Verify that WFCORE-2923 fix is valid ------------------------------------- Key: WFCORE-2978 URL: https://issues.jboss.org/browse/WFCORE-2978 Project: WildFly Core Issue Type: Bug Components: Logging, Security Reporter: ehsavoie Hugonnet Assignee: ehsavoie Hugonnet Priority: Blocker [1:39 PM] Emmanuel Hugonnet: @BrianStansberry hi, could you take a look at https://github.com/wildfly/wildfly-core/pull/2514 [1:40 PM] Emmanuel Hugonnet: I've a bit of a doubt because i couldn't create a dependency on the credentialstore since auditlog handlers are not services [1:41 PM] Brian Stansberry: ok. it does seem a bit nasty because of that [1:41 PM] Brian Stansberry: at a glance [1:41 PM] Emmanuel Hugonnet: yes [1:41 PM] Brian Stansberry: a very quick glance [1:42 PM] Brian Stansberry: ah , but SyslogAuditLogHandler is not an OSH so I won't comment until I really understand :) [1:43 PM] Emmanuel Hugonnet: yes ;) [2:04 PM] Brian Stansberry: I don't think that will be reliable; there's no guarantee that store will be started [2:07 PM] Kabir Khan: I don't think the syslog handler tries to write until boot is done [2:07 PM] Kabir Khan: could it be possible to lazy init those suppliers? [2:11 PM] Emmanuel Hugonnet: I guess we would only need the attribute value and a serviceregistry [2:12 PM] Emmanuel Hugonnet: I'm wondering if this is not lazy per default [2:12 PM] Emmanuel Hugonnet: as the service is only called when the credential is required as far as I can see [2:13 PM] Brian Stansberry: yes, it is lazy [2:43 PM] Kabir Khan: @ehsavoie I think the problem @BrianStansberry mentions is whether the services have stabilised so the CR is ready by the time the syslog write happens [2:44 PM] Emmanuel Hugonnet: @KabirKhan yes but I don't have any service in the audit log tree to be able to require for the CR to be ready [2:45 PM] Kabir Khan: @ehsavoie I can try to discuss it on the pm call, perhaps we can do without it for the beta [2:47 PM] Emmanuel Hugonnet: or I could add a service to get this one on [2:48 PM] Emmanuel Hugonnet: a bit like what  is done for security realms [2:53 PM] Kabir Khan: That could be good for the future, but I think for Beta it should be ok as it is [2:57 PM] Brian Stansberry: @KabirKhan @ehsavoie +1 [2:57 PM] Brian Stansberry: I think it is fine at boot as no logging will happen until MSC has stabilized [2:57 PM] Brian Stansberry: and probably post boot too [2:57 PM] Emmanuel Hugonnet: well the boot test is ok [2:58 PM] Kabir Khan: but we should have a blocker jira to investigate whether our assumptions are correct [2:58 PM] Emmanuel Hugonnet: ok [2:58 PM] Brian Stansberry: the scenario is a management op adds the credential store and the syslog handler, and then the syslog handler wants to log before the store service is up [2:58 PM] Brian Stansberry: but, for audit logging we don't log until op commit/rollback [2:58 PM] Brian Stansberry: and by then MSC is going to be stablized [3:06 PM] Kabir Khan: that should be: 'we think we don't log', so that needs checking :)