Loading...

Details

Type: Bug
Resolution: Done
Priority: Minor
Fix Version/s: 22.0.0.Beta2, 22.0.0.Final
Affects Version/s: None
Component/s: Management
Labels:
None

Steps to Reproduce:
Hide

One way to reproduce: Create a masked value and read a resource with resolution enabled

[standalone@localhost:9990 /] /subsystem=elytron/secret-key-credential-store=prop-cred-store:add(path=prop-cred-store.cs, relative-to=jboss.server.config.dir, create=true) {"outcome" => "success"} [standalone@localhost:9990 /] /subsystem=elytron/secret-key-credential-store=prop-cred-store:generate-secret-key(alias=example) {"outcome" => "success"} [standalone@localhost:9990 /] /subsystem=elytron/expression=encryption:add(prefix=ENCRYPTED, default-resolver=one, resolvers=[{name=one, credential-store=prop-cred-store, secret-key=example}]) {"outcome" => "success"} [standalone@localhost:9990 /] /subsystem=elytron/expression=encryption:create-expression(resolver=one, clear-text=my-masked-value) { "outcome" => "success", "result" => {"expression" => "${ENCRYPTED::one:RUxZAUMQibhBnxiRKpGWblRxmDYy/eGYqmuuaTLTOBNI92XcQPI=}"} } [standalone@localhost:9990 /] /system-property=tes-property:add(value=${ENCRYPTED::one:RUxZAUMQibhBnxiRKpGWblRxmDYy/eGYqmuuaTLTOBNI92XcQPI=}) {"outcome" => "success"} [standalone@localhost:9990 /] /system-property=tes-property:read-attribute(name=value, resolve-expressions=true) { "outcome" => "success", "result" => expression "${ENCRYPTED::one:RUxZAUMQibhBnxiRKpGWblRxmDYy/eGYqmuuaTLTOBNI92XcQPI=}", "response-headers" => {"warnings" => [{ "warning" => "WFLYCTL0479: Attribute 'value' at resource '/system-property=tes-property' with unresolved value 'expression \"${ENCRYPTED::one:RUxZAUMQibhBnxiRKpGWblRxmDYy/ eGYqmuuaTLTOBNI92XcQPI=}\"' cannot be resolved using the non-security-sensitive sources resolution supported by the 'resolve' parameter. Response will report the unresolved value. ", "level" => "WARNING", "operation" => { "address" => [("system-property" => "tes-property")], "operation" => "read-attribute" } }]} } [standalone@localhost:9990 /] /system-property=tes-property:read-resource(resolve-expressions=true) { "outcome" => "success", "result" => {"value" => expression "${ENCRYPTED::one:RUxZAUMQibhBnxiRKpGWblRxmDYy/eGYqmuuaTLTOBNI92XcQPI=}"} } [standalone@localhost:9990 /] :read-resource(resolve-expressions=true, recursive=true, recursive-depth=1)

We should get a warning not only on the :read-attribute but also on the :read-resouce at both levels, directly resource and recursively from the parent
Show
One way to reproduce: Create a masked value and read a resource with resolution enabled [standalone@localhost:9990 /] /subsystem=elytron/secret-key-credential-store=prop-cred-store:add(path=prop-cred-store.cs, relative-to=jboss.server.config.dir, create=true) {"outcome" => "success"} [standalone@localhost:9990 /] /subsystem=elytron/secret-key-credential-store=prop-cred-store:generate-secret-key(alias=example) {"outcome" => "success"} [standalone@localhost:9990 /] /subsystem=elytron/expression=encryption:add(prefix=ENCRYPTED, default-resolver=one, resolvers=[{name=one, credential-store=prop-cred-store, secret-key=example}]) {"outcome" => "success"} [standalone@localhost:9990 /] /subsystem=elytron/expression=encryption:create-expression(resolver=one, clear-text=my-masked-value) { "outcome" => "success", "result" => {"expression" => "${ENCRYPTED::one:RUxZAUMQibhBnxiRKpGWblRxmDYy/eGYqmuuaTLTOBNI92XcQPI=}"} } [standalone@localhost:9990 /] /system-property=tes-property:add(value=${ENCRYPTED::one:RUxZAUMQibhBnxiRKpGWblRxmDYy/eGYqmuuaTLTOBNI92XcQPI=}) {"outcome" => "success"} [standalone@localhost:9990 /] /system-property=tes-property:read-attribute(name=value, resolve-expressions=true) { "outcome" => "success", "result" => expression "${ENCRYPTED::one:RUxZAUMQibhBnxiRKpGWblRxmDYy/eGYqmuuaTLTOBNI92XcQPI=}", "response-headers" => {"warnings" => [{ "warning" => "WFLYCTL0479: Attribute 'value' at resource '/system-property=tes-property' with unresolved value 'expression \"${ENCRYPTED::one:RUxZAUMQibhBnxiRKpGWblRxmDYy/ eGYqmuuaTLTOBNI92XcQPI=}\"' cannot be resolved using the non-security-sensitive sources resolution supported by the 'resolve' parameter. Response will report the unresolved value. ", "level" => "WARNING", "operation" => { "address" => [("system-property" => "tes-property")], "operation" => "read-attribute" } }]} } [standalone@localhost:9990 /] /system-property=tes-property:read-resource(resolve-expressions=true) { "outcome" => "success", "result" => {"value" => expression "${ENCRYPTED::one:RUxZAUMQibhBnxiRKpGWblRxmDYy/eGYqmuuaTLTOBNI92XcQPI=}"} } [standalone@localhost:9990 /] :read-resource(resolve-expressions=true, recursive=true, recursive-depth=1) We should get a warning not only on the :read-attribute but also on the :read-resouce at both levels, directly resource and recursively from the parent
Release Note Text:
Undefined
Git Pull Request:
https://github.com/wildfly/wildfly-core/pull/4571, https://github.com/wildfly/wildfly-core/pull/5232, https://github.com/wildfly/wildfly-core/pull/5608

Description

While working on ~~WFCORE-5303~~ I noticed that a response warning that gets emitted for read-attribute doesn't get incorporated in the overall read-resource response that internally calls read-attribute.

Warnings are attached by AbstractOperationContext to the response for the activeStep, but the assembly logic for read-resource is not pulling them out and collating them into the overall response.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

image-2021-04-12-21-41-34-830.png
198 kB
2021/04/12 4:11 PM
image-2021-04-12-22-43-58-928.png
82 kB
2021/04/12 5:13 PM

Issue Links

relates to

WFCORE-5303 :resolve-expression does not resolve encrypted expressions

Closed

Response warnings don't propagate up in read-resource response assembly

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates