]
Brian Stansberry commented on WFCORE-3677:
------------------------------------------
[~claudio4j] Have you discussed with [~jdenise] how the CLI uses this overall API? As you
noted, CLI tab completion works correctly. I don't see anything wrong with the
response you posted for the
"/host=master/core-service=capability-registry:get-provider-points(name="org.wildfly.security.key-store")"
op, as that op is not providing any information to the server to let it filter its
response. (The /host=master part of the request does not imply filtering. The capability
registry maintained by the host; there is no domain-wide capability registry. The
host=master is just part of the address of the registry.)
I think there's probably some alternative API. (Sorry, I'm passing this off to
Jeff rather than looking it up.)
I believe there might already be a JIRA about stripping irrelevant provider points out of
the failure message.
get-provider-points return /profile addresses for host level
resources
----------------------------------------------------------------------
Key: WFCORE-3677
URL:
https://issues.jboss.org/browse/WFCORE-3677
Project: WildFly Core
Issue Type: Enhancement
Components: Domain Management
Reporter: Claudio Miranda
Assignee: Darran Lofthouse
Priority: Minor
key-manager resource at /host=master/subsystem=elytron/key-manager=*
contains the "key-store" attribute, which has a
"capability-reference" => "org.wildfly.security.key-store"
get-provider-points returns /profile addresses that should not be a valid reference for a
host level resource
{code}
/host=master/core-service=capability-registry:get-provider-points(name="org.wildfly.security.key-store")
{
"outcome" => "success",
"result" => [
"/host=master/subsystem=elytron/key-store=*",
"/host=master/subsystem=elytron/ldap-key-store=*",
"/host=master/subsystem=elytron/filtering-key-store=*",
"/profile=*/subsystem=elytron/key-store=*",
"/profile=*/subsystem=elytron/ldap-key-store=*",
"/profile=*/subsystem=elytron/filtering-key-store=*",
"/profile=*/subsystem=security/elytron-key-store=*",
"/profile=*/subsystem=security/elytron-trust-store=*"
]
}
{code}
A test case
{code}
/profile=full/subsystem=elytron/key-store=ks_full:add(credential-reference={clear-text=senha},type=JKS)
/host=master/subsystem=elytron/key-manager=my_km:add(key-store=ks_full,credential-reference={clear-text=senha})
{
"outcome" => "failed",
"result" => {},
"failure-description" => {"host-failure-descriptions" =>
{"master" => "WFLYCTL0369: Required capabilities are not available:
org.wildfly.security.key-store.ks_full in context 'host'; Possible
registration points for this capability:
/host=master/subsystem=elytron/key-store=*
/host=master/subsystem=elytron/ldap-key-store=*
/host=master/subsystem=elytron/filtering-key-store=*
/profile=*/subsystem=elytron/key-store=*
/profile=*/subsystem=elytron/ldap-key-store=*
/profile=*/subsystem=elytron/filtering-key-store=*
/profile=*/subsystem=security/elytron-key-store=*
/profile=*/subsystem=security/elytron-trust-store=*"}},
"rolled-back" => true
}
{code}
The returned addresses in the error message should contains only valid addresses.
side note: CLI code completion works correctly in not showing resources from /profile
addresses.
/host=master/subsystem=elytron/key-manager=my_km:add(key-store=<tab>