[jira] [Commented] (SOLR-15501) GCSBackupRepository - allow bucket connection without credentials

Thu, 13 Jan 2022 10:48:04 -0800 


    [ 
https://issues.apache.org/jira/browse/SOLR-15501?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17475628#comment-17475628
 ] 

Jason Gerlowski commented on SOLR-15501:
----------------------------------------

Alright, I've merged this code to 'main', and 'branch_9x'.  I'll keep an eye on 
the tests, and assuming we don't start seeing issues, I'll backport it to 
branch_9_0 in time to catch that release.  I'd love to get this into the 8.x 
line, but an 8.x release doesn't seem very likely (and if one occurs it'd 
likely be for just security fixes?) 

Thanks again for all the help and prodding on this [~jaceq] and 
[~martin.knoller].

One final note - this ticket covers the changes needed if you're using Solr 
directly.  But solr-operator also treats its 'gcsCredentialSecret' property as 
required - so Kubernetes/operator users aren't quite home-free yet.  I've 
created an issue for that in the operator repo 
[here|https://github.com/apache/solr-operator/issues/391] and hope to have a 
fix for it soon.

> GCSBackupRepository - allow bucket connection without credentials
> -----------------------------------------------------------------
>
>                 Key: SOLR-15501
>                 URL: https://issues.apache.org/jira/browse/SOLR-15501
>             Project: Solr
>          Issue Type: Bug
>          Components: SolrCloud
>    Affects Versions: 8.11
>            Reporter: Jacek Kikiewicz
>            Assignee: Jason Gerlowski
>            Priority: Minor
>         Attachments: image-2021-12-09-13-42-23-536.png
>
>          Time Spent: 1h 10m
>  Remaining Estimate: 0h
>
> As per documentation: 
> [https://solr.apache.org/guide/8_9/making-and-restoring-backups.html#gcsbackuprepository]
>  states that:
> ??{{gcsCredentialPath}}A path on the local filesystem (accessible by Solr) to 
> a [Google Cloud service account 
> key|https://cloud.google.com/iam/docs/creating-managing-service-account-keys] 
> file. If not specified, GCSBackupRepository will use the value of the 
> {{GCS_CREDENTIAL_PATH}} environment variable. If both values are absent, an 
> error will be thrown as GCS requires credentials for most usage.??
> This however makes it more complicated if someone (like me) runs solr in GCP 
> and uses roles for rights assignment. Long story short, would it be possible 
> to allow built-in roles (so credentialless) to access resources without 
> providing any creds?



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org

Reply via email to