New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WFCORE-5679] Generate and export operation #5075
base: main
Are you sure you want to change the base?
Conversation
@darranl Just wanted to check with you since you had created WFCORE-5679 - this issue is about introducing new runtime operations for the |
I think lets get all the pieces together for this first and reassess if we want an RFE. IMO this probably could be an enhancement rather than a full feature. We should double check we have sufficient tests and we will also need a PR to WildFly for the community documentation. |
@@ -90,10 +100,53 @@ abstract class AbstractCredentialStoreResourceDefinition extends SimpleResourceD | |||
.setMinSize(1) | |||
.build(); | |||
|
|||
static final SimpleAttributeDefinition SIZE = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.SIZE, ModelType.STRING, true) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should be ModelType.INT
and then setMinSize
should be removed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since all of these attributes are runtime only, I think you can use setStorageRuntime
.
static final SimpleAttributeDefinition KEY = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.KEY, ModelType.STRING, false) | ||
.setMinSize(1) | ||
.build(); | ||
|
||
static final SimpleAttributeDefinition PUBLIC_KEY_STRING = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.PUBLIC_KEY_STRING, ModelType.STRING, true) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This will be a public key provided in PEM format, right? If so, I think we could just use public-key
instead of public-key-string
. I think this is the approach taken elsewhere in the Elytron subsystem.
.setMinSize(1) | ||
.build(); | ||
|
||
static final SimpleAttributeDefinition PRIVATE_KEY_STRING = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.PRIVATE_KEY_STRING, ModelType.STRING, true) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same here.
if (algorithmModel.isDefined()) { | ||
algorithm = algorithmModel.asString(); | ||
} else { | ||
algorithm = RSA_ALGORITHM; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The default value can be defined above using the SimpleAttributeDefinitionBuilder
instead of doing it here.
if (sizeModel.isDefined()) { | ||
size = sizeModel.asInt(); | ||
} else { | ||
size = 0; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same here.
.setMinSize(1) | ||
.build(); | ||
|
||
static final SimpleAttributeDefinition PUBLIC_KEY_LOCATION = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.PUBLIC_KEY_LOCATION, ModelType.STRING, true) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since either PUBLIC_KEY or PUBLIC_KEY_LOCATION should be specified, we should use setAlternatives
to specify this. For some examples, there are other places in the Elytron subsystem where setAlternatives
is used.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Have you checked to verify that an error occurs if neither are specified?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since either PUBLIC_KEY or PUBLIC_KEY_LOCATION should be specified, we should use
setAlternatives
to specify this. For some examples, there are other places in the Elytron subsystem wheresetAlternatives
is used.
I have added setAlternatives
, however, it's not working here how it is supposed to. I'm not sure if I'm not missing something.
ModelNode privateKeyLocation = PRIVATE_KEY_LOCATION.resolveModelAttribute(context, operation); | ||
ModelNode publicKeyLocation = PUBLIC_KEY_LOCATION.resolveModelAttribute(context, operation); | ||
|
||
String passphrase = PASSPHRASE.resolveModelAttribute(context, operation).asString(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like the PASSPHRASE
is optional so it could be null here. Should it be required?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In general, would be good to double check which attributes are required for each operation.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like the
PASSPHRASE
is optional so it could be null here. Should it be required?
Passphrase can be null if none was used to encrypt the key, while it is not recommended. I have added a test case to check it.
|
||
import static org.wildfly.extension.elytron._private.ElytronSubsystemMessages.ROOT_LOGGER; | ||
|
||
public class KeyPairUtil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this need to be public?
public static KeyPair parseKeyPair(String privateKeyContent, String publicKeyContent, ElytronFilePasswordProvider passwordProvider) { | ||
KeyPair keyPair; | ||
try { | ||
keyPair = Pem.parsePemOpenSSHContent(CodePointIterator.ofString(privateKeyContent), passwordProvider).next().tryCast(KeyPair.class); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We might want to consider having a different parameter for specifying OpenSSH format so we don't try to guess the format. As an example, take a look at how this was done here:
@lvydra Thanks for working on this! I've added some comments. Feel free to let me know if you have any questions. |
Hi @fjuma Thanks for the review, I have updated PR and added some comments. |
Core - Full Integration Build 11408 outcome was FAILURE using a merge of 2028ab3 Failed tests
|
hi @lvydra, it looks like errors are related to your changes. Could you take a look? |
Hi @yersan, thanks, I will look at it. |
@@ -221,13 +222,14 @@ public void testExportPublicKey() { | |||
Assert.assertTrue(publicKey.contains("ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ")); | |||
} | |||
|
|||
@Ignore |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@lvydra Feel free to let us know when this is ready for another review. Since this test is currently being ignored, it looks like you're working on fixing the test failures, right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @fjuma, yes, I'm working on fixing test failures. Ignored tests are written to test setAlternatives
behavior, which is currently not working as it's supposed to, so I'm looking for a way how to fix that.
fbc1ca2
to
90e2dcf
Compare
Hi @fjuma, I think that the PR should be ready for another round of review :-) All requests should be addressed, the only persisting problem is |
throw ROOT_LOGGER.credentialAlreadyExists(alias, KeyPairCredential.class.getName()); | ||
} | ||
|
||
ModelNode privateKeyString = PRIVATE_KEY.resolveModelAttribute(context, operation); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For optional attributes like this, you could use String privateKey = PRIVATE_KEY.resolveModelAttribute(context, operation).asStringOrNull()
so you won't need the isDefined()
checks and asString()
calls below.
} | ||
|
||
@Test | ||
public void testExportPublicKey() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would also be good to add a test for the case where the alias doesn't exist.
Thanks for the updates, @lvydra! I've added some comments. |
What is the issue you're running into with |
Hi @fjuma, thanks for the review, I have updated PR. |
There has been no activity on this PR for 45 days. It will be auto-closed after 90 days. |
This PR is still active. @lvydra Looks like there's a conflict that now needs to be resolved. |
Hello, lvydra. I'm waiting for one of the admins to verify this patch with /ok-to-test in a comment. |
Hi @fjuma, thanks, resolved. |
@lvydra Thanks for the updates! Sorry for the delayed response, just catching up after being away for a couple weeks. Just to check, have you already created a PR against WildFly with the corresponding community documentation? |
Hi @fjuma, not yet, I will prepare a documentation update and open PR. |
Hi @fjuma, I have opened documentation PR: wildfly/wildfly#16139 |
There has been no activity on this PR for 45 days. It will be auto-closed after 90 days. |
This PR is still active. |
There has been no activity on this PR for 45 days. It will be auto-closed after 90 days. |
This PR is still active. |
There has been no activity on this PR for 45 days. It will be auto-closed after 90 days. |
There has been no activity on this PR for 90 days and it has been closed automatically. |
There has been no activity on this PR for 45 days. It will be auto-closed after 90 days. |
This PR is still active |
There has been no activity on this PR for 45 days. It will be auto-closed after 90 days. |
There has been no activity on this PR for 90 days and it has been closed automatically. |
There has been no activity on this PR for 45 days. It will be auto-closed after 90 days. |
https://issues.redhat.com/browse/WFCORE-5679