I'm on the Solr 8.1 branch off commit f26388d034fe5eadca7416aa63b509b8db2c7688 so I have the authentication fixes from
SOLR-13510 (intermittent 401s for internode requests)
When trying to use the new REINDEXCOLLECTION command introduced in
SOLR-11127 with basic auth enabled, the daemon stream fails with repeated 401s when trying to access the target collection.
This might be the same problem as
SOLR-13472, except it applies even with a single node, and this doesn't require role based configuration.
Repro: I added a reindex request in BasicAuthIntegrationTest and it is reproducible in there... I don't know what effect it should have on the auth metrics, if it were working correctly, so I don't know how to update the test properly. But you can add the request towards the end of org.apache.solr.security.BasicAuthIntegrationTest.testBasicAuth()
CollectionAdminRequest.ReindexCollection reindexReq = CollectionAdminRequest.reindexCollection(COLLECTION);
run bin/solr -e cloud
Choose 1 node / 1 shard / 1 replica
In browser GET http://localhost:8983/solr/admin/collections?action=REINDEXCOLLECTION&name=gettingstarted will succeed
Enable security: server\scripts\cloud-scripts\zkcli -zkhost localhost:9983 -cmd putfile /security.json <path to file with this>
In browser authenticate (as solradmin : solradmin) and GET http://localhost:8983/solr/admin/collections?action=REINDEXCOLLECTION&name=gettingstarted will time out after 180 seconds
The solr log will show repeated 401s
Setting "forwardCredentials" : true in the security.json does not appear to change the outcome.
The daemon stream should probably be using PKI auth for the internal request.