This is an automated email from the ASF dual-hosted git repository. pauls pushed a commit to branch issues/SLING-9960 in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-feature-cpconverter.git
commit 81677b557a910d0489cac969ed233215759489ce Author: Karl Pauls <[email protected]> AuthorDate: Thu Dec 10 15:22:03 2020 +0100 SLING-9960: AclManagerTest/RepPolicyEntryHandlerTest should use realistic service user path --- .../cpconverter/accesscontrol/AclManagerTest.java | 12 +++--- .../handlers/RepPolicyEntryHandlerTest.java | 38 +++++++++-------- .../jcr_root/home/users/system/asd/.content.xml | 19 +++++++++ .../jcr_root/home/users/system/asd/_rep_policy.xml | 48 ++++++++++++++++++++++ .../jcr_root/home/users/system/asd/license.txt | 14 +++++++ 5 files changed, 107 insertions(+), 24 deletions(-) diff --git a/src/test/java/org/apache/sling/feature/cpconverter/accesscontrol/AclManagerTest.java b/src/test/java/org/apache/sling/feature/cpconverter/accesscontrol/AclManagerTest.java index 4254ab7..4b5d880 100644 --- a/src/test/java/org/apache/sling/feature/cpconverter/accesscontrol/AclManagerTest.java +++ b/src/test/java/org/apache/sling/feature/cpconverter/accesscontrol/AclManagerTest.java @@ -71,18 +71,18 @@ public class AclManagerTest { @Test public void makeSureAclsAreCreatedOnlyoutsideSytemUsersPaths() throws Exception { - aclManager.addSystemUser(new SystemUser("acs-commons-ensure-oak-index-service", new RepoPath("/asd/public/foo"), new RepoPath("/asd/public"))); + aclManager.addSystemUser(new SystemUser("acs-commons-ensure-oak-index-service", new RepoPath("/home/users/system/foo"), new RepoPath("/home/users/system"))); // emulate a second iteration of conversion aclManager.reset(); - aclManager.addSystemUser(new SystemUser("acs-commons-package-replication-status-event-service", new RepoPath("/asd/public/foo"), new RepoPath("/asd/public"))); + aclManager.addSystemUser(new SystemUser("acs-commons-package-replication-status-event-service", new RepoPath("/home/users/system/foo"), new RepoPath("/home/users/system"))); aclManager.addAcl("acs-commons-ensure-oak-index-service", newAcl(true, "jcr:read,rep:write,rep:indexDefinitionManagement", "/asd/not/system/user/path")); - aclManager.addAcl("acs-commons-package-replication-status-event-service", newAcl(true, "jcr:read,crx:replicate,jcr:removeNode", "/asd/public")); + aclManager.addAcl("acs-commons-package-replication-status-event-service", newAcl(true, "jcr:read,crx:replicate,jcr:removeNode", "/home/users/system")); // add an ACL for unknown user - aclManager.addAcl("acs-commons-on-deploy-scripts-service", newAcl(true, "jcr:read,crx:replicate,jcr:removeNode", "/asd/public")); + aclManager.addAcl("acs-commons-on-deploy-scripts-service", newAcl(true, "jcr:read,crx:replicate,jcr:removeNode", "/home/users/system")); VaultPackageAssembler assembler = mock(VaultPackageAssembler.class); when(assembler.getEntry(anyString())).thenReturn(new File(System.getProperty("java.io.tmpdir"))); @@ -98,8 +98,8 @@ public class AclManagerTest { assertNotNull(repoinitExtension); // acs-commons-on-deploy-scripts-service will be missed - String expected = "create path (rep:AuthorizableFolder) /asd/public" + System.lineSeparator() + // SLING-8586 - "create service user acs-commons-package-replication-status-event-service with path /asd/public" + System.lineSeparator() + + String expected = "create path (rep:AuthorizableFolder) /home/users/system" + System.lineSeparator() + // SLING-8586 + "create service user acs-commons-package-replication-status-event-service with path /home/users/system" + System.lineSeparator() + "create path (sling:Folder) /asd" + System.lineSeparator() + "create path (sling:Folder) /asd/not" + System.lineSeparator() + "create path (sling:Folder) /asd/not/system" + System.lineSeparator() + diff --git a/src/test/java/org/apache/sling/feature/cpconverter/handlers/RepPolicyEntryHandlerTest.java b/src/test/java/org/apache/sling/feature/cpconverter/handlers/RepPolicyEntryHandlerTest.java index 3417800..b0ef6b4 100644 --- a/src/test/java/org/apache/sling/feature/cpconverter/handlers/RepPolicyEntryHandlerTest.java +++ b/src/test/java/org/apache/sling/feature/cpconverter/handlers/RepPolicyEntryHandlerTest.java @@ -94,30 +94,30 @@ public final class RepPolicyEntryHandlerTest { assertEquals(ExtensionType.TEXT, repoinitExtension.getType()); // commented ACLs are due SLING-8561 - String expected = "create path (rep:AuthorizableFolder) /asd/public" + System.lineSeparator() + // SLING-8586 - "create service user acs-commons-ensure-oak-index-service with path /asd/public" + System.lineSeparator() + + String expected = "create path (rep:AuthorizableFolder) /home/users/system" + System.lineSeparator() + // SLING-8586 + "create service user acs-commons-ensure-oak-index-service with path /home/users/system" + System.lineSeparator() + // "create path (sling:Folder) /asd\n" + // "create path (sling:Folder) /asd/public\n" + // "set ACL for acs-commons-ensure-oak-index-service\n" + // "allow jcr:read,rep:write,rep:indexDefinitionManagement on /asd/public restriction(rep:glob,*/oak:index/*)\n" + // "end\n" + - "create service user acs-commons-dispatcher-flush-service with path /asd/public" + System.lineSeparator() + + "create service user acs-commons-dispatcher-flush-service with path /home/users/system" + System.lineSeparator() + // "set ACL for acs-commons-dispatcher-flush-service\n" + // "allow jcr:read,crx:replicate,jcr:removeNode on /asd/public\n" + // "end\n" + - "create service user acs-commons-package-replication-status-event-service with path /asd/public" + System.lineSeparator() + + "create service user acs-commons-package-replication-status-event-service with path /home/users/system" + System.lineSeparator() + // "set ACL for acs-commons-package-replication-status-event-service\n" + // "allow jcr:read,rep:write,jcr:readAccessControl,jcr:modifyAccessControl on /asd/public\n" + // "end\n" + - "create service user acs-commons-ensure-service-user-service with path /asd/public" + System.lineSeparator() + + "create service user acs-commons-ensure-service-user-service with path /home/users/system" + System.lineSeparator() + // "set ACL for acs-commons-ensure-service-user-service\n" + // "allow jcr:read,rep:write,jcr:readAccessControl,jcr:modifyAccessControl on /asd/public\n" + // "end\n" + - "create service user acs-commons-automatic-package-replicator-service with path /asd/public" + System.lineSeparator() + + "create service user acs-commons-automatic-package-replicator-service with path /home/users/system" + System.lineSeparator() + // "set ACL for acs-commons-automatic-package-replicator-service\n" + // "allow jcr:read on /asd/public\n" + // "end\n" + - "create service user acs-commons-on-deploy-scripts-service with path /asd/public" + System.lineSeparator(); + "create service user acs-commons-on-deploy-scripts-service with path /home/users/system" + System.lineSeparator(); // "set ACL for acs-commons-on-deploy-scripts-service\n" + // "allow jcr:read on /asd/public\n" + // "end\n"; @@ -141,22 +141,22 @@ public final class RepPolicyEntryHandlerTest { assertEquals(ExtensionType.TEXT, repoinitExtension.getType()); // commented ACLs are due SLING-8561 - String expected = "create path (rep:AuthorizableFolder) /asd/public" + System.lineSeparator() + // SLING-8586 - "create service user acs-commons-package-replication-status-event-service with path /asd/public" + System.lineSeparator() + + String expected = "create path (rep:AuthorizableFolder) /home/users/system" + System.lineSeparator() + // SLING-8586 + "create service user acs-commons-package-replication-status-event-service with path /home/users/system" + System.lineSeparator() + // "create path (sling:Folder) /asd\n" + // "create path (sling:Folder) /asd/public\n" + // "set ACL for acs-commons-package-replication-status-event-service\n" + // "allow jcr:read,rep:write,jcr:readAccessControl,jcr:modifyAccessControl on /asd/public\n" + // "end\n" + - "create service user acs-commons-ensure-service-user-service with path /asd/public" + System.lineSeparator() + + "create service user acs-commons-ensure-service-user-service with path /home/users/system" + System.lineSeparator() + // "set ACL for acs-commons-ensure-service-user-service\n" + // "allow jcr:read,rep:write,jcr:readAccessControl,jcr:modifyAccessControl on /asd/public\n" + // "end\n" + - "create service user acs-commons-automatic-package-replicator-service with path /asd/public" + System.lineSeparator() + + "create service user acs-commons-automatic-package-replicator-service with path /home/users/system" + System.lineSeparator() + // "set ACL for acs-commons-automatic-package-replicator-service\n" + // "allow jcr:read on /asd/public\n" + // "end\n" + - "create service user acs-commons-on-deploy-scripts-service with path /asd/public" + System.lineSeparator(); + "create service user acs-commons-on-deploy-scripts-service with path /home/users/system" + System.lineSeparator(); //"set ACL for acs-commons-on-deploy-scripts-service\n" + //"allow jcr:read on /asd/public\n" + //"end\n"; @@ -190,10 +190,12 @@ public final class RepPolicyEntryHandlerTest { String expected = "create path (rep:AuthorizableFolder) /this/is/a/completely/different/path" + System.lineSeparator() + // SLING-8586 "create service user acs-commons-package-replication-status-event-service with path /this/is/a/completely/different/path" + System.lineSeparator() + - "create path (sling:Folder) /asd" + System.lineSeparator() + - "create path (sling:Folder) /asd/public" + System.lineSeparator() + + "create path (sling:Folder) /home" + System.lineSeparator() + + "create path (sling:Folder) /home/users" + System.lineSeparator() + + "create path (sling:Folder) /home/users/system" + System.lineSeparator() + + "create path (sling:Folder) /home/users/system/asd" + System.lineSeparator() + "set ACL for acs-commons-package-replication-status-event-service" + System.lineSeparator() + - "allow jcr:read,rep:write,jcr:readAccessControl,jcr:modifyAccessControl on /asd/public" + System.lineSeparator() + + "allow jcr:read,rep:write,jcr:readAccessControl,jcr:modifyAccessControl on /home/users/system/asd" + System.lineSeparator() + "end" + System.lineSeparator(); String actual = repoinitExtension.getText(); assertEquals(expected, actual); @@ -225,8 +227,8 @@ public final class RepPolicyEntryHandlerTest { } private ParseResult parseAndSetRepoinit(String...systemUsersNames) throws Exception { - RepoPath alwaysTheSameOrgPath = new RepoPath("/asd/public/foo"); - RepoPath alwaysTheSameInterPath = new RepoPath("/asd/public"); + RepoPath alwaysTheSameOrgPath = new RepoPath("/home/users/system/asd"); + RepoPath alwaysTheSameInterPath = new RepoPath("/home/users/system"); SystemUser[] systemUsers = new SystemUser[systemUsersNames.length]; for (int i = 0; i < systemUsersNames.length; i++) { @@ -237,7 +239,7 @@ public final class RepPolicyEntryHandlerTest { } private ParseResult parseAndSetRepoinit(SystemUser...systemUsers) throws Exception { - String path = "/jcr_root/asd/public/_rep_policy.xml"; + String path = "/jcr_root/home/users/system/asd/_rep_policy.xml"; Archive archive = mock(Archive.class); Entry entry = mock(Entry.class); VaultPackageAssembler packageAssembler = mock(VaultPackageAssembler.class); diff --git a/src/test/resources/org/apache/sling/feature/cpconverter/handlers/jcr_root/home/users/system/asd/.content.xml b/src/test/resources/org/apache/sling/feature/cpconverter/handlers/jcr_root/home/users/system/asd/.content.xml new file mode 100644 index 0000000..0589bcb --- /dev/null +++ b/src/test/resources/org/apache/sling/feature/cpconverter/handlers/jcr_root/home/users/system/asd/.content.xml @@ -0,0 +1,19 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with this + work for additional information regarding copyright ownership. The ASF + licenses this file to You under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + License for the specific language governing permissions and limitations under + the License. +--> +<jcr:root xmlns:sling="http://sling.apache.org/jcr/sling/1.0"; xmlns:jcr="http://www.jcp.org/jcr/1.0"; + jcr:primaryType="sling:Folder"/> diff --git a/src/test/resources/org/apache/sling/feature/cpconverter/handlers/jcr_root/home/users/system/asd/_rep_policy.xml b/src/test/resources/org/apache/sling/feature/cpconverter/handlers/jcr_root/home/users/system/asd/_rep_policy.xml new file mode 100644 index 0000000..66bb45c --- /dev/null +++ b/src/test/resources/org/apache/sling/feature/cpconverter/handlers/jcr_root/home/users/system/asd/_rep_policy.xml @@ -0,0 +1,48 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with this + work for additional information regarding copyright ownership. The ASF + licenses this file to You under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + License for the specific language governing permissions and limitations under + the License. +--> +<jcr:root xmlns:jcr="http://www.jcp.org/jcr/1.0"; xmlns:rep="internal" + jcr:primaryType="rep:ACL"> + <allow0 + jcr:primaryType="rep:GrantACE" + rep:principalName="acs-commons-ensure-oak-index-service" + rep:privileges="{Name}[jcr:read,rep:write,rep:indexDefinitionManagement]"> + <rep:restrictions + jcr:primaryType="rep:Restrictions" + rep:glob="{Name}[*/oak:index/*]"/> + </allow0> + <allow1 + jcr:primaryType="rep:GrantACE" + rep:principalName="acs-commons-dispatcher-flush-service" + rep:privileges="{Name}[jcr:read,crx:replicate,jcr:removeNode]"/> + <allow2 + jcr:primaryType="rep:GrantACE" + rep:principalName="acs-commons-package-replication-status-event-service" + rep:privileges="{Name}[jcr:read,rep:write,jcr:readAccessControl,jcr:modifyAccessControl]"/> + <allow3 + jcr:primaryType="rep:GrantACE" + rep:principalName="acs-commons-ensure-service-user-service" + rep:privileges="{Name}[jcr:read,rep:write,jcr:readAccessControl,jcr:modifyAccessControl]"/> + <allow4 + jcr:primaryType="rep:GrantACE" + rep:principalName="acs-commons-automatic-package-replicator-service" + rep:privileges="{Name}[jcr:read]"/> + <allow5 + jcr:primaryType="rep:GrantACE" + rep:principalName="acs-commons-on-deploy-scripts-service" + rep:privileges="{Name}[jcr:read]"/> +</jcr:root> diff --git a/src/test/resources/org/apache/sling/feature/cpconverter/handlers/jcr_root/home/users/system/asd/license.txt b/src/test/resources/org/apache/sling/feature/cpconverter/handlers/jcr_root/home/users/system/asd/license.txt new file mode 100644 index 0000000..805f6a4 --- /dev/null +++ b/src/test/resources/org/apache/sling/feature/cpconverter/handlers/jcr_root/home/users/system/asd/license.txt @@ -0,0 +1,14 @@ + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with this + work for additional information regarding copyright ownership. The ASF + licenses this file to You under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + License for the specific language governing permissions and limitations under + the License.
