management/security-realm/authentication/users has required "value" attribute, but there is now credential-reference too and there is no way how to update existing resource to use another option.
"Value" and credential-reference are mutually exclusive and one of them must be set.
There must be a way how to update existing management/security-realm/authentication/users for change "value" to credential-reference and vice versa.
Scenario
Prerequisites
[standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=properties:remove() [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users:add()
Add new user with password
[standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users/user=pepa:add(password=testpassword) {"outcome" => "success"}
Change password to credential-reference
[standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users/user=pepa:undefine-attribute(name=password) { "outcome" => "failed", "failure-description" => "WFLYCTL0172: password is required", "rolled-back" => true } [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users/user=pepa:write-attribute(name=credential-reference, value={clear-text=password123}) { "outcome" => "failed", "failure-description" => "WFLYCTL0105: password is invalid in combination with credential-reference", "rolled-back" => true }
read-resource-description
[standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users:read-resource-description { "outcome" => "success", "result" => { "description" => "Configuration to use a list users stored directly within the standalone.xml or host.xml configuration file as the user repository.", "deprecated" => { "since" => "1.7.0", "reason" => "The security-realm configuration is deprecated and may be removed or moved in future versions." }, "access-constraints" => {"sensitive" => {"security-realm" => {"type" => "core"}}}, "attributes" => {}, "operations" => undefined, "notifications" => undefined, "children" => {"user" => { "description" => "An authorized user.", "model-description" => undefined }} } } [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm/authentication=users:read-resource-description(recursive=true { "outcome" => "success", "result" => { "description" => "Configuration to use a list users stored directly within the standalone.xml or host.xml configuration file as the user repository.", "deprecated" => { "since" => "1.7.0", "reason" => "The security-realm configuration is deprecated and may be removed or moved in future versions." }, "access-constraints" => {"sensitive" => {"security-realm" => {"type" => "core"}}}, "attributes" => {}, "operations" => undefined, "notifications" => undefined, "children" => {"user" => { "description" => "An authorized user.", "model-description" => {"*" => { "description" => "An authorized user.", "deprecated" => { "since" => "1.7.0", "reason" => "The security-realm configuration is deprecated and may be removed or moved in future versions." }, "access-constraints" => {"sensitive" => {"security-realm" => {"type" => "core"}}}, "attributes" => { "credential-reference" => { "type" => OBJECT, "description" => "The reference to credential for the password stored in CredentialStore under defined alias or clear text password.", "expressions-allowed" => false, "required" => false, "nillable" => true, "alternatives" => ["value"], "access-constraints" => {"sensitive" => {"credential" => {"type" => "core"}}}, "value-type" => { "store" => { "type" => STRING, "description" => "The name of the credential store holding the alias to credential.", "expressions-allowed" => false, "required" => false, "nillable" => true, "alternatives" => ["clear-text"], "requires" => ["alias"], "min-length" => 1L, "max-length" => 2147483647L }, "alias" => { "type" => STRING, "description" => "The alias which denotes stored secret or credential in the store.", "expressions-allowed" => true, "required" => false, "nillable" => true, "requires" => ["store"], "min-length" => 1L, "max-length" => 2147483647L }, "type" => { "type" => STRING, "description" => "The type of credential this reference is denoting.", "expressions-allowed" => true, "required" => false, "nillable" => true, "min-length" => 1L, "max-length" => 2147483647L }, "clear-text" => { "type" => STRING, "description" => "Secret specified using clear text. Check credential store way of supplying credential/secrets to services.", "expressions-allowed" => true, "required" => false, "nillable" => true, "alternatives" => ["store"], "min-length" => 1L, "max-length" => 2147483647L } }, "access-type" => "read-write", "storage" => "configuration", "restart-required" => "no-services" }, "password" => { "type" => STRING, "description" => "The user's password.", "expressions-allowed" => true, "required" => true, "nillable" => true, "alternatives" => ["credential-reference"], "min-length" => 1L, "max-length" => 2147483647L, "access-type" => "read-write", "storage" => "configuration", "restart-required" => "no-services" } }, "operations" => undefined, "notifications" => undefined, "children" => {} }} }} } }
- blocks
-
JBEAP-9321 There is missing CS integration with core management
- Closed
- is cloned by
-
WFCORE-2904 management/security-realm/authentication/users has required "value" attribute, but there is now credential-reference too and there is no way how to update existing resource to use another option.
- Closed
- relates to
-
JBEAP-11294 Server-identity/secret has required "value" attribute, but there is now credential-reference too and there is no way how to update existing resource to use another option.
- Closed