[SLING-5355] Create service users and ACLs from the provisioning model - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: Slingstart Maven Plugin 1.4.2, Repoinit Parser 1.0.2, Repoinit JCR 1.0.0
Component/s: Repoinit
Labels:
None

Description

As discussed in the "Removing loginAdministrative, how to test that, and service username conventions" thread on our dev list [1] we need to be able to create service users and set the corresponding ACLs from our provisioning model.

This should be implemented using distinct utility classes, one for the users and one for the ACLs, that take simple mini-languages as input. This will allow for reusing these utilities in test code for example.

[1] http://markmail.org/message/kcvuhwfdald2dyuz

Edit: high-level requirements

As discussed in the "~~SLING-5355~~ - configs vs. content for ACLs and service users" thread - http://markmail.org/message/tzno2via2wjckhuc

HR1 - Create service users and set their ACLs as defined in the Sling instance's provisioning model.
HR2 - Create initial paths like /var/discovery, so that ACLs can be set on them.
HR3 - Make the full text of the ACL definitions available at runtime for auditing purposes (see Michael Marth's Dec.17 comment in ~~SLING-5355~~). Also useful for upgrades where merging with conflict detection is needed.

Attachments

Issue Links

blocks

SLING-5252 Remove getAdministrativeResourceResolver() from Scripting Core

Closed

SLING-5253 Remove getAdministrativeResourceResolver() from the Sightly engine

Closed

SLING-5254 Remove getAdministrativeResourceResolver() from the Sightly JS Provider

Closed

SLING-5238 Remove getAdministrativeResourceResolver() usage from org.apache.sling.resource.inventory

Open

SLING-5226 Remove loginAdministrative() usage from org.apache.sling.servlets.post

Resolved

SLING-5229 Remove getAdministrativeResourceResolver() and loginAdministrative() usage from JCR components

Resolved

SLING-5227 Remove loginAdministrative() usage from org.apache.sling.bgservlets

Closed

SLING-5228 Remove loginAdministrative() usage from org.apache.sling.installer.provider.jcr

Closed

SLING-5230 Remove getAdministrativeResourceResolver() usage from org.apache.sling.event.dea

Closed

SLING-5231 Remove getAdministrativeResourceResolver() usage from Discovery components

Closed

SLING-5232 Remove loginAdministrative() usage from org.apache.sling.event

Closed

SLING-5233 Remove getAdministrativeResourceResolver() usage from org.apache.sling.i18n

Closed

SLING-5234 Remove getAdministrativeResourceResolver() usage from org.apache.sling.xss

Closed

SLING-5235 Remove loginAdministrative() usage from org.apache.sling.resourceresolver

Closed

SLING-5236 Remove getAdministrativeResourceResolver() usage from scripting bundles

Closed

SLING-5237 Remove getAdministrativeResourceResolver() usage from org.apache.sling.servlets.resolver

Closed

SLING-5239 Remove loginAdministrative() usage from org.apache.sling.rewriter

Closed

SLING-5240 Remove getAdministrativeResourceResolver() usage from org.apache.sling.tenant

Closed

SLING-6562 Remove getAdministrativeResourceResolver from Sling Validation

Closed

is blocked by

SLING-5414 Make the contents of the provisioning model available at runtime

Closed

SLING-5449 Content repository initialization language

Closed

is related to

SLING-5135 Whitelist legit usages of loginAdministrative and administrative ResourceResolver

Closed

JCRVLT-61 Allow AccessControllHandling be defined per filter root

Open

SLING-6990 Content Package Installer: Use service resource resolvers instead of admin resource resolver

Closed

SLING-9422 Content Package Installer: Use service resource resolvers instead of admin resource resolver for installation

Closed

(14 blocks, 2 is blocked by, 4 is related to)

Activity

People

Assignee:: Bertrand Delacretaz

Reporter:: Bertrand Delacretaz

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Dates

Created:: 07/Dec/15 13:22

Updated:: 04/May/20 17:24

Resolved:: 22/Jun/16 12:53