[jira] [Commented] (SOLR-12976) Unify RedactionUtils and metrics hiddenSysProps settings

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[jira] [Commented] (SOLR-12976) Unify RedactionUtils and metrics hiddenSysProps settings

JIRA jira@apache.org

    [ https://issues.apache.org/jira/browse/SOLR-12976?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16679673#comment-16679673 ]

Jan Høydahl commented on SOLR-12976:
------------------------------------

Here's a plan:
 * Deprecate {{solr.xml}} setting {{metrics/hiddenSysProps}}
 * Add a new {{solr.xml}} top-level tag
 ** {{<str name="hiddenSysPropsPattern">mypattern</str>}}
 ** This can be used to change the defaults by configuration and will work for non-cloud
 * Let RedactionUtils initialize the default regex from {{solr.xml}}, and if not set, fallback to {{.\*password.\*|basicauth}}
 * {{SolrDispatchFilter#setupJvmMetrics}} will use RedactionUtils when choosing what props to register for system/properties
 * Property {{solr.redaction.system.pattern}} will still be supported, and work as before, i.e. replacing the defaults from solr.xml

To support API editable pattern:
 * Define a new cluster property {{hiddenSysPropsPattern}} that can be set with zkcli and lives in zookeeper
 * RedactionUtils will (in cloud mode) read the new cluster property and update its regex accordingly
 ** Whenever a change is detected, then the system/properties gauge must be re-registered with metricsManager

[~ab]

> Unify RedactionUtils and metrics hiddenSysProps settings
> --------------------------------------------------------
>
>                 Key: SOLR-12976
>                 URL: https://issues.apache.org/jira/browse/SOLR-12976
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public)
>          Components: security
>            Reporter: Jan Høydahl
>            Priority: Major
>
> System properties can contain sensitive data, and they are easily available from the Admin UI (/admin/info/system) and also from the Metrics API (/admin/metrics).
> By default the {{/admin/info/system}} redacts any sys prop with a key containing *password*. This can be configured with sysprop {{-Dsolr.redaction.system.pattern=<regex>}}
> The metrics API by default hides these sysprops from the API output:
> {code:java}
>     "javax.net.ssl.keyStorePassword",
>     "javax.net.ssl.trustStorePassword",
>     "basicauth",
>     "zkDigestPassword",
>     "zkDigestReadonlyPassword"
> {code}
> You can redefine these by adding a section to {{solr.xml}}:
> {code:xml}
> <metrics>
>  <hiddenSysProps>
>    <str>foo</str>
>    <str>bar</str>
>    <str>baz</str>
>  </hiddenSysProps>
> </metrics>{code}
> h2. Unifying the two
> It is not very user firiendly to have two different systems for redacting system properties and two sets of defaults. This goals of this issue are
>  * Keep only one set of defaults
>  * Both metrics and system info handler will use the same source
>  * It should be possible to change and persist the list without a full cluster restart, preferably though some API



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]