Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-3340

Authentication "module-options" inconsistently hash vs list of key/values

    XMLWordPrintable

Details

    Description

      When adding an authentication mechanism to a security domain it is possible to set the module-options with a hash (which is great!). However, as soon as a reload occurs they revert back into a list of key-value pairs. This only makes sense if order matters (which I hope it doesn't) or if keys can be repeated (again, hope not).

      Configuration management tools should only change a value when it needs to, and this is way easier if the value that is set is the same value that is read. Hashes are also far easier to work with in ruby/puppet/chef.

      Steps to reproduce:
      1. Set the module_options on an already existing authentication mechanism:

      /subsystem=security/security-domain=servlet-security-quickstart/authentication=classic:write-attribute(name=login-modules, value=[{"code" => "Database","flag"=>"required","module-options"=>{"dsJndiName" =>
"java:jboss/datasources/ServletSecurityDS", "principalsQuery" => "SELECT PASSWORD FROM USERS WHERE USERNAME = ?", "role
sQuery" => "SELECT R.NAME, 'Roles' FROM USERS_ROLES UR INNER JOIN ROLES R ON R.ID = UR.ROLE_ID INNER JOIN USERS U ON U.ID = UR.USER_ID WHERE U.USERNAME = ?"}}])

      2. Read the resource (notice that module-options is till a nice easy to use hash!)

      {
    "outcome" => "success",
    "result" => {"login-modules" => [{
        "module-options" => {
            "dsJndiName" => "java:jboss/datasources/ServletSecurityDS",
            "principalsQuery" => "SELECT PASSWORD FROM USERS WHERE USERNAME = ?",
            "rolesQuery" => "SELECT R.NAME, 'Roles' FROM USERS_ROLES UR INNER JOIN ROLES R ON R.ID = UR.ROLE_ID INNER JOIN USERS U ON U.ID = UR.USER_ID WHERE U.USERNAME = ?"
        },
        "flag" => "required",
        "code" => "Database"
    }]},
    "response-headers" => {"process-state" => "reload-required"}
}

      3. Reload, then read-resource

      {
    "outcome" => "success",
    "result" => {"login-modules" => [{
        "code" => "Database",
        "flag" => "required",
        "module-options" => [
            ("dsJndiName" => "java:jboss/datasources/ServletSecurityDS"),
            ("principalsQuery" => "SELECT PASSWORD FROM USERS WHERE USERNAME = ?"),
            ("rolesQuery" => "SELECT R.NAME, 'Roles' FROM USERS_ROLES UR INNER JOIN ROLES R ON R.ID = UR.ROLE_ID INNER JOIN USERS U ON U.ID = UR.USER_ID WHERE U.USERNAME = ?")
        ]
    }]}
}

      4. module-options is now a list of key-value pairs, and is not equal to what it was set to before

      Attachments

        Issue Links

          relates to

          Enhancement - An enhancement to or refactoring of existing functionality that is not configurable by an end user (typically a change made by an internal team that affects users) WFCORE-418 Input/Output Formats Should Be Standard Formats (json/yaml/etc)

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Activity

            People

              bstansbe@redhat.com Brian Stansberry
              cpitman@redhat.com Christopher Pitman (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: