3 Replies Latest reply on Apr 24, 2012 12:57 AM by Arun Neelicattu

    Using the CLI to add Complex Types with boundless elements - (eg: vault-options)

    Arun Neelicattu Newbie

      I am trying to add to the host.xml config using the CLI:

      <vault>
          <vault-option name="KEYSTORE_URL" value="${jboss.domain.config.dir}/vault/vault.keys"/>
          <vault-option name="KEYSTORE_PASSWORD" value="MASK-3m3R2kvwf54"/>
          <vault-option name="KEYSTORE_ALIAS" value="https"/>
          <vault-option name="SALT" value="12345678"/>
          <vault-option name="ITERATION_COUNT" value="44"/>
          <vault-option name="ENC_FILE_DIR" value="${jboss.domain.config.dir}/vault/"/>
      </vault>
      

       

      Manually adding it provides the following DMR:

      [domain@localhost:9999 core-service] ./vault:read-resource(recursive=true)
      {
          "outcome" => "success",
          "result" => {
              "code" => undefined,
              "vault-options" => {
                  "KEYSTORE_URL" => "${jboss.domain.config.dir}/vault/vault.keys",
                  "KEYSTORE_PASSWORD" => "MASK-3m3R2kvwf54",
                  "KEYSTORE_ALIAS" => "https",
                  "SALT" => "12345678",
                  "ITERATION_COUNT" => "44",
                  "ENC_FILE_DIR" => "${jboss.domain.config.dir}/vault/"
              }
          }
      }
      

       

      How do I go about adding this block using the CLI?

       

      What I have tried so far:


      Using vault-options: CLI complains that it is not a supported property.

      [domain@localhost:9999 core-service] echo-dmr ./vault:add(vault-options={"KEYSTORE_URL"=>"${jboss.domain.config.dir}/vault/vault.keys","KEYSTORE_PASSWORD" => "MASK-3m3R2kvwf54","KEYSTORE_ALIAS" => "https","SALT" => "12345678","ITERATION_COUNT" => "44","ENC_FILE_DIR" => "${jboss.domain.config.dir}/vault/"})
      {
          "address" => [
              ("host" => "master"),
              ("core-service" => "vault")
          ],
          "operation" => "add",
          "vault-options" => {
              "KEYSTORE_URL" => "${jboss.domain.config.dir}/vault/vault.keys",
              "KEYSTORE_PASSWORD" => "MASK-3m3R2kvwf54",
              "KEYSTORE_ALIAS" => "https",
              "SALT" => "12345678",
              "ITERATION_COUNT" => "44",
              "ENC_FILE_DIR" => "${jboss.domain.config.dir}/vault/"
          }
      }
      
      [domain@localhost:9999 core-service] ./vault:add(vault-options={"KEYSTORE_URL"=>"${jboss.domain.config.dir}/vault/vault.keys","KEYSTORE_PASSWORD" => "MASK-3m3R2kvwf54","KEYSTORE_ALIAS" => "https","SALT" => "12345678","ITERATION_COUNT" => "44","ENC_FILE_DIR" => "${jboss.domain.config.dir}/vault/"})
      'vault-options' is not found among the supported properties: [code, vault-option]
      
      

       

      Naive approach: Used multiple 'vault-option', but this just meant that all the properties got over-written to the same location.

      [domain@localhost:9999 core-service] echo-dmr ./vault:add(vault-option={"KEYSTORE_URL"=>"${jboss.domain.config.dir}/vault/vault.keys"},vault-option={"KEYSTORE_PASSWORD" => "MASK-3m3R2kvwf54"},vault-option={"KEYSTORE_ALIAS" => "https"},vault-option={"SALT" => "12345678"},vault-option={"ITERATION_COUNT" => "44"},vault-option={"ENC_FILE_DIR" => "${jboss.domain.config.dir}/vault/"})
      {
          "address" => [
              ("host" => "master"),
              ("core-service" => "vault")
          ],
          "operation" => "add",
          "vault-option" => {"ENC_FILE_DIR" => "${jboss.domain.config.dir}/vault/"}
      }
      
        • 1. Re: Using the CLI to add Complex Types with boundless elements - (eg: vault-options)
          Alexey Loubyansky Master

          Yes, it is in fact a bug. But not in the CLI. Let's see what the operation expects according to its definition (management description)

           

          {code}

          [domain@localhost:9999 /] read-operation --node=host=master/core-service=vault add

           

              Add the Security Vault.

           

           

          PARAMETERS

           

          code

           

              Fully Qualified Name of the Security Vault Implementation.

           

              type:     STRING

              required: false 

           

          vault-option

           

              Security Vault option.

           

              type:     OBJECT

              required: false 

           

           

          RESPONSE

           

              n/a{code}

           

          In the actual code, though, the handler is looking for vault-options (plural) which causes the operation validation failure in CLI. If you are using the current AS7 master clone, you can turn off the operation validation in the bin/jboss-cli.xml

           

          {code}

          <jboss-cli xmlns="urn:jboss:cli:1.1">

           

              <!-- The default controller to connect to when 'connect' command is executed w/o arguments -->

              <default-controller>

                  <host>localhost</host>

                  <port>9999</port>

              </default-controller>

           

              <validate-operation-requests>false</validate-operation-requests>

          ...

          {code}

          If not, bad luck

           

          If I execute it now, I get

           

          {code}

          [domain@localhost:9999 /] /host=master/core-service=vault:add(vault-options={"KEYSTORE_URL"=>"${jboss.domain.config.dir}/vault/vault.keys","KEYSTORE_PASSWORD" => "MASK-3m3R2kvwf54","KEYSTORE_ALIAS" => "https","SALT" => "12345678","ITERATION_COUNT" => "44","ENC_FILE_DIR" => "${jboss.domain.config.dir}/vault/"})

          {

              "outcome" => "failed",

              "failure-description" => {"host-failure-descriptions" => [("master" => "JBAS014749: Operation handler failed: JBAS015804: Error initializing vault --  org.jboss.as.server.services.security.VaultReaderException: org.jboss.security.vault.SecurityVaultException: org.jboss.security.vault.SecurityVaultException: PB00019: Processing Failed:/home/olubyans/git/jboss-as/build/target/jboss-as-7.1.2.Final-SNAPSHOT/domain/configuration/vault/ does not exist")]},

              "rolled-back" => true

          }{code}

           

          but that's another issue... and I guess, you have the vault dir there.