[jboss-jira] [JBoss JIRA] (ELY-1042) When failed credential store flush to file on the disk then we have inconsistency between credential store in memory and persisted file.
Hynek Švábek (JIRA)
issues at jboss.org
Wed Mar 29 10:30:00 EDT 2017
[ https://issues.jboss.org/browse/ELY-1042?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Hynek Švábek updated ELY-1042:
------------------------------
Description:
When failed credential store flush to file on the disk then we have inconsistency between credential store in memory and persisted file.
I expect consistent state, same aliases in memory and persisted on disk.
We must not add new aliases only to memory.
This problem is exported from issue https://issues.jboss.org/browse/JBEAP-6866
where is noted as secondary problem.
*HOW TO REPRODUCE*
{code}
/subsystem=elytron/credential-store=cs001:add(uri="cr-store://test/cs/credentialstore.jceks?create=true", credential-reference={clear-text=pass123}, relative-to="jboss.server.data.dir")
{code}
{code}
/subsystem=elytron/credential-store=cs001/alias=alias001:add(secret-value=secretvalue)
{code}
Now is credentialstore.jceks file persisted on disk here *JBOSS_HOME/standalone/data/cs*
Please remove write permission for folder "cs"
{code}
chmod g-w cs
chmod u-w cs
{code}
Try add another entry to credential store
/subsystem=elytron/credential-store=cs001/alias=alias002:add(secret-value=secretvalue)
{
"outcome" => "failed",
"failure-description" => "WFLYELY00009: Unable to complete operation. 'ELY09525: Unable to flush credential store to storage'",
"rolled-back" => true
}
And you get error message as above.
Now you list all aliases in credential store:
{code}
/subsystem=elytron/credential-store=cs001:read-children-names(child-type=alias)
{
"outcome" => "success",
"result" => [
"alias001",
"alias002"
]
}
{code}
There is non persisted "alias002" too.
*Now we check aliases in persisted file**:*
{code}
reload
{code}
There isn't any alias "alias002" after reload.
{code}
/subsystem=elytron/credential-store=cs001:read-children-names(child-type=alias)
{
"outcome" => "success",
"result" => ["alias001"]
}
{code}
was:
When failed credential store flush to file on the disk then we have inconsistency between credential store in memory and persisted file.
I expect consistent state, same aliases in memory and persisted on disk.
We must not add new aliases only to memory.
This problem is exported from issue https://issues.jboss.org/browse/JBEAP-6866
where is noted as secondary problem.
*HOW TO REPRODUCE*
{code}
/subsystem=elytron/credential-store=cs001:add(uri="cr-store://test/cs/credentialstore.jceks?create=true", credential-reference={clear-text=pass123}, relative-to="jboss.server.data.dir")
{code}
{code}
/subsystem=elytron/credential-store=cs001/alias=alias001:add(secret-value=secretvalue)
{code}
Now is credentialstore.jceks file persisted on disk here *JBOSS_HOME/standalone/data/cs*
Please remove write permission for folder "cs"
{code}
chmod g-w cs
chmod u-w cs
{code}
Try add another entry to credential store
/subsystem=elytron/credential-store=cs001/alias=alias002:add(secret-value=secretvalue)
{
"outcome" => "failed",
"failure-description" => "WFLYELY00009: Unable to complete operation. 'ELY09525: Unable to flush credential store to storage'",
"rolled-back" => true
}
And you get error message as above.
Now you list all aliases in credential store:
{code}
/subsystem=elytron/credential-store=cs001:read-children-names(child-type=alias)
{
"outcome" => "success",
"result" => [
"alias001",
"alias002"
]
}
{code}
There is non persisted "alias002" too.
*Now we check aliases in persisted file:*
{code}
reload
{code}
There isn't any alias "alias002" after reload.
{code}
/subsystem=elytron/credential-store=cs001:read-children-names(child-type=alias)
{
"outcome" => "success",
"result" => ["alias001"]
}
{code}
> When failed credential store flush to file on the disk then we have inconsistency between credential store in memory and persisted file.
> ----------------------------------------------------------------------------------------------------------------------------------------
>
> Key: ELY-1042
> URL: https://issues.jboss.org/browse/ELY-1042
> Project: WildFly Elytron
> Issue Type: Bug
> Components: Credential Store
> Reporter: Hynek Švábek
> Assignee: Darran Lofthouse
> Priority: Critical
>
> When failed credential store flush to file on the disk then we have inconsistency between credential store in memory and persisted file.
> I expect consistent state, same aliases in memory and persisted on disk.
> We must not add new aliases only to memory.
> This problem is exported from issue https://issues.jboss.org/browse/JBEAP-6866
> where is noted as secondary problem.
> *HOW TO REPRODUCE*
> {code}
> /subsystem=elytron/credential-store=cs001:add(uri="cr-store://test/cs/credentialstore.jceks?create=true", credential-reference={clear-text=pass123}, relative-to="jboss.server.data.dir")
> {code}
> {code}
> /subsystem=elytron/credential-store=cs001/alias=alias001:add(secret-value=secretvalue)
> {code}
> Now is credentialstore.jceks file persisted on disk here *JBOSS_HOME/standalone/data/cs*
> Please remove write permission for folder "cs"
> {code}
> chmod g-w cs
> chmod u-w cs
> {code}
> Try add another entry to credential store
> /subsystem=elytron/credential-store=cs001/alias=alias002:add(secret-value=secretvalue)
> {
> "outcome" => "failed",
> "failure-description" => "WFLYELY00009: Unable to complete operation. 'ELY09525: Unable to flush credential store to storage'",
> "rolled-back" => true
> }
> And you get error message as above.
> Now you list all aliases in credential store:
> {code}
> /subsystem=elytron/credential-store=cs001:read-children-names(child-type=alias)
> {
> "outcome" => "success",
> "result" => [
> "alias001",
> "alias002"
> ]
> }
> {code}
> There is non persisted "alias002" too.
> *Now we check aliases in persisted file**:*
> {code}
> reload
> {code}
> There isn't any alias "alias002" after reload.
> {code}
> /subsystem=elytron/credential-store=cs001:read-children-names(child-type=alias)
> {
> "outcome" => "success",
> "result" => ["alias001"]
> }
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list