Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WFLY-13679] Make legacy security optional for "org.wildfly.iiop-openjdk" #14360

Merged
merged 9 commits into from Jun 17, 2021
Merged

[WFLY-13679] Make legacy security optional for "org.wildfly.iiop-openjdk" #14360

merged 9 commits into from Jun 17, 2021

Conversation

darranl
Copy link
Contributor

@darranl darranl commented Jun 10, 2021
edited

https://issues.redhat.com/browse/WFLY-13679

This also corrects the configuration in WildFly Preview which presently assumes it is using legacy security even though the subsystem is not provisioned.

@darranl darranl added the hold PR should not be merged for some reason. label Jun 10, 2021
@github-actions github-actions bot added the deps-ok Dependencies have been checked, and there are no significant changes label Jun 10, 2021
@darranl darranl marked this pull request as ready for review June 11, 2021 12:19
@darranl
Copy link
Contributor Author

darranl commented Jun 11, 2021

@chengfang / @tadamski Could you please review this PR?

The overall approach is that all configurations that require PicketBox classes have a requirement on the legacy security subsystem being present and we know if that is present PicketBox will be present - other than that we can assume the module dependency is optional.

@darranl darranl removed the hold PR should not be merged for some reason. label Jun 15, 2021
@chengfang
Copy link
Contributor

Looking at failed CI jobs, those errors seem to be real:

org.jboss.as.cli.CommandLineException:
{
"outcome" => "failed",
"failure-description" => "WFLYCTL0367: Cannot remove capability 'org.wildfly.legacy-security' as it is required by other capabilities:
capability 'org.wildfly.iiop' requires it for attribute 'security' at address '/subsystem=iiop-openjdk'",

@darranl
[WFLY-13679] Add an iiop-openjdk layer to make it easier to test in i…
f934f68 
…solation.
@darranl
[WFLY-13679] Make PicketBox optional but bring it back via the featur…
3049288 
…e-group.
@darranl
[WFLY-13679] Split out a legacy iiop-openjdk feature group for legacy…
cac8f64 
… configuration.
@darranl
[WFLY-13679] Ensure a requirement is recorded if legacy security is a…
ab33f71 
…ctivated.

If legacy security is available we know the required org.picketbox
module will be present.

Update the layer and WildFly preview to default to Elytron.
@darranl
[WFLY-13679] Add the iiop-openjdk layer to the documented layers.
7747e6f
@darranl
[WFLY-13679] Add iiop-openjdk to layer testing.
d79e119
@darranl
[WFLY-13679] Update the IIOP subsystem configuration for Elytron test…
0f5bb01 
…ing as legacy security is removed.
@darranl
[WFLY-13679] Update the requiurements for direct :write-attribute calls.
4c1d104
@darranl
[WFLY-13679] Update iiop-openjdk dependency on legacy security in ena…
29faebc 
…ble-microprofile.cli
@darranl
Copy link
Contributor Author

darranl commented Jun 16, 2021

I have just pushed again, hopefully this will address the failure that was appearing.

@darranl
Copy link
Contributor Author

darranl commented Jun 17, 2021

Hi @chengfang / @tadamski CI is now green so I think we are ready to continue.

tadamski
tadamski reviewed Jun 17, 2021
View reviewed changes
Copy link
Contributor

@tadamski tadamski left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM but shouldn't iiop-openjdk (non legacy) feature group be set by default in all the configurations?

@darranl
Copy link
Contributor Author

darranl commented Jun 17, 2021

At this time the intent was just to get to the point PicketBox can be flagged as being optional.

There will be a follow up task later where we change all the default configurations to be Elytron only but we have some other tasks to work through first.

tadamski
tadamski approved these changes Jun 17, 2021
View reviewed changes
Copy link
Contributor

@tadamski tadamski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ahh ok, I'm approving then

@bstansberry bstansberry merged commit 926889a into wildfly:master Jun 17, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tadamski tadamski tadamski approved these changes

Assignees
No one assigned
Labels
deps-ok Dependencies have been checked, and there are no significant changes
Projects
None yet
Milestone
No milestone
4 participants
@darranl @chengfang @tadamski @bstansberry