Skip to content

Commit

Permalink
Merge branch 'release/1.8.4'
Browse files Browse the repository at this point in the history
  • Loading branch information
@ghenzler
ghenzler committed May 31, 2016
2 parents fa6ad31 + c518a01 commit 2933abd
Show file tree
Hide file tree
Showing 50 changed files with 1,278 additions and 635 deletions.
431 changes: 35 additions & 396 deletions README.md
View file

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion accesscontroltool-bundle/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
<parent>
<groupId>biz.netcentric.cq.tools.accesscontroltool</groupId>
<artifactId>accesscontroltool</artifactId>
<version>1.8.3</version>
<version>1.8.4</version>
</parent>

<!-- ====================================================================== -->
Expand Down
7 changes: 7 additions & 0 deletions ...ontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/aceservice/AceService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,13 @@ public interface AceService {

public String purgeAuthorizablesFromConfig();

/** Common entry point for JMX and install hook.
*
* @param session
* @param history
* @param newestConfigurations
* @param authorizableInstallationHistorySet
* @throws Exception */
public void installNewConfigurations(Session session,
AcInstallationHistoryPojo history,
Map<String, String> newestConfigurations, Set<AuthorizableInstallationHistory> authorizableInstallationHistorySet)
Expand Down
100 changes: 65 additions & 35 deletions ...l-bundle/src/main/java/biz/netcentric/cq/tools/actool/aceservice/impl/AceServiceImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@
*/
package biz.netcentric.cq.tools.actool.aceservice.impl;

import static biz.netcentric.cq.tools.actool.installationhistory.AcInstallationHistoryPojo.msHumanReadable;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
Expand Down Expand Up @@ -176,7 +178,7 @@ private void removeAcesForAuthorizables(AcInstallationHistoryPojo history, Sessi
String message = "deleted all ACEs of authorizable "
+ existingAce.getPrincipalName()
+ " from ACL of path: " + existingAce.getJcrPath();
LOG.info(message);
LOG.debug(message);
history.addVerboseMessage(message);
}
}
Expand All @@ -192,7 +194,9 @@ private void installAces(
.getPathBasedAceMap(aceMapFromConfig,
AcHelper.ACE_ORDER_DENY_ALLOW);

LOG.info("--- start installation of access control configuration ---");
String msg = "*** Starting installation of "+aceMapFromConfig.size()+" ACLs in content nodes...";
LOG.info(msg);
history.addMessage(msg);
AcHelper.installPathBasedACEs(pathBasedAceMapFromConfig, session, history);
}

Expand All @@ -203,7 +207,9 @@ private void installAuthorizables(
throws RepositoryException, Exception {
// --- installation of Authorizables from configuration ---

LOG.info("--- start installation of Authorizable Configuration ---");
String msg = "*** Starting installation of "+authorizablesMapfromConfig.size()+" authorizables...";
LOG.info(msg);
history.addMessage(msg);

// create own session for installation of authorizables since these have
// to be persisted in order
Expand Down Expand Up @@ -235,25 +241,30 @@ private void installAuthorizables(
}
}

String message = "Finished installation of groups configuration without errors";
String message = "Finished installation of authorizables without errors";
history.addMessage(message);
LOG.info(message);
}

/** executes the installation of the existing configurations */
/** Executes the installation of the existing configurations - entry point for JMX execute() method. */
@Override
public AcInstallationHistoryPojo execute() {

Session session = null;
AcInstallationHistoryPojo history = new AcInstallationHistoryPojo();
if (isExecuting) {
history.addError("AC Tool is already executing.");
return history;
}

Session session = null;

Set<AuthorizableInstallationHistory> authorizableInstallationHistorySet = new LinkedHashSet<AuthorizableInstallationHistory>();

try {
session = repository.loginAdministrative(null);
String rootPath = getConfigurationRootPath();
Node rootNode = session.getNode(rootPath);
Map<String, String> newestConfigurations = configFilesRetriever.getConfigFileContentFromNode(rootNode);

installNewConfigurations(session, history, newestConfigurations, authorizableInstallationHistorySet);
} catch (AuthorizableCreatorException e) {
history.addError(e.toString());
Expand Down Expand Up @@ -282,42 +293,59 @@ public AcInstallationHistoryPojo execute() {
}
} finally {
session.logout();
isExecuting = false;
acHistoryService.persistHistory(history, configurationPath);

}
return history;
}

/** Common entry point for JMX and install hook. */
@Override
public void installNewConfigurations(Session session,
AcInstallationHistoryPojo history,
Map<String, String> newestConfigurations, Set<AuthorizableInstallationHistory> authorizableInstallationHistorySet)
public void installNewConfigurations(Session session, AcInstallationHistoryPojo history, Map<String, String> currentConfiguration,
Set<AuthorizableInstallationHistory> authorizableInstallationHistorySet)
throws Exception {

StopWatch sw = new StopWatch();
sw.start();
isExecuting = true;
String origThreadName = Thread.currentThread().getName();
try {
Thread.currentThread().setName(origThreadName + "-ACTool-Config-Worker");
StopWatch sw = new StopWatch();
sw.start();
isExecuting = true;
String message = "*** Applying AC Tool Configuration...";
LOG.info(message);
history.addMessage(message);

if (currentConfiguration != null) {

if (newestConfigurations != null) {
history.setConfigFileContentsByName(currentConfiguration);

List mergedConfigurations = configurationMerger.getMergedConfigurations(newestConfigurations, history, configReader);
List mergedConfigurations = configurationMerger.getMergedConfigurations(currentConfiguration, history, configReader);

installMergedConfigurations(history, session,
authorizableInstallationHistorySet,
mergedConfigurations);
installMergedConfigurations(history, session, authorizableInstallationHistorySet, mergedConfigurations);

// if everything went fine (no exceptions), save the session
// thus persisting the changed ACLs
history.addMessage("finished (transient) installation of access control configuration without errors!");
session.save();
history.addMessage("persisted changes of ACLs");
// if everything went fine (no exceptions), save the session
// thus persisting the changed ACLs
history.addVerboseMessage(
"Finished (transient) installation of access control configuration without errors, saving now...");
session.save();
history.addMessage("Persisted changes of ACLs");
}
sw.stop();
long executionTime = sw.getTime();
LOG.info("Successfully applied AC Tool configuration in "+ msHumanReadable(executionTime));
history.setExecutionTime(executionTime);
} catch (Exception e) {
history.addError(e.toString()); // ensure exception is added to history before it's persisted in log in finally clause
throw e; // handling is different depending on JMX or install hook case
} finally {
try {
acHistoryService.persistHistory(history);
} catch (Exception e) {
LOG.warn("Could not persist history, e=" + e, e);
}

Thread.currentThread().setName(origThreadName);
isExecuting = false;
}
sw.stop();
long executionTime = sw.getTime();
LOG.info("installation of AccessControlConfiguration took: {} ms",
executionTime);
history.setExecutionTime(executionTime);

}

private void installMergedConfigurations(
Expand All @@ -326,12 +354,13 @@ private void installMergedConfigurations(
Set<AuthorizableInstallationHistory> authorizableInstallationHistorySet,
List mergedConfigurations) throws ValueFormatException,
RepositoryException, Exception {
String message = "start installation of merged configurations";
LOG.info(message);
history.addMessage(message);

String message = "Starting installation of merged configurations...";
LOG.debug(message);
history.addVerboseMessage(message);

Map<String, Set<AceBean>> repositoryDumpAceMap = null;
LOG.info("start building dump from repository");
LOG.debug("Building dump from repository (to compare delta with config to be installed)");
repositoryDumpAceMap = dumpservice.createAclDumpMap(
session, AcHelper.PATH_BASED_ORDER,
AcHelper.ACE_ORDER_NONE,
Expand All @@ -340,6 +369,7 @@ private void installMergedConfigurations(
installConfigurationFromYamlList(mergedConfigurations, history,
session, authorizableInstallationHistorySet,
repositoryDumpAceMap);

}

@Override
Expand Down
45 changes: 25 additions & 20 deletions ...biz/netcentric/cq/tools/actool/authorizableutils/impl/AuthorizableCreatorServiceImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,8 +58,7 @@ public class AuthorizableCreatorServiceImpl implements
private static final String PATH_HOME_GROUPS = "/home/groups";
private static final String PATH_HOME_USERS = "/home/users";

private static final Logger LOG = LoggerFactory
.getLogger(AuthorizableCreatorServiceImpl.class);
private static final Logger LOG = LoggerFactory.getLogger(AuthorizableCreatorServiceImpl.class);

AcInstallationHistoryPojo status;
Map<String, LinkedHashSet<AuthorizableConfigBean>> principalMapFromConfig;
Expand Down Expand Up @@ -111,7 +110,7 @@ private void installAuthorizableConfigurationBean(final Session session,
AuthorizableExistsException, AuthorizableCreatorException {

String principalId = authorizableConfigBean.getPrincipalID();
LOG.info("- start installation of authorizable: {}", principalId);
LOG.debug("- start installation of authorizable: {}", principalId);

UserManager userManager = getUsermanager(session);
ValueFactory vf = session.getValueFactory();
Expand Down Expand Up @@ -144,12 +143,12 @@ private void installAuthorizableConfigurationBean(final Session session,

if (authorizableConfigBean.isGroup()) {
// this has to be added explicitly here (all other memberships are maintained isMemberOf)
Group groupToInstall = (Group) authorizableToInstall;
Group installedGroup = (Group) userManager.getAuthorizable(principalId);
Authorizable anonymous = userManager.getAuthorizable(Constants.USER_ANONYMOUS);
if (authorizableConfigBean.membersContainsAnonymous()) {
groupToInstall.addMember(anonymous);
installedGroup.addMember(anonymous);
} else {
groupToInstall.removeMember(anonymous);
installedGroup.removeMember(anonymous);
}
}

Expand Down Expand Up @@ -286,7 +285,7 @@ private void handleIntermediatePath(final Session session,
message.append("recreated authorizable with new intermediate path! "
+ (newAuthorizable.isGroup() ? "(retained " + countMovedMembersOfGroup + " members of group)" : ""));
history.addMessage(message.toString());
LOG.warn(message.toString());
LOG.info(message.toString());

}

Expand Down Expand Up @@ -426,14 +425,14 @@ private void mergeMemberOfGroups(String principalId,
Set<String> membershipGroupsFromRepository)
throws RepositoryException, AuthorizableExistsException,
AuthorizableCreatorException {
LOG.info("...checking differences");
LOG.debug("...checking differences");

// group in repo doesn't have any members and group in config doesn't
// have any members
// do nothing
if (!isMemberOfOtherGroup(currentGroupFromRepository)
&& membershipGroupsFromConfig.isEmpty()) {
LOG.info(
LOG.debug(
"{}: authorizable in repo is not member of any other group and group in config is not member of any other group. No change necessary here!",
principalId);
}
Expand Down Expand Up @@ -469,12 +468,12 @@ else if (isMemberOfOtherGroup(currentGroupFromRepository)
private void mergeMemberOfGroupsFromRepo(String principalId,
UserManager userManager, Set<String> membershipGroupsFromRepository)
throws RepositoryException {
LOG.info(
LOG.debug(
"{}: authorizable in repo is member of at least one other group and authorizable in config is not member of any other group",
principalId);
// delete memberOf groups of that group in repo
for (String group : membershipGroupsFromRepository) {
LOG.info(
LOG.debug(
"{}: delete authorizable from members of group {} in repository",
principalId, group);
((Group) userManager.getAuthorizable(group))
Expand All @@ -486,15 +485,15 @@ private void mergeMemberOfGroupsFromConfig(String principalId,
AcInstallationHistoryPojo status, UserManager userManager,
Set<String> membershipGroupsFromConfig) throws RepositoryException,
AuthorizableExistsException, AuthorizableCreatorException {
LOG.info(
LOG.debug(
"{}: authorizable in repo is not member of any other group but authorizable in config is member of at least one other group",
principalId);

Set<Group> validatedGroups = validateAssignedGroups(userManager,
principalId, membershipGroupsFromConfig.toArray(new String[membershipGroupsFromConfig.size()]));

for (Group membershipGroup : validatedGroups) {
LOG.info(
LOG.debug(
"{}: add authorizable to members of group {} in repository",
principalId, membershipGroup.getID());

Expand All @@ -520,11 +519,11 @@ private void mergeMultipleMembersOfBothGroups(String principalId,
// are both groups members of exactly the same groups?
if (membershipGroupsFromRepository.equals(membershipGroupsFromConfig)) {
// do nothing!
LOG.info(
LOG.debug(
"{}: authorizable in repo and authorizable in config are members of the same group(s). No change necessary here!",
principalId);
} else {
LOG.info(
LOG.debug(
"{}: authorizable in repo is member of at least one other group and authorizable in config is member of at least one other group",
principalId);

Expand All @@ -540,7 +539,7 @@ private void mergeMultipleMembersOfBothGroups(String principalId,
// if not delete that group of membersOf-property of
// existing group

LOG.info(
LOG.debug(
"delete {} from members of group {} in repository",
principalId, authorizable);
((Group) userManager.getAuthorizable(authorizable))
Expand All @@ -565,7 +564,7 @@ private void mergeMultipleMembersOfBothGroups(String principalId,
// if not add that group to membersOf-property of existing
// group

LOG.info("add {} to members of group {} in repository",
LOG.debug("add {} to members of group {} in repository",
principalId, validatedGroup);
if (StringUtils.equals(validatedGroup.getID(), principalId)) {
String warning = "Attempt to add a group as member of itself ("
Expand Down Expand Up @@ -831,11 +830,17 @@ public void performRollback(SlingRepository repository,
history.addWarning("performing Groups rollback!");

for (String authorizableName : newCreatedAuthorizables) {
userManager.getAuthorizable(authorizableName).remove();
message = "removed authorizable " + authorizableName
+ " from the system!";
Authorizable authorizable = userManager.getAuthorizable(authorizableName);
if (authorizable != null) {
authorizable.remove();
message = "removed authorizable " + authorizableName + " from the system!";
LOG.info(message);
history.addWarning(message);
} else {
message = "Can't remove authorizable " + authorizableName + " from the system!";
LOG.error(message);
history.addError(message);
}
}
}

Expand Down
6 changes: 3 additions & 3 deletions ...e/src/main/java/biz/netcentric/cq/tools/actool/configreader/ConfigFilesRetrieverImpl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ private Map<String, String> getConfigurations(PackageEntryOrNode configFileOrDir
}

if (isRelevantConfiguration(entry.getName(), configFileOrDir.getName(), currentRunModes)) {
LOG.info("Reading YAML file {}", entry.getName());
LOG.debug("Found relevant YAML file {}", entry.getName());
configs.put(entry.getPath(), entry.getContentAsString());
}

Expand Down Expand Up @@ -195,7 +195,7 @@ public String getContentAsString() throws Exception {
IOUtils.copy(configInputStream, writer, "UTF-8");
String configData = writer.toString();
if (StringUtils.isNotBlank(configData)) {
LOG.info("found configuration data of node: {}", node.getPath());
LOG.debug("found configuration data of node: {}", node.getPath());
return configData;
} else {
throw new IllegalStateException("File " + node.getPath() + " is empty!");
Expand Down Expand Up @@ -248,7 +248,7 @@ public boolean isDirectory() throws Exception {

@Override
public String getContentAsString() throws Exception {
LOG.info("Reading YAML file {}", getPath());
LOG.debug("Reading YAML file {}", getPath());
InputStream input = archive.getInputSource(entry).getByteStream();
if (input == null) {
throw new IllegalStateException("Could not get input stream from entry " + getPath());
Expand Down
Loading

0 comments on commit 2933abd

Please sign in to comment.