[jboss-jira] [JBoss JIRA] (WFCORE-3017) review key-store runtime-only operations available on profile resources

review key-store runtime-only operations available on profile resources ----------------------------------------------------------------------- Key: WFCORE-3017 URL: https://issues.jboss.org/browse/WFCORE-3017 Project: WildFly Core Issue Type: Bug Components: Domain Management, Security Affects Versions: 3.0.0.Beta27 Reporter: Jan Kalina Assignee: Jan Kalina Priority: Blocker Some /subsystem=elytron/key-store operations should probably be marked runtime-only. (edit: this is already part of JBEAP-11790) Their handlers extends ElytronRuntimeOnlyHandler and they don't seem to change anything in model. load store read-alias read-aliases remove-alias {code} [standalone@embedded /] /subsystem=elytron/key-store=aa:read-operation-description(name=load { "outcome" => "success", "result" => { "operation-name" => "load", "description" => "Load the KeyStore, if the KeyStore is file backed this will involve re-reading the contents of the file.", "request-properties" => {}, "reply-properties" => {}, "read-only" => false, "runtime-only" => false } } [standalone@embedded /] /subsystem=elytron/key-store=aa:read-operation-description(name=store { "outcome" => "success", "result" => { "operation-name" => "store", "description" => "Store the KeyStore to file, this operation will fail for any KeyStore instances not backed by a file. If the file does not exist and it was not flagged as required it will be created.", "request-properties" => {}, "reply-properties" => {}, "read-only" => false, "runtime-only" => false } } [standalone@embedded /] /subsystem=elytron/key-store=aa:read-operation-description(name=read-alias { "outcome" => "success", "result" => { "operation-name" => "read-alias", "description" => "Read an alias from a KeyStore.", "request-properties" => {"alias" => { "type" => STRING, "description" => "The alias of the KeyStore item to read.", "expressions-allowed" => false, "required" => true, "nillable" => false, "min-length" => 1L, "max-length" => 2147483647L }}, "reply-properties" => {}, "read-only" => true, "runtime-only" => false } } [standalone@embedded /] /subsystem=elytron/key-store=aa:read-operation-description(name=read-aliases { "outcome" => "success", "result" => { "operation-name" => "read-aliases", "description" => "Read aliases from a KeyStore.", "request-properties" => {}, "reply-properties" => {}, "read-only" => true, "runtime-only" => false } } [standalone@embedded /] /subsystem=elytron/key-store=aa:read-operation-description(name=remove-alias { "outcome" => "success", "result" => { "operation-name" => "remove-alias", "description" => "Remove an alias from a KeyStore.", "request-properties" => {"alias" => { "type" => STRING, "description" => "The alias of the KeyStore item to remove.", "expressions-allowed" => false, "required" => true, "nillable" => false, "min-length" => 1L, "max-length" => 2147483647L }}, "reply-properties" => {}, "read-only" => false, "runtime-only" => false } } {code} *Also I'm not sure whether they should be registered at /profile resources in domain as they are rolled out to servers (servers might try to write to file concurrently).* {code} [domain@localhost:9990 /] /profile=default/subsystem=elytron/key-store=test:store() { "outcome" => "failed", "result" => undefined, "failure-description" => {"WFLYDC0074: Operation failed or was rolled back on all servers. Server failures:" => {"server-group" => {"main-server-group" => {"host" => {"master" => { "server-one" => "WFLYELY00010: Unable to save KeyStore - KeyStore file '/tmp/test' does not exist.", "server-two" => "WFLYELY00010: Unable to save KeyStore - KeyStore file '/tmp/test' does not exist." }}}}}}, "rolled-back" => true, "server-groups" => {"main-server-group" => {"host" => {"master" => { "server-one" => {"response" => { "outcome" => "failed", "result" => undefined, "failure-description" => "WFLYELY00010: Unable to save KeyStore - KeyStore file '/tmp/test' does not exist.", "rolled-back" => true }}, "server-two" => {"response" => { "outcome" => "failed", "result" => undefined, "failure-description" => "WFLYELY00010: Unable to save KeyStore - KeyStore file '/tmp/test' does not exist.", "rolled-back" => true }} }}}} } {code} priority set to blocker to decide whether operations can be registered at profile resources. They can be added back later but they cannot be removed.