<div dir="ltr"><div>Hi Martin,</div><div><br></div>thanks for the list. Right, some of those suffer from the same problem and some seem to have an identity (not explicitly expressed since we don't have a way to do that for a member of a complex type yet but once we do it won't be a problem).<br><div class="gmail_extra"><br></div><div class="gmail_extra">Ok, I had a hope we were going to address these relatively quick (given that the issue was raised back in autumn). I don't see it happening next month neither. So for now I am going to handle these kind of config structures (i.e. lists of complex types) as atomic pieces (although potentially big). They won't be mergeable during updates but one will be replacing completely the other with the one coming in last winning.</div><div class="gmail_extra"><br></div><div class="gmail_extra">In perspective though, I think this is going to remain a critical issue.</div><div class="gmail_extra"><br></div><div class="gmail_extra">Thanks,</div><div class="gmail_extra">Alexey</div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Mar 26, 2018 at 2:40 PM, Martin Choma <span dir="ltr"><<a href="mailto:mchoma@redhat.com" target="_blank">mchoma@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I run through Elytron subsystem and there are other "suspicious"<br>
resources [1]. How it is guaranteed name/id/path attributes of<br>
collections are unique identifiers? On subsystem code level? Because<br>
this information is not in the model, as far as I know.<br>
<br>
Is it possible to declare compound unique-key? I mean for example to<br>
say that for permission resource (class-name,module) tuple is unique<br>
key.<br>
<br>
[1]<br>
configurable-sasl-server-facto<wbr>ry/filters<br>
configurable-http-server-mecha<wbr>nism-factory/filters<br>
<br>
sasl-authentication-factory/me<wbr>chanism-configurations<br>
sasl-authentication-factory/me<wbr>chanism-configurations/mechani<wbr>sm-realm-configurations<br>
http-authentication-factory/me<wbr>chanism-configurations<br>
http-authentication-factory/me<wbr>chanism-configurations/mechani<wbr>sm-realm-configurations<br>
<br>
mechanism-provider-filtering-s<wbr>asl-server-factory/filters<br>
<br>
ldap-realm/identity-mapping/at<wbr>tribute-mapping<br>
jdbc-realm/principal-query<br>
jdbc-realm/principal-query/att<wbr>ribute-mapping<br>
<br>
security-domain/realms<br>
<div class="m_1576853629476600739HOEnZb"><div class="m_1576853629476600739h5"><br>
On Fri, Mar 23, 2018 at 4:55 PM, Alexey Loubyansky<br>
<<a href="mailto:alexey.loubyansky@redhat.com" target="_blank">alexey.loubyansky@redhat.com</a>> wrote:<br>
> While this is addressed mainly to the Elytron team, it seems like we would<br>
> appreciate opinions from other colleagues since we are basically stuck<br>
> discussing possible ways to resolve<br>
> <a href="https://issues.jboss.org/browse/WFCORE-3596" rel="noreferrer" target="_blank">https://issues.jboss.org/brows<wbr>e/WFCORE-3596</a><br>
><br>
> The description in the jira is pretty brief assuming people know what that<br>
> is about, since it's been raised before multiple times. Here is what it is<br>
> about fundamentally.<br>
><br>
> If a configuration model (of a subsystem or any other component) includes a<br>
> list of configurable units (let's assume XML elements for simplicity) that<br>
> don't have any identity (unique id/name/path/etc) this is a big problem for<br>
> supporting patching and version updates preserving user configuration<br>
> changes. Or simply customizing the default config model using a tool. By a<br>
> big problem I mean it's simply not going to work reliably.<br>
><br>
> As a simple exercise that demonstrates the issue, imagine you have two<br>
> configs each of which includes a list of these configurable units that have<br>
> no identity. Now try to identify the difference between the two lists. Or<br>
> merge them with one overwriting the other. Basically components w/o an<br>
> identity can not be manipulated. You can only add them but not modify or<br>
> even remove (unless their index in the list is a constant value of course).<br>
><br>
> I don't think I've seen any issue of this kind in our (WF/EAP) configs<br>
> except for the Elytron's permission-mapping's. (If somebody knows such<br>
> components please let me know).<br>
> If I misunderstand the Elytron config model or approaching this from a wrong<br>
> angle, please let me know.<br>
><br>
> Question for the Elytron team: is the problem I am describing clear? Do you<br>
> admit it as a problem?<br>
><br>
> Thanks,<br>
> Alexey<br>
><br>
</div></div><div class="m_1576853629476600739HOEnZb"><div class="m_1576853629476600739h5">> ______________________________<wbr>_________________<br>
> wildfly-dev mailing list<br>
> <a href="mailto:wildfly-dev@lists.jboss.org" target="_blank">wildfly-dev@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/wildfly-dev" rel="noreferrer" target="_blank">https://lists.jboss.org/mailma<wbr>n/listinfo/wildfly-dev</a><br>
</div></div></blockquote></div><br></div></div>