You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@solr.apache.org by GitBox <gi...@apache.org> on 2021/11/18 15:52:56 UTC

[GitHub] [solr] janhoy opened a new pull request #424: SOLR-15809 Get rid of blacklist/whitelist terminology

janhoy opened a new pull request #424:
URL: https://github.com/apache/solr/pull/424


   https://issues.apache.org/jira/browse/SOLR-15809
   
   A good bulk of changes to whitelist / blacklist terminology across the codebase and docs


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org

[GitHub] [solr] janhoy commented on a change in pull request #424: SOLR-15809 Get rid of blacklist/whitelist terminology

Posted by GitBox <gi...@apache.org>.

janhoy commented on a change in pull request #424:
URL: https://github.com/apache/solr/pull/424#discussion_r755206338



##########
File path: dev-tools/test-patch/lucene-solr-yetus-personality.sh
##########
@@ -113,11 +113,11 @@ function personality_modules
   case ${moduleType} in
     submodules)
       for module in "${CHANGED_MODULES[@]}"; do
-        if [[ ! "${module}" =~ ^lucene/(licenses|site) ]]; then # blacklist lucene/ dirs that aren't modules

Review comment:
       Yes, need some cleanup in the dev-tools folder. I think we'll get to that once 9.0 work progresses...




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org

[GitHub] [solr] madrob commented on a change in pull request #424: SOLR-15809 Get rid of blacklist/whitelist terminology

Posted by GitBox <gi...@apache.org>.

madrob commented on a change in pull request #424:
URL: https://github.com/apache/solr/pull/424#discussion_r753533422



##########
File path: dev-tools/test-patch/lucene-solr-yetus-personality.sh
##########
@@ -113,11 +113,11 @@ function personality_modules
   case ${moduleType} in
     submodules)
       for module in "${CHANGED_MODULES[@]}"; do
-        if [[ ! "${module}" =~ ^lucene/(licenses|site) ]]; then # blacklist lucene/ dirs that aren't modules

Review comment:
       I suspect this whole file is defunct post-split, but that's another conversation




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org

[GitHub] [solr] janhoy commented on a change in pull request #424: SOLR-15809 Get rid of blacklist/whitelist terminology

Posted by GitBox <gi...@apache.org>.

janhoy commented on a change in pull request #424:
URL: https://github.com/apache/solr/pull/424#discussion_r755203770



##########
File path: solr/bin/solr
##########
@@ -2073,8 +2073,8 @@ else
 fi
 
 # IP-based access control
-IP_ACL_OPTS=("-Dsolr.jetty.inetaccess.includes=${SOLR_IP_WHITELIST}" \
-             "-Dsolr.jetty.inetaccess.excludes=${SOLR_IP_BLACKLIST}")
+IP_ACL_OPTS=("-Dsolr.jetty.inetaccess.includes=${SOLR_IP_ALLOWLIST}" \
+             "-Dsolr.jetty.inetaccess.excludes=${SOLR_IP_DENYLIST}")

Review comment:
       Implemented and tested also for Windows.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org

[GitHub] [solr] janhoy commented on a change in pull request #424: SOLR-15809 Get rid of blacklist/whitelist terminology

Posted by GitBox <gi...@apache.org>.

janhoy commented on a change in pull request #424:
URL: https://github.com/apache/solr/pull/424#discussion_r753726610



##########
File path: solr/CHANGES.txt
##########
@@ -1578,7 +1583,7 @@ Improvements
   SOLR_REQUESTLOG_ENABLED=true. This will respect SOLR_LOGS_DIR if it is set. (rmuir)
 
 * SOLR-14136: Jetty's InetAccessHandler can be enabled via environment variables,
-  SOLR_IP_WHITELIST and SOLR_IP_BLACKLIST. These variables can restrict access to
+  SOLR_IP_ALLOWLIST and SOLR_IP_DENYLIST. These variables can restrict access to

Review comment:
       Done




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org

[GitHub] [solr] janhoy commented on a change in pull request #424: SOLR-15809 Get rid of blacklist/whitelist terminology

Posted by GitBox <gi...@apache.org>.

janhoy commented on a change in pull request #424:
URL: https://github.com/apache/solr/pull/424#discussion_r755205462



##########
File path: solr/solr-ref-guide/src/major-changes-in-solr-9.adoc
##########
@@ -82,6 +82,9 @@ All the usages are replaced by BaseHttpSolrClient.RemoteSolrException and BaseHt
 
 * SOLR-11623: Every request handler in Solr now implements PermissionNameProvider. Any custom or 3rd party request handler must also do this
 
+* SOLR-15809: Get rid of blacklist/whitelist terminology. JWTAuthPlugin parameter `algWhitelist` is now `algAllowlist`. The old parameter will still

Review comment:
       That can go in solr 10 when we remove support...




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org

[GitHub] [solr] janhoy merged pull request #424: SOLR-15809 Get rid of blacklist/whitelist terminology

Posted by GitBox <gi...@apache.org>.

janhoy merged pull request #424:
URL: https://github.com/apache/solr/pull/424


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org

[GitHub] [solr] janhoy commented on a change in pull request #424: SOLR-15809 Get rid of blacklist/whitelist terminology

Posted by GitBox <gi...@apache.org>.

janhoy commented on a change in pull request #424:
URL: https://github.com/apache/solr/pull/424#discussion_r752384726



##########
File path: solr/bin/solr
##########
@@ -2073,8 +2073,8 @@ else
 fi
 
 # IP-based access control
-IP_ACL_OPTS=("-Dsolr.jetty.inetaccess.includes=${SOLR_IP_WHITELIST}" \
-             "-Dsolr.jetty.inetaccess.excludes=${SOLR_IP_BLACKLIST}")
+IP_ACL_OPTS=("-Dsolr.jetty.inetaccess.includes=${SOLR_IP_ALLOWLIST}" \
+             "-Dsolr.jetty.inetaccess.excludes=${SOLR_IP_DENYLIST}")

Review comment:
       I could have tried to support both in parallel for some time and warned when detecting the old, but it's a hassle across bash and Windows - any strong feelings about this? We spell it out in upgrade notes...




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org

[GitHub] [solr] HoustonPutman commented on a change in pull request #424: SOLR-15809 Get rid of blacklist/whitelist terminology

Posted by GitBox <gi...@apache.org>.

HoustonPutman commented on a change in pull request #424:
URL: https://github.com/apache/solr/pull/424#discussion_r753527897



##########
File path: solr/solr-ref-guide/src/major-changes-in-solr-9.adoc
##########
@@ -82,6 +82,9 @@ All the usages are replaced by BaseHttpSolrClient.RemoteSolrException and BaseHt
 
 * SOLR-11623: Every request handler in Solr now implements PermissionNameProvider. Any custom or 3rd party request handler must also do this
 
+* SOLR-15809: Get rid of blacklist/whitelist terminology. JWTAuthPlugin parameter `algWhitelist` is now `algAllowlist`. The old parameter will still

Review comment:
       maybe state that they will be removed in Solr 10? Or I guess we can wait for the Solr 10 upgrade notes.

##########
File path: solr/CHANGES.txt
##########
@@ -1578,7 +1583,7 @@ Improvements
   SOLR_REQUESTLOG_ENABLED=true. This will respect SOLR_LOGS_DIR if it is set. (rmuir)
 
 * SOLR-14136: Jetty's InetAccessHandler can be enabled via environment variables,
-  SOLR_IP_WHITELIST and SOLR_IP_BLACKLIST. These variables can restrict access to
+  SOLR_IP_ALLOWLIST and SOLR_IP_DENYLIST. These variables can restrict access to

Review comment:
       Does this need to be changed?




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org

[GitHub] [solr] janhoy commented on a change in pull request #424: SOLR-15809 Get rid of blacklist/whitelist terminology

Posted by GitBox <gi...@apache.org>.

janhoy commented on a change in pull request #424:
URL: https://github.com/apache/solr/pull/424#discussion_r755176129



##########
File path: solr/bin/solr
##########
@@ -2073,8 +2073,8 @@ else
 fi
 
 # IP-based access control
-IP_ACL_OPTS=("-Dsolr.jetty.inetaccess.includes=${SOLR_IP_WHITELIST}" \
-             "-Dsolr.jetty.inetaccess.excludes=${SOLR_IP_BLACKLIST}")
+IP_ACL_OPTS=("-Dsolr.jetty.inetaccess.includes=${SOLR_IP_ALLOWLIST}" \
+             "-Dsolr.jetty.inetaccess.excludes=${SOLR_IP_DENYLIST}")

Review comment:
       On second thought, since this is about security (IP filtering), I plan to make the bin/solr scripts print an error and exit if the old env.var is set. That is fail-fast, and users can re-configure to use the new variable names and start again. Already tested a fix for linux. Need to test same for bin/solr.cmd




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org

[GitHub] [solr] janhoy commented on a change in pull request #424: SOLR-15809 Get rid of blacklist/whitelist terminology

Posted by GitBox <gi...@apache.org>.

janhoy commented on a change in pull request #424:
URL: https://github.com/apache/solr/pull/424#discussion_r753589751



##########
File path: solr/CHANGES.txt
##########
@@ -1578,7 +1583,7 @@ Improvements
   SOLR_REQUESTLOG_ENABLED=true. This will respect SOLR_LOGS_DIR if it is set. (rmuir)
 
 * SOLR-14136: Jetty's InetAccessHandler can be enabled via environment variables,
-  SOLR_IP_WHITELIST and SOLR_IP_BLACKLIST. These variables can restrict access to
+  SOLR_IP_ALLOWLIST and SOLR_IP_DENYLIST. These variables can restrict access to

Review comment:
       Nope, this is a search/replace error. Will revert.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org

[GitHub] [solr] janhoy commented on a change in pull request #424: SOLR-15809 Get rid of blacklist/whitelist terminology

Posted by GitBox <gi...@apache.org>.

janhoy commented on a change in pull request #424:
URL: https://github.com/apache/solr/pull/424#discussion_r753726610



##########
File path: solr/CHANGES.txt
##########
@@ -1578,7 +1583,7 @@ Improvements
   SOLR_REQUESTLOG_ENABLED=true. This will respect SOLR_LOGS_DIR if it is set. (rmuir)
 
 * SOLR-14136: Jetty's InetAccessHandler can be enabled via environment variables,
-  SOLR_IP_WHITELIST and SOLR_IP_BLACKLIST. These variables can restrict access to
+  SOLR_IP_ALLOWLIST and SOLR_IP_DENYLIST. These variables can restrict access to

Review comment:
       Done




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org