+1, in consideration of all the facts this seems like a better approach.
On 04/24/2017 12:54 PM, Darran Lofthouse wrote:
Moving away from resources to operations may make more sense -
especially for realms with large a number of identities.
On 24/04/17 18:44, Jan Kalina wrote:
> Darran, when consider mentioned problems (especially getting amount of
> all mbeans and other operations
> on mbeans, where we cannot filter runtime only things out) do we have
> same reason to represent identities as resources?
> (Using realm operations instead sounds reasonable.)
>
> On Mon, Apr 24, 2017 at 4:29 PM, Brian Stansberry
> <brian.stansberry(a)redhat.com <mailto:brian.stansberry@redhat.com>>
wrote:
>
> Here’s my last post again. For some reason my mail client decide to
> encrypt it when it resent it.
>
> > On Apr 23, 2017, at 7:31 AM, Brian Stansberry
> <brian.stansberry(a)redhat.com <mailto:brian.stansberry@redhat.com>>
> wrote:
> >
> >> On Apr 21, 2017, at 2:22 AM, Jan Kalina <jkalina(a)redhat.com
> <mailto:jkalina@redhat.com>> wrote:
> >>
> >> Not sure if it helps for JMX, but at least for management I see
> the core of the problem in obtaining
> >> children of node even through there is placeholder pushed into
> the operation result...
> >> It is something for which I dont see any reason - this should be
> possible to fix even without management behaviour change.
> >>
> >
> > There is a placeholder per address. Even if we made the
> placeholder objects go away, we have a requirement to list the child
> addresses that cannot be made to go away. The critical cost here is
> identifying those addresses, more so than manipulating the
> placeholder objects. Identifying those addresses means making a
> remote call to an LDAP server and iterating over possibly thousands
> of results.
> >
> >> Not experienced in JMX, but are not the same placeholders used
> here too? (if yes, it could be the same problem…)
> >>
> >
> > If we say an identity is a management resource, that means we can
> produce an mbean for it. And that means JMX ops like
> MBeanServer.getMBeanCount() need to access all of those resources,
> at a minimum to know their address.
> >
> > Why do these identities need to be represented as management
> resources?
> >
> >>
> >> On Thu, Apr 20, 2017 at 8:50 PM, Brian Stansberry
> <brian.stansberry(a)redhat.com <mailto:brian.stansberry@redhat.com>>
> wrote:
> >>
> >>> On Apr 20, 2017, at 12:22 PM, Brian Stansberry
> <brian.stansberry(a)redhat.com <mailto:brian.stansberry@redhat.com>>
> wrote:
> >>>
> >>> I know that internally it’s useful in a number of places to know
> what children a resource has even without knowing their details
> beyond their address. If it’s useful internally it seems like it
> could be useful to outside callers too. I don’t know if HAL uses it.
> >>>
> >>> Removing that data would be a breaking change in our responses.
> Perhaps we could consider it for the
> :read-resource(include-runtime=false) case since the user has
> explicitly said they want things excluded, but for non-recursive
> :read-resource() (i.e. include-runtime=true) that would be a bigger
> problem with no way for users to get the data without using
> recursive=true.
> >>>
> >>> Regardless of that, having management resources represent remote
> objects is problematic for JMX. All management resources, dynamic or
> not, are available via JMX. MBeanServerConnection.getMBeanCount()
> and various uses of queryNames and queryMBeans with ObjectName
> patterns as the param result in needing to access all these
> resources. I can’t find any JMX API that would make it easy for
> users to say “except the runtime-only ones” plus I think some users
> wouldn’t be interested in that kind of thing anyway. I’ve heard of
> general purpose agent tools that do this kind of thing.
> >>>
> >>> One thought I had as I wrote this is perhaps marking the
> resources as remote may help. I don’t believe we expose remote
> resources via JMX, and if we do that sounds like a bug. Up to now,
> ‘remote’ has been used for the resource for other WF processes in a
> managed domain, but perhaps the use of the concept could be expanded.
> >>>
> >>> So, we should look into ‘remote’ and maybe all this goes away. :)
> >>
> >> I poked a bit and while this may be an interesting thing to
> explore some day it’s not something practical for WF 11. The
> handling of ‘remote’ resource types is based on their being no
> Resource instances for them in the local resource tree, and then a
> special ManagementResourceRegistration is registered for each
> individual resource (/host=slave, /server=server-one etc) that
> proxies any operations addressed to that specific resource to a
> remote WildFly process. It’s not something applicable to other sorts
> of usage.
> >>
> >>>
> >>> If that doesnt’ pan out, I question why these things need to be
> modeled as resources. AFAICT they have no attributes and are just
> addresses against which operations can be executed. I don’t see much
> benefit in:
> >>>
> >>>
> /subsystem=elytron/ldap-realm=ldapRealm/identity=ldapUser:read-identity
> >>>
> >>> vs
> >>>
> >>>
/subsystem=elytron/ldap-realm=ldapRealm:read-identity(name=ldapUser)
> >>>
> >>> or
> >>>
> >>>
> /subsystem=elytron/ldap-realm=ldapRealm/identity=ldapUser:add(foo=bar,xyz=true)
> >>>
> >>> vs
> >>>
> >>>
>
/subsystem=elytron/ldap-realm=ldapRealm:add-identity(name=ldapUser,foo=bar,xyz=true)
> >>>
> >>> Modeling these as resources allows you to list the identities
> etc via things like read-resource, read-children-names, etc but
> that’s both a feature and a bug. ;) A list-identities op on the
> realm accomplishes much the same thing.
> >>>
> >>>
> >>>> On Apr 20, 2017, at 11:45 AM, Jan Kalina <jkalina(a)redhat.com
> <mailto:jkalina@redhat.com>> wrote:
> >>>>
> >>>> Hi,
> >>>> I am just checking how wildfly controller handle dynamic
> resources because
> >>>> issue (WFCORE-2691) where every recursive :read-resource (even
with
> >>>> include-runtime=false) asks parent resource for list of all
> dynamic (runtime only)
> >>>> children.
> >>>>
> >>>> For example query:
> >>>>
>
/subsystem=messaging-activemq:read-resource(include-runtime=false,recursive=true)
> >>>> will cause "server" resource (child of
messaging-activemq) is
> asked for list
> >>>> of all "core-address" (call
getChildren("core-address")), even
> trough they are not
> >>>> displayed as part of operation result - only blank placeholder
> is printed:
> >>>> "core-address" => undefined,
> >>>>
> >>>> This is problem especially in case of new Elytron resources
> which allow to browse
> >>>> user identities using AS model - every :read-resource on root
> or every AS boot
> >>>> currently causes iterating over all users/identities available
> in all concerned realms.
> >>>>
> >>>> Is this design problem?
> >>>> Is there some reason why should wildfly controller ask for all
> resource children
> >>>> even when they are ignored and not printed?
> >>>> What do you think about it? How should be resources with
> dynamic children handled?
> >>>>
> >>>> Thanks,
> >>>> Honza
> >>>> _______________________________________________
> >>>> wildfly-dev mailing list
> >>>> wildfly-dev(a)lists.jboss.org
<mailto:wildfly-dev@lists.jboss.org>
> >>>>
https://lists.jboss.org/mailman/listinfo/wildfly-dev
> <
https://lists.jboss.org/mailman/listinfo/wildfly-dev>
> >>>
> >>> --
> >>> Brian Stansberry
> >>> Manager, Senior Principal Software Engineer
> >>> JBoss by Red Hat
> >>>
> >>>
> >>>
> >>>
> >>> _______________________________________________
> >>> wildfly-dev mailing list
> >>> wildfly-dev(a)lists.jboss.org
<mailto:wildfly-dev@lists.jboss.org>
> >>>
https://lists.jboss.org/mailman/listinfo/wildfly-dev
> <
https://lists.jboss.org/mailman/listinfo/wildfly-dev>
> >>
> >> --
> >> Brian Stansberry
> >> Manager, Senior Principal Software Engineer
> >> JBoss by Red Hat
> >>
> >>
> >>
> >>
> >
> > --
> > Brian Stansberry
> > Manager, Senior Principal Software Engineer
> > JBoss by Red Hat
>
> --
> Brian Stansberry
> Manager, Senior Principal Software Engineer
> JBoss by Red Hat
>
>
>
>
_______________________________________________
wildfly-dev mailing list
wildfly-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/wildfly-dev