Closed brent-hartwig closed 2 months ago
As of 3.0.0, custom collections and permissions can be specified for each directory of modules under src/main/ml-modules/root (this does not apply to options, services, or transforms, as the MarkLogic REST API applies specific collections and permissions to those modules).
Given lux-options.xml is in the options directory, the above won't work for us.
A colleague suggested creating a Gradle task of type CopySearchOptionsTask
per these instructions; however, it doesn't get around the document permissions issue. If the tenant role was granted one that inherits the rest-reader-internal
role, it would have worked.
Instead, went with his second suggestion: an MLCP task. Works like a charm. The tenant's deployer role has sufficient privileges to run the task that replaces copyRestApiOptions
: importRestApiOptions
. Implemented in PR https://github.com/project-lux/lux-marklogic/pull/246 and https://github.com/project-lux/lux-marklogic/pull/247, both of which were merged into release1.22.
Approved by UAT 8/7
cc: @prowns
OK to close. No additional validation required.
At present, /Default/lux-request-group-1/rest-api/options/lux-options.xml's document permissions prevent non-admins from executing the
copyRestApiOptions
Gradle task, which is wired tomlLoadModules
. The scope of this ticket is to enable the tenant deployer role to successfully run thecopyRestApiOptions
task.Ideally, we will find ML Gradle provides a way to specify the document permissions of https://github.com/project-lux/lux-marklogic/blob/main/src/main/ml-modules/options/lux-options.xml.
This issue is only an issue because of trying to do the right thing: #212