Created attachment 863347 [details] readOnly_config_update Description of problem: readOnly configuration is editable via CLI Version-Release number of selected component (if applicable): build: 2dd5c24 (as well as jon 3.2) How reproducible: always Steps to Reproduce: 1. Get configuration of a resource with readOnly config properties (e.g. EAP -> transactions -> log-store or RHQ Storage -> Keyspaces -> (rhq, system_outh, etc.) 2. Run the following CLI command: var config = ConfigurationManager.getLiveResourceConfiguration(${log-store-id},true); conf.setSimpleValue("type","def") // which by default is "default" ConfigurationManager.updateResourceConfiguration(15018,conf); Actual results: the following log is visible: ResourceConfigurationUpdate: abstractGroupConfigurationUpdate: configuration: Configuration[id=28247, notes=Resource config for Log Store (Standalone) Resource w/ id 15018] createdTime: 1392398351130 duration: 49 errorMessage: groupConfigurationUpdate: id: 12272 modifiedTime: 1392398351130 resource: Resource[id=15018, uuid=d8f1386b-081d-4c37-bcea-77d37ccce2d6, type={JBossAS7}Log Store (Standalone), key=subsystem=transactions,log-store=log-store, name=log-store] status: In Progress subjectName: rhqadmin Expected results: Message telling resource config is read_only Additional info: In GUI the value from "def" is changed back to "default" , while the history shows it has been changed. Config is not editable on GUI. screen-shot attached
This is working as expected. Read-only is treated like other field validation and is applied only in the GUI ConfigurationEditor. Users with appropriate permissions are allowed to update Configurations directly via the API. master commit f882515fa88b93a553f3c78e6250c4916ae1a585 Author: Jay Shaughnessy <jshaughn> Date: Fri Apr 4 17:07:57 2014 -0400 Update some jdoc to reflect that this is the expected behavior when calling from the CLI. read-only and other validation is applied only via the GUI's ConfigurationEditor.
Armine, given the above, can I move this to modified or closed? or is this really an RFE?
@Alan, could you please answer to Jay's question in comment #2. I expect rhqadmin has the same permissions in GUI and CLI, unless there's an RFE telling "rhqadmin has permissions to update read-only configs via CLI only".
I agree with Armine that this is a bug. If something is read only it shouldn't allow the resource to be updated and/or it shouldn't incorrectly report that the configuration has been updated when it hasn't.
OK, so it's been classified as a bug by QE and PM. Regardless, before I set out to make this change I want to caution people that I think it could have unwanted or unexpected side-effects. I think it's possible that our code, or possibly custom client code, could have assumed it can make any updates to any Configuration. Enforcing readOnly=true for programmatic changes to configuration may make sense, I'm not sure, but although it may catch problems it may also have the potential to cause problems. Waiting for the green light from Heiko...
I think enforcing it makes sense as a savvy user could otherwise just work around the restrictions in the UI and use the CLI here. And even if the plugin would reject it and the change would not be made on the target resource, it is confusing as shown above, where a change shows in history for something that should be read-only.
OK, proceeding.. (11:57:00 AM) jshaughn: pilhuhn: I'm assuming the whole config update would fail, right? (11:58:11 AM) pilhuhn: I think that may be best, as it is atomic. Otherwise the user does not really know which properties were accepted and which not.
master commit 8eff7c11cae1d137b78467101f866c7d3bfca241 Author: Jay Shaughnessy <jshaughn> Date: Wed Apr 9 17:08:45 2014 -0400 Add a new signature to ConfigurationUtility.validateConfiguration that takes both a newConfiguration and currentConfiguration and ensure the new config does not alter any non-empty readOnly property value. Enhance ConfigurationManagerBean.update*Configuration() to perform the new validation. Added some tests and updated the Remote method jdoc.
Moving to ON_QA as available to test with brew build of DR01: https://brewweb.devel.redhat.com//buildinfo?buildID=373993
Verified on Version : 3.3.0.DR01 Build Number : 6468454:dda0a47 ConfigurationManager.updateResourceConfiguration(13254,conf); org.rhq.enterprise.server.rest.BadArgumentException: [Warning] Bad parameter(s) given: Invalid newResourceConfiguration, configuration not updated: [ReadOnly property 'type' has a value [test] different than the current value [default]. It is not allowed to change.] ConfigurationManager.updateResourceConfiguration(13254,conf);