Bertrand Delacretaz wrote > Hi, > > This is about creating service users and setting ACLs for SLING-5355. > I think it's easier to discuss these general principles here. > > Carsten wrote there: > >> I would prefer a solution which is processed by the tool processing the >> provisioning model >> and then creating "content" which is installed in the repository. So it's a >> one time thing - >> done at build time. > > You will need a runtime component as well - to install content, you > have to wait for the content repository to be available, and also wait > for any required node types to be available (see the "additional > constraints" that I added to the ticket's requirement) if you want to > create the required paths.
We already have this runtime component: the jcr content loader. We could simply create a bundle at build time containing the content for all services users, and the content for the ACLs and are done. This also solves the problem of who is creating the paths. Take a look at what we have today, for example the Sling event bundle (but the same is true for others as well): today these bundles use an admin user to create the initial path. They don't have any content as the only requirement these bundles have is an existing path with ACLs allowing them to operate on this content. With creating a content bundle we can at least ensure that once this content is installed everything is in place. With the current mechanism we can't ensure anything and as every piece is added at a different time this becomes much harder. In any case, those bundles need to express someone that they depend on someone else to create the content, the ACLs and the service user. Regardless of what we use this is missing. Carsten -- Carsten Ziegeler Adobe Research Switzerland cziege...@apache.org
