Details

      Description

      Elytron *-key-store resources should offer operations instead of alias resource, at least ldap-key-store should. The reason is the same like for identity resource of Elytron modifiable realms, see WFCORE-2691 or related mailing thread on wildfly-dev.

      Brian Stansberry commented on WFCORE-2691 and JBEAP-9547:

      The management kernel requires that a Resource object exists for any address against which an operation is executed. Those Resource objects need to be reachable from the parent Resource object (i.e. /subsystem=elytron/ldap-realm=ldapRealm)

      That might be a big problem for these resources each of which represents an item in an external system, since navigating through the resource tree can mean needing to identify all possible resources, which means remote calls and possibly massive numbers of children.

      For example, imagine this:

      /subsystem=elytron/ldap-realm=ldapRealm:read-children-names(child-type=identity)

      This is a Blocker issue, because the management API of this subsystem has to be correct. We can't ship with large potential design problems.

      Setting priority to blocker, like for JBEAP-9547. The issue also brings some changes to EAP7-203 related tests.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  honza889 Jan Kalina
                  Reporter:
                  okotek Ondrej Kotek
                  Tester:
                  Ondrej Kotek
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: