Bug 1286677

Summary: EAP CLI resolve-parameter-values set to true does not recognise vaulted strings
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: Tom Fonteyne <tfonteyn>
Component: CLIAssignee: Lin Gao <lgao>
Status: CLOSED WONTFIX QA Contact: Petr Kremensky <pkremens>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.4.4CC: bbaranow, bmaxwell, brian.stansberry, cdewolf, jboss-set, lgao
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-01-11 09:37:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Tom Fonteyne 2015-11-30 13:32:50 UTC 
When enabling

<resolve-parameter-values>true</resolve-parameter-values> 

in "bin\jboss-cli.xml"

vaulted string will get misinterpreted.

Example, if a command has "${VAULT::tom::tom::1}" then
the parser sees this as  ${name:defaultValue}  with

  name="VAULT"
  defaultValue=":tom::tom::1"

Escaping the $ sign in various ways did not help. The only way is to switch <resolve-parameter-values> back to false.

Ideally, the parser should recognise vaulted string and pass then in unchanged.

It could be argued that this is an RFE instead of a bug. Please let me know if you think so.
Comment 2 JBoss JIRA Server 2016-01-07 03:22:35 UTC 
Lin Gao <lgao> updated the status of jira WFCORE-1274 to Coding In Progress
Comment 6 JBoss JIRA Server 2016-01-11 05:31:59 UTC 
Lin Gao <lgao> updated the status of jira WFCORE-1274 to Closed
Comment 7 Lin Gao 2016-01-11 06:00:45 UTC 
The preceding '$' to escape the expression in CLI was added as a feature when implementing: https://issues.jboss.org/browse/WFCORE-453, PR: https://github.com/wildfly/wildfly-core/pull/413, which introduced many changes beyond the '$' escape function.

And there is a workaround for this by adding a system property:

JAVA_OPTS="$JAVA_OPTS -Dvault.string=$\{VAULT::text::password::1\}"

in jboss-cli.sh, then specify the VAULT string:

/core-service=management/ldap-connection=ldap_connection:add(search-credential="${vault.string}", url="ldaps://myurl:636", search-dn="my=search-dn")

So I propose to nack it for EAP 6.4.x