[JBoss JIRA] (WFCORE-3677) get-provider-points return /profile addresses for host level resources

Tuesday, 13 March 2018

    [
https://issues.jboss.org/browse/WFCORE-3677?page=com.atlassian.jira.plugi...
] 

Jean-Francois Denise commented on WFCORE-3677:
----------------------------------------------

[~claudio4j], the CLI, in domain mode query the registry of the local-host-name if no host
is present in the address. Otherwise it queries the registry of the host present in the
address.
For ex: /profile=default/subsystem=elytron/... ==> /host=<value of local-host-name
attribute>/core-service=capability

When querying the registry (suggest-capabilities), the CLI provides the dependent-address
argument. This argument is the address of the capability consumer. 
For example, when completion occurs:
(/profile=default/subsystem=elytron/key-manager=xxx:add(key-store=<TAB>) the
following request is sent to the registry:
/host=master/core-service=capability-registry:suggest-capabilities(name=org.wildfly.security.key-store,
dependent-address=[{profile=default},{subsystem=elytron},{key-manager=xxx}])

The capability has the logic to only return the subset of capabilities reachable from the
dependent-address. So if you add a key-store to a profile, it will be visible from
key-manager added to this profile. If you add a key-store in a given host, it will be only
visible when adding a key-manager in this host.

...
 get-provider-points return /profile addresses for host level
resources
 ----------------------------------------------------------------------

                 Key: WFCORE-3677
                 URL: https://issues.jboss.org/browse/WFCORE-3677
             Project: WildFly Core
          Issue Type: Enhancement
          Components: Domain Management
            Reporter: Claudio Miranda
            Assignee: Darran Lofthouse
            Priority: Minor

 key-manager resource at /host=master/subsystem=elytron/key-manager=*
 contains the "key-store" attribute, which has a
"capability-reference" => "org.wildfly.security.key-store"
 get-provider-points returns /profile addresses that should not be a valid reference for a
host level resource
 {code}

/host=master/core-service=capability-registry:get-provider-points(name="org.wildfly.security.key-store")
 {
     "outcome" => "success",
     "result" => [
         "/host=master/subsystem=elytron/key-store=*",
         "/host=master/subsystem=elytron/ldap-key-store=*",
         "/host=master/subsystem=elytron/filtering-key-store=*",
         "/profile=*/subsystem=elytron/key-store=*",
         "/profile=*/subsystem=elytron/ldap-key-store=*",
         "/profile=*/subsystem=elytron/filtering-key-store=*",
         "/profile=*/subsystem=security/elytron-key-store=*",
         "/profile=*/subsystem=security/elytron-trust-store=*"
     ]
 }
 {code}
 A test case
 {code}

/profile=full/subsystem=elytron/key-store=ks_full:add(credential-reference={clear-text=senha},type=JKS)

/host=master/subsystem=elytron/key-manager=my_km:add(key-store=ks_full,credential-reference={clear-text=senha})
 {
     "outcome" => "failed",
     "result" => {},
     "failure-description" => {"host-failure-descriptions" =>
{"master" => "WFLYCTL0369: Required capabilities are not available:
     org.wildfly.security.key-store.ks_full in context 'host'; Possible
registration points for this capability: 
                 /host=master/subsystem=elytron/key-store=*
                 /host=master/subsystem=elytron/ldap-key-store=*
                 /host=master/subsystem=elytron/filtering-key-store=*
                 /profile=*/subsystem=elytron/key-store=*
                 /profile=*/subsystem=elytron/ldap-key-store=*
                 /profile=*/subsystem=elytron/filtering-key-store=*
                 /profile=*/subsystem=security/elytron-key-store=*
                 /profile=*/subsystem=security/elytron-trust-store=*"}},
     "rolled-back" => true
 }
 {code}
 The returned addresses in the error message should contains only valid addresses.
 side note: CLI code completion works correctly in not showing resources from /profile
addresses.
 /host=master/subsystem=elytron/key-manager=my_km:add(key-store=<tab> 

--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006