[Red Hat JIRA] (WFCORE-4516) Allow server-identities expression resolution to support Base64 encoded system properties.

Monday, 11 January 2021

    [
https://issues.redhat.com/browse/WFCORE-4516?page=com.atlassian.jira.plug...
] 

Brian Stansberry commented on WFCORE-4516:
------------------------------------------

I also don't think we should change anything other that the free form text of an
attribute, and perhaps some docs if that text is driving any docs.

The existing code is designed to handle two cases – Base64 encoded text or an expression
which resolves to plain text. AFAICT this works fine. What doesn't work is using an
expression that resolves to Base64 encoded text. I don't think we should try and make
that work, as there is a tiny chance of it breaking people, and discussion on
https://github.com/wildfly/wildfly-core/pull/3814 leads me to believe Darran Lofthouse is
not looking to change the functionality of these legacy resources either.

We should not say that expressions are not allowed because they work fine if the
expression resolves to a valid plain text password.

We should change
https://github.com/wildfly/wildfly-core/blob/master/controller/src/main/r...

to say

core.management.security-realm.server-identity.secret.value=The secret / password - Base64
encoded text or an expression that resolves to the plain text value.

The fact the current text doesn't say that is a bug, as that's how the software
works.

...
 Allow server-identities expression resolution to support Base64
encoded system properties.

------------------------------------------------------------------------------------------

                 Key: WFCORE-4516
                 URL: https://issues.redhat.com/browse/WFCORE-4516
             Project: WildFly Core
          Issue Type: Feature Request
          Components: Management, Security
            Reporter: Indrajit Ingawale
            Priority: Major

 The expression for secret value under server-identities in test-security-realm does not
work , even though it shows "expressions-allowed" to true like below .
 ----------------------------
 [standalone@localhost:9990 /]
/core-service=management/security-realm=test-security-realm/server-identity=secret:read-resource-description()
 {
 "outcome" => "success",
 .
 .
 "attributes" =>
 {. . . . . }
 ,
 "value" =>
 { "type" => STRING, "description" => "The secret /
password - Base64 Encoded.", "expressions-allowed" => true,
"required" => true, "nillable" => true, "alternatives"
=> ["credential-reference"], "min-length" => 1L,
"max-length" => 2147483647L, "access-type" =>
"read-write", "storage" => "configuration",
"restart-required" => "no-services" }
 },
 "operations" => undefined,
 "notifications" => undefined,
 "children" => {}
 }
 }
 ---------------------------- 

--
This message was sent by Atlassian Jira
(v8.13.1#813001)

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006