in ambari-infra-solr-client/src/main/java/org/apache/ambari/infra/solr/commands/SecureSolrZNodeZkCommand.java [47:76]
protected Boolean executeZkCommand(AmbariSolrCloudClient client, SolrZkClient zkClient, SolrZooKeeper solrZooKeeper) throws Exception {
String zNode = client.getZnode();
List<ACL> saslUserList = AclUtils.createAclListFromSaslUsers(client.getSaslUsers().split(","));
List<ACL> newAclList = new ArrayList<>(saslUserList);
newAclList.add(new ACL(ZooDefs.Perms.READ, new Id("world", "anyone")));
String configsPath = String.format("%s/%s", zNode, "configs");
String collectionsPath = String.format("%s/%s", zNode, "collections");
String aliasesPath = String.format("%s/%s", zNode, "aliases.json"); // TODO: protect this later somehow
List<String> excludePaths = Arrays.asList(configsPath, collectionsPath, aliasesPath);
createZnodeIfNeeded(configsPath, client.getSolrZkClient());
createZnodeIfNeeded(collectionsPath, client.getSolrZkClient());
AclUtils.setRecursivelyOn(client.getSolrZkClient().getSolrZooKeeper(), zNode, newAclList, excludePaths);
List<ACL> commonConfigAcls = new ArrayList<>(saslUserList);
commonConfigAcls.add(new ACL(ZooDefs.Perms.READ | ZooDefs.Perms.CREATE, new Id("world", "anyone")));
logger.info("Set sasl users for znode '{}' : {}", client.getZnode(), StringUtils.join(saslUserList, ","));
logger.info("Skip {}/configs and {}/collections", client.getZnode(), client.getZnode());
solrZooKeeper.setACL(configsPath, AclUtils.mergeAcls(solrZooKeeper.getACL(configsPath, new Stat()), commonConfigAcls), -1);
solrZooKeeper.setACL(collectionsPath, AclUtils.mergeAcls(solrZooKeeper.getACL(collectionsPath, new Stat()), commonConfigAcls), -1);
logger.info("Set world:anyone to 'cr' on {}/configs and {}/collections", client.getZnode(), client.getZnode());
AclUtils.setRecursivelyOn(solrZooKeeper, configsPath, saslUserList);
AclUtils.setRecursivelyOn(solrZooKeeper, collectionsPath, saslUserList);
return true;
}