Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-14216

Exclude HealthCheck from authentication

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Authentication
    • Labels:
      None

      Description

      The HealthCheckHandler on /api/node/health and /solr/admin/info/health should by default not be subject to authentication, but be open for all. This allows for load balancers and various monitoring to probe Solr's health without having to support the auth scheme in place. I can't see any reason we need auth on the health endpoint.

      It is possible to achieve the same by setting blockUnknown=false and configuring three RBAC permissions: One for v1 endpoint, one for v2 endpoint and one "all" catch all at the end of the chain. But this is cumbersome so better have this ootb.

      An alternative solution is to create a separate HttpServer for health check, listening on a different port, just like embedded ZK and JMX.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                janhoy Jan H√łydahl
              • Votes:
                3 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 0.5h
                  0.5h