marklogic / ml-gradle

Gradle plugin for automating everything involving MarkLogic
Other
72 stars 78 forks source link

Not able to add permissions to TDE templates using ml-gradle #631

Closed antonymadonnaa closed 2 years ago

antonymadonnaa commented 2 years ago

Describe the bug Using ml-gradle 4.1.1 version ,we are able to deploy the TDE templates but the permissions are not added the templates

To Reproduce Try running mlDeploy to deploy the TDE templates to App specific Schemas database.

Expected behavior TDE templates are loaded into App specific Schemas database with the permissions set in permission.properties

Sample project code : scout-bug.zip

antonymadonnaa commented 2 years ago

Raised as per the discussion on stackoverflow question https://stackoverflow.com/questions/74277295/add-permissions-for-tde-templates-using-ml-gradle?noredirect=1#comment131252355_74277295

rjrudin commented 2 years ago

Thanks for the submission, and will respond to the SO post.

rjrudin commented 2 years ago

Actually I'll respond here first - in your example, you have this in permissions.properties:

*.tdex=scoutml-admin,read,scoutml-admin,update,scoutml-admin,insert,scoutml-admin,execute,scoutml-admin,node-update,scoutml-reader,read,scoutml-reader,execute

*.tdex isn't supported per the docs at https://github.com/marklogic-community/ml-javaclient-util/wiki/Loading-files#specifying-collections-and-permissions . Only *=role,capability,etc is supported as a way of defining default permissions for every file in a directory.

Can you try that out and see if it works in your project? In your SO post, you do mention using * by itself, but maybe you were using *.tdex?

antonymadonnaa commented 2 years ago

Hi @rjrudin , I tried using only the *=role,capability,etc to set the permissions for every file in a directory but getting Build failed error in Jenkins.PFA the sample project and build log for the same. build_log.txt scout-bug-star.zip

antonymadonnaa commented 2 years ago

And do we need to have ml-config folder with content-database.json and schemas-database.json for this to work? I have configured mlContentDatabaseName and mlSchemasDatabaseName in gradle.properties,so is it required to explicitly set in ml-config?

rjrudin commented 2 years ago

ml-gradle defaults to creating a REST API instance (unless mlNoRestServer=true), which includes a content database. But that content database by default points to the OOTB Schemas database. You can stick with that, but it's more common to include the two files you mentioned:

ml-gradle will use the two properties you mentioned - mlContentDatabaseName and mlSchemasDatabaseName - to populate a couple tokens for convenience that you can include in your files (this was done before all ml* properties were made available for use in resource files).

This example project is worth looking at - https://github.com/marklogic-community/ml-gradle/tree/master/examples/schemas-project/src/main

rjrudin commented 2 years ago

For the null-pointer error - did some testing and that's a bug - "node-update" isn't yet supported. We'll get a new patch release of ml-gradle out soon to address that.

However, odds are you only need read/update permissions on your schema. So I would just do the following:

*=scoutml-reader,read,scoutml-admin,update

That assumes that your scoutml-admin role inherits scoutml-reader. If not, just append ,scoutml-admin,read .

rjrudin commented 2 years ago

Bug opened at https://github.com/marklogic-community/ml-javaclient-util/issues/159 . @antonymadonnaa thanks for the helpful feedback here, and again, we'll have a patch release out soon (though in the meantime, you should be fine with the read/update usage shown above).

antonymadonnaa commented 2 years ago

Hi @rjrudin , I think you are right, after I removed the node-update capability from permissions.properties, now the other permissions are set to the templates. Thank you so much for your quick response and helping out in resolving this.You can close this bug if there are no pending actions.