>
> what benefit do you get by using the ManagedResourceStorage?
>
> On Sun, Aug 16, 2020 at 7:08 PM Matthias Krueger <mk...@mkr.io> wrote:
>>
>> In a custom SolrRequestHandler#handleRequest something like this:
>>
>> final ManagedResourceStorage.StorageIO storageIO =
>> ManagedResourceStorage.newStorageIO(core.getCoreDescriptor().getCollectionName(),
>> resourceLoader, new NamedList<>());
>>
>> And then using
>>
>> storageIO.openOutputStream(resourceName)
>>
>> to store some (well-known) resources.
>>
>> Matt
>>
>>
>> On 15.08.20 11:38, Noble Paul wrote:
>>>> I use MangedResource#StorageIO and its implementations as a convenient way to abstract away the underlying config storage when creating plugins that need to support both, SolrCloud and Solr Standalone.
>>> Can you give us some more details on how you use it?
>>>
>>> On Sat, Aug 15, 2020 at 7:32 PM Noble Paul <no...@gmail.com> wrote:
>>>>> As authentication is plugged into the SolrDispatchFilter I would assume that you would need to be authenticated to read/write Managed Resources
>>>> I'm talking about the authorization plugins
>>>>
>>>> On Fri, Aug 14, 2020 at 10:20 PM Matthias Krueger <mk...@mkr.io> wrote:
>>>>> As authentication is plugged into the SolrDispatchFilter I would assume that you would need to be authenticated to read/write Managed Resources but no authorization is checked (i.e. any authenticated user can read/write them), correct?
>>>>>
>>>>> Anyway, I came across Managed Resources in at least two scenarios:
>>>>>
>>>>> The LTR plugin is using them for updating model/features.
>>>>> I use MangedResource#StorageIO and its implementations as a convenient way to abstract away the underlying config storage when creating plugins that need to support both, SolrCloud and Solr Standalone.
>>>>>
>>>>> IMO an abstraction that allows distributing configuration (ML models, configuration snippets, external file fields...) that exceeds the typical ZK size limits to SolrCloud while also supporting Solr Standalone would be nice to have.
>>>>>
>>>>> Matt
>>>>>
>>>>>
>>>>> On 12.08.20 02:08, Noble Paul wrote:
>>>>>
>>>>> The end point is served by restlet. So, your rules are not going to be honored. The rules work only if it is served by a Solr request handler
>>>>>
>>>>> On Wed, Aug 12, 2020, 12:46 AM Jason Gerlowski <ge...@gmail.com> wrote:
>>>>>> Hey Noble,
>>>>>>
>>>>>> Can you explain what you mean when you say it's not secured? Just for
>>>>>> those of us who haven't been following the discussion so far? On the
>>>>>> surface of things users taking advantage of our RuleBasedAuth plugin
>>>>>> can secure this API like they can any other HTTP API. Or are you
>>>>>> talking about some other security aspect here?
>>>>>>
>>>>>> Jason
>>>>>>
>>>>>> On Tue, Aug 11, 2020 at 9:55 AM Noble Paul <no...@gmail.com> wrote:
>>>>>>> Hi all,
>>>>>>> The end-point for Managed resources is not secured. So it needs to be
>>>>>>> fixed/eliminated.
>>>>>>>
>>>>>>> I would like to know what is the level of adoption for that feature
>>>>>>> and if it is a critical feature for users.
>>>>>>>
>>>>>>> Another possibility is to offer a replacement for the feature using a
>>>>>>> different API
>>>>>>>
>>>>>>> Your feedback will help us decide on what a potential solution should be
>>>>>>>
>>>>>>> --
>>>>>>> -----------------------------------------------------
>>>>>>> Noble Paul
>>>>
>>>> --
>>>> -----------------------------------------------------
>>>> Noble Paul
>>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
>> For additional commands, e-mail: dev-help@lucene.apache.org
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org
Re: Survey on ManagedResources feature
Posted by Noble Paul <no...@gmail.com>.
So, it's not very different from directly reading a file from ZK?
what benefit do you get by using the ManagedResourceStorage?
On Sun, Aug 16, 2020 at 7:08 PM Matthias Krueger <mk...@mkr.io> wrote:
>
>
> In a custom SolrRequestHandler#handleRequest something like this:
>
> final ManagedResourceStorage.StorageIO storageIO =
> ManagedResourceStorage.newStorageIO(core.getCoreDescriptor().getCollectionName(),
> resourceLoader, new NamedList<>());
>
> And then using
>
> storageIO.openOutputStream(resourceName)
>
> to store some (well-known) resources.
>
> Matt
>
>
> On 15.08.20 11:38, Noble Paul wrote:
> >> I use MangedResource#StorageIO and its implementations as a convenient way to abstract away the underlying config storage when creating plugins that need to support both, SolrCloud and Solr Standalone.
> > Can you give us some more details on how you use it?
> >
> > On Sat, Aug 15, 2020 at 7:32 PM Noble Paul <no...@gmail.com> wrote:
> >>> As authentication is plugged into the SolrDispatchFilter I would assume that you would need to be authenticated to read/write Managed Resources
> >> I'm talking about the authorization plugins
> >>
> >> On Fri, Aug 14, 2020 at 10:20 PM Matthias Krueger <mk...@mkr.io> wrote:
> >>>
> >>> As authentication is plugged into the SolrDispatchFilter I would assume that you would need to be authenticated to read/write Managed Resources but no authorization is checked (i.e. any authenticated user can read/write them), correct?
> >>>
> >>> Anyway, I came across Managed Resources in at least two scenarios:
> >>>
> >>> The LTR plugin is using them for updating model/features.
> >>> I use MangedResource#StorageIO and its implementations as a convenient way to abstract away the underlying config storage when creating plugins that need to support both, SolrCloud and Solr Standalone.
> >>>
> >>> IMO an abstraction that allows distributing configuration (ML models, configuration snippets, external file fields...) that exceeds the typical ZK size limits to SolrCloud while also supporting Solr Standalone would be nice to have.
> >>>
> >>> Matt
> >>>
> >>>
> >>> On 12.08.20 02:08, Noble Paul wrote:
> >>>
> >>> The end point is served by restlet. So, your rules are not going to be honored. The rules work only if it is served by a Solr request handler
> >>>
> >>> On Wed, Aug 12, 2020, 12:46 AM Jason Gerlowski <ge...@gmail.com> wrote:
> >>>> Hey Noble,
> >>>>
> >>>> Can you explain what you mean when you say it's not secured? Just for
> >>>> those of us who haven't been following the discussion so far? On the
> >>>> surface of things users taking advantage of our RuleBasedAuth plugin
> >>>> can secure this API like they can any other HTTP API. Or are you
> >>>> talking about some other security aspect here?
> >>>>
> >>>> Jason
> >>>>
> >>>> On Tue, Aug 11, 2020 at 9:55 AM Noble Paul <no...@gmail.com> wrote:
> >>>>> Hi all,
> >>>>> The end-point for Managed resources is not secured. So it needs to be
> >>>>> fixed/eliminated.
> >>>>>
> >>>>> I would like to know what is the level of adoption for that feature
> >>>>> and if it is a critical feature for users.
> >>>>>
> >>>>> Another possibility is to offer a replacement for the feature using a
> >>>>> different API
> >>>>>
> >>>>> Your feedback will help us decide on what a potential solution should be
> >>>>>
> >>>>> --
> >>>>> -----------------------------------------------------
> >>>>> Noble Paul
> >>
> >>
> >> --
> >> -----------------------------------------------------
> >> Noble Paul
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
> For additional commands, e-mail: dev-help@lucene.apache.org
>
--
-----------------------------------------------------
Noble Paul
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org
Re: Survey on ManagedResources feature
Posted by Matthias Krueger <mk...@mkr.io>.
In a custom SolrRequestHandler#handleRequest something like this:
final ManagedResourceStorage.StorageIO storageIO =
ManagedResourceStorage.newStorageIO(core.getCoreDescriptor().getCollectionName(),
resourceLoader, new NamedList<>());
And then using
storageIO.openOutputStream(resourceName)
to store some (well-known) resources.
Matt
On 15.08.20 11:38, Noble Paul wrote:
>> I use MangedResource#StorageIO and its implementations as a convenient way to abstract away the underlying config storage when creating plugins that need to support both, SolrCloud and Solr Standalone.
> Can you give us some more details on how you use it?
>
> On Sat, Aug 15, 2020 at 7:32 PM Noble Paul <no...@gmail.com> wrote:
>>> As authentication is plugged into the SolrDispatchFilter I would assume that you would need to be authenticated to read/write Managed Resources
>> I'm talking about the authorization plugins
>>
>> On Fri, Aug 14, 2020 at 10:20 PM Matthias Krueger <mk...@mkr.io> wrote:
>>>
>>> As authentication is plugged into the SolrDispatchFilter I would assume that you would need to be authenticated to read/write Managed Resources but no authorization is checked (i.e. any authenticated user can read/write them), correct?
>>>
>>> Anyway, I came across Managed Resources in at least two scenarios:
>>>
>>> The LTR plugin is using them for updating model/features.
>>> I use MangedResource#StorageIO and its implementations as a convenient way to abstract away the underlying config storage when creating plugins that need to support both, SolrCloud and Solr Standalone.
>>>
>>> IMO an abstraction that allows distributing configuration (ML models, configuration snippets, external file fields...) that exceeds the typical ZK size limits to SolrCloud while also supporting Solr Standalone would be nice to have.
>>>
>>> Matt
>>>
>>>
>>> On 12.08.20 02:08, Noble Paul wrote:
>>>
>>> The end point is served by restlet. So, your rules are not going to be honored. The rules work only if it is served by a Solr request handler
>>>
>>> On Wed, Aug 12, 2020, 12:46 AM Jason Gerlowski <ge...@gmail.com> wrote:
>>>> Hey Noble,
>>>>
>>>> Can you explain what you mean when you say it's not secured? Just for
>>>> those of us who haven't been following the discussion so far? On the
>>>> surface of things users taking advantage of our RuleBasedAuth plugin
>>>> can secure this API like they can any other HTTP API. Or are you
>>>> talking about some other security aspect here?
>>>>
>>>> Jason
>>>>
>>>> On Tue, Aug 11, 2020 at 9:55 AM Noble Paul <no...@gmail.com> wrote:
>>>>> Hi all,
>>>>> The end-point for Managed resources is not secured. So it needs to be
>>>>> fixed/eliminated.
>>>>>
>>>>> I would like to know what is the level of adoption for that feature
>>>>> and if it is a critical feature for users.
>>>>>
>>>>> Another possibility is to offer a replacement for the feature using a
>>>>> different API
>>>>>
>>>>> Your feedback will help us decide on what a potential solution should be
>>>>>
>>>>> --
>>>>> -----------------------------------------------------
>>>>> Noble Paul
>>
>>
>> --
>> -----------------------------------------------------
>> Noble Paul
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org
Re: Survey on ManagedResources feature
Posted by Noble Paul <no...@gmail.com>.
>I use MangedResource#StorageIO and its implementations as a convenient way to abstract away the underlying config storage when creating plugins that need to support both, SolrCloud and Solr Standalone.
Can you give us some more details on how you use it?
On Sat, Aug 15, 2020 at 7:32 PM Noble Paul <no...@gmail.com> wrote:
>
> >As authentication is plugged into the SolrDispatchFilter I would assume that you would need to be authenticated to read/write Managed Resources
>
> I'm talking about the authorization plugins
>
> On Fri, Aug 14, 2020 at 10:20 PM Matthias Krueger <mk...@mkr.io> wrote:
> >
> >
> > As authentication is plugged into the SolrDispatchFilter I would assume that you would need to be authenticated to read/write Managed Resources but no authorization is checked (i.e. any authenticated user can read/write them), correct?
> >
> > Anyway, I came across Managed Resources in at least two scenarios:
> >
> > The LTR plugin is using them for updating model/features.
> > I use MangedResource#StorageIO and its implementations as a convenient way to abstract away the underlying config storage when creating plugins that need to support both, SolrCloud and Solr Standalone.
> >
> > IMO an abstraction that allows distributing configuration (ML models, configuration snippets, external file fields...) that exceeds the typical ZK size limits to SolrCloud while also supporting Solr Standalone would be nice to have.
> >
> > Matt
> >
> >
> > On 12.08.20 02:08, Noble Paul wrote:
> >
> > The end point is served by restlet. So, your rules are not going to be honored. The rules work only if it is served by a Solr request handler
> >
> > On Wed, Aug 12, 2020, 12:46 AM Jason Gerlowski <ge...@gmail.com> wrote:
> >>
> >> Hey Noble,
> >>
> >> Can you explain what you mean when you say it's not secured? Just for
> >> those of us who haven't been following the discussion so far? On the
> >> surface of things users taking advantage of our RuleBasedAuth plugin
> >> can secure this API like they can any other HTTP API. Or are you
> >> talking about some other security aspect here?
> >>
> >> Jason
> >>
> >> On Tue, Aug 11, 2020 at 9:55 AM Noble Paul <no...@gmail.com> wrote:
> >> >
> >> > Hi all,
> >> > The end-point for Managed resources is not secured. So it needs to be
> >> > fixed/eliminated.
> >> >
> >> > I would like to know what is the level of adoption for that feature
> >> > and if it is a critical feature for users.
> >> >
> >> > Another possibility is to offer a replacement for the feature using a
> >> > different API
> >> >
> >> > Your feedback will help us decide on what a potential solution should be
> >> >
> >> > --
> >> > -----------------------------------------------------
> >> > Noble Paul
>
>
>
> --
> -----------------------------------------------------
> Noble Paul
--
-----------------------------------------------------
Noble Paul
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org
Re: Survey on ManagedResources feature
Posted by Noble Paul <no...@gmail.com>.
>As authentication is plugged into the SolrDispatchFilter I would assume that you would need to be authenticated to read/write Managed Resources
I'm talking about the authorization plugins
On Fri, Aug 14, 2020 at 10:20 PM Matthias Krueger <mk...@mkr.io> wrote:
>
>
> As authentication is plugged into the SolrDispatchFilter I would assume that you would need to be authenticated to read/write Managed Resources but no authorization is checked (i.e. any authenticated user can read/write them), correct?
>
> Anyway, I came across Managed Resources in at least two scenarios:
>
> The LTR plugin is using them for updating model/features.
> I use MangedResource#StorageIO and its implementations as a convenient way to abstract away the underlying config storage when creating plugins that need to support both, SolrCloud and Solr Standalone.
>
> IMO an abstraction that allows distributing configuration (ML models, configuration snippets, external file fields...) that exceeds the typical ZK size limits to SolrCloud while also supporting Solr Standalone would be nice to have.
>
> Matt
>
>
> On 12.08.20 02:08, Noble Paul wrote:
>
> The end point is served by restlet. So, your rules are not going to be honored. The rules work only if it is served by a Solr request handler
>
> On Wed, Aug 12, 2020, 12:46 AM Jason Gerlowski <ge...@gmail.com> wrote:
>>
>> Hey Noble,
>>
>> Can you explain what you mean when you say it's not secured? Just for
>> those of us who haven't been following the discussion so far? On the
>> surface of things users taking advantage of our RuleBasedAuth plugin
>> can secure this API like they can any other HTTP API. Or are you
>> talking about some other security aspect here?
>>
>> Jason
>>
>> On Tue, Aug 11, 2020 at 9:55 AM Noble Paul <no...@gmail.com> wrote:
>> >
>> > Hi all,
>> > The end-point for Managed resources is not secured. So it needs to be
>> > fixed/eliminated.
>> >
>> > I would like to know what is the level of adoption for that feature
>> > and if it is a critical feature for users.
>> >
>> > Another possibility is to offer a replacement for the feature using a
>> > different API
>> >
>> > Your feedback will help us decide on what a potential solution should be
>> >
>> > --
>> > -----------------------------------------------------
>> > Noble Paul
--
-----------------------------------------------------
Noble Paul
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org
Re: Survey on ManagedResources feature
Posted by Matthias Krueger <mk...@mkr.io>.
As authentication is plugged into the SolrDispatchFilter I would assume
that you would need to be authenticated to read/write Managed Resources
but no authorization is checked (i.e. any authenticated user can
read/write them), correct?
Anyway, I came across Managed Resources in at least two scenarios:
* The LTR plugin is using them for updating model/features.
* I use MangedResource#StorageIO and its implementations as a
convenient way to abstract away the underlying config storage when
creating plugins that need to support both, SolrCloud and Solr
Standalone.
IMO an abstraction that allows distributing configuration (ML models,
configuration snippets, external file fields...) that exceeds the
typical ZK size limits to SolrCloud while also supporting Solr
Standalone would be nice to have.
Matt
On 12.08.20 02:08, Noble Paul wrote:
> The end point is served by restlet. So, your rules are not going to be
> honored. The rules work only if it is served by a Solr request handler
>
> On Wed, Aug 12, 2020, 12:46 AM Jason Gerlowski <gerlowskija@gmail.com
> <ma...@gmail.com>> wrote:
>
> Hey Noble,
>
> Can you explain what you mean when you say it's not secured? Just for
> those of us who haven't been following the discussion so far? On the
> surface of things users taking advantage of our RuleBasedAuth plugin
> can secure this API like they can any other HTTP API. Or are you
> talking about some other security aspect here?
>
> Jason
>
> On Tue, Aug 11, 2020 at 9:55 AM Noble Paul <noble.paul@gmail.com
> <ma...@gmail.com>> wrote:
> >
> > Hi all,
> > The end-point for Managed resources is not secured. So it needs
> to be
> > fixed/eliminated.
> >
> > I would like to know what is the level of adoption for that feature
> > and if it is a critical feature for users.
> >
> > Another possibility is to offer a replacement for the feature
> using a
> > different API
> >
> > Your feedback will help us decide on what a potential solution
> should be
> >
> > --
> > -----------------------------------------------------
> > Noble Paul
>
Re: Survey on ManagedResources feature
Posted by Noble Paul <no...@gmail.com>.
The end point is served by restlet. So, your rules are not going to be
honored. The rules work only if it is served by a Solr request handler
On Wed, Aug 12, 2020, 12:46 AM Jason Gerlowski <ge...@gmail.com>
wrote:
> Hey Noble,
>
> Can you explain what you mean when you say it's not secured? Just for
> those of us who haven't been following the discussion so far? On the
> surface of things users taking advantage of our RuleBasedAuth plugin
> can secure this API like they can any other HTTP API. Or are you
> talking about some other security aspect here?
>
> Jason
>
> On Tue, Aug 11, 2020 at 9:55 AM Noble Paul <no...@gmail.com> wrote:
> >
> > Hi all,
> > The end-point for Managed resources is not secured. So it needs to be
> > fixed/eliminated.
> >
> > I would like to know what is the level of adoption for that feature
> > and if it is a critical feature for users.
> >
> > Another possibility is to offer a replacement for the feature using a
> > different API
> >
> > Your feedback will help us decide on what a potential solution should be
> >
> > --
> > -----------------------------------------------------
> > Noble Paul
>
Re: Survey on ManagedResources feature
Posted by Noble Paul <no...@gmail.com>.
The end point is served by restlet. So, your rules are not going to be
honored. The rules work only if it is served by a Solr request handler
On Wed, Aug 12, 2020, 12:46 AM Jason Gerlowski <ge...@gmail.com>
wrote:
> Hey Noble,
>
> Can you explain what you mean when you say it's not secured? Just for
> those of us who haven't been following the discussion so far? On the
> surface of things users taking advantage of our RuleBasedAuth plugin
> can secure this API like they can any other HTTP API. Or are you
> talking about some other security aspect here?
>
> Jason
>
> On Tue, Aug 11, 2020 at 9:55 AM Noble Paul <no...@gmail.com> wrote:
> >
> > Hi all,
> > The end-point for Managed resources is not secured. So it needs to be
> > fixed/eliminated.
> >
> > I would like to know what is the level of adoption for that feature
> > and if it is a critical feature for users.
> >
> > Another possibility is to offer a replacement for the feature using a
> > different API
> >
> > Your feedback will help us decide on what a potential solution should be
> >
> > --
> > -----------------------------------------------------
> > Noble Paul
>
Re: Survey on ManagedResources feature
Posted by Jason Gerlowski <ge...@gmail.com>.
Hey Noble,
Can you explain what you mean when you say it's not secured? Just for
those of us who haven't been following the discussion so far? On the
surface of things users taking advantage of our RuleBasedAuth plugin
can secure this API like they can any other HTTP API. Or are you
talking about some other security aspect here?
Jason
On Tue, Aug 11, 2020 at 9:55 AM Noble Paul <no...@gmail.com> wrote:
>
> Hi all,
> The end-point for Managed resources is not secured. So it needs to be
> fixed/eliminated.
>
> I would like to know what is the level of adoption for that feature
> and if it is a critical feature for users.
>
> Another possibility is to offer a replacement for the feature using a
> different API
>
> Your feedback will help us decide on what a potential solution should be
>
> --
> -----------------------------------------------------
> Noble Paul
Re: Survey on ManagedResources feature
Posted by Jason Gerlowski <ge...@gmail.com>.
Hey Noble,
Can you explain what you mean when you say it's not secured? Just for
those of us who haven't been following the discussion so far? On the
surface of things users taking advantage of our RuleBasedAuth plugin
can secure this API like they can any other HTTP API. Or are you
talking about some other security aspect here?
Jason
On Tue, Aug 11, 2020 at 9:55 AM Noble Paul <no...@gmail.com> wrote:
>
> Hi all,
> The end-point for Managed resources is not secured. So it needs to be
> fixed/eliminated.
>
> I would like to know what is the level of adoption for that feature
> and if it is a critical feature for users.
>
> Another possibility is to offer a replacement for the feature using a
> different API
>
> Your feedback will help us decide on what a potential solution should be
>
> --
> -----------------------------------------------------
> Noble Paul
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org