[WFCORE-1274] CLI resolve-parameter-values set to true does not recognize vaulted strings #1346
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @@ -48,6 +49,9 @@ | |||
| /** Environment variable prefix */ | |||
| private static final String ENV_PREFIX = "env."; | |||
|
|
|||
| /** Security Vault pattern */ | |||
| private static final Pattern VAULT_PATTERN = Pattern.compile("VAULT::.*::.*::.*"); | |||
There was a problem hiding this comment.
…nise vaulted strings
|
@aloubyansky please approve |
|
Not ok. First of all this change makes a decision to return too early. If the line in the added test was e.g. "the value is ${VAULT::text::password::1} ${os.name}" then ${os.name} wouldn't be resolved. Second, there is actually a way to escape expressions like that by adding the extra '$' in front. (I copied this from some other expression parser David wrote for DMR or something). That's not very obvious but I remember it was a better idea than messing with backslash escaping in a case like this one. |
there is actually a way to escape expressions like that by adding the extra '$' in front"Since there is an existing way to escape the expression, this should NOT be a problem then, I tested that user can use $${VAULT::text::password::1} to escape the expression, which gets the expected: ${VAULT::text::password::1} in standalone.xml
|
|
Close it as it should not be a problem. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Jira: https://issues.jboss.org/browse/WFCORE-1274
The format of security vault:
${VAULT::xxx::yyy::zzz}is like system property:${propName:defaultValue}. I prefer to let user send escaped string:$\{VAULT::xxx::yyy::zzz\}, instead of let CLI distinguish the input for this special case.