You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by si...@apache.org on 2019/05/08 09:57:59 UTC

[sling-org-apache-sling-feature-cpconverter] branch master updated: SLING-8390 - Converter not handling serviceusers and acls spread across multiple packages

This is an automated email from the ASF dual-hosted git repository.

simonetripodi pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-feature-cpconverter.git


The following commit(s) were added to refs/heads/master by this push:
     new a7f50b9  SLING-8390 - Converter not handling serviceusers and acls spread across multiple packages
a7f50b9 is described below

commit a7f50b9be9960979c5f050ba5fb2bad2bc437d8b
Author: stripodi <st...@simos-mbp>
AuthorDate: Wed May 8 11:57:52 2019 +0200

    SLING-8390 - Converter not handling serviceusers and acls spread across
    multiple packages
    
    ACLs added only for known users also from previous conversions
---
 .../sling/feature/cpconverter/acl/AclManager.java  |  7 +-
 .../feature/cpconverter/acl/AclManagerTest.java    | 87 ++++++++++++++++++++++
 .../handlers/RepPolicyEntryHandlerTest.java        |  8 +-
 3 files changed, 93 insertions(+), 9 deletions(-)

diff --git a/src/main/java/org/apache/sling/feature/cpconverter/acl/AclManager.java b/src/main/java/org/apache/sling/feature/cpconverter/acl/AclManager.java
index 63b0413..5796f16 100644
--- a/src/main/java/org/apache/sling/feature/cpconverter/acl/AclManager.java
+++ b/src/main/java/org/apache/sling/feature/cpconverter/acl/AclManager.java
@@ -122,9 +122,12 @@ public final class AclManager {
 
             for (Entry<String, List<Acl>> currentAcls : acls.entrySet()) {
                 String systemUser = currentAcls.getKey();
-                List<Acl> authorizations = currentAcls.getValue();
 
-                addAclStatement(formatter, systemUser, authorizations);
+                if (preProvidedSystemUsers.contains(systemUser)) {
+                    List<Acl> authorizations = currentAcls.getValue();
+
+                    addAclStatement(formatter, systemUser, authorizations);
+                }
             }
 
             String text = formatter.toString();
diff --git a/src/test/java/org/apache/sling/feature/cpconverter/acl/AclManagerTest.java b/src/test/java/org/apache/sling/feature/cpconverter/acl/AclManagerTest.java
new file mode 100644
index 0000000..8b79165
--- /dev/null
+++ b/src/test/java/org/apache/sling/feature/cpconverter/acl/AclManagerTest.java
@@ -0,0 +1,87 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with this
+ * work for additional information regarding copyright ownership. The ASF
+ * licenses this file to You under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+package org.apache.sling.feature.cpconverter.acl;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+import java.io.File;
+
+import org.apache.sling.feature.ArtifactId;
+import org.apache.sling.feature.Extension;
+import org.apache.sling.feature.Feature;
+import org.apache.sling.feature.cpconverter.vltpkg.VaultPackageAssembler;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+
+public class AclManagerTest {
+
+    private AclManager aclManager;
+
+    @Before
+    public void setUp() {
+        aclManager = new AclManager();
+    }
+
+    @After
+    public void tearDown() {
+        aclManager = null;
+    }
+
+    @Test
+    public void makeSureAclsAreCreatedOnlyForKnownUsers() {
+        aclManager.addSystemUser("acs-commons-ensure-oak-index-service");
+
+        // emulate a second iteration of conversion
+        aclManager.reset();
+
+        aclManager.addSystemUser("acs-commons-package-replication-status-event-service");
+
+        aclManager.addAcl("acs-commons-ensure-oak-index-service", "allow", "jcr:read,rep:write,rep:indexDefinitionManagement", "/asd/public");
+        aclManager.addAcl("acs-commons-package-replication-status-event-service", "allow", "jcr:read,crx:replicate,jcr:removeNode", "/asd/public");
+
+        // add an ACL for unknown user
+        aclManager.addAcl("acs-commons-on-deploy-scripts-service", "allow", "jcr:read,crx:replicate,jcr:removeNode", "/asd/public");
+
+        VaultPackageAssembler assembler = mock(VaultPackageAssembler.class);
+        when(assembler.getEntry(anyString())).thenReturn(new File(System.getProperty("java.io.tmpdir")));
+        Feature feature = new Feature(new ArtifactId("org.apache.sling", "org.apache.sling.cp2fm", "0.0.1", null, null));
+
+        aclManager.addRepoinitExtension(assembler, feature);
+
+        Extension repoinitExtension = feature.getExtensions().getByName(Extension.EXTENSION_NAME_REPOINIT);
+        assertNotNull(repoinitExtension);
+
+        // acs-commons-on-deploy-scripts-service will be missed
+        String expected = "create path (sling:Folder) /asd\n" + 
+                "create path (sling:Folder) /asd/public\n" + 
+                "create service user acs-commons-package-replication-status-event-service\n" + 
+                "set ACL for acs-commons-package-replication-status-event-service\n" + 
+                "allow jcr:read,crx:replicate,jcr:removeNode on /asd/public\n" + 
+                "end\n" + 
+                "set ACL for acs-commons-ensure-oak-index-service\n" + 
+                "allow jcr:read,rep:write,rep:indexDefinitionManagement on /asd/public\n" + 
+                "end\n";
+        String actual = repoinitExtension.getText();
+        assertEquals(expected, actual);
+    }
+
+}
diff --git a/src/test/java/org/apache/sling/feature/cpconverter/handlers/RepPolicyEntryHandlerTest.java b/src/test/java/org/apache/sling/feature/cpconverter/handlers/RepPolicyEntryHandlerTest.java
index 80bc525..188c747 100644
--- a/src/test/java/org/apache/sling/feature/cpconverter/handlers/RepPolicyEntryHandlerTest.java
+++ b/src/test/java/org/apache/sling/feature/cpconverter/handlers/RepPolicyEntryHandlerTest.java
@@ -109,7 +109,7 @@ public final class RepPolicyEntryHandlerTest {
     }
 
     @Test
-    public void notDeclaredSystemUsersWillHaveAclSettings() throws Exception {
+    public void notDeclaredSystemUsersWillNotHaveAclSettings() throws Exception {
         Extension repoinitExtension = parseAndSetRepoinit("acs-commons-package-replication-status-event-service",
                                                           "acs-commons-ensure-service-user-service",
                                                           "acs-commons-automatic-package-replicator-service",
@@ -134,12 +134,6 @@ public final class RepPolicyEntryHandlerTest {
                 "create service user acs-commons-on-deploy-scripts-service\n" + 
                 "set ACL for acs-commons-on-deploy-scripts-service\n" + 
                 "allow jcr:read on /asd/public\n" + 
-                "end\n" + 
-                "set ACL for acs-commons-dispatcher-flush-service\n" + 
-                "allow jcr:read,crx:replicate,jcr:removeNode on /asd/public\n" + 
-                "end\n" + 
-                "set ACL for acs-commons-ensure-oak-index-service\n" + 
-                "allow jcr:read,rep:write,rep:indexDefinitionManagement on /asd/public restriction(*/oak:index/*)\n" + 
                 "end\n";
         String actual = repoinitExtension.getText();
         assertEquals(expected, actual);