[jboss-jira] [JBoss JIRA] (WFCORE-580) Recursive read-resource with include-runtime=true assumes all runtime singleton resources will be present.
Stuart Douglas (JIRA)
issues at jboss.org
Wed Apr 1 06:24:38 EDT 2015
[ https://issues.jboss.org/browse/WFCORE-580?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Stuart Douglas updated WFCORE-580:
----------------------------------
Fix Version/s: 1.0.0.CR1
(was: 1.0.0.Beta1)
> Recursive read-resource with include-runtime=true assumes all runtime singleton resources will be present.
> ----------------------------------------------------------------------------------------------------------
>
> Key: WFCORE-580
> URL: https://issues.jboss.org/browse/WFCORE-580
> Project: WildFly Core
> Issue Type: Bug
> Components: Domain Management
> Affects Versions: 1.0.0.Alpha19
> Reporter: Darran Lofthouse
> Assignee: Brian Stansberry
> Labels: affects_elytron
> Fix For: 1.0.0.CR1
>
>
> Take the following hierarchy: -
> keystore=xxx
> alias=yyy
> certificate-chain=default
> certificate-chain=x509
> keystore is a regular resource with storage=configuration.
> alias is a regular resource with storage=runtime
> certificate-chain=default and certificate-chain=x509 are regular resources with storage=runtime.
> So alias represents a single alias from a Java KeyStore, this may or may not have a certificate chain and it may be a default chain or it may be an x509 chain.
> The recursive read-resource is fine with regular resources such as alias as it has to rely on the underlying resource implementation to identify the instances that actually exist.
> For the singleton resources however the following method is called: -
> {code}
> org.jboss.as.controller.operations.global.GlobalOperationHandlers.getChildAddresses(OperationContext, PathAddress, ImmutableManagementResourceRegistration, Resource, String)
> {code}
> Within this method the following check takes place: -
> {code}
> if (resource != null && resource.hasChildren(childType)) {
> Set<String> childNames = resource.getChildrenNames(childType);
> if (element.isWildcard()) {
> set.addAll(childNames);
> } else if (childNames.contains(element.getValue())) {
> set.add(element.getValue());
> }
> {code}
> Up to this point all is fine, the children the resource claims are available are the only ones added.
> But further down this happens: -
> {code}
> if (!element.isWildcard()) {
> ImmutableManagementResourceRegistration childReg = registry.getSubModel(PathAddress.pathAddress(element));
> if (childReg != null && childReg.isRuntimeOnly()) {
> set.add(element.getValue());
> }
> }
> {code}
> So even though the resource was previously checked and missing children excluded they are now added back.
> The end result in this example is that the recursive read resource attempts to read for certificate-chain=default when it should only be reading for certificate-chain=x509 as already reported by the resource implementation.
> From a discussion in HipChat yesterday there was general agreement this behaviour seems to be wrong, however support for Proxied resources may be (incorrectly) dependent on this.
--
This message was sent by Atlassian JIRA
(v6.3.11#6341)
More information about the jboss-jira
mailing list