Uploaded image for project: 'Sling'
  1. Sling
  2. SLING-10467

Converted content package referres to paths moved to repo-init

Agile BoardAttach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    Description

      Karl Pauls, in the light of the enforce-principal-based-supported-path configuration option i had a look at the converted content packages, which probably need to be used instead of the original packages if the modifications applied by converted are not to be reverted by later installing the original content package.

      i therefore created a simple test content package demo-cp.zip that contains:

      • a regular user in 'demo-cp' subfolder
      • a regular group in 'demo-cp' subfolder
      • a bunch of service users both with resource-based and principal-based ac setup
      • content root at /demo-cp with a ac-policy (entries for user, group and service user)
      • a serviceusermapping configuration below /apps/demo-cp
        and had the converter generate demo-cp-0.0.0-cp2fm-converted.zip

      when trying to install the converted content package on a repository that content for service users and below /apps installed, i noticed that the converted package will actually remove that content.
      i suspect that this is caused by META_INF/vault/filter.xml and/or META-INF/vault/definition/content.xml still referring to those parts that got 'moved' to repo-init. in case of the dependency/.content.xml it states that the import mode is replace (same as in original package).

      maybe my test package is not correct.... but I would have expected that the paths that have been installed by repo-init statements should no longer be covered by the converted package (everything below /apps and /home/users/system) or/and should have the import-mode changed to the deprecated MERGE or new MERGE_PROPERTIES. the latter would be needed for any kind of resource-based AC setup for service users at mutable content nodes (NOTE: doesn't apply in case ac-setup for service users is migrated to principal-based authorization which entirely resides below the service user home).

      edge case: if regular users were to be located below /home/users/system excluding that path from the package definition obviously doesn't work.... changing import mode would be required. alternatively: spotting regular users below home/users/system and abort converter.

      wdyt?

      Attachments

        Issue Links

        is blocked by

        Bug - A problem which impairs or prevents the functions of the product. SLING-10571 Hardcoded application paths in VaultPackageUtils.detectPackageType

        • Minor - Minor loss of function, or other problem where easy workaround is present.
        • Open
        Testing discovered

        Improvement - An improvement or enhancement to an existing feature or task. SLING-10481 Review filter.xml creation for content package output of converter

        • Major - Major loss of function.
        • Closed
        links to

        Web Link GitHub Pull Request #92

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            angela Angela Schreiber
            angela Angela Schreiber
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment