[jboss-jira] [JBoss JIRA] (WFCORE-3677) get-provider-points return /profile addresses for host level resources
Brian Stansberry (JIRA)
issues at jboss.org
Mon Mar 12 12:13:01 EDT 2018
[ https://issues.jboss.org/browse/WFCORE-3677?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13544686#comment-13544686 ]
Brian Stansberry commented on WFCORE-3677:
------------------------------------------
[~claudio4j] Have you discussed with [~jdenise] how the CLI uses this overall API? As you noted, CLI tab completion works correctly. I don't see anything wrong with the response you posted for the "/host=master/core-service=capability-registry:get-provider-points(name="org.wildfly.security.key-store")" op, as that op is not providing any information to the server to let it filter its response. (The /host=master part of the request does not imply filtering. The capability registry maintained by the host; there is no domain-wide capability registry. The host=master is just part of the address of the registry.)
I think there's probably some alternative API. (Sorry, I'm passing this off to Jeff rather than looking it up.)
I believe there might already be a JIRA about stripping irrelevant provider points out of the failure message.
> get-provider-points return /profile addresses for host level resources
> ----------------------------------------------------------------------
>
> Key: WFCORE-3677
> URL: https://issues.jboss.org/browse/WFCORE-3677
> Project: WildFly Core
> Issue Type: Enhancement
> Components: Domain Management
> Reporter: Claudio Miranda
> Assignee: Darran Lofthouse
> Priority: Minor
>
> key-manager resource at /host=master/subsystem=elytron/key-manager=*
> contains the "key-store" attribute, which has a "capability-reference" => "org.wildfly.security.key-store"
> get-provider-points returns /profile addresses that should not be a valid reference for a host level resource
> {code}
> /host=master/core-service=capability-registry:get-provider-points(name="org.wildfly.security.key-store")
> {
> "outcome" => "success",
> "result" => [
> "/host=master/subsystem=elytron/key-store=*",
> "/host=master/subsystem=elytron/ldap-key-store=*",
> "/host=master/subsystem=elytron/filtering-key-store=*",
> "/profile=*/subsystem=elytron/key-store=*",
> "/profile=*/subsystem=elytron/ldap-key-store=*",
> "/profile=*/subsystem=elytron/filtering-key-store=*",
> "/profile=*/subsystem=security/elytron-key-store=*",
> "/profile=*/subsystem=security/elytron-trust-store=*"
> ]
> }
> {code}
> A test case
> {code}
> /profile=full/subsystem=elytron/key-store=ks_full:add(credential-reference={clear-text=senha},type=JKS)
> /host=master/subsystem=elytron/key-manager=my_km:add(key-store=ks_full,credential-reference={clear-text=senha})
> {
> "outcome" => "failed",
> "result" => {},
> "failure-description" => {"host-failure-descriptions" => {"master" => "WFLYCTL0369: Required capabilities are not available:
> org.wildfly.security.key-store.ks_full in context 'host'; Possible registration points for this capability:
> /host=master/subsystem=elytron/key-store=*
> /host=master/subsystem=elytron/ldap-key-store=*
> /host=master/subsystem=elytron/filtering-key-store=*
> /profile=*/subsystem=elytron/key-store=*
> /profile=*/subsystem=elytron/ldap-key-store=*
> /profile=*/subsystem=elytron/filtering-key-store=*
> /profile=*/subsystem=security/elytron-key-store=*
> /profile=*/subsystem=security/elytron-trust-store=*"}},
> "rolled-back" => true
> }
> {code}
> The returned addresses in the error message should contains only valid addresses.
> side note: CLI code completion works correctly in not showing resources from /profile addresses.
> /host=master/subsystem=elytron/key-manager=my_km:add(key-store=<tab>
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the jboss-jira
mailing list