Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WFCORE-5691][Preview] Allow setting timeout for token introspection #6033

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

[WFCORE-5691][Preview] Allow setting timeout for token introspection #6033

wants to merge 2 commits into from

Conversation

lvydra
Copy link
Contributor

@lvydra lvydra commented Jun 11, 2024

@github-actions github-actions bot added the deps-ok Dependencies have been checked, and there are no significant changes label Jun 11, 2024
@yersan yersan added Feature This PR adds a new feature to WildFly missing-reqs This PR is missing external requirements before it can be merged labels Jun 12, 2024
@yersan yersan requested a review from fjuma June 18, 2024 09:44
@yersan
Copy link
Collaborator

yersan commented Jun 18, 2024

Not sure if this would be a necessary fix that would prevent merging this, but in general model and schema bumps go in an independent commit, and on top of that one, any system change. This is up to the Elytron component leads. CC @fjuma

@yersan yersan removed Feature This PR adds a new feature to WildFly missing-reqs This PR is missing external requirements before it can be merged labels Jun 18, 2024
@yersan
Copy link
Collaborator

yersan commented Jun 18, 2024

@lvydra There is nothing written, but for nondefault stability level, we generally append the stability level at the PR title, e.g "[WFCORE-XYZ][Community] ...."

@yersan
Copy link
Collaborator

yersan commented Jun 18, 2024

This is likely to conflict with #5999

@lvydra lvydra changed the title [WFCORE-5691] Allow setting timeout for token introspection [WFCORE-5691][Community] Allow setting timeout for token introspection Jun 18, 2024
@fjuma
Copy link
Contributor

fjuma commented Jun 18, 2024
edited
Loading

Not sure if this would be a necessary fix that would prevent merging this, but in general model and schema bumps go in an independent commit, and on top of that one, any system change. This is up to the Elytron component leads. CC @fjuma

Yes, model and schema bumps should be part of a separate commit and should also have a separate WFCORE issue associated with it. Please coordinate with @PrarthonaPaul since both of you will need this.

@darranl darranl added Feature This PR adds a new feature to WildFly missing-reqs This PR is missing external requirements before it can be merged labels Jun 26, 2024
pferraro
pferraro requested changes Jun 29, 2024
View reviewed changes
elytron/src/main/java/org/wildfly/extension/elytron/ElytronSubsystemSchema.java Outdated
@@ -54,8 +54,9 @@ public enum ElytronSubsystemSchema implements PersistentSubsystemSchema<ElytronS
VERSION_17_0(17),
VERSION_18_0(18),
VERSION_18_0_COMMUNITY(18, Stability.COMMUNITY),
VERSION_19_0_PREVIEW(19, Stability.PREVIEW),
Copy link
Contributor

@pferraro pferraro Jun 29, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is no reason to increment the numeric version.
The new schema version would just be 18.0:preview.

elytron/src/main/java/org/wildfly/extension/elytron/RealmParser.java Outdated
Comment on lines 278 to 293
final PersistentResourceXMLDescription realmParserPreview_19_0 = decorator(ElytronDescriptionConstants.SECURITY_REALMS)
.addChild(aggregateRealmParser_8_0)
.addChild(customRealmParser)
.addChild(customModifiableRealmParser)
.addChild(identityRealmParser)
.addChild(jdbcRealmParser_14_0)
.addChild(keyStoreRealmParser)
.addChild(propertiesRealmParser_14_0)
.addChild(ldapRealmParser)
.addChild(filesystemRealmParser_16)
.addChild(tokenRealmParserPreview_19_0)
.addChild(cachingRealmParser)
.addChild(distributedRealmParser_18)
.addChild(failoverRealmParser)
.addChild(jaasRealmParser)
.build();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not a sustainable way to manage version-specific parsing logic. Why not add children conditionally based on schema version?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the established pattern within the Elytron subsystem and is the correct way to handle this in this pull request.

elytron/src/main/java/org/wildfly/extension/elytron/TokenRealmDefinition.java Outdated
Comment on lines 152 to 166
static final SimpleAttributeDefinition CONNECTION_TIMEOUT = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.CONNECTION_TIMEOUT, ModelType.INT, true)
.setAllowExpression(true)
.setValidator(new IntRangeValidator(0))
.setRestartAllServices()
.build();

static final SimpleAttributeDefinition READ_TIMEOUT = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.READ_TIMEOUT, ModelType.INT, true)
.setAllowExpression(true)
.setValidator(new IntRangeValidator(0))
.setRestartAllServices()
.build();

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are these attributes only meant to be registered when the server supports PREVIEW features? If so, you'll want to specify this.
e.g.

.setStability(Stability.PREVIEW)

elytron/src/main/java/org/wildfly/extension/elytron/TokenRealmDefinition.java Outdated
Comment on lines 214 to 229
static final SimpleAttributeDefinition CONNECTION_TIMEOUT = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.CONNECTION_TIMEOUT, ModelType.INT, true)
.setAllowExpression(true)
.setValidator(new IntRangeValidator(0))
.setRestartAllServices()
.build();

static final SimpleAttributeDefinition READ_TIMEOUT = new SimpleAttributeDefinitionBuilder(ElytronDescriptionConstants.READ_TIMEOUT, ModelType.INT, true)
.setAllowExpression(true)
.setValidator(new IntRangeValidator(0))
.setRestartAllServices()
.build();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as above.

...c/test/java/org/wildfly/extension/elytron/ElytronMixedStabilitySubsystemParsingTestCase.java Outdated
Comment on lines 49 to 57
private String readResource(String name) throws IOException {
String namespaceUri = ElytronSubsystemSchema.CURRENT.get(Stability.DEFAULT).getNamespace().getUri();
String version = namespaceUri.substring(namespaceUri.lastIndexOf(':') + 1);
if (!name.contains(version + ".xml")) {
return ModelTestUtils.readResource(getClass(), name.replace("elytron", "legacy-elytron-subsystem"));
} else {
String previewNamespaceUri = ElytronSubsystemSchema.CURRENT.get(Stability.PREVIEW).getNamespace().getUri();
String previewVersion = previewNamespaceUri.substring(previewNamespaceUri.lastIndexOf(':') + 1);
if (name.contains(version + ".xml") || name.contains(previewVersion + ".xml")) {
return ModelTestUtils.readResource(getClass(), name.replace("elytron", "elytron-subsystem"));
} else {
return ModelTestUtils.readResource(getClass(), name.replace("elytron", "legacy-elytron-subsystem"));
}
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't understand the purpose of mockReadResourceWithValidSubsystemTestFilePaths(). If the goal is simply to override the default file names of the subsystem test files, would it not be far simpler to just override the method used to generate them?
e.g.

@Override
protected String getSubsystemXmlPathPattern() {
    // Same as super impl, but with "-subsystem-" thrown in
    String pattern = (this.schema.getStability() == Stability.DEFAULT) ? "%1$s-subsystem-%2$d.%3$d.xml" : "%1$s-subsystem-%4$s-%2$d.%3$d.xml";
    // If not a current schema, prefix with "legacy-"
    return !ElytronSubsystemSchema.CURRENT.values().contains(this.schema) ? "legacy-" + pattern : pattern;
}

@PrarthonaPaul
Copy link

PrarthonaPaul commented Jul 3, 2024
edited
Loading

Not sure if this would be a necessary fix that would prevent merging this, but in general model and schema bumps go in an independent commit, and on top of that one, any system change. This is up to the Elytron component leads. CC @fjuma

Yes, model and schema bumps should be part of a separate commit and should also have a separate WFCORE issue associated with it. Please coordinate with @PrarthonaPaul since both of you will need this.

Here is the commit for the subsystem bump for elytron from community:18.0 to preview:18.0 : 5365664

@lvydra You can cherry-pick that to your PR and add your RFE changes on top.

@darranl
Copy link
Contributor

darranl commented Jul 10, 2024

Just one small change on the comment from @PrarthonaPaul - @lvydra please rebase your changes on top of that commit so you both preserve the same SHA - where we use a common commit we are trying to ensure it happens only once.

@darranl
Copy link
Contributor

darranl commented Jul 10, 2024

Also the Jira issue and this PR seem to be referencing the Community stability level but the code seems to be targeting Preview.

I would suggest we continue with Preview as we can then promote to Community or Default in a later step.

@lvydra
Copy link
Contributor Author

lvydra commented Jul 15, 2024

Thanks @PrarthonaPaul, I have rebased my changes on top of your subsystem bump commit.

@lvydra lvydra changed the title [WFCORE-5691][Community] Allow setting timeout for token introspection [WFCORE-5691][Preview] Allow setting timeout for token introspection Jul 15, 2024
@lvydra lvydra requested a review from pferraro July 15, 2024 08:44
@github-actions GitHub Actions
Copy link

There has been no activity on this PR for 45 days. It will be auto-closed after 90 days.

@github-actions github-actions bot added the Stale label Aug 30, 2024
@bstansberry
Copy link
Contributor

/retest

@wildfly-ci
Copy link

Core -> Full Integration Build 13903 outcome was FAILURE using a merge of d07f14e
Summary: Tests failed: 1 (1 new), passed: 3989, ignored: 59 Build time: 02:22:31

Failed tests

org.jboss.as.test.clustering.cluster.ejb.timer.DistributedTimerServiceTestCase.test: java.lang.AssertionError: class org.jboss.as.test.clustering.cluster.ejb.timer.beans.AutoPersistentTimerBean={node-1=[]}. Actual: 0
	at org.jboss.as.test.clustering.cluster.ejb.timer.AbstractTimerServiceTestCase.test(AbstractTimerServiceTestCase.java:305)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at jdk.internal.reflect.GeneratedMethodAccessor27.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at jdk.internal.reflect.GeneratedMethodAccessor26.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at jdk.internal.reflect.GeneratedMethodAccessor25.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at jdk.internal.reflect.GeneratedMethodAccessor5.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at jdk.internal.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at jdk.internal.reflect.GeneratedMethodAccessor3.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at jdk.internal.reflect.GeneratedMethodAccessor15.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at jdk.internal.reflect.GeneratedMethodAccessor14.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at jdk.internal.reflect.GeneratedMethodAccessor5.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at jdk.internal.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at jdk.internal.reflect.GeneratedMethodAccessor3.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
------- Stdout: -------
node-2 2024-09-17 17:34:09,394 INFO  [org.jboss.modules] (main) JBoss Modules version 2.1.5.Final
node-2 2024-09-17 17:34:09,883 INFO  [org.jboss.msc] (main) JBoss MSC version 1.5.5.Final
node-2 2024-09-17 17:34:09,892 INFO  [org.jboss.threads] (main) JBoss Threads version 2.4.0.Final
node-2 2024-09-17 17:34:10,000 INFO  [org.jboss.as] (MSC service thread 1-3) WFLYSRV0049: WildFly 34.0.0.Beta1-SNAPSHOT (WildFly Core 26.0.0.Beta5-SNAPSHOT) starting
node-2 2024-09-17 17:34:11,262 INFO  [org.wildfly.security] (Controller Boot Thread) ELY00001: WildFly Elytron version 2.5.2.Final
node-2 2024-09-17 17:34:12,138 INFO  [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0039: Creating http management service using socket-binding (management-http)
node-2 2024-09-17 17:34:12,163 INFO  [org.xnio] (MSC service thread 1-6) XNIO version 3.8.16.Final
node-2 2024-09-17 17:34:12,172 INFO  [org.xnio.nio] (MSC service thread 1-6) XNIO NIO Implementation Version 3.8.16.Final
node-2 2024-09-17 17:34:12,210 WARN  [org.jboss.as.txn] (ServerService Thread Pool -- 53) WFLYTX0013: The node-identifier attribute on the /subsystem=transactions is set to the default value. This is a danger for environments running multiple servers. Please make sure the attribute value is unique.
node-2 2024-09-17 17:34:12,275 INFO  [org.jboss.as.connector.subsystems.datasources] (ServerService Thread Pool -- 32) WFLYJCA0004: Deploying JDBC-compliant driver class org.h2.Driver (version 2.2)
node-2 2024-09-17 17:34:12,298 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 40) WFLYCLINF0001: Activating Infinispan subsystem.
node-2 2024-09-17 17:34:12,307 INFO  [org.jboss.as.jaxrs] (ServerService Thread Pool -- 42) WFLYRS0016: RESTEasy version 6.2.10.Final
node-2 2024-09-17 17:34:12,314 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-2) WFLYUT0003: Undertow 2.3.17.Final starting
node-2 2024-09-17 17:34:12,347 INFO  [org.jboss.remoting] (MSC service thread 1-1) JBoss Remoting version 5.0.29.Final
node-2 2024-09-17 17:34:12,432 INFO  [org.jboss.as.naming] (ServerService Thread Pool -- 48) WFLYNAM0001: Activating Naming Subsystem
node-2 2024-09-17 17:34:12,435 INFO  [org.wildfly.extension.io] (ServerService Thread Pool -- 41) WFLYIO001: Worker 'default' has auto-configured to 8 IO threads with 64 max task threads based on your 4 available processors
node-2 2024-09-17 17:34:12,483 INFO  [org.jboss.as.naming] (MSC service thread 1-4) WFLYNAM0003: Starting Naming Service
node-2 2024-09-17 17:34:12,462 INFO  [org.jboss.as.connector] (MSC service thread 1-3) WFLYJCA0009: Starting Jakarta Connectors Subsystem (WildFly/IronJacamar 3.0.10.Final)
node-2 2024-09-17 17:34:12,457 INFO  [org.jboss.as.connector.deployers.jdbc] (MSC service thread 1-2) WFLYJCA0018: Started Driver service with driver-name = h2
node-2 2024-09-17 17:34:12,526 INFO  [org.jboss.as.clustering.jgroups] (ServerService Thread Pool -- 44) WFLYCLJG0001: Activating JGroups subsystem. JGroups version 5.2.27
node-2 2024-09-17 17:34:12,708 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-7) WFLYUT0012: Started server default-server.
node-2 2024-09-17 17:34:12,720 WARN  [org.wildfly.extension.elytron] (MSC service thread 1-2) WFLYELY00023: KeyStore file '/opt/buildAgent/work/e8e0dd9c7c4ba60/full/testsuite/integration/clustering/target/wildfly-clustering-ejb-2/standalone/configuration/application.keystore' does not exist. Used blank.
node-2 2024-09-17 17:34:12,743 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-6) Queuing requests.

@bstansberry
Copy link
Contributor

@pferraro Does this look ok now?

@github-actions github-actions bot removed the Stale label Sep 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@darranl darranl darranl left review comments

@fjuma fjuma Awaiting requested review from fjuma

@pferraro pferraro Awaiting requested review from pferraro

Assignees
No one assigned
Labels
deps-ok Dependencies have been checked, and there are no significant changes Feature This PR adds a new feature to WildFly missing-reqs This PR is missing external requirements before it can be merged
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@lvydra @yersan @fjuma @PrarthonaPaul @darranl @bstansberry @wildfly-ci @pferraro