[JBoss JIRA] (WFCORE-3479) Deploying an empty deployment and adding content later fails in a composite
by Brian Stansberry (JIRA)
[ https://issues.jboss.org/browse/WFCORE-3479?page=com.atlassian.jira.plugi... ]
Brian Stansberry updated WFCORE-3479:
-------------------------------------
Fix Version/s: 5.0.0.Alpha1
(was: 4.0.0.CR1)
> Deploying an empty deployment and adding content later fails in a composite
> ---------------------------------------------------------------------------
>
> Key: WFCORE-3479
> URL: https://issues.jboss.org/browse/WFCORE-3479
> Project: WildFly Core
> Issue Type: Bug
> Components: Domain Management
> Affects Versions: 3.0.10.Final
> Reporter: Kabir Khan
> Assignee: ehsavoie Hugonnet
> Fix For: 5.0.0.Alpha1
>
>
> When adding mixed domain tests for EAP 7.1.0 I could not get the MixedDomainDeployment710TestCase.testExplodedDeployment() test to work. Comparing with the core domain ExplodedDeploymentTestCase.testInstallAndExplodeDeploymentOnDCFromScratch(), they both do the following:
> {code}
> 1) Create an empty deployment
> 2) Add some content to the deployment using input streams
> 3) Add the deployment to a server group
> {code}
> However, they differ in that ExplodedDeploymentTestCase does this as individual steps, while MixedDomainDeployment710TestCase does this in a composite. I have a branch at https://github.com/kabir/wildfly-core/tree/WFCORE-3479 which expands ExplodedDeploymentTestCase to demonstrate the problem.
> Going back to MixedDomainDeploymentTestCase, the testExplodedDeployment() test pushes the following composite to the DC:
> {code}
> {
> "operation" => "composite",
> "address" => [],
> "steps" => [
> {
> "operation" => "add",
> "address" => [("deployment" => "test.war")],
> "content" => [{"empty" => true}]
> },
> {
> "operation" => "add-content",
> "address" => [("deployment" => "test.war")],
> "content" => [
> {
> "target-path" => "index.html",
> "input-stream-index" => 0
> },
> {
> "target-path" => "index2.html",
> "input-stream-index" => 1
> }
> ]
> },
> {
> "operation" => "add",
> "address" => [
> ("server-group" => "other-server-group"),
> ("deployment" => "test.war")
> ],
> "enabled" => true
> },
> {
> "operation" => "add",
> "address" => [
> ("server-group" => "main-server-group"),
> ("deployment" => "test.war")
> ],
> "enabled" => true
> }
> ],
> "operation-headers" => {
> "caller-type" => "user",
> "access-mechanism" => "NATIVE",
> "domain-uuid" => "b016e0a3-4175-4f40-b6b9-779fc0fd1745",
> "execute-for-coordinator" => true
> }
> }
> {code}
> What ends up being pushed to the slave is:
> {code}
> {
> "operation" => "composite",
> "address" => [],
> "steps" => [
> {
> "operation" => "add",
> "address" => [("deployment" => "test.war")],
> "content" => [{
> "hash" => bytes {
> 0x8f, 0x7c, 0x8c, 0x80, 0x35, 0x88, 0x36, 0x16,
> 0x61, 0xfa, 0x0a, 0x10, 0x30, 0xf9, 0x13, 0x29,
> 0x04, 0x05, 0x9d, 0x82
> },
> "archive" => false
> }],
> "operation-headers" => {
> "caller-type" => "user",
> "access-mechanism" => "NATIVE",
> "domain-uuid" => "9f6d874e-24f8-41ec-a1d0-9c98509964fc"
> },
> "runtime-name" => undefined
> },
> {
> "operation" => "add-content",
> "address" => [("deployment" => "test.war")],
> "content" => [{
> "hash" => bytes {
> 0x52, 0x3a, 0x0a, 0x7b, 0x3b, 0xae, 0x1c, 0x67,
> 0x22, 0x51, 0xf6, 0x34, 0xb5, 0x3b, 0xe7, 0xf9,
> 0x78, 0x59, 0x91, 0x63
> },
> "target-path" => "."
> }],
> "operation-headers" => {
> "caller-type" => "user",
> "access-mechanism" => "NATIVE",
> "domain-uuid" => "9f6d874e-24f8-41ec-a1d0-9c98509964fc"
> },
> "path" => [
> "index.html",
> "index2.html"
> ]
> },
> {
> "operation" => "add",
> "address" => [
> ("server-group" => "other-server-group"),
> ("deployment" => "test.war")
> ],
> "enabled" => true
> },
> {
> "operation" => "add",
> "address" => [
> ("server-group" => "main-server-group"),
> ("deployment" => "test.war")
> ],
> "enabled" => true
> }
> ],
> "operation-headers" => {
> "caller-type" => "user",
> "access-mechanism" => "NATIVE",
> "domain-uuid" => "9f6d874e-24f8-41ec-a1d0-9c98509964fc",
> "execute-for-coordinator" => true
> }
> }
> {code}
> The error reported by the DC is:
> {code}
> {
> "outcome" => "failed",
> "result" => {
> "step-1" => {
> "outcome" => "failed",
> "rolled-back" => true
> },
> "step-2" => {
> "outcome" => "failed",
> "rolled-back" => true
> },
> "step-3" => {
> "outcome" => "failed",
> "rolled-back" => true
> },
> "step-4" => {
> "outcome" => "failed",
> "rolled-back" => true
> }
> },
> "failure-description" => {"WFLYDC0074: Operation failed or was rolled back on all servers. Server failures:" => {"server-group" => {"other-server-group" => {"host" => {"slave" => {"server-one" => {"WFLYCTL0062: Composite operation failed and was rolled back. Steps that failed:" => {"Operation step-1" => "WFLYCTL0216: Management resource '[(\"deployment\" => \"test.war\")]' not found"}}}}}}}},
> "rolled-back" => true,
> "server-groups" => {"other-server-group" => {"host" => {"slave" => {"server-one" => {"response" => {
> "outcome" => "failed",
> "result" => {
> "step-1" => {
> "outcome" => "failed",
> "failure-description" => "WFLYCTL0216: Management resource '[(\"deployment\" => \"test.war\")]' not found",
> "rolled-back" => true
> },
> "step-2" => {"outcome" => undefined}
> },
> "failure-description" => {"WFLYCTL0062: Composite operation failed and was rolled back. Steps that failed:" => {"Operation step-1" => "WFLYCTL0216: Management resource '[(\"deployment\" => \"test.war\")]' not found"}},
> "rolled-back" => true
> }}}}}}
> }
> {code}
> Having debugged the slave process a bit, I *believe* the following is what is passed to the servers by the slave HC:
> {code}
> {
> "operation" => "composite",
> "steps" => [
> {
> "operation" => "add-content",
> "address" => [("deployment" => "test.war")],
> "content" => [{
> "hash" => bytes {
> 0x52, 0x3a, 0x0a, 0x7b, 0x3b, 0xae, 0x1c, 0x67,
> 0x22, 0x51, 0xf6, 0x34, 0xb5, 0x3b, 0xe7, 0xf9,
> 0x78, 0x59, 0x91, 0x63
> },
> "target-path" => "."
> }],
> "operation-headers" => {
> "access-mechanism" => "NATIVE",
> "domain-uuid" => "2bd6c01d-a844-43fc-8d10-7d6e4c32e5b1"
> },
> "path" => [
> "index.html",
> "index2.html"
> ]
> },
> {
> "operation" => "add",
> "address" => [("deployment" => "test.war")],
> "enabled" => true,
> "operation-headers" => {
> "access-mechanism" => "NATIVE",
> "domain-uuid" => "2bd6c01d-a844-43fc-8d10-7d6e4c32e5b1"
> },
> "runtime-name" => "test.war",
> "content" => [{
> "hash" => bytes {
> 0x52, 0x3a, 0x0a, 0x7b, 0x3b, 0xae, 0x1c, 0x67,
> 0x22, 0x51, 0xf6, 0x34, 0xb5, 0x3b, 0xe7, 0xf9,
> 0x78, 0x59, 0x91, 0x63
> },
> "archive" => false
> }]
> }
> ],
> "operation-headers" => {
> "access-mechanism" => "NATIVE",
> "domain-uuid" => "2bd6c01d-a844-43fc-8d10-7d6e4c32e5b1"
> },
> "address" => []
> }
> {code}
> Note that 'add-content' now comes BEFORE 'add', which would explain the "Management resource '[(\"deployment\" => \"test.war\")]' not found".
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
6 years, 7 months
[JBoss JIRA] (WFCORE-3542) Elytron JDBC realm password mapping is not consistent with underlying implementation
by Brian Stansberry (JIRA)
[ https://issues.jboss.org/browse/WFCORE-3542?page=com.atlassian.jira.plugi... ]
Brian Stansberry updated WFCORE-3542:
-------------------------------------
Fix Version/s: 5.0.0.Alpha1
(was: 4.0.0.CR1)
> Elytron JDBC realm password mapping is not consistent with underlying implementation
> ------------------------------------------------------------------------------------
>
> Key: WFCORE-3542
> URL: https://issues.jboss.org/browse/WFCORE-3542
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: David Lloyd
> Assignee: Darran Lofthouse
> Fix For: 5.0.0.Alpha1
>
>
> There is no way to configure the JDBC realm to use modular crypt in WildFly, even though the underlying realm does support it.
> The problem is that the {{salt-index}} and {{itereration-count-index}} attributes should be optional, and if they not given, a value of {{-1}} should be passed to the mapper. By omitting both of these values, the database column values will then be recognized as modular-crypt strings.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
6 years, 7 months
[JBoss JIRA] (WFCORE-3382) Further Enhance Elytron Permission Configuration
by Brian Stansberry (JIRA)
[ https://issues.jboss.org/browse/WFCORE-3382?page=com.atlassian.jira.plugi... ]
Brian Stansberry updated WFCORE-3382:
-------------------------------------
Priority: Blocker (was: Major)
> Further Enhance Elytron Permission Configuration
> ------------------------------------------------
>
> Key: WFCORE-3382
> URL: https://issues.jboss.org/browse/WFCORE-3382
> Project: WildFly Core
> Issue Type: Feature Request
> Components: Security
> Reporter: Darran Lofthouse
> Priority: Blocker
> Fix For: 5.0.0.Alpha1
>
>
> This has currently been simplified to a single resource for the out of the box configuration, however this brings issues as now permissions are duplicated so modifications need to be replicated instead of to a single location.
> Finding a way for the default required permissions to be defined in one location could help eliminate the duplication.
> We could also consider going one step further and subsystems register the default permissions that should be granted.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
6 years, 7 months
[JBoss JIRA] (WFCORE-3181) Review CustomCredentialSecurityFactoryTestCase
by Brian Stansberry (JIRA)
[ https://issues.jboss.org/browse/WFCORE-3181?page=com.atlassian.jira.plugi... ]
Brian Stansberry updated WFCORE-3181:
-------------------------------------
Fix Version/s: (was: 4.0.0.CR1)
> Review CustomCredentialSecurityFactoryTestCase
> ----------------------------------------------
>
> Key: WFCORE-3181
> URL: https://issues.jboss.org/browse/WFCORE-3181
> Project: WildFly Core
> Issue Type: Bug
> Components: Security, Test Suite
> Reporter: Darran Lofthouse
>
> The test case CustomCredentialSecurityFactoryTestCase appears to be testing that the 'code does what it does' rather than testing the 'code is doing what it should'.
> The test is testing a custom credential security factory can be called but the test is using HTTP Basic authentication and relying on SPNEGO authentication being triggered as this is the only mechanism that currently uses this factory.
> Should a minor change be required to the SPNEGO authentication mechanism which affects when this credential factory is called this test case could subsequently fail.
> If possible it would be better to convert this test to be a SPNEGO test and then test the behaviour of the credential security factory affects the mechanism as expected.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
6 years, 7 months
[JBoss JIRA] (WFCORE-3382) Further Enhance Elytron Permission Configuration
by Brian Stansberry (JIRA)
[ https://issues.jboss.org/browse/WFCORE-3382?page=com.atlassian.jira.plugi... ]
Brian Stansberry updated WFCORE-3382:
-------------------------------------
Fix Version/s: 5.0.0.Alpha1
(was: 4.0.0.CR1)
> Further Enhance Elytron Permission Configuration
> ------------------------------------------------
>
> Key: WFCORE-3382
> URL: https://issues.jboss.org/browse/WFCORE-3382
> Project: WildFly Core
> Issue Type: Feature Request
> Components: Security
> Reporter: Darran Lofthouse
> Fix For: 5.0.0.Alpha1
>
>
> This has currently been simplified to a single resource for the out of the box configuration, however this brings issues as now permissions are duplicated so modifications need to be replicated instead of to a single location.
> Finding a way for the default required permissions to be defined in one location could help eliminate the duplication.
> We could also consider going one step further and subsystems register the default permissions that should be granted.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
6 years, 7 months
[JBoss JIRA] (WFCORE-2497) Convert *-authentication-factory resources to be child resources of security-domain
by Brian Stansberry (JIRA)
[ https://issues.jboss.org/browse/WFCORE-2497?page=com.atlassian.jira.plugi... ]
Brian Stansberry updated WFCORE-2497:
-------------------------------------
Fix Version/s: (was: 4.0.0.CR1)
> Convert *-authentication-factory resources to be child resources of security-domain
> -----------------------------------------------------------------------------------
>
> Key: WFCORE-2497
> URL: https://issues.jboss.org/browse/WFCORE-2497
> Project: WildFly Core
> Issue Type: Task
> Components: Security
> Reporter: Darran Lofthouse
>
> This is a good example of where child resources work.
> The authentication factory resources have a mandatory dependency on a single security domain.
> The configuration within the factory is related to it's security domain.
> There is only a single resource that can provide security domains.
> The behaviour of the parent is unaffected by the existence or configuration of the child.
> The parent and child manage their own services independently with the child's service depending on the parent's service.
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
6 years, 7 months