[jboss-jira] [JBoss JIRA] (WFCORE-3677) get-provider-points return /profile addresses for host level resources
Jean-Francois Denise (JIRA)
issues at jboss.org
Tue Mar 13 04:43:02 EDT 2018
[ https://issues.jboss.org/browse/WFCORE-3677?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13544908#comment-13544908 ]
Jean-Francois Denise commented on WFCORE-3677:
----------------------------------------------
[~claudio4j], the CLI, in domain mode query the registry of the local-host-name if no host is present in the address. Otherwise it queries the registry of the host present in the address.
For ex: /profile=default/subsystem=elytron/... ==> /host=<value of local-host-name attribute>/core-service=capability
When querying the registry (suggest-capabilities), the CLI provides the dependent-address argument. This argument is the address of the capability consumer.
For example, when completion occurs: (/profile=default/subsystem=elytron/key-manager=xxx:add(key-store=<TAB>) the following request is sent to the registry:
/host=master/core-service=capability-registry:suggest-capabilities(name=org.wildfly.security.key-store, dependent-address=[{profile=default},{subsystem=elytron},{key-manager=xxx}])
The capability has the logic to only return the subset of capabilities reachable from the dependent-address. So if you add a key-store to a profile, it will be visible from key-manager added to this profile. If you add a key-store in a given host, it will be only visible when adding a key-manager in this host.
> get-provider-points return /profile addresses for host level resources
> ----------------------------------------------------------------------
>
> Key: WFCORE-3677
> URL: https://issues.jboss.org/browse/WFCORE-3677
> Project: WildFly Core
> Issue Type: Enhancement
> Components: Domain Management
> Reporter: Claudio Miranda
> Assignee: Darran Lofthouse
> Priority: Minor
>
> key-manager resource at /host=master/subsystem=elytron/key-manager=*
> contains the "key-store" attribute, which has a "capability-reference" => "org.wildfly.security.key-store"
> get-provider-points returns /profile addresses that should not be a valid reference for a host level resource
> {code}
> /host=master/core-service=capability-registry:get-provider-points(name="org.wildfly.security.key-store")
> {
> "outcome" => "success",
> "result" => [
> "/host=master/subsystem=elytron/key-store=*",
> "/host=master/subsystem=elytron/ldap-key-store=*",
> "/host=master/subsystem=elytron/filtering-key-store=*",
> "/profile=*/subsystem=elytron/key-store=*",
> "/profile=*/subsystem=elytron/ldap-key-store=*",
> "/profile=*/subsystem=elytron/filtering-key-store=*",
> "/profile=*/subsystem=security/elytron-key-store=*",
> "/profile=*/subsystem=security/elytron-trust-store=*"
> ]
> }
> {code}
> A test case
> {code}
> /profile=full/subsystem=elytron/key-store=ks_full:add(credential-reference={clear-text=senha},type=JKS)
> /host=master/subsystem=elytron/key-manager=my_km:add(key-store=ks_full,credential-reference={clear-text=senha})
> {
> "outcome" => "failed",
> "result" => {},
> "failure-description" => {"host-failure-descriptions" => {"master" => "WFLYCTL0369: Required capabilities are not available:
> org.wildfly.security.key-store.ks_full in context 'host'; Possible registration points for this capability:
> /host=master/subsystem=elytron/key-store=*
> /host=master/subsystem=elytron/ldap-key-store=*
> /host=master/subsystem=elytron/filtering-key-store=*
> /profile=*/subsystem=elytron/key-store=*
> /profile=*/subsystem=elytron/ldap-key-store=*
> /profile=*/subsystem=elytron/filtering-key-store=*
> /profile=*/subsystem=security/elytron-key-store=*
> /profile=*/subsystem=security/elytron-trust-store=*"}},
> "rolled-back" => true
> }
> {code}
> The returned addresses in the error message should contains only valid addresses.
> side note: CLI code completion works correctly in not showing resources from /profile addresses.
> /host=master/subsystem=elytron/key-manager=my_km:add(key-store=<tab>
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the jboss-jira
mailing list