Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Blocker
Fix Version/s: 7.1.0.ER2
Affects Version/s: 7.1.0.ER1
Component/s: Management, Security
Labels:
- eap7.1-risks-mitigation

CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Release Note Status:
Not Required
Target Release:

7.1.0.GA

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Some /subsystem=elytron/key-store operations should probably be marked runtime-only. (edit: this is already part of ~~JBEAP-11790~~) Their handlers extends ElytronRuntimeOnlyHandler and they don't seem to change anything in model.

load
store
read-alias
read-aliases
remove-alias

[standalone@embedded /] /subsystem=elytron/key-store=aa:read-operation-description(name=load      
{
    "outcome" => "success",
    "result" => {
        "operation-name" => "load",
        "description" => "Load the KeyStore, if the KeyStore is file backed this will involve re-reading the contents of the file.",
        "request-properties" => {},
        "reply-properties" => {},
        "read-only" => false,
        "runtime-only" => false
    }
}
[standalone@embedded /] /subsystem=elytron/key-store=aa:read-operation-description(name=store
{
    "outcome" => "success",
    "result" => {
        "operation-name" => "store",
        "description" => "Store the KeyStore to file, this operation will fail for any KeyStore instances not backed by a file.  If the file does not exist and it was not flagged as required it will be created.",
        "request-properties" => {},
        "reply-properties" => {},
        "read-only" => false,
        "runtime-only" => false
    }
}
[standalone@embedded /] /subsystem=elytron/key-store=aa:read-operation-description(name=read-alias
{
    "outcome" => "success",
    "result" => {
        "operation-name" => "read-alias",
        "description" => "Read an alias from a KeyStore.",
        "request-properties" => {"alias" => {
            "type" => STRING,
            "description" => "The alias of the KeyStore item to read.",
            "expressions-allowed" => false,
            "required" => true,
            "nillable" => false,
            "min-length" => 1L,
            "max-length" => 2147483647L
        }},
        "reply-properties" => {},
        "read-only" => true,
        "runtime-only" => false
    }
}
[standalone@embedded /] /subsystem=elytron/key-store=aa:read-operation-description(name=read-aliases
{
    "outcome" => "success",
    "result" => {
        "operation-name" => "read-aliases",
        "description" => "Read aliases from a KeyStore.",
        "request-properties" => {},
        "reply-properties" => {},
        "read-only" => true,
        "runtime-only" => false
    }
}
[standalone@embedded /] /subsystem=elytron/key-store=aa:read-operation-description(name=remove-alias
{
    "outcome" => "success",
    "result" => {
        "operation-name" => "remove-alias",
        "description" => "Remove an alias from a KeyStore.",
        "request-properties" => {"alias" => {
            "type" => STRING,
            "description" => "The alias of the KeyStore item to remove.",
            "expressions-allowed" => false,
            "required" => true,
            "nillable" => false,
            "min-length" => 1L,
            "max-length" => 2147483647L
        }},
        "reply-properties" => {},
        "read-only" => false,
        "runtime-only" => false
    }
}

Also I'm not sure whether they should be registered at /profile resources in domain as they are rolled out to servers (servers might try to write to file concurrently).

[domain@localhost:9990 /] /profile=default/subsystem=elytron/key-store=test:store()
{
    "outcome" => "failed",
    "result" => undefined,
    "failure-description" => {"WFLYDC0074: Operation failed or was rolled back on all servers. Server failures:" => {"server-group" => {"main-server-group" => {"host" => {"master" => {
        "server-one" => "WFLYELY00010: Unable to save KeyStore - KeyStore file '/tmp/test' does not exist.",
        "server-two" => "WFLYELY00010: Unable to save KeyStore - KeyStore file '/tmp/test' does not exist."
    }}}}}},
    "rolled-back" => true,
    "server-groups" => {"main-server-group" => {"host" => {"master" => {
        "server-one" => {"response" => {
            "outcome" => "failed",
            "result" => undefined,
            "failure-description" => "WFLYELY00010: Unable to save KeyStore - KeyStore file '/tmp/test' does not exist.",
            "rolled-back" => true
        }},
        "server-two" => {"response" => {
            "outcome" => "failed",
            "result" => undefined,
            "failure-description" => "WFLYELY00010: Unable to save KeyStore - KeyStore file '/tmp/test' does not exist.",
            "rolled-back" => true
        }}
    }}}}
}

priority set to blocker to decide whether operations can be registered at profile resources. They can be added back later but they cannot be removed.

is cloned by

WFCORE-3017 review key-store runtime-only operations available on profile resources

Resolved

is incorporated by

JBEAP-11466 (7.1.0) Upgrade to WildFly Core to 3.0.0.Beta28

Closed

relates to

JBEAP-11795 Elytron subsystem should not register storage=runtime attributes on profile resources

Closed

JBEAP-11790 some xxx-realm operations should be marked runtime-only

Closed

JBEAP-10816 Documentation, Multiple CredentialStores with ONE backed credential store file can rewrite values each other.

Closed

Assignee:: Jan Kalina (Inactive)

Reporter:: Martin Simka

Tester:: Ondrej Kotek

QA Contact:: Ondrej Kotek

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Created:: 2017/06/26 8:14 AM

Updated:: 2024/09/02 3:59 PM

Resolved:: 2017/06/28 2:31 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates