-
Bug
-
Resolution: Done
-
Blocker
-
7.1.0.ER1
-
-
-
-
-
-
Not Required
Some /subsystem=elytron/key-store operations should probably be marked runtime-only. (edit: this is already part of JBEAP-11790) Their handlers extends ElytronRuntimeOnlyHandler and they don't seem to change anything in model.
load
store
read-alias
read-aliases
remove-alias
[standalone@embedded /] /subsystem=elytron/key-store=aa:read-operation-description(name=load { "outcome" => "success", "result" => { "operation-name" => "load", "description" => "Load the KeyStore, if the KeyStore is file backed this will involve re-reading the contents of the file.", "request-properties" => {}, "reply-properties" => {}, "read-only" => false, "runtime-only" => false } } [standalone@embedded /] /subsystem=elytron/key-store=aa:read-operation-description(name=store { "outcome" => "success", "result" => { "operation-name" => "store", "description" => "Store the KeyStore to file, this operation will fail for any KeyStore instances not backed by a file. If the file does not exist and it was not flagged as required it will be created.", "request-properties" => {}, "reply-properties" => {}, "read-only" => false, "runtime-only" => false } } [standalone@embedded /] /subsystem=elytron/key-store=aa:read-operation-description(name=read-alias { "outcome" => "success", "result" => { "operation-name" => "read-alias", "description" => "Read an alias from a KeyStore.", "request-properties" => {"alias" => { "type" => STRING, "description" => "The alias of the KeyStore item to read.", "expressions-allowed" => false, "required" => true, "nillable" => false, "min-length" => 1L, "max-length" => 2147483647L }}, "reply-properties" => {}, "read-only" => true, "runtime-only" => false } } [standalone@embedded /] /subsystem=elytron/key-store=aa:read-operation-description(name=read-aliases { "outcome" => "success", "result" => { "operation-name" => "read-aliases", "description" => "Read aliases from a KeyStore.", "request-properties" => {}, "reply-properties" => {}, "read-only" => true, "runtime-only" => false } } [standalone@embedded /] /subsystem=elytron/key-store=aa:read-operation-description(name=remove-alias { "outcome" => "success", "result" => { "operation-name" => "remove-alias", "description" => "Remove an alias from a KeyStore.", "request-properties" => {"alias" => { "type" => STRING, "description" => "The alias of the KeyStore item to remove.", "expressions-allowed" => false, "required" => true, "nillable" => false, "min-length" => 1L, "max-length" => 2147483647L }}, "reply-properties" => {}, "read-only" => false, "runtime-only" => false } }
Also I'm not sure whether they should be registered at /profile resources in domain as they are rolled out to servers (servers might try to write to file concurrently).
[domain@localhost:9990 /] /profile=default/subsystem=elytron/key-store=test:store() { "outcome" => "failed", "result" => undefined, "failure-description" => {"WFLYDC0074: Operation failed or was rolled back on all servers. Server failures:" => {"server-group" => {"main-server-group" => {"host" => {"master" => { "server-one" => "WFLYELY00010: Unable to save KeyStore - KeyStore file '/tmp/test' does not exist.", "server-two" => "WFLYELY00010: Unable to save KeyStore - KeyStore file '/tmp/test' does not exist." }}}}}}, "rolled-back" => true, "server-groups" => {"main-server-group" => {"host" => {"master" => { "server-one" => {"response" => { "outcome" => "failed", "result" => undefined, "failure-description" => "WFLYELY00010: Unable to save KeyStore - KeyStore file '/tmp/test' does not exist.", "rolled-back" => true }}, "server-two" => {"response" => { "outcome" => "failed", "result" => undefined, "failure-description" => "WFLYELY00010: Unable to save KeyStore - KeyStore file '/tmp/test' does not exist.", "rolled-back" => true }} }}}} }
priority set to blocker to decide whether operations can be registered at profile resources. They can be added back later but they cannot be removed.
- is cloned by
-
WFCORE-3017 review key-store runtime-only operations available on profile resources
- Resolved
- is incorporated by
-
JBEAP-11466 (7.1.0) Upgrade to WildFly Core to 3.0.0.Beta28
- Closed
- relates to
-
JBEAP-11795 Elytron subsystem should not register storage=runtime attributes on profile resources
- Closed
-
JBEAP-11790 some xxx-realm operations should be marked runtime-only
- Closed
-
JBEAP-10816 Documentation, Multiple CredentialStores with ONE backed credential store file can rewrite values each other.
- Closed