search

wildfly / galleon

Galleon Provisioning Tool
https://docs.wildfly.org/galleon/
Apache License 2.0
27 stars 30 forks source link

Unwanted value expansion in wildfly-ee-galleon-pack for a value attribute. #317

Closed BobVanB closed 1 year ago

BobVanB commented 1 year ago

Configuration

File: my-featurepack/src/main/resources/layers/standalone/my-layer/layer-spec.xml

<feature spec="subsystem.elytron.dir-context">
  <param name="dir-context" value="myname"/>
  <param name="url" value="${env.LDAP_URL}"/>
  <param name="principal" value="uid=user,cn=users,ou=something,o=my,c=com"/>
</feature>

Result

<param name="principal" value="uid=user,cn=users,ou=something,o=my,c=com"/>

The type of the value attribute is determined by = and , in the value.

{
  "operation" => "add",
  "address" => [...],
  "principal" => {
    "uid" => "user",
    "cn" => "users",
    "ou" => "something",
    "o" => "my",
    "c" => "com"
  }, ...
}

This exception is thrown:

WFLYCTL0097: Wrong type for 'principal'. Expected [EXPRESSION, STRING] but was OBJECT"

Expected result

{
  "operation" => "add",
  "address" => [...],
  "principal" => "uid=user,cn=users,ou=something,o=my,c=com",
  ...
}

Possible solution:

Add a type="String" to the principal value in the wildfly-ee-galleon-pack for the param?

<feature-spec xmlns="urn:jboss:galleon:feature-spec:1.0" name="subsystem.elytron.dir-context">
  <params>
    <param name="principal" nillable="true" type="String"/>
  </params>
</feature-spec>

Also it would be nice to have some documentation about the translation of these values to there respectable wildfly operations. I just hit a new type and problem that does not work for me.

<param name="attribute-mapping" nillable="true" type="List&lt;String&gt;"/>
attribute-mapping:
- filter-base-dn: "{{ wildfly_ldap_authorization_group_base_dn }}"
  filter: "(member={1})"
  from: cn
  to: Roles

I suspect wrapping a string in [...] and than use the = and the , to make it into objects.:

<param name="attribute-mapping" value="[filter-base-dn=${env.LDAP_AUTHROIZATION_GROUP_BASE_DN},filter=(member={1}),from=cn,to=Roles]"/>

Possible workarounds:

The = is easy to prevent, just escape it \=, then it becomes a list. For the , there is no good solution, the only way that i could think of is adding a default to an environment variable expression.

<param name="principal" value="${env.LDAP_PRINCIPAL:uid=user,cn=users,ou=something,o=my,c=com}"/>

Turns out i can use &quot; in the variable to ensure it is a string.

<param name="principal" value="&quot;uid=user,cn=users,ou=something,o=my,c=com&quot;"/>
jfdenise commented 1 year ago

Hi, you can quote the parameter value: <param name="principal" value=""uid=user,cn=users,ou=something,o=my,c=com""/> This will fix your problem. Regards. JF

On 12/15/22 10:42 AM, Bob van Bokkem wrote:

Configuration

File: my-featurepack/src/main/resources/layers/standalone/my-layer/layer-spec.xml

Result

The type of the |value| attribute is determined by |=| and |,| in the value.

  • If there is a |,| in the value, it becomes a list.
  • If there is a |=| in the value, it becomes a dictionary.

{ "operation" => "add", "address" => [...], "principal" => { "uid" => "user", "cn" => "users", "ou" => "something", "o" => "my", "c" => "com" }, ... }

This exception is thrown:

|WFLYCTL0097: Wrong type for 'principal'. Expected [EXPRESSION, STRING] but was OBJECT" |

Expected result

{ "operation" => "add", "address" => [...], "principal" => "uid=user,cn=users,ou=something,o=my,c=com" }, ... }

Possible solution:

Add a |type="String" to the principal value in the |wildfly-ee-galleon-pack` for the param?

Possible workarounds:

The |=| is easy to prevate, just escape it |\=|, then it becomes a list. For the |,| there is no good solution, the only way that i could think of is adding a default to an environment variable expression.

— Reply to this email directly, view it on GitHub https://github.com/wildfly/galleon/issues/317, or unsubscribe https://github.com/notifications/unsubscribe-auth/AA7KECZEOENK3L3NQQZGCZLWNLRY5ANCNFSM6AAAAAAS7QJ72M. You are receiving this because you are subscribed to this thread.Message ID: @.***>

jfdenise commented 1 year ago

Closing the issue as we have an answer.