[jboss-jira] [JBoss JIRA] (WFCORE-1027) Inconsistent read-resource results with host scoped roles

Kabir Khan created WFCORE-1027: ---------------------------------- Summary: Inconsistent read-resource results with host scoped roles Key: WFCORE-1027 URL: https://issues.jboss.org/browse/WFCORE-1027 Project: WildFly Core Issue Type: Bug Components: Domain Management Affects Versions: 2.0.0.CR5 Reporter: Kabir Khan Assignee: Kabir Khan Fix For: 2.0.0.CR6 Setting up host scoped roles as follows https://gist.github.com/heiko-braun/0dc810ed04db8739defd there are inconsistent results in the filtering. When using a role which only selects the master there is no access-control response header showing the filtered resources, and the slave wrongly appears in the results: {code} [domain@localhost:9990 /] /host=*:read-resource{roles=master-monitor} { "outcome" => "success", "result" => [ { "address" => [("host" => "master")], "outcome" => "success", "result" => { "directory-grouping" => "by-server", "domain-controller" => {"local" => {}}, "management-major-version" => 4, "management-micro-version" => 0, "management-minor-version" => 0, "master" => true, "name" => "master", "namespaces" => [], "organization" => undefined, "product-name" => "WildFly Core", "product-version" => "2.0.0.CR6-SNAPSHOT", "release-codename" => "Kenny", "release-version" => "2.0.0.CR6-SNAPSHOT", "schema-locations" => [], "core-service" => { "host-environment" => undefined, "platform-mbean" => undefined, "management" => undefined, "discovery-options" => undefined, "ignored-resources" => undefined, "patching" => undefined, "module-loading" => undefined }, "extension" => {"org.jboss.as.jmx" => undefined}, "interface" => { "management" => undefined, "public" => undefined, "unsecure" => undefined }, "jvm" => {"default" => undefined}, "path" => undefined, "server" => { "server-one" => undefined, "server-two" => undefined, "server-three" => undefined }, "server-config" => { "server-one" => undefined, "server-two" => undefined, "server-three" => undefined }, "socket-binding-group" => undefined, "subsystem" => {"jmx" => undefined}, "system-property" => undefined } }, { "address" => [("host" => "localhost")], "outcome" => "success", "result" => undefined } ] } {code} When using a role that only selects the slave we get a proper access-control header {code} [domain@localhost:9990 /] /host=*:read-resource{roles=slave-maintainer} { "outcome" => "success", "result" => [{ "address" => [("host" => "localhost")], "outcome" => "success", "result" => undefined }], "response-headers" => {"access-control" => [{ "absolute-address" => [], "relative-address" => [], "filtered-children-types" => ["host"] }]} {code} The same output on master with WFCORE-994 applied: {code} [domain@localhost:9990 /] /host=*:read-resource{roles=slave-maintainer} { "outcome" => "success", "result" => [{ "address" => [("host" => "slave")], "outcome" => "success", "result" => { "directory-grouping" => "by-server", "domain-controller" => {"remote" => { "protocol" => undefined, "port" => undefined, "host" => undefined, "username" => undefined, "ignore-unused-configuration" => undefined, "admin-only-policy" => undefined, "security-realm" => "ManagementRealm" }}, "management-major-version" => 4, "management-micro-version" => 0, "management-minor-version" => 0, "master" => false, "name" => "slave", "namespaces" => [], "organization" => undefined, "product-name" => undefined, "product-version" => undefined, "release-codename" => "Kenny", "release-version" => "2.0.0.CR6-SNAPSHOT", "schema-locations" => [], "core-service" => { "host-environment" => undefined, "platform-mbean" => undefined, "management" => undefined, "discovery-options" => undefined, "ignored-resources" => undefined, "patching" => undefined, "module-loading" => undefined }, "extension" => {"org.jboss.as.jmx" => undefined}, "interface" => { "management" => undefined, "public" => undefined, "unsecure" => undefined }, "jvm" => {"default" => undefined}, "path" => undefined, "server" => { "server-one" => undefined, "server-two" => undefined }, "server-config" => { "server-one" => undefined, "server-two" => undefined }, "socket-binding-group" => undefined, "subsystem" => {"jmx" => undefined}, "system-property" => undefined } }], "response-headers" => {"access-control" => [{ "absolute-address" => [], "relative-address" => [], "filtered-children-types" => ["host"] }]} } {code} master-monitor should behave the same as slave-maintainer. -- This message was sent by Atlassian JIRA (v6.4.11#64026)