Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-12976

Unify RedactionUtils and metrics hiddenSysProps settings

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Done
    • None
    • None
    • security
    • None

    Description

      System properties can contain sensitive data, and they are easily available from the Admin UI (/admin/info/system) and also from the Metrics API (/admin/metrics).

      By default the /admin/info/system redacts any sys prop with a key containing password. This can be configured with sysprop -Dsolr.redaction.system.pattern=<regex>

      The metrics API by default hides these sysprops from the API output:

          "javax.net.ssl.keyStorePassword",
          "javax.net.ssl.trustStorePassword",
          "basicauth",
          "zkDigestPassword",
          "zkDigestReadonlyPassword"
      

      You can redefine these by adding a section to solr.xml: (https://lucene.apache.org/solr/guide/7_5/metrics-reporting.html#the-metrics-hiddensysprops-element)

      <metrics>
       <hiddenSysProps>
         <str>foo</str>
         <str>bar</str>
         <str>baz</str>
       </hiddenSysProps>
      </metrics>

      Unifying the two

      It is not very user firiendly to have two different systems for redacting system properties and two sets of defaults. This goals of this issue are

      • Keep only one set of defaults
      • Both metrics and system info handler will use the same source
      • It should be possible to change and persist the list without a full cluster restart, preferably though some API

      Note that the solr.redaction.system.pattern property is not documented in the ref guide, so this Jira should also fix documentation!

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              janhoy Jan Høydahl
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: