Feature Request: Make ACE Service Configuration a Factory Configuration

[jenslauterbach]

Currently, the following configuration is not a factory configuration:

biz.netcentric.cq.tools.actool.aceservice.impl.AceServiceImpl

If several projects are deployed in the same AEM instance they all have to use the same configuration path (set in this configuration, see AceService.configurationPath).

It would be great if this configuration would be a factory configuration so that every project can provide its own configuration.

I have something like this in mind:

Project A: AceService.configurationPath = /apps/project-a/configuration/acl Project B: AceService.configurationPath = /apps/project-b/configuration/acl Project C: AceService.configurationPath = /apps/project-c/configuration/acl

[ghenzler]

The problem with that the JMX console is highly dependent on the configured path - if you run e.g. apply() exactly that one configured path will be used. The best way to deal with it is probably to provide a configuration AceService.jmxMBeanName and use more than one jmx MBeans (although this is also not perfect, some of the operations are not dependent on the configurationPath, e.g. applyConfig(configurationRootPath)

One way to make this work today is using the Install Hook: The install hook does not take the root path in account at all but only takes the yaml files from the package. You could run a setup as follows:

• Package Base: Yaml files at /apps/myplatform/acls/base (with install hook)
• Package Project 1: Yaml files at /apps/myplatform/acls/myproject1 (with install hook)
• Package Project 2: Yaml files at /apps/myplatform/acls/myproject2 (with install hook)
• Package Project 3: Yaml files at /apps/myplatform/acls/myproject3 (with install hook)
• set AceService.configurationPath to /apps/myplatform/acls

Then you can apply everything via JMX. To install you can use package dependencies (e.g. from Package Project 1 a dependency to Package Base).

Please note that you will have to configure https://github.com/Netcentric/accesscontroltool/blob/develop/docs/AdvancedFeatures.md#configure-memberships-oftowards-externally-managed-groups properly to ensure memberships between groups stemming from different packages are kept correctly.

[mrozati]

The issue with single configuration root in JMX console is pretty confusing for administrators; specially when one of applications uses the legacy configuration, which simply overwrites the newer one: https://github.com/Netcentric/accesscontroltool/blob/develop/accesscontroltool-bundle/src/main/java/biz/netcentric/cq/tools/actool/impl/AcInstallationServiceImpl.java#L131

I understand the complexity of having a configuration factory, but maybe a multiple value property could be a simpler solution. Anyway using the install hook just solves the apply issue although it's already possible to use applyConfig(configurationRootPath). But purging groups is still not possible, because you only have purgeAllAuthorizablesFromConfiguration().

I'm missing at least a purgeAllAuthorizablesFromConfiguration(configurationRootPath) method