Closed antonymadonnaa closed 2 years ago
antonymadonnaa
commented
2 years ago Raised as per the discussion on stackoverflow question https://stackoverflow.com/questions/74277295/add-permissions-for-tde-templates-using-ml-gradle?noredirect=1#comment131252355_74277295
rjrudin
commented
2 years ago Thanks for the submission, and will respond to the SO post.
rjrudin
commented
2 years ago Actually I'll respond here first - in your example, you have this in permissions.properties:
*.tdex=scoutml-admin,read,scoutml-admin,update,scoutml-admin,insert,scoutml-admin,execute,scoutml-admin,node-update,scoutml-reader,read,scoutml-reader,execute*.tdex isn't supported per the docs at https://github.com/marklogic-community/ml-javaclient-util/wiki/Loading-files#specifying-collections-and-permissions . Only *=role,capability,etc is supported as a way of defining default permissions for every file in a directory.
Can you try that out and see if it works in your project? In your SO post, you do mention using * by itself, but maybe you were using *.tdex?
antonymadonnaa
commented
2 years ago Hi @rjrudin , I tried using only the *=role,capability,etc to set the permissions for every file in a directory but getting Build failed error in Jenkins.PFA the sample project and build log for the same. build_log.txt scout-bug-star.zip
antonymadonnaa
commented
2 years ago And do we need to have ml-config folder with content-database.json and schemas-database.json for this to work? I have configured mlContentDatabaseName and mlSchemasDatabaseName in gradle.properties,so is it required to explicitly set in ml-config?
rjrudin
commented
2 years ago ml-gradle defaults to creating a REST API instance (unless mlNoRestServer=true), which includes a content database. But that content database by default points to the OOTB Schemas database. You can stick with that, but it's more common to include the two files you mentioned:
database-name in itdatabase-name and schema-database in it, with the latter having a value matching the name of your schema databaseml-gradle will use the two properties you mentioned - mlContentDatabaseName and mlSchemasDatabaseName - to populate a couple tokens for convenience that you can include in your files (this was done before all ml* properties were made available for use in resource files).
This example project is worth looking at - https://github.com/marklogic-community/ml-gradle/tree/master/examples/schemas-project/src/main
rjrudin
commented
2 years ago For the null-pointer error - did some testing and that's a bug - "node-update" isn't yet supported. We'll get a new patch release of ml-gradle out soon to address that.
However, odds are you only need read/update permissions on your schema. So I would just do the following:
*=scoutml-reader,read,scoutml-admin,updateThat assumes that your scoutml-admin role inherits scoutml-reader. If not, just append ,scoutml-admin,read .
rjrudin
commented
2 years ago Bug opened at https://github.com/marklogic-community/ml-javaclient-util/issues/159 . @antonymadonnaa thanks for the helpful feedback here, and again, we'll have a patch release out soon (though in the meantime, you should be fine with the read/update usage shown above).
antonymadonnaa
commented
2 years ago Hi @rjrudin , I think you are right, after I removed the node-update capability from permissions.properties, now the other permissions are set to the templates. Thank you so much for your quick response and helping out in resolving this.You can close this bug if there are no pending actions.
Describe the bug Using ml-gradle 4.1.1 version ,we are able to deploy the TDE templates but the permissions are not added the templates
To Reproduce Try running mlDeploy to deploy the TDE templates to App specific Schemas database.
Expected behavior TDE templates are loaded into App specific Schemas database with the permissions set in permission.properties
Sample project code : scout-bug.zip