You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@solr.apache.org by GitBox <gi...@apache.org> on 2021/11/18 15:52:56 UTC
[GitHub] [solr] janhoy opened a new pull request #424: SOLR-15809 Get rid of blacklist/whitelist terminology
janhoy opened a new pull request #424:
URL: https://github.com/apache/solr/pull/424
https://issues.apache.org/jira/browse/SOLR-15809
A good bulk of changes to whitelist / blacklist terminology across the codebase and docs
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org
[GitHub] [solr] janhoy commented on a change in pull request #424: SOLR-15809 Get rid of blacklist/whitelist terminology
Posted by GitBox <gi...@apache.org>.
janhoy commented on a change in pull request #424:
URL: https://github.com/apache/solr/pull/424#discussion_r755206338
##########
File path: dev-tools/test-patch/lucene-solr-yetus-personality.sh
##########
@@ -113,11 +113,11 @@ function personality_modules
case ${moduleType} in
submodules)
for module in "${CHANGED_MODULES[@]}"; do
- if [[ ! "${module}" =~ ^lucene/(licenses|site) ]]; then # blacklist lucene/ dirs that aren't modules
Review comment:
Yes, need some cleanup in the dev-tools folder. I think we'll get to that once 9.0 work progresses...
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org
[GitHub] [solr] madrob commented on a change in pull request #424: SOLR-15809 Get rid of blacklist/whitelist terminology
Posted by GitBox <gi...@apache.org>.
madrob commented on a change in pull request #424:
URL: https://github.com/apache/solr/pull/424#discussion_r753533422
##########
File path: dev-tools/test-patch/lucene-solr-yetus-personality.sh
##########
@@ -113,11 +113,11 @@ function personality_modules
case ${moduleType} in
submodules)
for module in "${CHANGED_MODULES[@]}"; do
- if [[ ! "${module}" =~ ^lucene/(licenses|site) ]]; then # blacklist lucene/ dirs that aren't modules
Review comment:
I suspect this whole file is defunct post-split, but that's another conversation
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org
[GitHub] [solr] janhoy commented on a change in pull request #424: SOLR-15809 Get rid of blacklist/whitelist terminology
Posted by GitBox <gi...@apache.org>.
janhoy commented on a change in pull request #424:
URL: https://github.com/apache/solr/pull/424#discussion_r755203770
##########
File path: solr/bin/solr
##########
@@ -2073,8 +2073,8 @@ else
fi
# IP-based access control
-IP_ACL_OPTS=("-Dsolr.jetty.inetaccess.includes=${SOLR_IP_WHITELIST}" \
- "-Dsolr.jetty.inetaccess.excludes=${SOLR_IP_BLACKLIST}")
+IP_ACL_OPTS=("-Dsolr.jetty.inetaccess.includes=${SOLR_IP_ALLOWLIST}" \
+ "-Dsolr.jetty.inetaccess.excludes=${SOLR_IP_DENYLIST}")
Review comment:
Implemented and tested also for Windows.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org
[GitHub] [solr] janhoy commented on a change in pull request #424: SOLR-15809 Get rid of blacklist/whitelist terminology
Posted by GitBox <gi...@apache.org>.
janhoy commented on a change in pull request #424:
URL: https://github.com/apache/solr/pull/424#discussion_r753726610
##########
File path: solr/CHANGES.txt
##########
@@ -1578,7 +1583,7 @@ Improvements
SOLR_REQUESTLOG_ENABLED=true. This will respect SOLR_LOGS_DIR if it is set. (rmuir)
* SOLR-14136: Jetty's InetAccessHandler can be enabled via environment variables,
- SOLR_IP_WHITELIST and SOLR_IP_BLACKLIST. These variables can restrict access to
+ SOLR_IP_ALLOWLIST and SOLR_IP_DENYLIST. These variables can restrict access to
Review comment:
Done
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org
[GitHub] [solr] janhoy commented on a change in pull request #424: SOLR-15809 Get rid of blacklist/whitelist terminology
Posted by GitBox <gi...@apache.org>.
janhoy commented on a change in pull request #424:
URL: https://github.com/apache/solr/pull/424#discussion_r755205462
##########
File path: solr/solr-ref-guide/src/major-changes-in-solr-9.adoc
##########
@@ -82,6 +82,9 @@ All the usages are replaced by BaseHttpSolrClient.RemoteSolrException and BaseHt
* SOLR-11623: Every request handler in Solr now implements PermissionNameProvider. Any custom or 3rd party request handler must also do this
+* SOLR-15809: Get rid of blacklist/whitelist terminology. JWTAuthPlugin parameter `algWhitelist` is now `algAllowlist`. The old parameter will still
Review comment:
That can go in solr 10 when we remove support...
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org
[GitHub] [solr] janhoy merged pull request #424: SOLR-15809 Get rid of blacklist/whitelist terminology
Posted by GitBox <gi...@apache.org>.
janhoy merged pull request #424:
URL: https://github.com/apache/solr/pull/424
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org
[GitHub] [solr] janhoy commented on a change in pull request #424: SOLR-15809 Get rid of blacklist/whitelist terminology
Posted by GitBox <gi...@apache.org>.
janhoy commented on a change in pull request #424:
URL: https://github.com/apache/solr/pull/424#discussion_r752384726
##########
File path: solr/bin/solr
##########
@@ -2073,8 +2073,8 @@ else
fi
# IP-based access control
-IP_ACL_OPTS=("-Dsolr.jetty.inetaccess.includes=${SOLR_IP_WHITELIST}" \
- "-Dsolr.jetty.inetaccess.excludes=${SOLR_IP_BLACKLIST}")
+IP_ACL_OPTS=("-Dsolr.jetty.inetaccess.includes=${SOLR_IP_ALLOWLIST}" \
+ "-Dsolr.jetty.inetaccess.excludes=${SOLR_IP_DENYLIST}")
Review comment:
I could have tried to support both in parallel for some time and warned when detecting the old, but it's a hassle across bash and Windows - any strong feelings about this? We spell it out in upgrade notes...
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org
[GitHub] [solr] HoustonPutman commented on a change in pull request #424: SOLR-15809 Get rid of blacklist/whitelist terminology
Posted by GitBox <gi...@apache.org>.
HoustonPutman commented on a change in pull request #424:
URL: https://github.com/apache/solr/pull/424#discussion_r753527897
##########
File path: solr/solr-ref-guide/src/major-changes-in-solr-9.adoc
##########
@@ -82,6 +82,9 @@ All the usages are replaced by BaseHttpSolrClient.RemoteSolrException and BaseHt
* SOLR-11623: Every request handler in Solr now implements PermissionNameProvider. Any custom or 3rd party request handler must also do this
+* SOLR-15809: Get rid of blacklist/whitelist terminology. JWTAuthPlugin parameter `algWhitelist` is now `algAllowlist`. The old parameter will still
Review comment:
maybe state that they will be removed in Solr 10? Or I guess we can wait for the Solr 10 upgrade notes.
##########
File path: solr/CHANGES.txt
##########
@@ -1578,7 +1583,7 @@ Improvements
SOLR_REQUESTLOG_ENABLED=true. This will respect SOLR_LOGS_DIR if it is set. (rmuir)
* SOLR-14136: Jetty's InetAccessHandler can be enabled via environment variables,
- SOLR_IP_WHITELIST and SOLR_IP_BLACKLIST. These variables can restrict access to
+ SOLR_IP_ALLOWLIST and SOLR_IP_DENYLIST. These variables can restrict access to
Review comment:
Does this need to be changed?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org
[GitHub] [solr] janhoy commented on a change in pull request #424: SOLR-15809 Get rid of blacklist/whitelist terminology
Posted by GitBox <gi...@apache.org>.
janhoy commented on a change in pull request #424:
URL: https://github.com/apache/solr/pull/424#discussion_r755176129
##########
File path: solr/bin/solr
##########
@@ -2073,8 +2073,8 @@ else
fi
# IP-based access control
-IP_ACL_OPTS=("-Dsolr.jetty.inetaccess.includes=${SOLR_IP_WHITELIST}" \
- "-Dsolr.jetty.inetaccess.excludes=${SOLR_IP_BLACKLIST}")
+IP_ACL_OPTS=("-Dsolr.jetty.inetaccess.includes=${SOLR_IP_ALLOWLIST}" \
+ "-Dsolr.jetty.inetaccess.excludes=${SOLR_IP_DENYLIST}")
Review comment:
On second thought, since this is about security (IP filtering), I plan to make the bin/solr scripts print an error and exit if the old env.var is set. That is fail-fast, and users can re-configure to use the new variable names and start again. Already tested a fix for linux. Need to test same for bin/solr.cmd
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org
[GitHub] [solr] janhoy commented on a change in pull request #424: SOLR-15809 Get rid of blacklist/whitelist terminology
Posted by GitBox <gi...@apache.org>.
janhoy commented on a change in pull request #424:
URL: https://github.com/apache/solr/pull/424#discussion_r753589751
##########
File path: solr/CHANGES.txt
##########
@@ -1578,7 +1583,7 @@ Improvements
SOLR_REQUESTLOG_ENABLED=true. This will respect SOLR_LOGS_DIR if it is set. (rmuir)
* SOLR-14136: Jetty's InetAccessHandler can be enabled via environment variables,
- SOLR_IP_WHITELIST and SOLR_IP_BLACKLIST. These variables can restrict access to
+ SOLR_IP_ALLOWLIST and SOLR_IP_DENYLIST. These variables can restrict access to
Review comment:
Nope, this is a search/replace error. Will revert.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org
[GitHub] [solr] janhoy commented on a change in pull request #424: SOLR-15809 Get rid of blacklist/whitelist terminology
Posted by GitBox <gi...@apache.org>.
janhoy commented on a change in pull request #424:
URL: https://github.com/apache/solr/pull/424#discussion_r753726610
##########
File path: solr/CHANGES.txt
##########
@@ -1578,7 +1583,7 @@ Improvements
SOLR_REQUESTLOG_ENABLED=true. This will respect SOLR_LOGS_DIR if it is set. (rmuir)
* SOLR-14136: Jetty's InetAccessHandler can be enabled via environment variables,
- SOLR_IP_WHITELIST and SOLR_IP_BLACKLIST. These variables can restrict access to
+ SOLR_IP_ALLOWLIST and SOLR_IP_DENYLIST. These variables can restrict access to
Review comment:
Done
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org