[jboss-jira] [JBoss JIRA] (WFCORE-1027) Inconsistent read-resource results with host scoped roles
Kabir Khan (JIRA)
issues at jboss.org
Fri Oct 2 11:51:01 EDT 2015
[ https://issues.jboss.org/browse/WFCORE-1027?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kabir Khan updated WFCORE-1027:
-------------------------------
Fix Version/s: 2.0.0.CR7
(was: 2.0.0.CR6)
> Inconsistent read-resource results with host scoped roles
> ---------------------------------------------------------
>
> Key: WFCORE-1027
> URL: https://issues.jboss.org/browse/WFCORE-1027
> Project: WildFly Core
> Issue Type: Bug
> Components: Domain Management
> Affects Versions: 2.0.0.CR5
> Reporter: Kabir Khan
> Assignee: Kabir Khan
> Fix For: 2.0.0.CR7
>
>
> Setting up host scoped roles as follows https://gist.github.com/heiko-braun/0dc810ed04db8739defd there are inconsistent results in the filtering. When using a role which only selects the master there is no access-control response header showing the filtered resources, and the slave wrongly appears in the results:
> {code}
> [domain at localhost:9990 /] /host=*:read-resource{roles=master-monitor}
> {
> "outcome" => "success",
> "result" => [
> {
> "address" => [("host" => "master")],
> "outcome" => "success",
> "result" => {
> "directory-grouping" => "by-server",
> "domain-controller" => {"local" => {}},
> "management-major-version" => 4,
> "management-micro-version" => 0,
> "management-minor-version" => 0,
> "master" => true,
> "name" => "master",
> "namespaces" => [],
> "organization" => undefined,
> "product-name" => "WildFly Core",
> "product-version" => "2.0.0.CR6-SNAPSHOT",
> "release-codename" => "Kenny",
> "release-version" => "2.0.0.CR6-SNAPSHOT",
> "schema-locations" => [],
> "core-service" => {
> "host-environment" => undefined,
> "platform-mbean" => undefined,
> "management" => undefined,
> "discovery-options" => undefined,
> "ignored-resources" => undefined,
> "patching" => undefined,
> "module-loading" => undefined
> },
> "extension" => {"org.jboss.as.jmx" => undefined},
> "interface" => {
> "management" => undefined,
> "public" => undefined,
> "unsecure" => undefined
> },
> "jvm" => {"default" => undefined},
> "path" => undefined,
> "server" => {
> "server-one" => undefined,
> "server-two" => undefined,
> "server-three" => undefined
> },
> "server-config" => {
> "server-one" => undefined,
> "server-two" => undefined,
> "server-three" => undefined
> },
> "socket-binding-group" => undefined,
> "subsystem" => {"jmx" => undefined},
> "system-property" => undefined
> }
> },
> {
> "address" => [("host" => "localhost")],
> "outcome" => "success",
> "result" => undefined
> }
> ]
> }
> {code}
> When using a role that only selects the slave we get a proper access-control header
> {code}
> [domain at localhost:9990 /] /host=*:read-resource{roles=slave-maintainer}
> {
> "outcome" => "success",
> "result" => [{
> "address" => [("host" => "localhost")],
> "outcome" => "success",
> "result" => undefined
> }],
> "response-headers" => {"access-control" => [{
> "absolute-address" => [],
> "relative-address" => [],
> "filtered-children-types" => ["host"]
> }]}
> {code}
> The same output on master with WFCORE-994 applied:
> {code}
> [domain at localhost:9990 /] /host=*:read-resource{roles=slave-maintainer}
> {
> "outcome" => "success",
> "result" => [{
> "address" => [("host" => "slave")],
> "outcome" => "success",
> "result" => {
> "directory-grouping" => "by-server",
> "domain-controller" => {"remote" => {
> "protocol" => undefined,
> "port" => undefined,
> "host" => undefined,
> "username" => undefined,
> "ignore-unused-configuration" => undefined,
> "admin-only-policy" => undefined,
> "security-realm" => "ManagementRealm"
> }},
> "management-major-version" => 4,
> "management-micro-version" => 0,
> "management-minor-version" => 0,
> "master" => false,
> "name" => "slave",
> "namespaces" => [],
> "organization" => undefined,
> "product-name" => undefined,
> "product-version" => undefined,
> "release-codename" => "Kenny",
> "release-version" => "2.0.0.CR6-SNAPSHOT",
> "schema-locations" => [],
> "core-service" => {
> "host-environment" => undefined,
> "platform-mbean" => undefined,
> "management" => undefined,
> "discovery-options" => undefined,
> "ignored-resources" => undefined,
> "patching" => undefined,
> "module-loading" => undefined
> },
> "extension" => {"org.jboss.as.jmx" => undefined},
> "interface" => {
> "management" => undefined,
> "public" => undefined,
> "unsecure" => undefined
> },
> "jvm" => {"default" => undefined},
> "path" => undefined,
> "server" => {
> "server-one" => undefined,
> "server-two" => undefined
> },
> "server-config" => {
> "server-one" => undefined,
> "server-two" => undefined
> },
> "socket-binding-group" => undefined,
> "subsystem" => {"jmx" => undefined},
> "system-property" => undefined
> }
> }],
> "response-headers" => {"access-control" => [{
> "absolute-address" => [],
> "relative-address" => [],
> "filtered-children-types" => ["host"]
> }]}
> }
> {code}
> master-monitor should behave the same as slave-maintainer.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list