-
Bug
-
Resolution: Done
-
Blocker
-
3.0.0.Beta27
-
None
Some /subsystem=elytron/key-store operations should probably be marked runtime-only. (edit: this is already part of JBEAP-11790) Their handlers extends ElytronRuntimeOnlyHandler and they don't seem to change anything in model.
load
store
read-alias
read-aliases
remove-alias
[standalone@embedded /] /subsystem=elytron/key-store=aa:read-operation-description(name=load
{
"outcome" => "success",
"result" => {
"operation-name" => "load",
"description" => "Load the KeyStore, if the KeyStore is file backed this will involve re-reading the contents of the file.",
"request-properties" => {},
"reply-properties" => {},
"read-only" => false,
"runtime-only" => false
}
}
[standalone@embedded /] /subsystem=elytron/key-store=aa:read-operation-description(name=store
{
"outcome" => "success",
"result" => {
"operation-name" => "store",
"description" => "Store the KeyStore to file, this operation will fail for any KeyStore instances not backed by a file. If the file does not exist and it was not flagged as required it will be created.",
"request-properties" => {},
"reply-properties" => {},
"read-only" => false,
"runtime-only" => false
}
}
[standalone@embedded /] /subsystem=elytron/key-store=aa:read-operation-description(name=read-alias
{
"outcome" => "success",
"result" => {
"operation-name" => "read-alias",
"description" => "Read an alias from a KeyStore.",
"request-properties" => {"alias" => {
"type" => STRING,
"description" => "The alias of the KeyStore item to read.",
"expressions-allowed" => false,
"required" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
}},
"reply-properties" => {},
"read-only" => true,
"runtime-only" => false
}
}
[standalone@embedded /] /subsystem=elytron/key-store=aa:read-operation-description(name=read-aliases
{
"outcome" => "success",
"result" => {
"operation-name" => "read-aliases",
"description" => "Read aliases from a KeyStore.",
"request-properties" => {},
"reply-properties" => {},
"read-only" => true,
"runtime-only" => false
}
}
[standalone@embedded /] /subsystem=elytron/key-store=aa:read-operation-description(name=remove-alias
{
"outcome" => "success",
"result" => {
"operation-name" => "remove-alias",
"description" => "Remove an alias from a KeyStore.",
"request-properties" => {"alias" => {
"type" => STRING,
"description" => "The alias of the KeyStore item to remove.",
"expressions-allowed" => false,
"required" => true,
"nillable" => false,
"min-length" => 1L,
"max-length" => 2147483647L
}},
"reply-properties" => {},
"read-only" => false,
"runtime-only" => false
}
}
Also I'm not sure whether they should be registered at /profile resources in domain as they are rolled out to servers (servers might try to write to file concurrently).
[domain@localhost:9990 /] /profile=default/subsystem=elytron/key-store=test:store() { "outcome" => "failed", "result" => undefined, "failure-description" => {"WFLYDC0074: Operation failed or was rolled back on all servers. Server failures:" => {"server-group" => {"main-server-group" => {"host" => {"master" => { "server-one" => "WFLYELY00010: Unable to save KeyStore - KeyStore file '/tmp/test' does not exist.", "server-two" => "WFLYELY00010: Unable to save KeyStore - KeyStore file '/tmp/test' does not exist." }}}}}}, "rolled-back" => true, "server-groups" => {"main-server-group" => {"host" => {"master" => { "server-one" => {"response" => { "outcome" => "failed", "result" => undefined, "failure-description" => "WFLYELY00010: Unable to save KeyStore - KeyStore file '/tmp/test' does not exist.", "rolled-back" => true }}, "server-two" => {"response" => { "outcome" => "failed", "result" => undefined, "failure-description" => "WFLYELY00010: Unable to save KeyStore - KeyStore file '/tmp/test' does not exist.", "rolled-back" => true }} }}}} }
priority set to blocker to decide whether operations can be registered at profile resources. They can be added back later but they cannot be removed.
- clones
-
-
- Verified
-
