Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-7619

Is impossible remove whole Elytron subsystem when Elytron resource depends on another Elytron resource.

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 11.0.0.Alpha1
    • None
    • Security
    • None
    • Hide
      • firefly.keystore which is attached copy to eap_home/standalone/data/cs.
      • run EAP server
        ./bin/standalone.sh
      • run CLI
        ./bin/jboss-cli.sh -c
        if applicaple add Elytron extension and Elytron subsystem and reload server
        /extension=org.wildfly.extension.elytron:add()
        /subsystem=elytron:add()
        reload
      • /subsystem=elytron/credential-store=credStore:add(uri="cr-store://test/cs/scratchSC.jceks?create.storage=true;store.password=pass123"
      • /subsystem=elytron/credential-store=credStore/alias=ff:add(secret-value=Elytron)
      • /subsystem=elytron/key-store=firefly:add(path=cs/firefly.keystore,relative-to=jboss.server.data.dir,type=JKS,credential-reference= {store=credStore,alias=ff}

        )

      • /subsystem=elytron:remove()
      Show
      firefly.keystore which is attached copy to eap_home/standalone/data/cs. run EAP server ./bin/standalone.sh run CLI ./bin/jboss-cli.sh -c if applicaple add Elytron extension and Elytron subsystem and reload server /extension=org.wildfly.extension.elytron:add() /subsystem=elytron:add() reload /subsystem=elytron/credential-store=credStore:add(uri="cr-store://test/cs/scratchSC.jceks?create.storage=true;store.password=pass123" /subsystem=elytron/credential-store=credStore/alias=ff:add(secret-value=Elytron) /subsystem=elytron/key-store=firefly:add(path=cs/firefly.keystore,relative-to=jboss.server.data.dir,type=JKS,credential-reference= {store=credStore,alias=ff} ) /subsystem=elytron:remove()

      Is impossible remove whole Elytron subsystem by one command when Elytron resource depends on another Elytron resource.

      Scenario:

      • I have KeyStore in Elytron subsystem with CredentialStoreReference set to CredentialStore
      • I want to delete whole Elytron subsystem
      • I execute this CLI command /subsystem=elytron:remove() and get error 
        {
    "outcome" => "failed",
    "failure-description" => "WFLYCTL0171: Removing services has lead to unsatisfied dependencies:
Service org.wildfly.security.credential-store-client.credStore was depended upon by service org.wildfly.security.key-store.firefly",
    "rolled-back" => true
}

      NOTES:

      • When I perform CLI command /subsystem=elytron:remove() again as it passes.
      • When I use for remove {allow-resource-service-restart=true} as /subsystem=elytron:remove(){allow-resource-service-restart=true}

        then result is successful.

              jkalina@redhat.com Jan Kalina (Inactive)
              hsvabek_jira Hynek Švábek (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: