[jira] [Comment Edited] (SLING-5355) Create service users and ACLs from the provisioning model

Wed, 06 Jan 2016 00:39:01 -0800 

    [ 
https://issues.apache.org/jira/browse/SLING-5355?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15083259#comment-15083259
 ] 

Bertrand Delacretaz edited comment on SLING-5355 at 1/6/16 8:37 AM:
--------------------------------------------------------------------

I have started a thread on our dev list "SLING-5355 - configs vs. content for 
ACLs and service users" due to Carsten's objection to using OSGi configs. 
Reopening this issue until we reach consensus on this.


was (Author: bdelacretaz):
I have started a thread on our dev list "SLING-5355 - configs vs. content for 
ACLs and service users".

> Create service users and ACLs from the provisioning model
> ---------------------------------------------------------
>
>                 Key: SLING-5355
>                 URL: https://issues.apache.org/jira/browse/SLING-5355
>             Project: Sling
>          Issue Type: New Feature
>          Components: Service User Mapper
>            Reporter: Bertrand Delacretaz
>            Assignee: Bertrand Delacretaz
>
> As discussed in the "Removing loginAdministrative, how to test that, and 
> service username conventions" thread on our dev list [1] we need to be able 
> to create service users and set the corresponding ACLs from our provisioning 
> model.
> This should be implemented using distinct utility classes, one for the users 
> and one for the ACLs, that take simple mini-languages as input. This will 
> allow for reusing these utilities in test code for example.
> I have made a suggestion for those mini languages in that thread, will copy 
> them here once we agree.
> [1] http://markmail.org/message/kcvuhwfdald2dyuz
> *Edit: additional contraints*
> * AC1: Waiting for content paths: not all ACLs can be applied immediately 
> when the SlingRepository service starts: for this we'd need to create paths 
> that don't exist yet, and the nodetypes of those paths might not have been 
> defined yet, as any bundle can supply additional node types. This means 
> waiting for the path creation to succeed before proceeding, so we might as 
> well wait for the paths to be created by content installations
> * AC2: The mechanism must work for any launchers, not just the Sling 
> Launchpad - so it cannot be just a build-time thing.
> * AC3: The full text of the ACL definitions must be available at runtime. 
> This allows for example checking later that a Sling instance is still 
> configured according to those ACL definitions.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to