This Jira is for all ELYTRON_ENABLED attributes defined in datasources subsystem.
The attribute definition has two bugs:

• alternatives defined:
  The alternative prevents the user from setting an ELYTRON_ENABLED attribute to false and using one of the alternative attributes, such as SECURITY_DOMAIN because the model will be considered invalid. (see more details below)

The correct is using alternatives at the AUTHENTICATION_CONTEXT attributes instead and doing an extra validation at AbstractDataSourceAdd/XaDataSourceAdd.

• marshalling of the attribute, we need to follow the same standard as other boolean attributes in the module, the attribute must be marshalled as a <elytron-enabled>true</elytron-enabled> instead of <elytron-enabled/>, which is the current form being used now

More details on the alternatives bug:

If elytron-enabled is set to false,we cannot use the other alternatives:

/profile=full/subsystem=datasources/xa-data-source=H2XADS:add(driver-name=h2,
jndi-name="java:/H2XADS",user-name=sa,password=sa)
/profile=full/subsystem=datasources/xa-data-source=H2XADS:undefine-attribute(name=password)
/profile=full/subsystem=datasources/xa-data-source=H2XADS:undefine-attribute(name=user-name)
/profile=full/subsystem=datasources/xa-data-source=H2XADS:write-attribute(name=elytron-enabled,value=false)
/profile=full/subsystem=datasources/xa-data-source=H2XADS:write-attribute(name=user-name,value=sa)

The last command fails with:

/profile=full/subsystem=datasources/xa-data-source=H2XADS:write-attribute(name=user-name,value=sa)
{
"outcome" => "failed",
"failure-description" =>

,
"rolled-back" => true
}