III. Gradle tasks and user credentials - kghmanuel/ml-gradle GitHub Wiki

ml-gradle supports different MarkLogic user accounts for the various jobs performed during a deployment. See the sample project gradle.properties file for an example of configuring those accounts. The Property Reference also provides information about these accounts, which are summarized below:

  1. mlUsername/mlPassword = default user that is used when any of the below are not specified
  2. mlRestAdminUsername/mlRestAdminPassword = for loading modules
  3. mlManageUsername/mlManagePassword = for talking to the Manage server on port 8002 (with some exceptions, see below)
  4. mlAdminUsername/mlAdminPassword = for talking to the Admin server on port 8001 (again, some exceptions, see below)

Understanding mlAdminUsername

As of version 3.2.1, there is some overloading in how "mlAdminUsername" is used. ml-gradle uses this MarkLogic user whenever the Manage API requires connecting to the Admin server on port 8001.

But some Manage API operations - specifically, those for managing security resources - require that the MarkLogic user have the "security" role, in addition to "manage-admin". Those commands in ml-gradle (mistakenly, really) use mlAdminUsername as well, with the assumption being that that user is likely to have the "security" role, whereas the user with "manage-admin" may not. For those commands, ml-gradle will connect to port 8002 as mlAdminUsername instead of as mlManageUsername.

A future version of ml-gradle will simplify this so the only connection made to port 8002 is as the mlManageUsername user (or mlUsername if mlManageUsername is not defined). And if you need to manage security resources, the user specified by mlManageUsername must have the "security" role, as required by MarkLogic.

It's easy to avoid this complexity, as it's common to only use mlUsername, where this user has the "manage-admin", "rest-admin", and "security-roles". But ml-gradle should be simpler in how it uses mlAdminUsername - to only connect to the Admin server - and this will be addressed in a future version.

Encrypting Passwords

Instead of storing these passwords, e.g. mlPassword, in plaintext in gradle.properties though, you may want to retrieve them from a location where they're encrypted. A common solution for this with Gradle is to use this Gradle credentials plugin for storing and retrieving encrypted credentials. Googling on "gradle encrypted passwords" will return some other solutions too.