SOLR-18055 Use solr.ssl.enabled property for url scheme detection

changelog/unreleased/SOLR-18056-urlScheme-csp.yml

@@ -1,8 +1,15 @@
 # See https://github.com/apache/solr/blob/main/dev-docs/changelog.adoc
-title: Improved CloudSolrClient's urlScheme detection by using the scheme of provided Solr URLs, or looking at "solr.ssl.enabled".
+title: Improved url scheme detection in client API and core components
 type: changed
 authors:
   - name: Vishnu Priya Chandra Sekar
 links:
   - name: SOLR-18056
     url: https://issues.apache.org/jira/browse/SOLR-18056
+  - name: SOLR-18055
+    url: https://issues.apache.org/jira/browse/SOLR-18055
+important_notes:
+  - Improved CloudSolrClient's urlScheme detection by using the scheme of provided Solr URLs, or looking at "solr.ssl.enabled".
+  - Improved ZkStateReader's urlScheme detection by giving higher precedence to "solr.ssl.enabled" over cluster property
+  - Improved HttpShardHandlerFactory's urlScheme detection by giving higher precedence to "solr.ssl.enabled" over explicit configuration (ie., solr.xml)
+  - Deprecated usage of the cluster property for urlScheme in ZkController, ReplicaMutator, SliceMutator, and SystemInfoProvider; these now rely on ClusterStateProvider#getUrlScheme

solr/benchmark/src/resources/solr.xml

@@ -28,7 +28,6 @@
   <str name="allowUrls">${solr.tests.security.allow.urls:}</str>
 
   <shardHandlerFactory name="shardHandlerFactory" class="HttpShardHandlerFactory">
-    <str name="urlScheme">${urlScheme:}</str>
     <int name="socketTimeout">${socketTimeout:15000}</int>
     <int name="connTimeout">${connTimeout:15000}</int>
   </shardHandlerFactory>

solr/core/src/java/org/apache/solr/cloud/ZkController.java

@@ -365,13 +365,8 @@ public ZkController(
             });
 
     zkStateReader.createClusterStateWatchersAndUpdate(); // and reads cluster properties
-
     // note: Can't read cluster properties until createClusterState ^ is called
-    final String urlSchemeFromClusterProp =
-        zkStateReader.getClusterProperty(ZkStateReader.URL_SCHEME, ZkStateReader.HTTP);
-    // this must happen after zkStateReader has initialized the cluster props
-    this.baseURL = URLUtil.getBaseUrlForNodeName(this.nodeName, urlSchemeFromClusterProp);
-
+    this.baseURL = zkStateReader.getBaseUrlForNodeName(this.nodeName);
     // Now that zkStateReader is available, read OVERSEER_ENABLED.
     final boolean overseerEnabled =
         Boolean.parseBoolean(

solr/core/src/java/org/apache/solr/cloud/overseer/ReplicaMutator.java

@@ -52,6 +52,7 @@
 import org.apache.solr.common.params.CollectionAdminParams;
 import org.apache.solr.common.util.CollectionUtil;
 import org.apache.solr.common.util.StrUtils;
+import org.apache.solr.common.util.URLUtil;
 import org.apache.solr.common.util.Utils;
 import org.apache.solr.util.TestInjection;
 import org.slf4j.Logger;
@@ -407,11 +408,8 @@ private ZkWriteCommand updateState(
     String nodeName = (String) replicaProps.get(ZkStateReader.NODE_NAME_PROP);
     if (nodeName != null) {
       String baseUrl =
-          Utils.getBaseUrlForNodeName(
-              nodeName,
-              cloudManager
-                  .getClusterStateProvider()
-                  .getClusterProperty(ZkStateReader.URL_SCHEME, "http"));
+          URLUtil.getBaseUrlForNodeName(
+              nodeName, cloudManager.getClusterStateProvider().getUrlScheme());
       replicaProps.put(ZkStateReader.BASE_URL_PROP, baseUrl);
     }
     Replica replica = new Replica(coreNodeName, replicaProps, collectionName, sliceName);

solr/core/src/java/org/apache/solr/cloud/overseer/SliceMutator.java

@@ -39,6 +39,7 @@
 import org.apache.solr.common.cloud.ZkNodeProps;
 import org.apache.solr.common.cloud.ZkStateReader;
 import org.apache.solr.common.params.CollectionAdminParams;
+import org.apache.solr.common.util.URLUtil;
 import org.apache.solr.common.util.Utils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -88,11 +89,8 @@ public ZkWriteCommand addReplica(ClusterState clusterState, ZkNodeProps message)
     }
     String nodeName = message.getStr(ZkStateReader.NODE_NAME_PROP);
     String baseUrl =
-        Utils.getBaseUrlForNodeName(
-            nodeName,
-            cloudManager
-                .getClusterStateProvider()
-                .getClusterProperty(ZkStateReader.URL_SCHEME, "http"));
+        URLUtil.getBaseUrlForNodeName(
+            nodeName, cloudManager.getClusterStateProvider().getUrlScheme());
 
     Map<String, Object> replicaProps =
         Utils.makeMap(

solr/core/src/java/org/apache/solr/handler/admin/SystemInfoProvider.java

@@ -320,8 +320,7 @@ public NodeSystemResponse.Security getSecurityInfo() {
     }
 
     if (cc != null && cc.getZkController() != null) {
-      String urlScheme =
-          cc.getZkController().zkStateReader.getClusterProperty(ZkStateReader.URL_SCHEME, "http");
+      String urlScheme = cc.getZkController().zkStateReader.getUrlScheme();
       info.tls = ZkStateReader.HTTPS.equals(urlScheme);
     }
 

solr/core/src/java/org/apache/solr/handler/component/HttpShardHandlerFactory.java

@@ -47,6 +47,7 @@
 import org.apache.solr.common.cloud.ZkStateReader;
 import org.apache.solr.common.params.ShardParams;
 import org.apache.solr.common.params.SolrParams;
+import org.apache.solr.common.util.EnvUtils;
 import org.apache.solr.common.util.ExecutorUtil;
 import org.apache.solr.common.util.IOUtils;
 import org.apache.solr.common.util.NamedList;
@@ -107,6 +108,9 @@ public class HttpShardHandlerFactory extends ShardHandlerFactory
   // URL scheme to be used in distributed search.
   static final String INIT_URL_SCHEME = "urlScheme";
 
+  // system property to enable ssl or tls for communication within Solr
+  static final String SOLR_SSL_ENABLED = "solr.ssl.enabled";
+
   // The core size of the threadpool servicing requests
   static final String INIT_CORE_POOL_SIZE = "corePoolSize";
 
@@ -225,12 +229,7 @@ private void initReplicaListTransformers(NamedList<?> routingConfig) {
   public void init(PluginInfo info) {
     StringBuilder sb = new StringBuilder();
     NamedList<?> args = info.initArgs;
-    // note: the sys prop is only used in testing
-    this.scheme = getParameter(args, INIT_URL_SCHEME, System.getProperty(INIT_URL_SCHEME), sb);
-    if (this.scheme != null && this.scheme.endsWith("://")) {
-      this.scheme = this.scheme.replace("://", "");
-    }
-
+    this.scheme = getUrlScheme(args, sb);
     String strategy =
         getParameter(
             args, "metricNameStrategy", UpdateShardHandlerConfig.DEFAULT_METRICNAMESTRATEGY, sb);
@@ -433,6 +432,31 @@ private String buildUrl(String url) {
     return url;
   }
 
+  /**
+   * Get url scheme of host
+   *
+   * <p>Examples:
+   *
+   * <ul>
+   *   <li>Returns {@code "https"} when SSL is enabled via configuration.
+   *   <li>Returns {@code null} when ssl is disabled or no explicit configuration is provided in
+   *       solr.xml.
+   * </ul>
+   *
+   * @return http or https or null
+   */
+  private String getUrlScheme(NamedList<?> args, StringBuilder sb) {
+    final Boolean isSolrSslEnabled = EnvUtils.getPropertyAsBool(SOLR_SSL_ENABLED, null);
+    if (isSolrSslEnabled != null) {
+      return isSolrSslEnabled ? "https" : "http";
+    }
+    String urlScheme = getParameter(args, INIT_URL_SCHEME, System.getProperty(INIT_URL_SCHEME), sb);
+    if (urlScheme != null && urlScheme.endsWith("://")) {
+      urlScheme = urlScheme.replace("://", "");
+    }
+    return urlScheme;
+  }
+
   @Override
   public void initializeMetrics(SolrMetricsContext parentContext, Attributes attributes) {
     solrMetricsContext = parentContext.getChildContext(this);

solr/core/src/test-files/solr/solr-jmxreporter.xml

@@ -18,7 +18,6 @@
 
 <solr>
   <shardHandlerFactory name="shardHandlerFactory" class="HttpShardHandlerFactory">
-    <str name="urlScheme">${urlScheme:}</str>
     <int name="socketTimeout">${socketTimeout:90000}</int>
     <int name="connTimeout">${connTimeout:15000}</int>
   </shardHandlerFactory>

solr/core/src/test-files/solr/solr-trackingshardhandler.xml

@@ -36,7 +36,6 @@
 
   <shardHandlerFactory name="shardHandlerFactory"
                        class="org.apache.solr.handler.component.TrackingShardHandlerFactory">
-    <str name="urlScheme">${urlScheme:}</str>
     <int name="socketTimeout">${socketTimeout:90000}</int>
     <int name="connTimeout">${connTimeout:15000}</int>
   </shardHandlerFactory>

solr/core/src/test-files/solr/solr.xml

@@ -32,7 +32,6 @@
   <int name="indexSearcherExecutorThreads">4</int>
 
   <shardHandlerFactory name="shardHandlerFactory" class="HttpShardHandlerFactory">
-    <str name="urlScheme">${urlScheme:}</str>
     <int name="socketTimeout">${socketTimeout:15000}</int>
     <int name="connTimeout">${connTimeout:15000}</int>
   </shardHandlerFactory>

solr/core/src/test/org/apache/solr/cloud/LeaderElectionTest.java

@@ -16,8 +16,6 @@
  */
 package org.apache.solr.cloud;
 
-import static org.apache.solr.common.cloud.ZkStateReader.URL_SCHEME;
-
 import java.lang.invoke.MethodHandles;
 import java.nio.file.Path;
 import java.util.ArrayList;
@@ -233,7 +231,7 @@ public void testBasic() throws Exception {
             elector, "shard2", "collection1", "dummynode1", props, zkController);
     elector.setup(context);
     elector.joinElection(context, false);
-    String urlScheme = zkStateReader.getClusterProperty(URL_SCHEME, "http");
+    String urlScheme = zkStateReader.getUrlScheme();
     assertEquals(urlScheme + "://127.0.0.1:80/solr/", getLeaderUrl("collection1", "shard2"));
   }
 
@@ -259,7 +257,7 @@ public void testCancelElection() throws Exception {
 
     Thread.sleep(1000);
 
-    String urlScheme = zkStateReader.getClusterProperty(URL_SCHEME, "http");
+    String urlScheme = zkStateReader.getUrlScheme();
     String url1 = Utils.getBaseUrlForNodeName("127.0.0.1:80_solr", urlScheme) + "/1/";
     String url2 = Utils.getBaseUrlForNodeName("127.0.0.1:80_solr", urlScheme) + "/2/";
 

solr/core/src/test/org/apache/solr/cloud/LeaderVoteWaitTimeoutTest.java

@@ -17,9 +17,6 @@
 
 package org.apache.solr.cloud;
 
-import static org.apache.solr.common.cloud.ZkStateReader.HTTP;
-import static org.apache.solr.common.cloud.ZkStateReader.URL_SCHEME;
-
 import java.io.IOException;
 import java.lang.invoke.MethodHandles;
 import java.net.URI;
@@ -39,7 +36,6 @@
 import org.apache.solr.client.solrj.request.GenericSolrRequest;
 import org.apache.solr.common.SolrInputDocument;
 import org.apache.solr.common.cloud.Replica;
-import org.apache.solr.common.cloud.ZkStateReader;
 import org.apache.solr.common.util.NamedList;
 import org.apache.solr.embedded.JettySolrRunner;
 import org.apache.solr.util.SocketProxy;
@@ -79,10 +75,7 @@ public static void tearDownCluster() {
 
   @Before
   public void setupTest() throws Exception {
-    configureCluster(NODE_COUNT)
-        .withProperty(ZkStateReader.URL_SCHEME, System.getProperty(URL_SCHEME, HTTP))
-        .addConfig("conf", configset("cloud-minimal"))
-        .configure();
+    configureCluster(NODE_COUNT).addConfig("conf", configset("cloud-minimal")).configure();
 
     // Add proxies
     proxies = new HashMap<>(cluster.getJettySolrRunners().size());

solr/core/src/test/org/apache/solr/cloud/TestMiniSolrCloudClusterSSL.java

@@ -32,7 +32,6 @@
 import org.apache.solr.client.solrj.jetty.HttpJettySolrClient;
 import org.apache.solr.client.solrj.request.CollectionAdminRequest;
 import org.apache.solr.client.solrj.request.CoreAdminRequest;
-import org.apache.solr.common.cloud.ZkStateReader;
 import org.apache.solr.common.params.CoreAdminParams.CoreAdminAction;
 import org.apache.solr.embedded.JettyConfig;
 import org.apache.solr.embedded.JettySolrRunner;
@@ -71,7 +70,7 @@ public class TestMiniSolrCloudClusterSSL extends SolrTestCaseJ4 {
   }
 
   private static final Logger log = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
-
+  private static final String SOLR_SSL_ENABLED = "solr.ssl.enabled";
   public static final int NUM_SERVERS = 3;
   public static final String CONF_NAME = MethodHandles.lookup().lookupClass().getName();
 
@@ -86,14 +85,14 @@ public void before() {
         "NOTE: This Test ignores the randomized SSL & clientAuth settings selected by base class");
     HttpClientUtil.resetHttpClientBuilder(); // also resets SocketFactoryRegistryProvider
     HttpJettySolrClient.resetSslContextFactory();
-    System.clearProperty(ZkStateReader.URL_SCHEME);
+    System.clearProperty(SOLR_SSL_ENABLED);
   }
 
   @After
   public void after() {
     HttpClientUtil.resetHttpClientBuilder(); // also resets SocketFactoryRegistryProvider
     HttpJettySolrClient.resetSslContextFactory();
-    System.clearProperty(ZkStateReader.URL_SCHEME);
+    System.clearProperty(SOLR_SSL_ENABLED);
     SSLContext.setDefault(DEFAULT_SSL_CONTEXT);
   }
 
@@ -102,7 +101,7 @@ public void testNoSsl() throws Exception {
     HttpClientUtil.setSocketFactoryRegistryProvider(
         sslConfig.buildClientSocketFactoryRegistryProvider()); // must be reset
     HttpJettySolrClient.setDefaultSSLConfig(sslConfig.buildClientSSLConfig()); // must be reset
-    System.setProperty(ZkStateReader.URL_SCHEME, "http");
+    System.setProperty(SOLR_SSL_ENABLED, "false");
     checkClusterWithNodeReplacement(sslConfig);
   }
 
@@ -114,7 +113,7 @@ public void testNoSslButSillyClientAuth() throws Exception {
     HttpClientUtil.setSocketFactoryRegistryProvider(
         sslConfig.buildClientSocketFactoryRegistryProvider());
     HttpJettySolrClient.setDefaultSSLConfig(sslConfig.buildClientSSLConfig());
-    System.setProperty(ZkStateReader.URL_SCHEME, "http");
+    System.setProperty(SOLR_SSL_ENABLED, "false");
     checkClusterWithNodeReplacement(sslConfig);
   }
 
@@ -123,7 +122,7 @@ public void testSslAndNoClientAuth() throws Exception {
     HttpClientUtil.setSocketFactoryRegistryProvider(
         sslConfig.buildClientSocketFactoryRegistryProvider());
     HttpJettySolrClient.setDefaultSSLConfig(sslConfig.buildClientSSLConfig());
-    System.setProperty(ZkStateReader.URL_SCHEME, "https");
+    System.setProperty(SOLR_SSL_ENABLED, "true");
     checkClusterWithNodeReplacement(sslConfig);
   }
 
@@ -135,7 +134,7 @@ public void testSslAndClientAuth() throws Exception {
     HttpClientUtil.setSocketFactoryRegistryProvider(
         sslConfig.buildClientSocketFactoryRegistryProvider());
     HttpJettySolrClient.setDefaultSSLConfig(sslConfig.buildClientSSLConfig());
-    System.setProperty(ZkStateReader.URL_SCHEME, "https");
+    System.setProperty(SOLR_SSL_ENABLED, "true");
     checkClusterWithNodeReplacement(sslConfig);
   }
 
@@ -144,7 +143,7 @@ public void testSslWithCheckPeerName() throws Exception {
     HttpClientUtil.setSocketFactoryRegistryProvider(
         sslConfig.buildClientSocketFactoryRegistryProvider());
     HttpJettySolrClient.setDefaultSSLConfig(sslConfig.buildClientSSLConfig());
-    System.setProperty(ZkStateReader.URL_SCHEME, "https");
+    System.setProperty(SOLR_SSL_ENABLED, "true");
     checkClusterWithNodeReplacement(sslConfig);
   }
 
@@ -193,7 +192,7 @@ public void testSslWithInvalidPeerName() throws Exception {
     HttpClientUtil.setSocketFactoryRegistryProvider(
         sslConfig.buildClientSocketFactoryRegistryProvider());
     HttpJettySolrClient.setDefaultSSLConfig(sslConfig.buildClientSSLConfig());
-    System.setProperty(ZkStateReader.URL_SCHEME, "https");
+    System.setProperty(SOLR_SSL_ENABLED, "true");
     final JettyConfig config =
         JettyConfig.builder().withSSLConfig(sslConfig.buildServerSSLConfig()).build();
     final MiniSolrCloudCluster cluster =

solr/core/src/test/org/apache/solr/cloud/overseer/ZkStateReaderTest.java

@@ -995,4 +995,23 @@ public void testFetchLowestSolrVersion_noLiveNodes() throws Exception {
     var lowestVersion = reader.fetchLowestSolrVersion();
     assertFalse("Expected no lowest version when no live nodes exist", lowestVersion.isPresent());
   }
+
+  public void testGetUrlScheme_validSystemProperty() {
+    String expectedUrlScheme = isSSLMode() ? "https" : "http";
+    assertEquals(expectedUrlScheme, fixture.reader.getUrlScheme());
+  }
+
+  public void testGetUrlScheme_noClusterAndSystemProperty() {
+    // By default, the base class sets the system property for ssl
+    if (isSSLMode()) {
+      System.clearProperty("solr.ssl.enabled");
+    }
+    try {
+      assertEquals("http", fixture.reader.getUrlScheme());
+    } finally {
+      if (isSSLMode()) {
+        System.setProperty("solr.ssl.enabled", "true");
+      }
+    }
+  }
 }

solr/modules/clustering/src/test-files/clustering/solr/solr.xml

@@ -25,8 +25,4 @@
   <str name="coreRootDirectory">cores/</str>
   <str name="configSetBaseDir"></str>
 
-    <shardHandlerFactory name="shardHandlerFactory" class="HttpShardHandlerFactory">
-     <str name="urlScheme">${urlScheme:}</str>
-     </shardHandlerFactory>
-
 </solr>

solr/modules/cuvs/src/test-files/solr/solr.xml

@@ -23,7 +23,6 @@
   <str name="coreRootDirectory">${coreRootDirectory:.}</str>
 
   <shardHandlerFactory name="shardHandlerFactory" class="HttpShardHandlerFactory">
-    <str name="urlScheme">${urlScheme:}</str>
     <int name="socketTimeout">${socketTimeout:90000}</int>
     <int name="connTimeout">${connTimeout:15000}</int>
   </shardHandlerFactory>

solr/modules/language-models/src/test-files/solr/solr.xml

@@ -23,7 +23,6 @@
   <str name="coreRootDirectory">${coreRootDirectory:.}</str>
 
   <shardHandlerFactory name="shardHandlerFactory" class="HttpShardHandlerFactory">
-    <str name="urlScheme">${urlScheme:}</str>
     <int name="socketTimeout">${socketTimeout:90000}</int>
     <int name="connTimeout">${connTimeout:15000}</int>
   </shardHandlerFactory>

solr/modules/ltr/src/test-files/solr/solr.xml

@@ -23,7 +23,6 @@
   <str name="coreRootDirectory">${coreRootDirectory:.}</str>
 
   <shardHandlerFactory name="shardHandlerFactory" class="HttpShardHandlerFactory">
-    <str name="urlScheme">${urlScheme:}</str>
     <int name="socketTimeout">${socketTimeout:90000}</int>
     <int name="connTimeout">${connTimeout:15000}</int>
   </shardHandlerFactory>

solr/modules/opentelemetry/src/test-files/solr/solr.xml

@@ -29,7 +29,6 @@
   <str name="allowUrls">${solr.tests.security.allow.urls:}</str>
 
   <shardHandlerFactory name="shardHandlerFactory" class="HttpShardHandlerFactory">
-    <str name="urlScheme">${urlScheme:}</str>
     <int name="socketTimeout">${socketTimeout:90000}</int>
     <int name="connTimeout">${connTimeout:15000}</int>
   </shardHandlerFactory>

solr/solrj-streaming/src/test-files/solrj/solr/solr.xml

@@ -28,7 +28,6 @@
   <str name="allowUrls">${solr.tests.security.allow.urls:}</str>
 
   <shardHandlerFactory name="shardHandlerFactory" class="HttpShardHandlerFactory">
-    <str name="urlScheme">${urlScheme:}</str>
     <int name="socketTimeout">${socketTimeout:90000}</int>
     <int name="connTimeout">${connTimeout:15000}</int>
   </shardHandlerFactory>