Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
7.7.1
-
None
Description
Creation of collection with an authorized user fails with the following error:
org.apache.solr.common.SolrException: Error getting replica locations : unable to get autoscaling policy session
At first it may seem like SOLR-13355 duplication as we are using “all” permission, but bug is specific to Kerberos (tested and found ok using basic auth) plus we verified the failure with 7.7.2 snapshot that included the relevant patch.
How to reproduce:
1. Configure solr cloud with kerberos authentication and rule-based authorization plugins using the following security.json file:
{
"authentication":{
"class":"org.apache.solr.security.KerberosPlugin"
},
"authorization":{
"class":"solr.RuleBasedAuthorizationPlugin",
"permissions":[
{
"name":"read",
"role":"*"
},
{
"name":"all",
"role":"admin_user"
}
],
"user-role":{
"admin_user@OUR_REALM":"admin_user"
}
}}
2. Create collection using an authorized user:
kinit admin_user@OUR_REALM
curl --negotiate -u : "http://<HOST:PORT>/solr/admin/collections?action=CREATE&name=mycoll&numShards=1&collection.configName=_default"
==> request fails with the error written above.
3. Disable authorization by removing authorization section from security.json, so file should be as follow:
{
"authentication":{
"class":"org.apache.solr.security.KerberosPlugin"
}
}
4. Create collection again as in step 2.
==> request succeeds.
5. Return authorization section to security.json (file from step 1) and make sure authorization works as expected by inserting documents and executing search queries with different users.
Attachments
Issue Links
- is related to
-
SOLR-13619 Kerberos: 403 when node doesn't host collection
-
- Closed
-