Hi Martin,
thanks for the list. Right, some of those suffer from the same problem and
some seem to have an identity (not explicitly expressed since we don't have
a way to do that for a member of a complex type yet but once we do it won't
be a problem).
Ok, I had a hope we were going to address these relatively quick (given
that the issue was raised back in autumn). I don't see it happening next
month neither. So for now I am going to handle these kind of config
structures (i.e. lists of complex types) as atomic pieces (although
potentially big). They won't be mergeable during updates but one will be
replacing completely the other with the one coming in last winning.
In perspective though, I think this is going to remain a critical issue.
Thanks,
Alexey
On Mon, Mar 26, 2018 at 2:40 PM, Martin Choma <mchoma(a)redhat.com> wrote:
I run through Elytron subsystem and there are other
"suspicious"
resources [1]. How it is guaranteed name/id/path attributes of
collections are unique identifiers? On subsystem code level? Because
this information is not in the model, as far as I know.
Is it possible to declare compound unique-key? I mean for example to
say that for permission resource (class-name,module) tuple is unique
key.
[1]
configurable-sasl-server-factory/filters
configurable-http-server-mechanism-factory/filters
sasl-authentication-factory/mechanism-configurations
sasl-authentication-factory/mechanism-configurations/mechani
sm-realm-configurations
http-authentication-factory/mechanism-configurations
http-authentication-factory/mechanism-configurations/mechani
sm-realm-configurations
mechanism-provider-filtering-sasl-server-factory/filters
ldap-realm/identity-mapping/attribute-mapping
jdbc-realm/principal-query
jdbc-realm/principal-query/attribute-mapping
security-domain/realms
On Fri, Mar 23, 2018 at 4:55 PM, Alexey Loubyansky
<alexey.loubyansky(a)redhat.com> wrote:
> While this is addressed mainly to the Elytron team, it seems like we
would
> appreciate opinions from other colleagues since we are basically stuck
> discussing possible ways to resolve
>
https://issues.jboss.org/browse/WFCORE-3596
>
> The description in the jira is pretty brief assuming people know what
that
> is about, since it's been raised before multiple times. Here is what it
is
> about fundamentally.
>
> If a configuration model (of a subsystem or any other component)
includes a
> list of configurable units (let's assume XML elements for simplicity)
that
> don't have any identity (unique id/name/path/etc) this is a big problem
for
> supporting patching and version updates preserving user configuration
> changes. Or simply customizing the default config model using a tool. By
a
> big problem I mean it's simply not going to work reliably.
>
> As a simple exercise that demonstrates the issue, imagine you have two
> configs each of which includes a list of these configurable units that
have
> no identity. Now try to identify the difference between the two lists. Or
> merge them with one overwriting the other. Basically components w/o an
> identity can not be manipulated. You can only add them but not modify or
> even remove (unless their index in the list is a constant value of
course).
>
> I don't think I've seen any issue of this kind in our (WF/EAP) configs
> except for the Elytron's permission-mapping's. (If somebody knows such
> components please let me know).
> If I misunderstand the Elytron config model or approaching this from a
wrong
> angle, please let me know.
>
> Question for the Elytron team: is the problem I am describing clear? Do
you
> admit it as a problem?
>
> Thanks,
> Alexey
>
> _______________________________________________
> wildfly-dev mailing list
> wildfly-dev(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/wildfly-dev