[jboss-jira] [JBoss JIRA] (WFLY-8878) management/security-realm/authentication/users has required "value" attribute, but there is now credential-reference too and there is no way how to update existing resource to use another option.
Hynek Švábek (JIRA)
issues at jboss.org
Fri Jun 2 07:45:03 EDT 2017
[ https://issues.jboss.org/browse/WFLY-8878?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Hynek Švábek updated WFLY-8878:
-------------------------------
Description:
management/security-realm/authentication/users has required "value" attribute, but there is now credential-reference too and there is no way how to update existing resource to use another option.
"Value" and credential-reference are mutually exclusive and one of them must be set.
*There must be a way how to update existing management/security-realm/authentication/users for change "value" to credential-reference and vice versa.*
*Scenario*
Prerequisites
{code:collapse}
[standalone at localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=properties:remove()
[standalone at localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users:add()
{code}
Add new user with password
{code}
[standalone at localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users/user=pepa:add(password=testpassword)
{"outcome" => "success"}
{code}
Change password to credential-reference
{code}
[standalone at localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users/user=pepa:undefine-attribute(name=password)
{
"outcome" => "failed",
"failure-description" => "WFLYCTL0172: password is required",
"rolled-back" => true
}
[standalone at localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users/user=pepa:write-attribute(name=credential-reference, value={clear-text=password123})
{
"outcome" => "failed",
"failure-description" => "WFLYCTL0105: password is invalid in combination with credential-reference",
"rolled-back" => true
}
{code}
*read-resource-description*
{code:collapse}
[standalone at localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users:read-resource-description
{
"outcome" => "success",
"result" => {
"description" => "Configuration to use a list users stored directly within the standalone.xml or host.xml configuration file as the user repository.",
"deprecated" => {
"since" => "1.7.0",
"reason" => "The security-realm configuration is deprecated and may be removed or moved in future versions."
},
"access-constraints" => {"sensitive" => {"security-realm" => {"type" => "core"}}},
"attributes" => {},
"operations" => undefined,
"notifications" => undefined,
"children" => {"user" => {
"description" => "An authorized user.",
"model-description" => undefined
}}
}
}
[standalone at localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users:read-resource-description(recursive=true
{
"outcome" => "success",
"result" => {
"description" => "Configuration to use a list users stored directly within the standalone.xml or host.xml configuration file as the user repository.",
"deprecated" => {
"since" => "1.7.0",
"reason" => "The security-realm configuration is deprecated and may be removed or moved in future versions."
},
"access-constraints" => {"sensitive" => {"security-realm" => {"type" => "core"}}},
"attributes" => {},
"operations" => undefined,
"notifications" => undefined,
"children" => {"user" => {
"description" => "An authorized user.",
"model-description" => {"*" => {
"description" => "An authorized user.",
"deprecated" => {
"since" => "1.7.0",
"reason" => "The security-realm configuration is deprecated and may be removed or moved in future versions."
},
"access-constraints" => {"sensitive" => {"security-realm" => {"type" => "core"}}},
"attributes" => {
"credential-reference" => {
"type" => OBJECT,
"description" => "The reference to credential for the password stored in CredentialStore under defined alias or clear text password.",
"expressions-allowed" => false,
"required" => false,
"nillable" => true,
"alternatives" => ["value"],
"access-constraints" => {"sensitive" => {"credential" => {"type" => "core"}}},
"value-type" => {
"store" => {
"type" => STRING,
"description" => "The name of the credential store holding the alias to credential.",
"expressions-allowed" => false,
"required" => false,
"nillable" => true,
"alternatives" => ["clear-text"],
"requires" => ["alias"],
"min-length" => 1L,
"max-length" => 2147483647L
},
"alias" => {
"type" => STRING,
"description" => "The alias which denotes stored secret or credential in the store.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"requires" => ["store"],
"min-length" => 1L,
"max-length" => 2147483647L
},
"type" => {
"type" => STRING,
"description" => "The type of credential this reference is denoting.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"clear-text" => {
"type" => STRING,
"description" => "Secret specified using clear text. Check credential store way of supplying credential/secrets to services.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"alternatives" => ["store"],
"min-length" => 1L,
"max-length" => 2147483647L
}
},
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
},
"password" => {
"type" => STRING,
"description" => "The user's password.",
"expressions-allowed" => true,
"required" => true,
"nillable" => true,
"alternatives" => ["credential-reference"],
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
}}
}
}
{code}
was:
management/security-realm/authentication/users has required "value" attribute, but there is now credential-reference too and there is no way how to update existing resource to you another option.
"Value" and credential-reference are mutually exclusive and one of them must be set.
*There must be a way how to update existing management/security-realm/authentication/users for change "value" to credential-reference and vice versa.*
*Scenario*
Prerequisites
{code:collapse}
[standalone at localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=properties:remove()
[standalone at localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users:add()
{code}
Add new user with password
{code}
[standalone at localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users/user=pepa:add(password=testpassword)
{"outcome" => "success"}
{code}
Change password to credential-reference
{code}
[standalone at localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users/user=pepa:undefine-attribute(name=password)
{
"outcome" => "failed",
"failure-description" => "WFLYCTL0172: password is required",
"rolled-back" => true
}
[standalone at localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users/user=pepa:write-attribute(name=credential-reference, value={clear-text=password123})
{
"outcome" => "failed",
"failure-description" => "WFLYCTL0105: password is invalid in combination with credential-reference",
"rolled-back" => true
}
{code}
*read-resource-description*
{code:collapse}
[standalone at localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users:read-resource-description
{
"outcome" => "success",
"result" => {
"description" => "Configuration to use a list users stored directly within the standalone.xml or host.xml configuration file as the user repository.",
"deprecated" => {
"since" => "1.7.0",
"reason" => "The security-realm configuration is deprecated and may be removed or moved in future versions."
},
"access-constraints" => {"sensitive" => {"security-realm" => {"type" => "core"}}},
"attributes" => {},
"operations" => undefined,
"notifications" => undefined,
"children" => {"user" => {
"description" => "An authorized user.",
"model-description" => undefined
}}
}
}
[standalone at localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users:read-resource-description(recursive=true
{
"outcome" => "success",
"result" => {
"description" => "Configuration to use a list users stored directly within the standalone.xml or host.xml configuration file as the user repository.",
"deprecated" => {
"since" => "1.7.0",
"reason" => "The security-realm configuration is deprecated and may be removed or moved in future versions."
},
"access-constraints" => {"sensitive" => {"security-realm" => {"type" => "core"}}},
"attributes" => {},
"operations" => undefined,
"notifications" => undefined,
"children" => {"user" => {
"description" => "An authorized user.",
"model-description" => {"*" => {
"description" => "An authorized user.",
"deprecated" => {
"since" => "1.7.0",
"reason" => "The security-realm configuration is deprecated and may be removed or moved in future versions."
},
"access-constraints" => {"sensitive" => {"security-realm" => {"type" => "core"}}},
"attributes" => {
"credential-reference" => {
"type" => OBJECT,
"description" => "The reference to credential for the password stored in CredentialStore under defined alias or clear text password.",
"expressions-allowed" => false,
"required" => false,
"nillable" => true,
"alternatives" => ["value"],
"access-constraints" => {"sensitive" => {"credential" => {"type" => "core"}}},
"value-type" => {
"store" => {
"type" => STRING,
"description" => "The name of the credential store holding the alias to credential.",
"expressions-allowed" => false,
"required" => false,
"nillable" => true,
"alternatives" => ["clear-text"],
"requires" => ["alias"],
"min-length" => 1L,
"max-length" => 2147483647L
},
"alias" => {
"type" => STRING,
"description" => "The alias which denotes stored secret or credential in the store.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"requires" => ["store"],
"min-length" => 1L,
"max-length" => 2147483647L
},
"type" => {
"type" => STRING,
"description" => "The type of credential this reference is denoting.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"min-length" => 1L,
"max-length" => 2147483647L
},
"clear-text" => {
"type" => STRING,
"description" => "Secret specified using clear text. Check credential store way of supplying credential/secrets to services.",
"expressions-allowed" => true,
"required" => false,
"nillable" => true,
"alternatives" => ["store"],
"min-length" => 1L,
"max-length" => 2147483647L
}
},
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
},
"password" => {
"type" => STRING,
"description" => "The user's password.",
"expressions-allowed" => true,
"required" => true,
"nillable" => true,
"alternatives" => ["credential-reference"],
"min-length" => 1L,
"max-length" => 2147483647L,
"access-type" => "read-write",
"storage" => "configuration",
"restart-required" => "no-services"
}
},
"operations" => undefined,
"notifications" => undefined,
"children" => {}
}}
}}
}
}
{code}
> management/security-realm/authentication/users has required "value" attribute, but there is now credential-reference too and there is no way how to update existing resource to use another option.
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: WFLY-8878
> URL: https://issues.jboss.org/browse/WFLY-8878
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Reporter: Hynek Švábek
> Assignee: Darran Lofthouse
> Priority: Blocker
>
> management/security-realm/authentication/users has required "value" attribute, but there is now credential-reference too and there is no way how to update existing resource to use another option.
> "Value" and credential-reference are mutually exclusive and one of them must be set.
> *There must be a way how to update existing management/security-realm/authentication/users for change "value" to credential-reference and vice versa.*
> *Scenario*
> Prerequisites
> {code:collapse}
> [standalone at localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=properties:remove()
> [standalone at localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users:add()
> {code}
> Add new user with password
> {code}
> [standalone at localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users/user=pepa:add(password=testpassword)
> {"outcome" => "success"}
> {code}
> Change password to credential-reference
> {code}
> [standalone at localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users/user=pepa:undefine-attribute(name=password)
> {
> "outcome" => "failed",
> "failure-description" => "WFLYCTL0172: password is required",
> "rolled-back" => true
> }
> [standalone at localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users/user=pepa:write-attribute(name=credential-reference, value={clear-text=password123})
> {
> "outcome" => "failed",
> "failure-description" => "WFLYCTL0105: password is invalid in combination with credential-reference",
> "rolled-back" => true
> }
> {code}
> *read-resource-description*
> {code:collapse}
> [standalone at localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users:read-resource-description
> {
> "outcome" => "success",
> "result" => {
> "description" => "Configuration to use a list users stored directly within the standalone.xml or host.xml configuration file as the user repository.",
> "deprecated" => {
> "since" => "1.7.0",
> "reason" => "The security-realm configuration is deprecated and may be removed or moved in future versions."
> },
> "access-constraints" => {"sensitive" => {"security-realm" => {"type" => "core"}}},
> "attributes" => {},
> "operations" => undefined,
> "notifications" => undefined,
> "children" => {"user" => {
> "description" => "An authorized user.",
> "model-description" => undefined
> }}
> }
> }
> [standalone at localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users:read-resource-description(recursive=true
> {
> "outcome" => "success",
> "result" => {
> "description" => "Configuration to use a list users stored directly within the standalone.xml or host.xml configuration file as the user repository.",
> "deprecated" => {
> "since" => "1.7.0",
> "reason" => "The security-realm configuration is deprecated and may be removed or moved in future versions."
> },
> "access-constraints" => {"sensitive" => {"security-realm" => {"type" => "core"}}},
> "attributes" => {},
> "operations" => undefined,
> "notifications" => undefined,
> "children" => {"user" => {
> "description" => "An authorized user.",
> "model-description" => {"*" => {
> "description" => "An authorized user.",
> "deprecated" => {
> "since" => "1.7.0",
> "reason" => "The security-realm configuration is deprecated and may be removed or moved in future versions."
> },
> "access-constraints" => {"sensitive" => {"security-realm" => {"type" => "core"}}},
> "attributes" => {
> "credential-reference" => {
> "type" => OBJECT,
> "description" => "The reference to credential for the password stored in CredentialStore under defined alias or clear text password.",
> "expressions-allowed" => false,
> "required" => false,
> "nillable" => true,
> "alternatives" => ["value"],
> "access-constraints" => {"sensitive" => {"credential" => {"type" => "core"}}},
> "value-type" => {
> "store" => {
> "type" => STRING,
> "description" => "The name of the credential store holding the alias to credential.",
> "expressions-allowed" => false,
> "required" => false,
> "nillable" => true,
> "alternatives" => ["clear-text"],
> "requires" => ["alias"],
> "min-length" => 1L,
> "max-length" => 2147483647L
> },
> "alias" => {
> "type" => STRING,
> "description" => "The alias which denotes stored secret or credential in the store.",
> "expressions-allowed" => true,
> "required" => false,
> "nillable" => true,
> "requires" => ["store"],
> "min-length" => 1L,
> "max-length" => 2147483647L
> },
> "type" => {
> "type" => STRING,
> "description" => "The type of credential this reference is denoting.",
> "expressions-allowed" => true,
> "required" => false,
> "nillable" => true,
> "min-length" => 1L,
> "max-length" => 2147483647L
> },
> "clear-text" => {
> "type" => STRING,
> "description" => "Secret specified using clear text. Check credential store way of supplying credential/secrets to services.",
> "expressions-allowed" => true,
> "required" => false,
> "nillable" => true,
> "alternatives" => ["store"],
> "min-length" => 1L,
> "max-length" => 2147483647L
> }
> },
> "access-type" => "read-write",
> "storage" => "configuration",
> "restart-required" => "no-services"
> },
> "password" => {
> "type" => STRING,
> "description" => "The user's password.",
> "expressions-allowed" => true,
> "required" => true,
> "nillable" => true,
> "alternatives" => ["credential-reference"],
> "min-length" => 1L,
> "max-length" => 2147483647L,
> "access-type" => "read-write",
> "storage" => "configuration",
> "restart-required" => "no-services"
> }
> },
> "operations" => undefined,
> "notifications" => undefined,
> "children" => {}
> }}
> }}
> }
> }
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list