[WFCORE-5679] Generate and export operation #5075
Conversation
github-actions
bot
added
the
deps-ok
|
@darranl Just wanted to check with you since you had created WFCORE-5679 - this issue is about introducing new runtime operations for the |
|
I think lets get all the pieces together for this first and reassess if we want an RFE. IMO this probably could be an enhancement rather than a full feature. We should double check we have sufficient tests and we will also need a PR to WildFly for the community documentation. |
| @@ -90,10 +100,53 @@ abstract class AbstractCredentialStoreResourceDefinition extends SimpleResourceD | |||
| .setMinSize(1) | |||
| .build(); | |||
|
|
|||
| static final SimpleAttributeDefinition SIZE = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.SIZE, ModelType.STRING, true) | |||
There was a problem hiding this comment.
This should be ModelType.INT and then setMinSize should be removed.
There was a problem hiding this comment.
Since all of these attributes are runtime only, I think you can use setStorageRuntime.
| static final SimpleAttributeDefinition KEY = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.KEY, ModelType.STRING, false) | ||
| .setMinSize(1) | ||
| .build(); | ||
|
|
||
| static final SimpleAttributeDefinition PUBLIC_KEY_STRING = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.PUBLIC_KEY_STRING, ModelType.STRING, true) |
There was a problem hiding this comment.
This will be a public key provided in PEM format, right? If so, I think we could just use public-key instead of public-key-string. I think this is the approach taken elsewhere in the Elytron subsystem.
| .setMinSize(1) | ||
| .build(); | ||
|
|
||
| static final SimpleAttributeDefinition PRIVATE_KEY_STRING = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.PRIVATE_KEY_STRING, ModelType.STRING, true) |
| if (algorithmModel.isDefined()) { | ||
| algorithm = algorithmModel.asString(); | ||
| } else { | ||
| algorithm = RSA_ALGORITHM; |
There was a problem hiding this comment.
The default value can be defined above using the SimpleAttributeDefinitionBuilder instead of doing it here.
| if (sizeModel.isDefined()) { | ||
| size = sizeModel.asInt(); | ||
| } else { | ||
| size = 0; |
| .setMinSize(1) | ||
| .build(); | ||
|
|
||
| static final SimpleAttributeDefinition PUBLIC_KEY_LOCATION = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.PUBLIC_KEY_LOCATION, ModelType.STRING, true) |
There was a problem hiding this comment.
Since either PUBLIC_KEY or PUBLIC_KEY_LOCATION should be specified, we should use setAlternatives to specify this. For some examples, there are other places in the Elytron subsystem where setAlternatives is used.
There was a problem hiding this comment.
Have you checked to verify that an error occurs if neither are specified?
There was a problem hiding this comment.
Since either PUBLIC_KEY or PUBLIC_KEY_LOCATION should be specified, we should use
setAlternativesto specify this. For some examples, there are other places in the Elytron subsystem wheresetAlternativesis used.
I have added setAlternatives, however, it's not working here how it is supposed to. I'm not sure if I'm not missing something.
| ModelNode privateKeyLocation = PRIVATE_KEY_LOCATION.resolveModelAttribute(context, operation); | ||
| ModelNode publicKeyLocation = PUBLIC_KEY_LOCATION.resolveModelAttribute(context, operation); | ||
|
|
||
| String passphrase = PASSPHRASE.resolveModelAttribute(context, operation).asString(); |
There was a problem hiding this comment.
Looks like the PASSPHRASE is optional so it could be null here. Should it be required?
There was a problem hiding this comment.
In general, would be good to double check which attributes are required for each operation.
There was a problem hiding this comment.
Looks like the
PASSPHRASEis optional so it could be null here. Should it be required?
Passphrase can be null if none was used to encrypt the key, while it is not recommended. I have added a test case to check it.
|
|
||
| import static org.wildfly.extension.elytron._private.ElytronSubsystemMessages.ROOT_LOGGER; | ||
|
|
||
| public class KeyPairUtil { |
There was a problem hiding this comment.
Does this need to be public?
| public static KeyPair parseKeyPair(String privateKeyContent, String publicKeyContent, ElytronFilePasswordProvider passwordProvider) { | ||
| KeyPair keyPair; | ||
| try { | ||
| keyPair = Pem.parsePemOpenSSHContent(CodePointIterator.ofString(privateKeyContent), passwordProvider).next().tryCast(KeyPair.class); |
There was a problem hiding this comment.
We might want to consider having a different parameter for specifying OpenSSH format so we don't try to guess the format. As an example, take a look at how this was done here:
|
@lvydra Thanks for working on this! I've added some comments. Feel free to let me know if you have any questions. |
|
Hi @fjuma Thanks for the review, I have updated PR and added some comments. |
|
Core - Full Integration Build 11408 outcome was FAILURE using a merge of 2028ab3 Failed tests |
|
hi @lvydra, it looks like errors are related to your changes. Could you take a look? |
yersan
added
Feature
|
Hi @yersan, thanks, I will look at it. |
| @@ -221,13 +222,14 @@ public void testExportPublicKey() { | |||
| Assert.assertTrue(publicKey.contains("ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ")); | |||
| } | |||
|
|
|||
| @Ignore | |||
There was a problem hiding this comment.
@lvydra Feel free to let us know when this is ready for another review. Since this test is currently being ignored, it looks like you're working on fixing the test failures, right?
There was a problem hiding this comment.
Hi @fjuma, yes, I'm working on fixing test failures. Ignored tests are written to test setAlternatives behavior, which is currently not working as it's supposed to, so I'm looking for a way how to fix that.
lvydra
force-pushed
the
WFCORE-5679
branch
2 times, most recently
from
fbc1ca2
to
90e2dcf
Compare
|
Hi @fjuma, I think that the PR should be ready for another round of review :-) All requests should be addressed, the only persisting problem is |
| throw ROOT_LOGGER.credentialAlreadyExists(alias, KeyPairCredential.class.getName()); | ||
| } | ||
|
|
||
| ModelNode privateKeyString = PRIVATE_KEY.resolveModelAttribute(context, operation); |
There was a problem hiding this comment.
For optional attributes like this, you could use String privateKey = PRIVATE_KEY.resolveModelAttribute(context, operation).asStringOrNull() so you won't need the isDefined() checks and asString() calls below.
| } | ||
|
|
||
| @Test | ||
| public void testExportPublicKey() { |
There was a problem hiding this comment.
Would also be good to add a test for the case where the alias doesn't exist.
|
Thanks for the updates, @lvydra! I've added some comments. |
|
What is the issue you're running into with |
|
Hi @fjuma, thanks for the review, I have updated PR. |
|
There has been no activity on this PR for 45 days. It will be auto-closed after 90 days. |
|
This PR is still active. @lvydra Looks like there's a conflict that now needs to be resolved. |
|
Hello, lvydra. I'm waiting for one of the admins to verify this patch with /ok-to-test in a comment. |
|
Hi @fjuma, thanks, resolved. |
|
@lvydra Thanks for the updates! Sorry for the delayed response, just catching up after being away for a couple weeks. Just to check, have you already created a PR against WildFly with the corresponding community documentation? |
|
Hi @fjuma, not yet, I will prepare a documentation update and open PR. |
|
Hi @fjuma, I have opened documentation PR: wildfly/wildfly#16139 |
|
There has been no activity on this PR for 45 days. It will be auto-closed after 90 days. |
|
This PR is still active. |
|
There has been no activity on this PR for 45 days. It will be auto-closed after 90 days. |
|
This PR is still active. |
|
There has been no activity on this PR for 45 days. It will be auto-closed after 90 days. |
|
There has been no activity on this PR for 90 days and it has been closed automatically. |
|
There has been no activity on this PR for 45 days. It will be auto-closed after 90 days. |
|
This PR is still active |
|
There has been no activity on this PR for 45 days. It will be auto-closed after 90 days. |
|
There has been no activity on this PR for 90 days and it has been closed automatically. |
|
There has been no activity on this PR for 45 days. It will be auto-closed after 90 days. |
https://issues.redhat.com/browse/WFCORE-5679