Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-7092

Property file passed via CLI does not resolve expressions with relative path value in vault attributes

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Minor
    • 7.1.0.DR9
    • 7.0.3.GA, 7.1.0.DR7, 7.1.0.DR8
    • CLI
    • None
    • Workaround Exists
    • Hide

      Load the properties during startup (standalone.sh -P vault.properties) and execute the cli, which will give successful execution and internally resolves the expressions. However we will not able to view the actual value through cli, it will show the expressions only, where in EAP6 these expressions are replaced by actual value from property file after execution.

      [sidde@sidde bin]$ ./jboss-cli.sh -c --file=../cli/vault.cli
{"outcome" => "success"}
{
    "outcome" => "success",
    "result" => {
        "code" => undefined,
        "module" => undefined,
        "vault-options" => {
            "KEYSTORE_URL" => expression "${vault.keystore.url}",
            "KEYSTORE_PASSWORD" => expression "${vault.keystore.password}",
            "KEYSTORE_ALIAS" => expression "${vault.keystore.alias}",
            "SALT" => expression "${vault.salt}",
            "ITERATION_COUNT" => expression "${vault.iteration}",
            "ENC_FILE_DIR" => expression "${vault.encfiledir}"
        }
    }
}
      Show
      Load the properties during startup (standalone.sh -P vault.properties) and execute the cli, which will give successful execution and internally resolves the expressions. However we will not able to view the actual value through cli, it will show the expressions only, where in EAP6 these expressions are replaced by actual value from property file after execution. [sidde@sidde bin]$ ./jboss-cli.sh -c --file=../cli/vault.cli {"outcome" => "success"} { "outcome" => "success", "result" => { "code" => undefined, "module" => undefined, "vault-options" => { "KEYSTORE_URL" => expression "${vault.keystore.url}", "KEYSTORE_PASSWORD" => expression "${vault.keystore.password}", "KEYSTORE_ALIAS" => expression "${vault.keystore.alias}", "SALT" => expression "${vault.salt}", "ITERATION_COUNT" => expression "${vault.iteration}", "ENC_FILE_DIR" => expression "${vault.encfiledir}" } } }
    • Hide

      Observation in EAP6:

      Set <resolve-parameter-values>true</resolve-parameter-values> in jboss-cli.xml and execute cli script like ./jboss-cli.sh -c --file=../../cli/vault.cli --properties=../../cli/vault.properties and every expressions mentioned in vault.properties got resolved during execution.

      Output:

      [sidde@sidde configuration]$ ../../bin/jboss-cli.sh -c --file=../../cli/vault.cli --properties=../../cli/vault.properties 
{"outcome" => "success"}
{
    "outcome" => "success",
    "result" => {
        "code" => undefined,
        "module" => undefined,
        "vault-options" => {
            "KEYSTORE_URL" => expression "${jboss.server.config.dir}/vault/vault.keystore",
            "KEYSTORE_PASSWORD" => "MASK-20z/5hRIeZClI0h6Wztl9Z",
            "KEYSTORE_ALIAS" => "vault",
            "SALT" => "12345678",
            "ITERATION_COUNT" => "50",
            "ENC_FILE_DIR" => expression "${jboss.server.config.dir}/vault/"
        }
    }
}

      Observation in EAP7:

      Tried to execute the same in EAP7 by doing the same changes in jboss-cli.xml but while executing cli in same fashion, received below error

      [sidde@sidde bin]$ ./jboss-cli.sh -c --file=../cli/vault.cli --properties=../cli/vault.properties 
{
    "outcome" => "failed",
    "failure-description" => "WFLYCTL0211: Cannot resolve expression '${vault.keystore.url}'",
    "rolled-back" => true
}

      Below are the files for reference

      • vault.cli: 
        /core-service=vault:add( \
    vault-options=[ \
        ("KEYSTORE_URL" => "${vault.keystore.url}"), \
        ("KEYSTORE_PASSWORD" => "${vault.keystore.password}"), \
        ("KEYSTORE_ALIAS" => "${vault.keystore.alias}"), \
        ("SALT" => "${vault.salt}"), \
        ("ITERATION_COUNT" => "${vault.iteration}"), \
        ("ENC_FILE_DIR" => "${vault.encfiledir}") \
    ] \
)

/core-service=vault:read-resource(recursive=true)
      • vault.properties: 
        vault.keystore.url=${jboss.server.config.dir}/vault/vault.keystore
vault.keystore.password=MASK-20z/5hRIeZClI0h6Wztl9Z
vault.keystore.alias=vault
vault.salt=12345678
vault.iteration=50
vault.encfiledir=${jboss.server.config.dir}/vault/
      Show
      Observation in EAP6: Set <resolve-parameter-values>true</resolve-parameter-values> in jboss-cli.xml and execute cli script like ./jboss-cli.sh -c --file=../../cli/vault.cli --properties=../../cli/vault.properties and every expressions mentioned in vault.properties got resolved during execution. Output: [sidde@sidde configuration]$ ../../bin/jboss-cli.sh -c --file=../../cli/vault.cli --properties=../../cli/vault.properties {"outcome" => "success"} { "outcome" => "success", "result" => { "code" => undefined, "module" => undefined, "vault-options" => { "KEYSTORE_URL" => expression "${jboss.server.config.dir}/vault/vault.keystore", "KEYSTORE_PASSWORD" => "MASK-20z/5hRIeZClI0h6Wztl9Z", "KEYSTORE_ALIAS" => "vault", "SALT" => "12345678", "ITERATION_COUNT" => "50", "ENC_FILE_DIR" => expression "${jboss.server.config.dir}/vault/" } } } Observation in EAP7: Tried to execute the same in EAP7 by doing the same changes in jboss-cli.xml but while executing cli in same fashion, received below error [sidde@sidde bin]$ ./jboss-cli.sh -c --file=../cli/vault.cli --properties=../cli/vault.properties { "outcome" => "failed", "failure-description" => "WFLYCTL0211: Cannot resolve expression '${vault.keystore.url}'", "rolled-back" => true } Below are the files for reference vault.cli: /core-service=vault:add( \ vault-options=[ \ ("KEYSTORE_URL" => "${vault.keystore.url}"), \ ("KEYSTORE_PASSWORD" => "${vault.keystore.password}"), \ ("KEYSTORE_ALIAS" => "${vault.keystore.alias}"), \ ("SALT" => "${vault.salt}"), \ ("ITERATION_COUNT" => "${vault.iteration}"), \ ("ENC_FILE_DIR" => "${vault.encfiledir}") \ ] \ ) /core-service=vault:read-resource(recursive=true) vault.properties: vault.keystore.url=${jboss.server.config.dir}/vault/vault.keystore vault.keystore.password=MASK-20z/5hRIeZClI0h6Wztl9Z vault.keystore.alias=vault vault.salt=12345678 vault.iteration=50 vault.encfiledir=${jboss.server.config.dir}/vault/

    Description

      Property file passed via CLI with --properties option does not resolve expressions in EAP 7, where in EAP 6 it works fine.

      Attachments

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. WFCORE-1980 Property file passed via CLI does not resolve expressions with relative path value in vault attributes

          • Minor - To be worked after urgent, high, and medium priorities are resolved. This term is chosen when the severity of the issue is low, or the complexity or effort to correct it may be higher, relatively speaking. For low priority issues, known workarounds exist or are not needed due to the trivial effort needed to address the issue.
          • Resolved
          is incorporated by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. JBEAP-7028 (7.1.0) Upgrade to WildFly Core 3.0.0.Alpha13

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Activity

            People

              chaowan@redhat.com Chao Wang
              rhn-support-sidde Siddhartha De
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: