Skip to content

Commit

Permalink
Improve build times via development flag
Browse files Browse the repository at this point in the history
This commit adds a development flag to our
gradle.properties that allows the selection of
the build variant for the new AdminUI. When
development enabled (default), Gradle will build
a development instance and will have less secure
configuration for the AdminUI to be able to attach
debugging tools.

When disabled, Gradle will optimize build output
for the new Admin UI, but will also take longer to
complete.

Default is set to true to always build development
locally and in CI/CD to avoid longer building times.

Additionally, user is able to disable the new AdminUI
via SOLR_ADMIN_UI_EXPERIMENTAL_DISABLED or by disabling
the AdminUI.

IMPORTANT: From this commit on, during releases, the
development flag needs to be set explicitly to false,
otherwise it will not generate an optimized Admin UI
with improved CSP directives.
  • Loading branch information
malliaridis committed Dec 6, 2024
1 parent 60211f2 commit 97fb1c3
Show file tree
Hide file tree
Showing 14 changed files with 136 additions and 9 deletions.
3 changes: 3 additions & 0 deletions build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,9 @@ plugins {
rootProject.ext.minJavaVersionDefault = JavaVersion.toVersion(libs.versions.java.min.get())
rootProject.ext.minJavaVersionSolrJ = JavaVersion.toVersion(libs.versions.java.solrj.get())

// Enable development mode for entire project (unset defaults to true)
rootProject.ext.development = !project.hasProperty('development') || project.findProperty('development') == 'true'

apply from: file('gradle/globals.gradle')

// General metadata.
Expand Down
4 changes: 2 additions & 2 deletions gradle/libs.versions.toml
Original file line number Diff line number Diff line change
Expand Up @@ -140,11 +140,11 @@ jaxb = "2.3.8"
jayway-jsonpath = "2.9.0"
jctools = "4.0.5"
jersey = "3.1.9"
# @keep for version alignment
jetbrains-annotations = "23.0.0"
# TODO Sync with jersey versions
jersey-containers = "2.39.1"
# @keep for version alignment
jetbrains-annotations = "23.0.0"
# @keep for version alignment
joda-time = "2.8.1"
junit = "4.13.2"
kotlin = "2.0.21"
Expand Down
6 changes: 5 additions & 1 deletion gradle/template.gradle.properties
Original file line number Diff line number Diff line change
Expand Up @@ -112,5 +112,9 @@ org.gradle.java.installations.auto-download=false
# Kotlin
kotlin.code.style=official

# Development mode allows some build time optimizations
# Development mode allows some build optimizations during development but may not optimize generated files for release
# (e.g. larger file outputs) and may be less secure (e.g. CSP header for new Admin UI endpoints is less strict to be
# able to attach debugging tools).
# This attribute should be set to false during releases.
# Value defaults to true if not set to reduce the impact in CI/CD and new checkouts.
development=true
10 changes: 10 additions & 0 deletions solr/bin/solr
Original file line number Diff line number Diff line change
Expand Up @@ -314,6 +314,16 @@ if [ "${SOLR_GZIP_ENABLED:-true}" == "true" ]; then
SOLR_JETTY_CONFIG+=("--module=gzip")
fi

# Jetty configuration for new Admin UI
if [ "${SOLR_ADMIN_UI_DISABLED:-false}" == "true" ] ||
[ "${SOLR_ADMIN_UI_EXPERIMENTAL_DISABLED:-false}" == "true" ]; then
# Do not enable new Admin UI
echo -e "New Admin UI not enabled"
else
# Enable new Admin UI
SOLR_JETTY_CONFIG+=("--module=new-ui")
fi

# Authentication options
if [ -z "${SOLR_AUTH_TYPE:-}" ] && [ -n "${SOLR_AUTHENTICATION_OPTS:-}" ]; then
echo "WARNING: SOLR_AUTHENTICATION_OPTS environment variable configured without associated SOLR_AUTH_TYPE variable"
Expand Down
10 changes: 10 additions & 0 deletions solr/bin/solr.cmd
Original file line number Diff line number Diff line change
Expand Up @@ -197,6 +197,16 @@ IF "%SOLR_GZIP_ENABLED%"=="true" (
set "SOLR_JETTY_CONFIG=!SOLR_JETTY_CONFIG! --module=gzip"
)

REM Jetty configuration for new Admin UI
IF "%SOLR_ADMIN_UI_DISABLED%"=="true" (
REM Do not load jetty-configuration if Admin UI explicitly disabled
) ELSE IF "%SOLR_ADMIN_UI_EXPERIMENTAL_DISABLED%"=="true" (
REM Do not load jetty-configuration if new Admin UI explicitly disabled
) ELSE (
REM Enable new Admin UI by loading jetty-configuration
set "SOLR_JETTY_CONFIG=!SOLR_JETTY_CONFIG! --module=new-ui"
)

REM Authentication options

IF NOT DEFINED SOLR_AUTH_TYPE (
Expand Down
6 changes: 6 additions & 0 deletions solr/bin/solr.in.cmd
Original file line number Diff line number Diff line change
Expand Up @@ -232,11 +232,17 @@ REM Runtime properties are passed to the security policy file (server\etc\securi
REM You can also tweak via standard JDK files such as ~\.java.policy, see https://s.apache.org/java8policy
REM This is experimental! It may not work at all with Hadoop/HDFS features.
REM set SOLR_SECURITY_MANAGER_ENABLED=true

REM This variable provides you with the option to disable the Admin UI. if you uncomment the variable below and
REM change the value to true. The option is configured as a system property as defined in SOLR_START_OPTS in the start
REM scripts.
REM set SOLR_ADMIN_UI_DISABLED=false

REM This variable provides you with the option to disable the new experimental Admin UI. If you uncomment the variable
REM below and change the value to true, Jetty will not load the new-ui module which update the CSP directive for the
REM new UI endpoints. This property is ignored if SOLR_ADMIN_UI_DISABLED is true.
REM set SOLR_ADMIN_UI_EXPERIMENTAL_DISABLED=false

REM Solr is by default allowed to read and write data from/to SOLR_HOME and a few other well defined locations
REM Sometimes it may be necessary to place a core or a backup on a different location or a different disk
REM This parameter lets you specify file system path(s) to explicitly allow. The special value of '*' will allow any path
Expand Down
8 changes: 7 additions & 1 deletion solr/bin/solr.in.sh
Original file line number Diff line number Diff line change
Expand Up @@ -258,11 +258,17 @@
# You can also tweak via standard JDK files such as ~/.java.policy, see https://s.apache.org/java8policy
# This is experimental! It may not work at all with Hadoop/HDFS features.
#SOLR_SECURITY_MANAGER_ENABLED=true
# This variable provides you with the option to disable the Admin UI. if you uncomment the variable below and

# This variable provides you with the option to disable the Admin UI. If you uncomment the variable below and
# change the value to true. The option is configured as a system property as defined in SOLR_START_OPTS in the start
# scripts.
# SOLR_ADMIN_UI_DISABLED=false

# This variable provides you with the option to disable the new experimental Admin UI. If you uncomment the variable
# below and change the value to true, Jetty will not load the new-ui module which update the CSP directive for the
# new UI endpoints. This property is ignored if SOLR_ADMIN_UI_DISABLED is true.
# SOLR_ADMIN_UI_EXPERIMENTAL_DISABLED=false

# Solr is by default allowed to read and write data from/to SOLR_HOME and a few other well defined locations
# Sometimes it may be necessary to place a core or a backup on a different location or a different disk
# This parameter lets you specify file system path(s) to explicitly allow. The special value of '*' will allow any path
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ public void doGet(HttpServletRequest request, HttpServletResponse response) thro
HttpHeaders.CONTENT_SECURITY_POLICY,
"default-src 'none'; base-uri 'none'; connect-src "
+ connectSrc
+ "; form-action 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data:; media-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'wasm-unsafe-eval'; worker-src 'self';");
+ "; form-action 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data:; media-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self'; worker-src 'self';");

// We have to close this to flush OutputStreamWriter buffer
try (Writer out =
Expand Down
12 changes: 12 additions & 0 deletions solr/server/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,18 @@ task assemblePackaging(type: Sync) {
include "scripts/**"
include "solr/**"
include "README.md"

if (rootProject.ext.development) {
rename { String fileName ->
// Allow duplicates to overwrite previous files
duplicatesStrategy = DuplicatesStrategy.INCLUDE
// For development builds we overwrite configurations with dev configs
fileName.replace("-dev.xml", ".xml")
}
} else {
// For release builds we exclude all dev configurations
exclude "**-dev.*"
}
})

// Add in the intersection of serverLib and solrCore
Expand Down
40 changes: 40 additions & 0 deletions solr/server/etc/jetty-new-ui-dev.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
<?xml version="1.0"?>
<!--
~ Licensed to the Apache Software Foundation (ASF) under one or more
~ contributor license agreements. See the NOTICE file distributed with
~ this work for additional information regarding copyright ownership.
~ The ASF licenses this file to You under the Apache License, Version 2.0
~ (the "License"); you may not use this file except in compliance with
~ the License. You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->

<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_10_0.dtd">

<!-- =============================================================== -->
<!-- Configure the Jetty Server to respond with different CSP header -->
<!-- for new Admin UI endpoint /compose/*. -->
<!-- This configuration overrides jetty-new-ui.xml during -->
<!-- development and is excluded from released otherwise. -->
<!-- =============================================================== -->

<Configure id="Server" class="org.eclipse.jetty.server.Server">
<Ref refid="RewriteHandler">
<Call name="addRule">
<Arg>
<New class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule">
<Set name="pattern">/solr/compose/*</Set>
<Set name="name">Content-Security-Policy</Set>
<Set name="value">default-src 'none'; base-uri 'none'; connect-src 'self'; form-action 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data:; media-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval'; worker-src 'self';</Set>
</New>
</Arg>
</Call>
</Ref>
</Configure>
27 changes: 27 additions & 0 deletions solr/server/etc/jetty-new-ui.xml
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_10_0.dtd">

<!-- =============================================================== -->
<!-- Configure the Jetty Server to respond with different CSP header -->
<!-- for new Admin UI endpoint /compose/*. -->
<!-- This configuration is used for release builds and has a -->
<!-- stricter security configuration compared to development. -->
<!-- Note that this configuration does not work with development -->
<!-- builds. -->
<!-- This configuration is used by default or when -->
<!-- SOLR_ADMIN_UI_EXPERIMENTAL_VARIANT is se to "release" or unset. -->
<!-- =============================================================== -->

<Configure id="Server" class="org.eclipse.jetty.server.Server">
<Ref refid="RewriteHandler">
<Call name="addRule">
<Arg>
<New class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule">
<Set name="pattern">/solr/compose/*</Set>
<Set name="name">Content-Security-Policy</Set>
<Set name="value">default-src 'none'; base-uri 'none'; connect-src 'self'; form-action 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data:; media-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'wasm-unsafe-eval'; worker-src 'self';</Set>
</New>
</Arg>
</Call>
</Ref>
</Configure>
2 changes: 1 addition & 1 deletion solr/server/etc/jetty.xml
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,7 @@
<New class="org.eclipse.jetty.rewrite.handler.HeaderPatternRule">
<Set name="pattern">/solr/*</Set>
<Set name="name">Content-Security-Policy</Set>
<Set name="value">default-src 'none'; base-uri 'none'; connect-src 'self'; form-action 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data:; media-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'wasm-unsafe-eval'; worker-src 'self';</Set>
<Set name="value">default-src 'none'; base-uri 'none'; connect-src 'self'; form-action 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data:; media-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self'; worker-src 'self';</Set>
</New>
</Arg>
</Call>
Expand Down
9 changes: 9 additions & 0 deletions solr/server/modules/new-ui.mod
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
#
# New Admin UI Release Configuration
#

[depend]
server

[xml]
etc/jetty-new-ui.xml
6 changes: 3 additions & 3 deletions solr/webapp/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -151,9 +151,9 @@ war {
into "libs/solr"
})

// Include new UI files in webapp
// def isDevelopment = project.findProperty('development') == 'true'
if (project.findProperty('development')) {
// Include new Admin UI files in webapp
// By default, we always build dev that does not optimize generated files for release to reduce build times.
if (rootProject.ext.development) {
from (tasks.generateComposeUiDevFiles) {
into "compose"
}
Expand Down

0 comments on commit 97fb1c3

Please sign in to comment.