Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-11308

management/security-realm/authentication/users has required "value" attribute, but there is now credential-reference too and there is no way how to update existing resource to use another option.

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Blocker Blocker
    • 7.1.0.ER1
    • 7.1.0.DR19
    • Security
    • None

      management/security-realm/authentication/users has required "value" attribute, but there is now credential-reference too and there is no way how to update existing resource to use another option.

      "Value" and credential-reference are mutually exclusive and one of them must be set.

      There must be a way how to update existing management/security-realm/authentication/users for change "value" to credential-reference and vice versa.

      Scenario
      Prerequisites

      Unable to find source-code formatter for language: collapse. Available languages are: actionscript, ada, applescript, bash, c, c#, c++, cpp, css, erlang, go, groovy, haskell, html, java, javascript, js, json, lua, none, nyan, objc, perl, php, python, r, rainbow, ruby, scala, sh, sql, swift, visualbasic, xml, yaml
      [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=properties:remove()
      [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users:add()
      

      Add new user with password

      [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users/user=pepa:add(password=testpassword)
      {"outcome" => "success"}
      

      Change password to credential-reference

      [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users/user=pepa:undefine-attribute(name=password)
      {
          "outcome" => "failed",
          "failure-description" => "WFLYCTL0172: password is required",
          "rolled-back" => true
      }
      [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users/user=pepa:write-attribute(name=credential-reference, value={clear-text=password123})
      {
          "outcome" => "failed",
          "failure-description" => "WFLYCTL0105: password is invalid in combination with credential-reference",
          "rolled-back" => true
      }
      

      read-resource-description

      Unable to find source-code formatter for language: collapse. Available languages are: actionscript, ada, applescript, bash, c, c#, c++, cpp, css, erlang, go, groovy, haskell, html, java, javascript, js, json, lua, none, nyan, objc, perl, php, python, r, rainbow, ruby, scala, sh, sql, swift, visualbasic, xml, yaml
      [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users:read-resource-description
      {
          "outcome" => "success",
          "result" => {
              "description" => "Configuration to use a list users stored directly within the standalone.xml or host.xml configuration file as the user repository.",
              "deprecated" => {
                  "since" => "1.7.0",
                  "reason" => "The security-realm configuration is deprecated and may be removed or moved in future versions."
              },
              "access-constraints" => {"sensitive" => {"security-realm" => {"type" => "core"}}},
              "attributes" => {},
              "operations" => undefined,
              "notifications" => undefined,
              "children" => {"user" => {
                  "description" => "An authorized user.",
                  "model-description" => undefined
              }}
          }
      }
      [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users:read-resource-description(recursive=true
      {
          "outcome" => "success",
          "result" => {
              "description" => "Configuration to use a list users stored directly within the standalone.xml or host.xml configuration file as the user repository.",
              "deprecated" => {
                  "since" => "1.7.0",
                  "reason" => "The security-realm configuration is deprecated and may be removed or moved in future versions."
              },
              "access-constraints" => {"sensitive" => {"security-realm" => {"type" => "core"}}},
              "attributes" => {},
              "operations" => undefined,
              "notifications" => undefined,
              "children" => {"user" => {
                  "description" => "An authorized user.",
                  "model-description" => {"*" => {
                      "description" => "An authorized user.",
                      "deprecated" => {
                          "since" => "1.7.0",
                          "reason" => "The security-realm configuration is deprecated and may be removed or moved in future versions."
                      },
                      "access-constraints" => {"sensitive" => {"security-realm" => {"type" => "core"}}},
                      "attributes" => {
                          "credential-reference" => {
                              "type" => OBJECT,
                              "description" => "The reference to credential for the password stored in CredentialStore under defined alias or clear text password.",
                              "expressions-allowed" => false,
                              "required" => false,
                              "nillable" => true,
                              "alternatives" => ["value"],
                              "access-constraints" => {"sensitive" => {"credential" => {"type" => "core"}}},
                              "value-type" => {
                                  "store" => {
                                      "type" => STRING,
                                      "description" => "The name of the credential store holding the alias to credential.",
                                      "expressions-allowed" => false,
                                      "required" => false,
                                      "nillable" => true,
                                      "alternatives" => ["clear-text"],
                                      "requires" => ["alias"],
                                      "min-length" => 1L,
                                      "max-length" => 2147483647L
                                  },
                                  "alias" => {
                                      "type" => STRING,
                                      "description" => "The alias which denotes stored secret or credential in the store.",
                                      "expressions-allowed" => true,
                                      "required" => false,
                                      "nillable" => true,
                                      "requires" => ["store"],
                                      "min-length" => 1L,
                                      "max-length" => 2147483647L
                                  },
                                  "type" => {
                                      "type" => STRING,
                                      "description" => "The type of credential this reference is denoting.",
                                      "expressions-allowed" => true,
                                      "required" => false,
                                      "nillable" => true,
                                      "min-length" => 1L,
                                      "max-length" => 2147483647L
                                  },
                                  "clear-text" => {
                                      "type" => STRING,
                                      "description" => "Secret specified using clear text. Check credential store way of supplying credential/secrets to services.",
                                      "expressions-allowed" => true,
                                      "required" => false,
                                      "nillable" => true,
                                      "alternatives" => ["store"],
                                      "min-length" => 1L,
                                      "max-length" => 2147483647L
                                  }
                              },
                              "access-type" => "read-write",
                              "storage" => "configuration",
                              "restart-required" => "no-services"
                          },
                          "password" => {
                              "type" => STRING,
                              "description" => "The user's password.",
                              "expressions-allowed" => true,
                              "required" => true,
                              "nillable" => true,
                              "alternatives" => ["credential-reference"],
                              "min-length" => 1L,
                              "max-length" => 2147483647L,
                              "access-type" => "read-write",
                              "storage" => "configuration",
                              "restart-required" => "no-services"
                          }
                      },
                      "operations" => undefined,
                      "notifications" => undefined,
                      "children" => {}
                  }}
              }}
          }
      }
      

            ehugonne1@redhat.com Emmanuel Hugonnet
            hsvabek_jira Hynek Švábek (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: