Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-5305

Response warnings don't propagate up in read-resource response assembly

XMLWordPrintable

    • Hide

      One way to reproduce: Create a masked value and read a resource with resolution enabled

      [standalone@localhost:9990 /] /subsystem=elytron/secret-key-credential-store=prop-cred-store:add(path=prop-cred-store.cs, relative-to=jboss.server.config.dir, create=true)
      {"outcome" => "success"}
      
      [standalone@localhost:9990 /] /subsystem=elytron/secret-key-credential-store=prop-cred-store:generate-secret-key(alias=example)
      {"outcome" => "success"}
      
      [standalone@localhost:9990 /] /subsystem=elytron/expression=encryption:add(prefix=ENCRYPTED, default-resolver=one, resolvers=[{name=one, credential-store=prop-cred-store, secret-key=example}])
      {"outcome" => "success"}
      
      [standalone@localhost:9990 /] /subsystem=elytron/expression=encryption:create-expression(resolver=one, clear-text=my-masked-value)
      {
          "outcome" => "success",
          "result" => {"expression" => "${ENCRYPTED::one:RUxZAUMQibhBnxiRKpGWblRxmDYy/eGYqmuuaTLTOBNI92XcQPI=}"}
      }
      
      [standalone@localhost:9990 /] /system-property=tes-property:add(value=${ENCRYPTED::one:RUxZAUMQibhBnxiRKpGWblRxmDYy/eGYqmuuaTLTOBNI92XcQPI=})
      {"outcome" => "success"}
      
      [standalone@localhost:9990 /] /system-property=tes-property:read-attribute(name=value, resolve-expressions=true)
      {
          "outcome" => "success",
          "result" => expression "${ENCRYPTED::one:RUxZAUMQibhBnxiRKpGWblRxmDYy/eGYqmuuaTLTOBNI92XcQPI=}",
          "response-headers" => {"warnings" => [{
              "warning" => "WFLYCTL0479: Attribute 'value' at resource '/system-property=tes-property' with unresolved value 'expression \"${ENCRYPTED::one:RUxZAUMQibhBnxiRKpGWblRxmDYy/
      eGYqmuuaTLTOBNI92XcQPI=}\"' cannot be resolved using the non-security-sensitive sources resolution supported by the 'resolve' parameter. Response will report the unresolved value.
      ",
              "level" => "WARNING",
              "operation" => {
                  "address" => [("system-property" => "tes-property")],
                  "operation" => "read-attribute"
              }
          }]}
      }
      
      [standalone@localhost:9990 /] /system-property=tes-property:read-resource(resolve-expressions=true)
      {
          "outcome" => "success",
          "result" => {"value" => expression "${ENCRYPTED::one:RUxZAUMQibhBnxiRKpGWblRxmDYy/eGYqmuuaTLTOBNI92XcQPI=}"}
      }
      
      [standalone@localhost:9990 /] :read-resource(resolve-expressions=true, recursive=true, recursive-depth=1)
      

      We should get a warning not only on the :read-attribute but also on the :read-resouce at both levels, directly resource and recursively from the parent

      Show
      One way to reproduce: Create a masked value and read a resource with resolution enabled [standalone@localhost:9990 /] /subsystem=elytron/secret-key-credential-store=prop-cred-store:add(path=prop-cred-store.cs, relative-to=jboss.server.config.dir, create=true) {"outcome" => "success"} [standalone@localhost:9990 /] /subsystem=elytron/secret-key-credential-store=prop-cred-store:generate-secret-key(alias=example) {"outcome" => "success"} [standalone@localhost:9990 /] /subsystem=elytron/expression=encryption:add(prefix=ENCRYPTED, default-resolver=one, resolvers=[{name=one, credential-store=prop-cred-store, secret-key=example}]) {"outcome" => "success"} [standalone@localhost:9990 /] /subsystem=elytron/expression=encryption:create-expression(resolver=one, clear-text=my-masked-value) { "outcome" => "success", "result" => {"expression" => "${ENCRYPTED::one:RUxZAUMQibhBnxiRKpGWblRxmDYy/eGYqmuuaTLTOBNI92XcQPI=}"} } [standalone@localhost:9990 /] /system-property=tes-property:add(value=${ENCRYPTED::one:RUxZAUMQibhBnxiRKpGWblRxmDYy/eGYqmuuaTLTOBNI92XcQPI=}) {"outcome" => "success"} [standalone@localhost:9990 /] /system-property=tes-property:read-attribute(name=value, resolve-expressions=true) { "outcome" => "success", "result" => expression "${ENCRYPTED::one:RUxZAUMQibhBnxiRKpGWblRxmDYy/eGYqmuuaTLTOBNI92XcQPI=}", "response-headers" => {"warnings" => [{ "warning" => "WFLYCTL0479: Attribute 'value' at resource '/system-property=tes-property' with unresolved value 'expression \"${ENCRYPTED::one:RUxZAUMQibhBnxiRKpGWblRxmDYy/ eGYqmuuaTLTOBNI92XcQPI=}\"' cannot be resolved using the non-security-sensitive sources resolution supported by the 'resolve' parameter. Response will report the unresolved value. ", "level" => "WARNING", "operation" => { "address" => [("system-property" => "tes-property")], "operation" => "read-attribute" } }]} } [standalone@localhost:9990 /] /system-property=tes-property:read-resource(resolve-expressions=true) { "outcome" => "success", "result" => {"value" => expression "${ENCRYPTED::one:RUxZAUMQibhBnxiRKpGWblRxmDYy/eGYqmuuaTLTOBNI92XcQPI=}"} } [standalone@localhost:9990 /] :read-resource(resolve-expressions=true, recursive=true, recursive-depth=1) We should get a warning not only on the :read-attribute but also on the :read-resouce at both levels, directly resource and recursively from the parent
    • Undefined

          While working on WFCORE-5303 I noticed that a response warning that gets emitted for read-attribute doesn't get incorporated in the overall read-resource response that internally calls read-attribute.

      Warnings are attached by AbstractOperationContext to the response for the activeStep, but the assembly logic for read-resource is not pulling them out and collating them into the overall response.

              parsharm Parul Sharma
              bstansbe@redhat.com Brian Stansberry
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: