Elytron, regex-name-validating-rewriter - 'match' attribute required and unclear description -------------------------------------------------------------------------------------------- Key: WFLY-7146 URL: https://issues.jboss.org/browse/WFLY-7146 Project: WildFly Issue Type: Bug Components: Security Reporter: Jan Kalina Assignee: Jan Kalina Priority: Minor Attribute 'match' is required when adding 'regex-name-validating-rewriter' although when reading the resource description via CLI, I can see that it has defined default value (true) and in [XSD file|https://github.com/wildfly-security/elytron-subsystem/blob/1.0.0.Alp...] it is not stated as a 'required'. Try: {code} /subsystem=elytron/regex-name-validating-rewriter=nameRewriter:add(pattern=".*") { "outcome" => "failed", "failure-description" => "WFLYCTL0172: match is required", "rolled-back" => true } {code} When you try to add also with 'match' attribute then rewriter is added successfully. Also - the 'match' attribute description in CLI is not quite clear: {code} /subsystem=elytron/regex-name-validating-rewriter=nameRewriter:read-resource-description ... "match" => { "type" => BOOLEAN, "description" => "Should names that match the pattern be rejected or names that don't", "expressions-allowed" => true, "nillable" => false, "default" => true, "access-type" => "read-write", "storage" => "configuration", "restart-required" => "resource-services" }, ... {code} After reading the description I still don't know what happens when pattern matches the name and value of 'match' attribute is set to 'true' - will it be rejected or not? Expected behaviour: # 'match' attribute to be arbitrary (or change XSD so it is in sync with model) # more clear description of 'match' attribute