[jboss-jira] [JBoss JIRA] (WFCORE-3017) review key-store runtime-only operations available on profile resources
Jan Kalina (JIRA)
issues at jboss.org
Tue Jun 27 09:51:00 EDT 2017
[ https://issues.jboss.org/browse/WFCORE-3017?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jan Kalina moved JBEAP-11810 to WFCORE-3017:
--------------------------------------------
Project: WildFly Core (was: JBoss Enterprise Application Platform)
Key: WFCORE-3017 (was: JBEAP-11810)
Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1)
Component/s: Domain Management
Security
(was: Domain Management)
(was: Security)
Affects Version/s: 3.0.0.Beta27
(was: 7.1.0.ER1)
> review key-store runtime-only operations available on profile resources
> -----------------------------------------------------------------------
>
> Key: WFCORE-3017
> URL: https://issues.jboss.org/browse/WFCORE-3017
> Project: WildFly Core
> Issue Type: Bug
> Components: Domain Management, Security
> Affects Versions: 3.0.0.Beta27
> Reporter: Jan Kalina
> Assignee: Jan Kalina
> Priority: Blocker
>
> Some /subsystem=elytron/key-store operations should probably be marked runtime-only. (edit: this is already part of JBEAP-11790) Their handlers extends ElytronRuntimeOnlyHandler and they don't seem to change anything in model.
> load
> store
> read-alias
> read-aliases
> remove-alias
> {code}
> [standalone at embedded /] /subsystem=elytron/key-store=aa:read-operation-description(name=load
> {
> "outcome" => "success",
> "result" => {
> "operation-name" => "load",
> "description" => "Load the KeyStore, if the KeyStore is file backed this will involve re-reading the contents of the file.",
> "request-properties" => {},
> "reply-properties" => {},
> "read-only" => false,
> "runtime-only" => false
> }
> }
> [standalone at embedded /] /subsystem=elytron/key-store=aa:read-operation-description(name=store
> {
> "outcome" => "success",
> "result" => {
> "operation-name" => "store",
> "description" => "Store the KeyStore to file, this operation will fail for any KeyStore instances not backed by a file. If the file does not exist and it was not flagged as required it will be created.",
> "request-properties" => {},
> "reply-properties" => {},
> "read-only" => false,
> "runtime-only" => false
> }
> }
> [standalone at embedded /] /subsystem=elytron/key-store=aa:read-operation-description(name=read-alias
> {
> "outcome" => "success",
> "result" => {
> "operation-name" => "read-alias",
> "description" => "Read an alias from a KeyStore.",
> "request-properties" => {"alias" => {
> "type" => STRING,
> "description" => "The alias of the KeyStore item to read.",
> "expressions-allowed" => false,
> "required" => true,
> "nillable" => false,
> "min-length" => 1L,
> "max-length" => 2147483647L
> }},
> "reply-properties" => {},
> "read-only" => true,
> "runtime-only" => false
> }
> }
> [standalone at embedded /] /subsystem=elytron/key-store=aa:read-operation-description(name=read-aliases
> {
> "outcome" => "success",
> "result" => {
> "operation-name" => "read-aliases",
> "description" => "Read aliases from a KeyStore.",
> "request-properties" => {},
> "reply-properties" => {},
> "read-only" => true,
> "runtime-only" => false
> }
> }
> [standalone at embedded /] /subsystem=elytron/key-store=aa:read-operation-description(name=remove-alias
> {
> "outcome" => "success",
> "result" => {
> "operation-name" => "remove-alias",
> "description" => "Remove an alias from a KeyStore.",
> "request-properties" => {"alias" => {
> "type" => STRING,
> "description" => "The alias of the KeyStore item to remove.",
> "expressions-allowed" => false,
> "required" => true,
> "nillable" => false,
> "min-length" => 1L,
> "max-length" => 2147483647L
> }},
> "reply-properties" => {},
> "read-only" => false,
> "runtime-only" => false
> }
> }
> {code}
> *Also I'm not sure whether they should be registered at /profile resources in domain as they are rolled out to servers (servers might try to write to file concurrently).*
> {code}
> [domain at localhost:9990 /] /profile=default/subsystem=elytron/key-store=test:store()
> {
> "outcome" => "failed",
> "result" => undefined,
> "failure-description" => {"WFLYDC0074: Operation failed or was rolled back on all servers. Server failures:" => {"server-group" => {"main-server-group" => {"host" => {"master" => {
> "server-one" => "WFLYELY00010: Unable to save KeyStore - KeyStore file '/tmp/test' does not exist.",
> "server-two" => "WFLYELY00010: Unable to save KeyStore - KeyStore file '/tmp/test' does not exist."
> }}}}}},
> "rolled-back" => true,
> "server-groups" => {"main-server-group" => {"host" => {"master" => {
> "server-one" => {"response" => {
> "outcome" => "failed",
> "result" => undefined,
> "failure-description" => "WFLYELY00010: Unable to save KeyStore - KeyStore file '/tmp/test' does not exist.",
> "rolled-back" => true
> }},
> "server-two" => {"response" => {
> "outcome" => "failed",
> "result" => undefined,
> "failure-description" => "WFLYELY00010: Unable to save KeyStore - KeyStore file '/tmp/test' does not exist.",
> "rolled-back" => true
> }}
> }}}}
> }
> {code}
> priority set to blocker to decide whether operations can be registered at profile resources. They can be added back later but they cannot be removed.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list