Details
-
Bug
-
Resolution: Done
-
Major
-
2.0.0.CR5
-
None
Description
Setting up host scoped roles as follows https://gist.github.com/heiko-braun/0dc810ed04db8739defd there are inconsistent results in the filtering. When using a role which only selects the master there is no access-control response header showing the filtered resources, and the slave wrongly appears in the results:
[domain@localhost:9990 /] /host=*:read-resource{roles=master-monitor}
{
"outcome" => "success",
"result" => [
{
"address" => [("host" => "master")],
"outcome" => "success",
"result" => {
"directory-grouping" => "by-server",
"domain-controller" => {"local" => {}},
"management-major-version" => 4,
"management-micro-version" => 0,
"management-minor-version" => 0,
"master" => true,
"name" => "master",
"namespaces" => [],
"organization" => undefined,
"product-name" => "WildFly Core",
"product-version" => "2.0.0.CR6-SNAPSHOT",
"release-codename" => "Kenny",
"release-version" => "2.0.0.CR6-SNAPSHOT",
"schema-locations" => [],
"core-service" => {
"host-environment" => undefined,
"platform-mbean" => undefined,
"management" => undefined,
"discovery-options" => undefined,
"ignored-resources" => undefined,
"patching" => undefined,
"module-loading" => undefined
},
"extension" => {"org.jboss.as.jmx" => undefined},
"interface" => {
"management" => undefined,
"public" => undefined,
"unsecure" => undefined
},
"jvm" => {"default" => undefined},
"path" => undefined,
"server" => {
"server-one" => undefined,
"server-two" => undefined,
"server-three" => undefined
},
"server-config" => {
"server-one" => undefined,
"server-two" => undefined,
"server-three" => undefined
},
"socket-binding-group" => undefined,
"subsystem" => {"jmx" => undefined},
"system-property" => undefined
}
},
{
"address" => [("host" => "localhost")],
"outcome" => "success",
"result" => undefined
}
]
}
When using a role that only selects the slave we get a proper access-control header
[domain@localhost:9990 /] /host=*:read-resource{roles=slave-maintainer}
{
"outcome" => "success",
"result" => [{
"address" => [("host" => "localhost")],
"outcome" => "success",
"result" => undefined
}],
"response-headers" => {"access-control" => [{
"absolute-address" => [],
"relative-address" => [],
"filtered-children-types" => ["host"]
}]}
The same output on master with WFCORE-994 applied:
[domain@localhost:9990 /] /host=*:read-resource{roles=slave-maintainer}
{
"outcome" => "success",
"result" => [{
"address" => [("host" => "slave")],
"outcome" => "success",
"result" => {
"directory-grouping" => "by-server",
"domain-controller" => {"remote" => {
"protocol" => undefined,
"port" => undefined,
"host" => undefined,
"username" => undefined,
"ignore-unused-configuration" => undefined,
"admin-only-policy" => undefined,
"security-realm" => "ManagementRealm"
}},
"management-major-version" => 4,
"management-micro-version" => 0,
"management-minor-version" => 0,
"master" => false,
"name" => "slave",
"namespaces" => [],
"organization" => undefined,
"product-name" => undefined,
"product-version" => undefined,
"release-codename" => "Kenny",
"release-version" => "2.0.0.CR6-SNAPSHOT",
"schema-locations" => [],
"core-service" => {
"host-environment" => undefined,
"platform-mbean" => undefined,
"management" => undefined,
"discovery-options" => undefined,
"ignored-resources" => undefined,
"patching" => undefined,
"module-loading" => undefined
},
"extension" => {"org.jboss.as.jmx" => undefined},
"interface" => {
"management" => undefined,
"public" => undefined,
"unsecure" => undefined
},
"jvm" => {"default" => undefined},
"path" => undefined,
"server" => {
"server-one" => undefined,
"server-two" => undefined
},
"server-config" => {
"server-one" => undefined,
"server-two" => undefined
},
"socket-binding-group" => undefined,
"subsystem" => {"jmx" => undefined},
"system-property" => undefined
}
}],
"response-headers" => {"access-control" => [{
"absolute-address" => [],
"relative-address" => [],
"filtered-children-types" => ["host"]
}]}
}
master-monitor should behave the same as slave-maintainer.
