-
Bug
-
Resolution: Done
-
Blocker
-
None
The credential-store has "alias" as sub-resources, however its behavior in domain mode is not working correctly.
- The :add operation is performed on a DC (/profile=xxx prefix)
- The :read-resource is performed on a running server (/host=xxx prefix)
- The :remove operation (ether runs on a DC or running server) returns "success" but the alias is not removed.
This behavior is a bit inconsistent, to perform write operations on different resources (DC or SERVER) for add and remove.
Add the credential-store
/profile=full/subsystem=elytron/credential-store=store-test-1:add(location=store-test-1,create=true,modifiable=true,credential-reference={clear-text=admin123})
Add an alias
/profile=full/subsystem=elytron/credential-store=store-test-1/alias=user1:add(secret-value=admin123)
{
"outcome" => "success",
"result" => undefined,
"server-groups" => {"main-server-group" => {"host" => {"master" => {"server-one" => {"response" => {"outcome" => "success"}}}}}}
}
/profile=full/subsystem=elytron/credential-store=store-test-1/alias=user2:add(secret-value=admin)
{
"outcome" => "success",
"result" => undefined,
"server-groups" => {"main-server-group" => {"host" => {"master" => {"server-one" => {"response" => {"outcome" => "success"}}}}}}
}
Read aliases from DC returns no alias
/profile=full/subsystem=elytron/credential-store=store-test-1/alias=*:read-resource(include-runtime)
{
"outcome" => "success",
"result" => []
}
Read aliases from running server
*/host=master/server=server-one/subsystem=elytron/credential-store=store-test-1:read-resource(include-runtime,recursive)
{
"outcome" => "success",
"result" => {
"credential-reference" => {"clear-text" => "admin123"},
"other-providers" => undefined,
"provider-name" => undefined,
"providers" => undefined,
"relative-to" => undefined,
"state" => "UP",
"type" => undefined,
"uri" => "cr-store://store-test-1?create=true;keyStoreType=JCEKS;modifiable=true",
"alias" => {
"user1" => {
"entry-type" => undefined,
"secret-value" => undefined
},
"user2" => {
"entry-type" => undefined,
"secret-value" => undefined
}
}
}
}
Remove an alias from DC (but the alias is not removed after all)
/profile=full/subsystem=elytron/credential-store=store-test-1/alias=user1:remove
{
"outcome" => "success",
"result" => undefined,
"server-groups" => {"main-server-group" => {"host" => {"master" => {"server-one" => {"response" => {
"outcome" => "success",
"result" => undefined
}}}}}}
}
Read aliases on running server
/host=master/server=server-one/subsystem=elytron/credential-store=store-test-1:read-resource(include-runtime,recursive)
{
"outcome" => "success",
"result" => {
"credential-reference" => {"clear-text" => "admin123"},
"other-providers" => undefined,
"provider-name" => undefined,
"providers" => undefined,
"relative-to" => undefined,
"state" => "UP",
"type" => undefined,
"uri" => "cr-store://store-test-1?create=true;keyStoreType=JCEKS;modifiable=true",
"alias" => {
"user1" => {
"entry-type" => undefined,
"secret-value" => undefined
},
"user2" => {
"entry-type" => undefined,
"secret-value" => undefined
}
}
}
}
Alias doesn't exist in DC
/profile=full/subsystem=elytron/credential-store=store-test-1/alias=user2:read-resource
{
"outcome" => "failed",
"failure-description" => "WFLYCTL0216: Management resource '[
(\"profile\" => \"full\"),
(\"subsystem\" => \"elytron\"),
(\"credential-store\" => \"store-test-1\"),
(\"alias\" => \"user2\")
]' not found",
"rolled-back" => true
}
That said I request a review on this alias behavior for the elytron resources that uses them. This will help web console to be consistent for the configuration and runtime management of a wildfly domain.
- blocks
-
-
- Verified
-
-
JBEAP-8571 CredentialStore issues
-
- Resolved
-
- is incorporated by
-
JBEAP-10845 (7.1.0) Upgrade to WildFly Core to 3.0.0.Beta23
-
- Verified
-
