Bug 1092206
Summary: | OperationContextImpl.readResourceForUpdate assumes all resources represent persistent config | ||
---|---|---|---|
Product: | [JBoss] JBoss Enterprise Application Platform 6 | Reporter: | Brian Stansberry <brian.stansberry> |
Component: | Domain Management | Assignee: | Brian Stansberry <brian.stansberry> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Petr Kremensky <pkremens> |
Severity: | unspecified | Docs Contact: | Nichola Moore <nmoore> |
Priority: | unspecified | ||
Version: | 6.2.0 | CC: | emuckenh, kkhan, lthon, smumford |
Target Milestone: | ER4 | ||
Target Release: | EAP 6.3.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
In this previous releases of JBoss EAP 6, the operation execution logic assumed all management resources represented persistent configuration when handling the `readResourceForUpdate` method for an `OperationStepHandler`.
As a result, the `subsystem=transaction/log-store=log-store` resource's 'probe' operation and the `subsystem=transaction/log-store=log-store/transactions=*` resource's 'delete' operation could not be invoked by an admin in the 'Operator' role.
This issue has been corrected in this release.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2014-06-28 15:30:33 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Brian Stansberry
2014-04-29 01:24:57 UTC
Refactored release note text for this as a Known Issue (ER4 fixes will not be picked up in the 6.3.0 Beta release) Original note included here for use at 6.3.0 GA: The operation execution logic assumes all management resources represent persistent configuration when handling the `readResourceForUpdate` method for an `OperationStepHandler`. As a result, the `subsystem=transaction/log-store=log-store` resource's 'probe' operation and the `subsystem=transaction/log-store=log-store/transactions=*` resource's 'delete' operation cannot be invoked by an admin in the 'Operator' role. To fix this, the operation execution logic now checks the Resource or, if necessary, its `ManagementResourceRegistration` to see if it is a runtime-only resource. The operations can be invoked by a user in the Operator role. OK, the code is clearly there in 6.3.0.ER4 so I'm marking this as verified. But invoking /subsystem=transactions/log-store=log-store:probe on 6.3.0.ER3 by a user in the Operator role (RBAC enabled etc.) is by all means possible and results in {"outcome" => "success"} (on a fresh new install in the standalone-full profile), so the doc text is worth a revision. |