[WFCORE-5709][WFCORE-5705] Make ElytronExpressionResolver useful in S… #4868
Conversation
github-actions
bot
added
the
deps-ok
bstansberry
force-pushed
the
WFCORE-5709
branch
from
2a92b97
to
22df967
Compare
|
@fjuma @darranl this is ready for review It's a foundation piece for the https://issues.redhat.com/browse/WFCORE-5696 PR, as it brings in the basic secure expression handling testing that used to be in CustomVaultInModuleTestCase, but only for vault. #4865 then adds the deployment handling part. That one is still in Draft until I wire up the full WF side and restore the old deployment secure expression testing, but using credential store expressions instead of vault. |
|
Core - Full Integration Build 11057 outcome was FAILURE using a merge of 22df967 |
bstansberry
force-pushed
the
WFCORE-5709
branch
from
22df967
to
e7665da
Compare
| protected void recordCapabilitiesAndRequirements(OperationContext context, ModelNode operation, Resource resource) | ||
| throws OperationFailedException { | ||
| super.recordCapabilitiesAndRequirements(context, operation, resource); | ||
| } |
There was a problem hiding this comment.
Note that this looks like an add in this class but that's an artifact of the diffing algorithm; the block was already there but the diff puts the existing code block in the new ExpressionResolverRemoveHandler class.
That said I don't see the point of either of them. :)
| * @param expression a string that matches begins with {@code ${}} and ends with {@code } and that does not have | ||
| * any substrings that match that pattern. | ||
| * @param context the current {@code OperationContext} to provide additional contextual information. | ||
| * @return a string representing the resolve expression, or @{code null} if {@code expression} is not of a |
There was a problem hiding this comment.
Very minor details in this JavaDoc:
s/@{code null}/{@code null}
s/with {@code ${}} and ends with {@code }/with <code>${</code> and ends with <code>}</code>
There was a problem hiding this comment.
Thanks @yersan -- fixed.
bstansberry
force-pushed
the
WFCORE-5709
branch
from
e7665da
to
6133aed
Compare
bstansberry
force-pushed
the
WFCORE-5709
branch
from
6133aed
to
f62d7f5
Compare
bstansberry
force-pushed
the
WFCORE-5709
branch
from
f62d7f5
to
0e1e894
Compare
…tage.MODEL Create a seperate ExpressionResolverExtension interface that core expression resolver plugins like ElytronExpressionResolver implement instead of ExpressionResolver Add a capability that can be used by ExpressionResolverExtension impls to register themselves with the core expression resolver, allowing their use in Stage.MODEL Separate ExpressionResolverExtension initialization from resolution so initialization failures can be handled separately and not be treated as indicating the extension regarded a given expression as relevant to it, but failed to resolve it. Clarify ExpressionResolverExtension resolution exception handling to distinguish user problems from server problems and not throw OperationFailedException. Update ReadAttributeHandler.ResolveAttributeHandler to understand the ExpressionResolverExtension exceptions and to treat their presence as indication that a secure expression was present. Add manualmode test case analogous to the old CustomVaultInModuleTestCase, but using credential expressions.
bstansberry
force-pushed
the
WFCORE-5709
branch
from
0e1e894
to
a211cae
Compare
…tage.MODEL
Create a separate ExpressionResolverExtension interface that core expression resolver plugins like ElytronExpressionResolver implement instead of ExpressionResolver
Add a capability that can be used by ExpressionResolverExtension impls to register themselves with the core expression resolver, allowing their use in Stage.MODEL
Separate ExpressionResolverExtension initialization from resolution so initialization failures can be handled separately and not be treated as indicating the extension regarded a given expression as relevant to it, but failed to resolve it.
Clarify ExpressionResolverExtension resolution exception handling to distinguish user problems from server problems and not throw OperationFailedException.
Update ReadAttributeHandler.ResolveAttributeHandler to understand the ExpressionResolverExtension exceptions and to treat their presence as indication that a secure expression was present.
Add manualmode test case analogous to the old CustomVaultInModuleTestCase, but using credential expressions.
https://issues.redhat.com/browse/WFCORE-5709
https://issues.redhat.com/browse/WFCORE-5705