Description
Vault Expression Constraints with EAP 7.2.2 instance which requires configured-requires-write set to false by modifying standalone.xml and the server is failing to start with below error :
Config:
---------
<access-control provider="rbac">
.....
<constraints>
<vault-expression-sensitivity requires-read="true" requires-write="false"/>
.......
</constraints>
</access-control>
Error:
-------
~~~
ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("write-attribute") failed - address: ([
("core-service" => "management"),
("access" => "authorization"),
("constraint" => "vault-expression")
]) - failure description: "WFLYDM0144: Sensitivity constraint configured-requires-read contains imcompatible attribute value to other sensitive classification constraints."
20:30:06,101 FATAL [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0056: Server boot has failed in an unrecoverable manner; exiting. See previous messages for details.
~~~
The same error is observed when setting configured-requires-write to false using CLI.
~~~
[standalone@localhost:9990 /] /core-service=management/access=authorization/constraint=vault-expression:write-attribute(name=configured-requires-write,value=false)
{
"outcome" => "failed",
"failure-description" => "WFLYDM0144: Sensitivity constraint configured-requires-write contains imcompatible attrib
ute value to other sensitive classification constraints.",
"rolled-back" => true
}
~~~