[jboss-jira] [JBoss JIRA] (ELY-1042) When failed credential store flush to file on the disk then we have inconsistency between credential store in memory and persisted file.

Hynek Švábek (JIRA) issues at jboss.org
Wed Mar 29 10:28:00 EDT 2017 

Hynek Švábek created ELY-1042:
---------------------------------

             Summary: When failed credential store flush to file on the disk then we have inconsistency between credential store in memory and persisted file.
                 Key: ELY-1042
                 URL: https://issues.jboss.org/browse/ELY-1042
             Project: WildFly Elytron
          Issue Type: Bug
            Reporter: Hynek Švábek
            Assignee: Darran Lofthouse
            Priority: Critical


When failed credential store flush to file on the disk then we have inconsistency between credential store in memory and persisted file.

I expect consistent state, same aliases in memory and persisted on disk.
We must not add new aliases only to memory.

This problem is exported from issue https://issues.jboss.org/browse/JBEAP-6866 
where is noted as secondary problem.

*HOW TO REPRODUCE*
{code}
/subsystem=elytron/credential-store=cs001:add(uri="cr-store://test/cs/credentialstore.jceks?create=true", credential-reference={clear-text=pass123}, relative-to="jboss.server.data.dir")
{code}
{code}
/subsystem=elytron/credential-store=cs001/alias=alias001:add(secret-value=secretvalue)
{code}
Now is credentialstore.jceks file persisted on disk here *JBOSS_HOME/standalone/data/cs*
Please remove write permission for folder "cs"
{code}
chmod g-w  cs
chmod u-w  cs
{code}
Try add another entry to credential store
/subsystem=elytron/credential-store=cs001/alias=alias002:add(secret-value=secretvalue)
{
    "outcome" => "failed",
    "failure-description" => "WFLYELY00009: Unable to complete operation. 'ELY09525: Unable to flush credential store to storage'",
    "rolled-back" => true
}
And you get error message as above.
Now you list all aliases in credential store:
{code}
/subsystem=elytron/credential-store=cs001:read-children-names(child-type=alias)
{
    "outcome" => "success",
    "result" => [
        "alias001",
        "alias002"
    ]
}
{code}
There is non persisted "alias002" too.

*Now we check aliases in persisted file:*
{code}
reload
{code}
There isn't any alias "alias002" after reload.
{code}
/subsystem=elytron/credential-store=cs001:read-children-names(child-type=alias)
{
    "outcome" => "success",
    "result" => ["alias001"]
}
{code}





--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list