sling-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marius Petria (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SLING-7714) SCD FileVault packages created with root filter which removes ACEs
Date Wed, 13 Jun 2018 07:06:00 GMT

    [ https://issues.apache.org/jira/browse/SLING-7714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16510700#comment-16510700
] 

Marius Petria commented on SLING-7714:
--------------------------------------

[~marett] I think we have 2 things to solve:
1. make it work without property filters (these were added recently and they are not used
a lot)
2. make it work with property filters
I am trying to split this in two because maybe we can solve 1 without fixing filevault. I
think for that [CQ-4245994.patch|https://issues.apache.org/jira/secure/attachment/12926890/CQ-4245994.patch]
looks to be the best. Even if the resulting filter.xml looks like a "deep filter" (with not
include pattern) only the distributed node is packaged.

> SCD FileVault packages created with root filter which removes ACEs
> ------------------------------------------------------------------
>
>                 Key: SLING-7714
>                 URL: https://issues.apache.org/jira/browse/SLING-7714
>             Project: Sling
>          Issue Type: Bug
>          Components: Content Distribution
>    Affects Versions: Content Distribution Core 0.2.10
>            Reporter: Ankit Aggarwal
>            Assignee: Timothee Maret
>            Priority: Major
>         Attachments: CQ-4245994.patch, CQ-4245994_2.patch, CQ-4245994_3.patch, faulty-pkg-4503-1.0.zip,
pkg-4503-additionnal.zip, pkg-4503-base.zip, pre-SP2-1.0.zip
>
>
> After upgrading the customer stage instances (this is ManagedService), it has been observed
that the user synchronization si broken.
> After investigation, I observed that not only the user sync is broken but possible the
whole instance, as many "rep:policy" nodes have been removed.
>  
> h4. Steps to reproduce
>  # start a 3 instances (1 author, 2 publishers) setup on AEM 6.3
>  # enable the user synchronization following the documentation
>  # upgrade publishers to SP2, then author
>  # create a new user on pub1
>  
> Expected result:
> User is propagated/synchronized on pub2 without side-effect
>  
> Actual result:
> User is propagated/synchronized on pub2, but the following rep:policy nodes are removed
(maybe non exhaustive list):
>  * /rep:policy
>  * /home/rep:policy
>  * /home/users/rep:policy
>  
> I reproduce this issue and tested again the procedure, but I disabled the sync agent
on Author, so that I could retrieve the package being replicated on the other publisher (pub2)
to inspect its definition.
>  
> [faulty-pkg-4503-1.0.zip^!/images/icons/link_attachment_7.gif|width=7,height=7,align=absmiddle!^|https://issues.apache.org/secure/attachment/2594552/2594552_faulty-pkg-4503-1.0.zip] is
a raw package containing the "/var/sling/distribution" and "/var/eventing/jobs/unassigned"
of pub1 where I created the new user post-SP2 install, if you require more details.
>  
> [pkg-4503-base.zip^!/images/icons/link_attachment_7.gif|width=7,height=7,align=absmiddle!^|https://issues.apache.org/secure/attachment/2594549/2594549_pkg-4503-base.zip] and [pkg-4503-additionnal.zip^!/images/icons/link_attachment_7.gif|width=7,height=7,align=absmiddle!^|https://issues.apache.org/secure/attachment/2594550/2594550_pkg-4503-additionnal.zip] are
the actual packages that will be distributed by SCD, and installed on pub2. I extracted them
from [faulty-pkg-4503-1.0.zip^!/images/icons/link_attachment_7.gif|width=7,height=7,align=absmiddle!^|https://issues.apache.org/secure/attachment/2594552/2594552_faulty-pkg-4503-1.0.zip] from
the following path "faulty-pkg-4503-1.0.zip\jcr_root\var\sling\distribution\packages\socialpubsync-vlt\data\dstrpck-1528203802286-58c3aa28-a83a-4a74-a781-e48e5415a541\"
and "dstrpck-1528203802288-c6416288-9b4d-43cc-8967-c09215bd6a91" (they are the "bin" file
renamed).
>  
> Checking their _META-INF\vault\filter.xml,_ I think that the filter definition is incorrect:
> {code:java}
> <workspaceFilter version="1.0">
>   <filter root="/home/users/6">
>     <include pattern="/home/users/6"/>
>   </filter>
>   <filter root="/home/users/6/68dhk9JC3OnZO5Z87rLR">
>     <include pattern="/home/users/6/68dhk9JC3OnZO5Z87rLR"/>
>   </filter>
>   <filter root="/"/>
> </workspaceFilter>{code}
>  
> *The last entry with filter on "/" looks suspicious.*
>  
> On a pre-SP2 instance, I have the following which is correct:
> {code:java}
> <workspaceFilter version="1.0">
>   <filter root="/home/users/L">
>     <include pattern="/home/users/L"/>
>   </filter>
>   <filter root="/home/users/L/L3q-3NdVN-uV1eawzefF">
>     <include pattern="/home/users/L/L3q-3NdVN-uV1eawzefF"/>
>   </filter>
> </workspaceFilter>{code}
>  
> I assume that the ACL are merged and as the filter is pointing to "/" and the package
doesn't have any rep:policy for any nodes in the hierarchy, it is removing the existing ones.
>  
> PS: I have some instances setup to share if needed.
> *Btw now that the issue is qualified I guess you only need to setup one single publisher,
enable usersync, and create a new user. This should trigger the package creation containing
the invalid filter definition.*



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message