Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-7092

Property file passed via CLI does not resolve expressions with relative path value in vault attributes

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Minor Minor
    • 7.1.0.DR9
    • 7.0.3.GA, 7.1.0.DR7, 7.1.0.DR8
    • CLI
    • None
    • Workaround Exists
    • Hide

      Load the properties during startup (standalone.sh -P vault.properties) and execute the cli, which will give successful execution and internally resolves the expressions. However we will not able to view the actual value through cli, it will show the expressions only, where in EAP6 these expressions are replaced by actual value from property file after execution.

      [sidde@sidde bin]$ ./jboss-cli.sh -c --file=../cli/vault.cli
{"outcome" => "success"}
{
    "outcome" => "success",
    "result" => {
        "code" => undefined,
        "module" => undefined,
        "vault-options" => {
            "KEYSTORE_URL" => expression "${vault.keystore.url}",
            "KEYSTORE_PASSWORD" => expression "${vault.keystore.password}",
            "KEYSTORE_ALIAS" => expression "${vault.keystore.alias}",
            "SALT" => expression "${vault.salt}",
            "ITERATION_COUNT" => expression "${vault.iteration}",
            "ENC_FILE_DIR" => expression "${vault.encfiledir}"
        }
    }
}
      Show
      Load the properties during startup (standalone.sh -P vault.properties) and execute the cli, which will give successful execution and internally resolves the expressions. However we will not able to view the actual value through cli, it will show the expressions only, where in EAP6 these expressions are replaced by actual value from property file after execution. [sidde@sidde bin]$ ./jboss-cli.sh -c --file=../cli/vault.cli {"outcome" => "success"} { "outcome" => "success", "result" => { "code" => undefined, "module" => undefined, "vault-options" => { "KEYSTORE_URL" => expression "${vault.keystore.url}", "KEYSTORE_PASSWORD" => expression "${vault.keystore.password}", "KEYSTORE_ALIAS" => expression "${vault.keystore.alias}", "SALT" => expression "${vault.salt}", "ITERATION_COUNT" => expression "${vault.iteration}", "ENC_FILE_DIR" => expression "${vault.encfiledir}" } } }
    • Hide

      Observation in EAP6:

      Set <resolve-parameter-values>true</resolve-parameter-values> in jboss-cli.xml and execute cli script like ./jboss-cli.sh -c --file=../../cli/vault.cli --properties=../../cli/vault.properties and every expressions mentioned in vault.properties got resolved during execution.

      Output:

      [sidde@sidde configuration]$ ../../bin/jboss-cli.sh -c --file=../../cli/vault.cli --properties=../../cli/vault.properties 
{"outcome" => "success"}
{
    "outcome" => "success",
    "result" => {
        "code" => undefined,
        "module" => undefined,
        "vault-options" => {
            "KEYSTORE_URL" => expression "${jboss.server.config.dir}/vault/vault.keystore",
            "KEYSTORE_PASSWORD" => "MASK-20z/5hRIeZClI0h6Wztl9Z",
            "KEYSTORE_ALIAS" => "vault",
            "SALT" => "12345678",
            "ITERATION_COUNT" => "50",
            "ENC_FILE_DIR" => expression "${jboss.server.config.dir}/vault/"
        }
    }
}

      Observation in EAP7:

      Tried to execute the same in EAP7 by doing the same changes in jboss-cli.xml but while executing cli in same fashion, received below error

      [sidde@sidde bin]$ ./jboss-cli.sh -c --file=../cli/vault.cli --properties=../cli/vault.properties 
{
    "outcome" => "failed",
    "failure-description" => "WFLYCTL0211: Cannot resolve expression '${vault.keystore.url}'",
    "rolled-back" => true
}

      Below are the files for reference

      • vault.cli: 
        /core-service=vault:add( \
    vault-options=[ \
        ("KEYSTORE_URL" => "${vault.keystore.url}"), \
        ("KEYSTORE_PASSWORD" => "${vault.keystore.password}"), \
        ("KEYSTORE_ALIAS" => "${vault.keystore.alias}"), \
        ("SALT" => "${vault.salt}"), \
        ("ITERATION_COUNT" => "${vault.iteration}"), \
        ("ENC_FILE_DIR" => "${vault.encfiledir}") \
    ] \
)

/core-service=vault:read-resource(recursive=true)
      • vault.properties: 
        vault.keystore.url=${jboss.server.config.dir}/vault/vault.keystore
vault.keystore.password=MASK-20z/5hRIeZClI0h6Wztl9Z
vault.keystore.alias=vault
vault.salt=12345678
vault.iteration=50
vault.encfiledir=${jboss.server.config.dir}/vault/
      Show
      Observation in EAP6: Set <resolve-parameter-values>true</resolve-parameter-values> in jboss-cli.xml and execute cli script like ./jboss-cli.sh -c --file=../../cli/vault.cli --properties=../../cli/vault.properties and every expressions mentioned in vault.properties got resolved during execution. Output: [sidde@sidde configuration]$ ../../bin/jboss-cli.sh -c --file=../../cli/vault.cli --properties=../../cli/vault.properties {"outcome" => "success"} { "outcome" => "success", "result" => { "code" => undefined, "module" => undefined, "vault-options" => { "KEYSTORE_URL" => expression "${jboss.server.config.dir}/vault/vault.keystore", "KEYSTORE_PASSWORD" => "MASK-20z/5hRIeZClI0h6Wztl9Z", "KEYSTORE_ALIAS" => "vault", "SALT" => "12345678", "ITERATION_COUNT" => "50", "ENC_FILE_DIR" => expression "${jboss.server.config.dir}/vault/" } } } Observation in EAP7: Tried to execute the same in EAP7 by doing the same changes in jboss-cli.xml but while executing cli in same fashion, received below error [sidde@sidde bin]$ ./jboss-cli.sh -c --file=../cli/vault.cli --properties=../cli/vault.properties { "outcome" => "failed", "failure-description" => "WFLYCTL0211: Cannot resolve expression '${vault.keystore.url}'", "rolled-back" => true } Below are the files for reference vault.cli: /core-service=vault:add( \ vault-options=[ \ ("KEYSTORE_URL" => "${vault.keystore.url}"), \ ("KEYSTORE_PASSWORD" => "${vault.keystore.password}"), \ ("KEYSTORE_ALIAS" => "${vault.keystore.alias}"), \ ("SALT" => "${vault.salt}"), \ ("ITERATION_COUNT" => "${vault.iteration}"), \ ("ENC_FILE_DIR" => "${vault.encfiledir}") \ ] \ ) /core-service=vault:read-resource(recursive=true) vault.properties: vault.keystore.url=${jboss.server.config.dir}/vault/vault.keystore vault.keystore.password=MASK-20z/5hRIeZClI0h6Wztl9Z vault.keystore.alias=vault vault.salt=12345678 vault.iteration=50 vault.encfiledir=${jboss.server.config.dir}/vault/

      Property file passed via CLI with --properties option does not resolve expressions in EAP 7, where in EAP 6 it works fine.

              chaowan@redhat.com Chao Wang
              rhn-support-sidde Siddhartha De
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: