This document discusses repoinit, an Apache Sling mini-language for initializing content repositories. Repoinit scripts are run at startup by SlingRepositoryInitializers to register the SlingRepository, set ACLs, and perform other initialization tasks. The talk covers the history and usage of repoinit, provides examples, and discusses best practices around parsing repoinit scripts using a parser generator rather than writing parsers by hand.
5. Apache Sling repoinit - Bertrand Delacrétaz, Adobe - September 2021 5
repoinit?
https://sling.apache.org/documentation/bundles/repository-initialization.html
JCR startup SlingRepositoryInitializers
repoinit scripts
register SlingRepository
successful?
set ACL on /libs,/app
s
allow jcr:read for alice, bo
b
allow jcr:all for content-admin
s
end
An Apache Sling mini-language for content repository initialization
6. Apache Sling repoinit - Bertrand Delacrétaz, Adobe - September 2021 6
Quick, set it up before they see it!
https://sling.apache.org/documentation/bundles/repository-initialization.html
8. Apache Sling repoinit - Bertrand Delacrétaz, Adobe - September 2021 8
history
"We need to initialize a number of things when starting Sling on a new or existing content repository"
January 2016
https://issues.apache.org/jira/browse/SLING-5449
(great) discussion: https://s.apache.org/repoinit-2016
syntax idea: https://issues.apache.org/jira/browse/JCRVLT-61- credits to Tobias Bocanegra
14. Apache Sling repoinit - Bertrand Delacrétaz, Adobe - September 2021 14
la doc! la doc!
https://sling.apache.org/documentation/
bundles/repository-initialization.html
15. Apache Sling repoinit - Bertrand Delacrétaz, Adobe - September 2021 15
create paths and set properties
create path /one/two/thre
e
create path (sling:Folder) /var/disc(nt:unstructured)/afolde
r
create path /five(mixin nt:art)/step(mixin nt:dance)/two/steps
set properties on /pathA, /path/
B
set sling:ResourceType{String} to /x/y/
z
default someLong{Long} to 4
2
set someFlag{Boolean} to tru
e
default someDate{Date} to "2020-03-19T11:39:33.437+05:30
"
set customMultiValueStringProp to test1, test
2
en
d
16. Apache Sling repoinit - Bertrand Delacrétaz, Adobe - September 2021 16
manage (service) users
create service user bob,alice, tom2
1
create service user leo with path /some/absolute/pat
h
delete service user Leonardo,Winston_3
2
disable service user svcA : "This explains why it's disabled
"
create user AF with forced path /path/user/A
F
create user userC with password plain_text_only_for_testin
g
delete user userC
17. Apache Sling repoinit - Bertrand Delacrétaz, Adobe - September 2021 17
groups
create group group
a
create group groupb with path /thePath
F
create group groupc with forced path /thePath
G
add user1,user2 to group group
D
remove user3,user5 from group group
E
delete group group
a
set properties on authorizable(groupD
)
set stringProp to "hello, group D
"
en
d
set properties on authorizable(user3)/neste
d
set stringProp to "hello, nested!
"
en
d
18. Apache Sling repoinit - Bertrand Delacrétaz, Adobe - September 2021 18
Access Control Lists (ACL)
set principal ACL for principal1,principal
2
allow jcr:all on /conten
t
allow jcr:namespaceManagement on :repository
deny jcr:write on /var/secret
s
remove * on /libs,/app
s
en
d
set ACL on home(jack),/tmp/
a
allow jcr:read for alic
e
deny jcr:read for user2 restriction(rep:itemNames,p1,p2
)
en
d
delete ACL on /conten
t
delete principal ACL for ada, am
y
19. Apache Sling repoinit - Bertrand Delacrétaz, Adobe - September 2021 19
Interlude: how big? how fast?
Test script at https://gist.github.com/bdelacretaz/5ece181782206c0c9f820a78e6baaeef
With limit = 5000:
(20000 repoinit operations)
Parsing: 127 msec
Execution: 23868 msec
About 1000 ops / second
on my 2018 macbook pro
on a local Sling Starter instance
for i in 1 to $LIMIT
do
create service user LU-$i
create path /tmp/repoinit-three/mod-1/lu-$i
set ACL for LU-$i
allow jcr:all on /tmp/repoinit-three/mod-1/lu-$i
end
set ACL on /tmp/repoinit-three/mod-1/lu-$i
deny jcr:read for everyone
end
done
Session.save()
RepoInitParser
Test Script JcrRepoInitOpsProcessor
21. Apache Sling repoinit - Bertrand Delacrétaz, Adobe - September 2021 21
privileges
register privilege simplePriv
A
register privilege ns:simplePriv
B
register abstract privilege abstract
A
register abstract privilege ns:abstract
B
22. Apache Sling repoinit - Bertrand Delacrétaz, Adobe - September 2021 22
summary
create path, set properties, default value
s
create (service) user, delete, disabl
e
create group, add/remove users, delet
e
set ACL on paths or for principals, remove
*
register JCR node types and namespaces
register privileges
23. Apache Sling repoinit - Bertrand Delacrétaz, Adobe - September 2021 23
repoinit vs content packages?
repoinit:
diffable
tracable evolution
failures prevent startup
(good for critical setup)
repoinit for repository setup,
content packages for actual content?
WDYT?
content packages:
complex content structures
project modularization
27. Apache Sling repoinit - Bertrand Delacrétaz, Adobe - September 2021 27
see also: https://javacc.org and
https://notes.eatonphil.com/parser-generators-vs-handwritten-parsers-survey-2021.html
please
DO NOT
write parsers
BY HAND
unless you know
EXACTLY
what you are doing
The repoinit parser code is
maintainable
testable
understandable
Thanks to the use of a parser generator (JavaCC)
void deleteAclPrincipals(List<Operation> result)
:
{
<DELETE> <ACL> <FOR> p = principalsList(
)
( <EOL> | <EOF>
)
{
result.add(new DeleteAclPrincipals(p))
;
}
}
31. Apache Sling repoinit - Bertrand Delacrétaz, Adobe - September 2021 31
repoinit!
reliable repository initialization
I'm @bdelacretaz , thanks for watching!
more at https://sling.apache.org/documentation/bundles/repository-initialization.html
on parsing: https://pinboard.in/u:bdelacretaz/t:parsing/
ongoing improvements
robust software
JCR startup SlingRepositoryInitializers
repoinit scripts
register SlingRepository
successful?
set ACL on home(jack),/tmp/
a
allow jcr:read for alic
e
deny jcr:read for bo
b
end
clean syntax