Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-12976

Unify RedactionUtils and metrics hiddenSysProps settings

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: security
    • Labels:
      None

      Description

      System properties can contain sensitive data, and they are easily available from the Admin UI (/admin/info/system) and also from the Metrics API (/admin/metrics).

      By default the /admin/info/system redacts any sys prop with a key containing password. This can be configured with sysprop -Dsolr.redaction.system.pattern=<regex>

      The metrics API by default hides these sysprops from the API output:

          "javax.net.ssl.keyStorePassword",
          "javax.net.ssl.trustStorePassword",
          "basicauth",
          "zkDigestPassword",
          "zkDigestReadonlyPassword"
      

      You can redefine these by adding a section to solr.xml: (https://lucene.apache.org/solr/guide/7_5/metrics-reporting.html#the-metrics-hiddensysprops-element)

      <metrics>
       <hiddenSysProps>
         <str>foo</str>
         <str>bar</str>
         <str>baz</str>
       </hiddenSysProps>
      </metrics>

      Unifying the two

      It is not very user firiendly to have two different systems for redacting system properties and two sets of defaults. This goals of this issue are

      • Keep only one set of defaults
      • Both metrics and system info handler will use the same source
      • It should be possible to change and persist the list without a full cluster restart, preferably though some API

      Note that the solr.redaction.system.pattern property is not documented in the ref guide, so this Jira should also fix documentation!

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                janhoy Jan Høydahl
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated: