[WFCORE-5740] Add the ability to ignore unavailable realms for a distributed-realm #454
Conversation
|
|
||
| == Requirements | ||
|
|
||
| === Hard Requirements |
There was a problem hiding this comment.
What about (a switch enabling) emitting SecurityRealmUnavailableEvent to the corresponding SecurityDomain, like in case of failover-realm? See https://github.com/wildfly/wildfly-proposals/pull/261/files#diff-91dfd08fb2d5ac316c73e22e73a78b8816d43bc21c0cd707a6ba075fb8a65f9bR64
There was a problem hiding this comment.
Hi @OndrejKotek , thank you for your review. To be honest I'm not sure if adding another attribute isn't a bit out of the issue scope.
There was a problem hiding this comment.
Do you mean the event will be emitted, no option to disable it? Are there some requirements from the user side (as this RFE was brought by users AFAIK)? My suggestion aims to keep consistency with the failover-realm.
There was a problem hiding this comment.
Thanks @OndrejKotek , added.
| === Non-Requirements | ||
|
|
||
| == Test Plan | ||
| Tests will be added to the Elytron testsuite. |
There was a problem hiding this comment.
What about integration tests in WildFly?
| === Testing By | ||
| [ ] Engineering | ||
|
|
||
| [x] QE |
There was a problem hiding this comment.
@lvydra Since you'll be writing tests for the WildFly Elytron / Core / WildFly testsuites, we can select Engineering here.
| === Hard Requirements | ||
|
|
||
| * It should be possible to configure an ```distributed-realm``` with the optional attribute ```ignore-unavailable-realms``` which | ||
| allow users to specify that the search should continue on to the next realm if a realm happens to be unavailable. |
There was a problem hiding this comment.
It would be good to mention that the default value for the ignore-unavailable-realms attribute will be false.
| WildFly integration tests will be added. Tests also will be added to the Elytron testsuite. | ||
|
|
||
| == Community Documentation | ||
|
|
There was a problem hiding this comment.
The Elytron documentation can be found here:
https://docs.wildfly.org/26/WildFly_Elytron_Security.html
The source for the documentation is in the WildFly repo:
https://github.com/wildfly/wildfly/tree/main/docs/src/main/asciidoc/_elytron
In the "Community Documentation" section, we should mention that documentation about the new attribute will be added to an appropriate section of the Elytron docs.
There was a problem hiding this comment.
A "Release Note" content section should also be added. As explained in design-doc-template.adoc, this section just includes a couple sentences that could be used when drafting the release notes for a release that includes this new feature.
| allow users to specify that the search should continue on to the next realm if a realm happens to be unavailable. | ||
|
|
||
| When ```ignore-unavailable-realms``` is set to true and realm happens to be unavailable, SecurityRealmUnavailableEvent will be emitted to the corresponding SecurityDomain. | ||
| This can be turned off by adding `emit-events` attribute and setting it to `false`. |
There was a problem hiding this comment.
Thanks for adding this in! It would be good to clarify here that emit-events is a new, optional attribute that will be added and we should also specify what it defaults to.
|
Thanks for review @fjuma , updated. |
|
|
||
| == Release Note Content | ||
|
|
||
| * New Distributed Realm attribute ```ignore-unavailable-realms```enables user to switch to ignore unavailable realms during search and continue searching in subsequent realms. |
There was a problem hiding this comment.
ignore-unavailable-realmsenables
Missing space
There was a problem hiding this comment.
Thanks @OndrejKotek, updated.
https://issues.redhat.com/browse/EAP7-1862
https://issues.redhat.com/browse/WFCORE-5740
https://issues.redhat.com/browse/ELY-2305