We want to protect content in zookeeper.
In order to run a CloudSolrServer in "client-space" you will have to open for access to zookeeper from client-space.
If you do not trust persons or systems in client-space you want to protect zookeeper against evilness from client-space - e.g.
- Changing configuration
- Trying to mess up system by manipulating clusterstate
- Add a delete-collection job to be carried out by the Overseer
Even if you do not open for zookeeper access to someone outside your "secure zone" you might want to protect zookeeper content from being manipulated by e.g.
- Malware that found its way into secure zone
- Other systems also using zookeeper
- is required by
SOLR-7890 By default require admin rights to access /security.json in ZK