accesscontroltool icon indicating copy to clipboard operation
accesscontroltool copied to clipboard

Published 20 hours ago verified publisher icon Netcentric

Feature Request: Make ACE Service Configuration a Factory Configuration

Open jenslauterbach opened this issue 7 years ago • 2 comments

Currently, the following configuration is not a factory configuration:

biz.netcentric.cq.tools.actool.aceservice.impl.AceServiceImpl

If several projects are deployed in the same AEM instance they all have to use the same configuration path (set in this configuration, see AceService.configurationPath).

It would be great if this configuration would be a factory configuration so that every project can provide its own configuration.

I have something like this in mind:

Project A: AceService.configurationPath = /apps/project-a/configuration/acl Project B: AceService.configurationPath = /apps/project-b/configuration/acl Project C: AceService.configurationPath = /apps/project-c/configuration/acl

jenslauterbach avatar Jan 22 '18 13:01 jenslauterbach

The problem with that the JMX console is highly dependent on the configured path - if you run e.g. apply() exactly that one configured path will be used. The best way to deal with it is probably to provide a configuration AceService.jmxMBeanName and use more than one jmx MBeans (although this is also not perfect, some of the operations are not dependent on the configurationPath, e.g. applyConfig(configurationRootPath)

One way to make this work today is using the Install Hook: The install hook does not take the root path in account at all but only takes the yaml files from the package. You could run a setup as follows:

  • Package Base: Yaml files at /apps/myplatform/acls/base (with install hook)
  • Package Project 1: Yaml files at /apps/myplatform/acls/myproject1 (with install hook)
  • Package Project 2: Yaml files at /apps/myplatform/acls/myproject2 (with install hook)
  • Package Project 3: Yaml files at /apps/myplatform/acls/myproject3 (with install hook)
  • set AceService.configurationPath to /apps/myplatform/acls

Then you can apply everything via JMX. To install you can use package dependencies (e.g. from Package Project 1 a dependency to Package Base).

Please note that you will have to configure https://github.com/Netcentric/accesscontroltool/blob/develop/docs/AdvancedFeatures.md#configure-memberships-oftowards-externally-managed-groups properly to ensure memberships between groups stemming from different packages are kept correctly.

ghenzler avatar Jan 25 '18 13:01 ghenzler

The issue with single configuration root in JMX console is pretty confusing for administrators; specially when one of applications uses the legacy configuration, which simply overwrites the newer one: https://github.com/Netcentric/accesscontroltool/blob/develop/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/impl/AcInstallationServiceImpl.java#L131

I understand the complexity of having a configuration factory, but maybe a multiple value property could be a simpler solution. Anyway using the install hook just solves the apply issue although it's already possible to use applyConfig(configurationRootPath). But purging groups is still not possible, because you only have purgeAllAuthorizablesFromConfiguration().

I'm missing at least a purgeAllAuthorizablesFromConfiguration(configurationRootPath) method

mrozati avatar Oct 10 '18 10:10 mrozati