Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-11387

Verify that JBEAP-11343 fix is valid


    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Blocker Blocker
    • 7.1.0.ER3
    • 7.1.0.DR19
    • Security, Test Suite
    • None

      [1:39 PM] Emmanuel Hugonnet: @BrianStansberry hi, could you take a look at https://github.com/wildfly/wildfly-core/pull/2514
      [1:40 PM] Emmanuel Hugonnet: I've a bit of a doubt because i couldn't create a dependency on the credentialstore since auditlog handlers are not services
      [1:41 PM] Brian Stansberry: ok. it does seem a bit nasty because of that
      [1:41 PM] Brian Stansberry: at a glance
      [1:41 PM] Emmanuel Hugonnet: yes
      [1:41 PM] Brian Stansberry: a very quick glance
      [1:42 PM] Brian Stansberry: ah , but SyslogAuditLogHandler is not an OSH so I won't comment until I really understand
      [1:43 PM] Emmanuel Hugonnet: yes
      [2:04 PM] Brian Stansberry: I don't think that will be reliable; there's no guarantee that store will be started
      [2:07 PM] Kabir Khan: I don't think the syslog handler tries to write until boot is done
      [2:07 PM] Kabir Khan: could it be possible to lazy init those suppliers?
      [2:11 PM] Emmanuel Hugonnet: I guess we would only need the attribute value and a serviceregistry
      [2:12 PM] Emmanuel Hugonnet: I'm wondering if this is not lazy per default
      [2:12 PM] Emmanuel Hugonnet: as the service is only called when the credential is required as far as I can see
      [2:13 PM] Brian Stansberry: yes, it is lazy
      [2:43 PM] Kabir Khan: @ehsavoie I think the problem @BrianStansberry mentions is whether the services have stabilised so the CR is ready by the time the syslog write happens
      [2:44 PM] Emmanuel Hugonnet: @KabirKhan yes but I don't have any service in the audit log tree to be able to require for the CR to be ready
      [2:45 PM] Kabir Khan: @ehsavoie I can try to discuss it on the pm call, perhaps we can do without it for the beta
      [2:47 PM] Emmanuel Hugonnet: or I could add a service to get this one on
      [2:48 PM] Emmanuel Hugonnet: a bit like what  is done for security realms
      [2:53 PM] Kabir Khan: That could be good for the future, but I think for Beta it should be ok as it is
      [2:57 PM] Brian Stansberry: @KabirKhan @ehsavoie +1
      [2:57 PM] Brian Stansberry: I think it is fine at boot as no logging will happen until MSC has stabilized
      [2:57 PM] Brian Stansberry: and probably post boot too
      [2:57 PM] Emmanuel Hugonnet: well the boot test is ok
      [2:58 PM] Kabir Khan: but we should have a blocker jira to investigate whether our assumptions are correct
      [2:58 PM] Emmanuel Hugonnet: ok
      [2:58 PM] Brian Stansberry: the scenario is a management op adds the credential store and the syslog handler, and then the syslog handler wants to log before the store service is up
      [2:58 PM] Brian Stansberry: but, for audit logging we don't log until op commit/rollback
      [2:58 PM] Brian Stansberry: and by then MSC is going to be stablized
      [3:06 PM] Kabir Khan: that should be: 'we think we don't log', so that needs checking

            ehugonne1@redhat.com Emmanuel Hugonnet
            mchoma@redhat.com Martin Choma
            Marek Kopecky Marek Kopecky
            Marek Kopecky Marek Kopecky
            0 Vote for this issue
            6 Start watching this issue