[GitHub] [solr] janhoy commented on a diff in pull request #1851: SOLR-15771: bin/solr auth enable should model best practices for security.json

[via GitHub]

janhoy commented on code in PR #1851:
URL: https://github.com/apache/solr/pull/1851#discussion_r1301509653


##########
solr/core/src/resources/security.json:
##########
@@ -0,0 +1,74 @@
+{
+  "authentication": {
+    "blockUnknown": true,
+    "class": "solr.BasicAuthPlugin",
+    "credentials": {
+      "user": "5xqM3QvmfKJPaxCNRNgur/iPA+ENqGaMLou0vjRN+U0= 
PoIl/rZE4wq+xdDmW3q0y/PctJ28VKIW14RTSU9du84=",
+      "admin": "bGHR1+rT5TVYHVWyZv+bW6ttXnUQDUjD06Avie1SUWQ= 
Ut7wdJ0X2+IKgcp7y3DGbJBzxvPnA/YiLa5gmoVqYD0=",
+      "superadmin": "s7518QQL7UNiDNHRqo3PqvYbIts2fKkBDuBBv7Q9+D4= 
MraYq5n3JjOl8SXHTH4OFMRb/rqlmt0oKbquw/urdDk="
+    }
+  },
+  "authorization": {
+    "class": "solr.RuleBasedAuthorizationPlugin",
+    "permissions": [{
+        "name": "security-edit",
+        "role": "admin",
+        "index": 1
+      },
+      {
+        "name": "security-read",
+        "role": "admin",
+        "index": 2
+      },
+      {
+        "name": "config-edit",
+        "role": "admin",
+        "index": 3
+      },
+      {
+        "name": "config-read",
+        "role": "admin",
+        "index": 4
+      },
+      {
+        "name": "collection-admin-edit",
+        "role": "admin",
+        "index": 5
+      },
+      {
+        "name": "collection-admin-read",
+        "role": "admin",
+        "index": 6
+      },
+      {
+        "name": "core-admin-edit",
+        "role": "admin",
+        "index": 7
+      },
+      {
+        "name": "core-admin-read",
+        "role": "admin",
+        "index": 8
+      },
+      {
+        "name": "all",
+        "role": [
+          "admin",
+          "superadmin"

Review Comment:
   I see you have not mapped superadmin users to anything more than the admin 
user, so do we need it? I think perhaps we could reserve `security-edit` 
permission to the superadmin, and have all the other config edit permissions 
for admin user?
   
   Note also, that permissions like `metrics-read` and `health` will land here 
since they are not explicitly defined above. Do we want metrics scraping and 
healthcheck to require auth? If so, should there be a `health` user that only 
gains access to these? Or should we set `blockUnknown: false` and define these 
endpoints as open, unauthenticated?
   
   Also, if someone wants to fetch clusterstatus using HTTP 
(`/admin/collections?action=CLUSTERSTATUS`), that will need the 
`collection-admin-read` permission, requiring ADMIN. But typically a SolrJ 
client in customer application is not given full admin rights to a cluster, if 
it only needs to query a collection. But in order to get cluster status 
(without talking to ZK) it will need to hit this endpoint. So it is an option 
to assign this particular permission with the `method=GET` and `params` set to 
`[LIST, CLUSTERSTATUS]` (see 
[here](https://solr.apache.org/guide/solr/latest/deployment-guide/rule-based-authorization-plugin.html#custom-permissions))
 and assign it to `user` role.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org