From 9f4d2234e715eb2da05ffaeb3e65f7dd5edd5424 Mon Sep 17 00:00:00 2001 From: lvydra <lvydra@redhat.com> Date: Mon, 7 Feb 2022 08:17:29 +0000 Subject: [PATCH 1/5] [WFCORE-5740] Add the ability to ignore unavailable realms for a distributed-realm --- ...ilable-realms-for-a-distributed-realm.adoc | 65 +++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 elytron/WFCORE-5740-ability-to-ignore-unavailable-realms-for-a-distributed-realm.adoc diff --git a/elytron/WFCORE-5740-ability-to-ignore-unavailable-realms-for-a-distributed-realm.adoc b/elytron/WFCORE-5740-ability-to-ignore-unavailable-realms-for-a-distributed-realm.adoc new file mode 100644 index 000000000..e22de6a58 --- /dev/null +++ b/elytron/WFCORE-5740-ability-to-ignore-unavailable-realms-for-a-distributed-realm.adoc @@ -0,0 +1,65 @@ += [WFCORE-5740] Add the ability to ignore unavailable realms for a distributed-realm +:author: Lukas Vydra +:email: lvydra@redhat.com +:toc: left +:icons: font +:idprefix: +:idseparator: - + +== Overview +A distributed-realm is made up of a list of realms. Each realm in the list is attempted until we either find the user or run out of realms. +If a realm happens to be unavailable, we currently stop searching altogether. This is undesirable if the user could have been found in a subsequent realm. + +This enhancmend will add an ignore-unavailable-realms boolean attribute to a distributed-realm to allow users to specify that the search should continue on to the next realm if a realm happens to be unavailable. + +** Example configuration: + +``` + /subsystem=elytron/distributed-realm=distributedRealm:add(realms=[realm1, realm2], ignore-unavailable-realms=true) +``` + +== Issue Metadata + +=== Issue +* https://issues.redhat.com/browse/WFCORE-5740[WFCORE-5740] + + +=== Related Issues + +* https://issues.redhat.com/browse/ELY-2305[ELY-2305] +* https://issues.redhat.com/browse/EAP7-1862[EAP7-1862] + +=== Dev Contacts + +* mailto:{email}[{author}] + +=== QE Contacts +* mailto:{email}[{author}] + +=== Testing By +[ ] Engineering + +[x] QE + +=== Affected Projects or Components +* WildFly, Security, WildFly-Core, Elytron + +=== Other Interested Projects + +== Requirements + +=== Hard Requirements + +* It should be possible to configure an ```distributed-realm``` with the optional attribute ```ignore-unavailable-realms``` which +allow users to specify that the search should continue on to the next realm if a realm happens to be unavailable. + + +=== Nice-to-Have Requirements + +=== Non-Requirements + +== Test Plan +Tests will be added to the Elytron testsuite. + +== Community Documentation + From cae4c99bcafabe080855e4dccd6a359869dd9718 Mon Sep 17 00:00:00 2001 From: lvydra <lvydra@redhat.com> Date: Tue, 8 Feb 2022 11:20:20 +0000 Subject: [PATCH 2/5] [WFCORE-5740] Integration tests --- ...ty-to-ignore-unavailable-realms-for-a-distributed-realm.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/elytron/WFCORE-5740-ability-to-ignore-unavailable-realms-for-a-distributed-realm.adoc b/elytron/WFCORE-5740-ability-to-ignore-unavailable-realms-for-a-distributed-realm.adoc index e22de6a58..841c5a4bc 100644 --- a/elytron/WFCORE-5740-ability-to-ignore-unavailable-realms-for-a-distributed-realm.adoc +++ b/elytron/WFCORE-5740-ability-to-ignore-unavailable-realms-for-a-distributed-realm.adoc @@ -59,7 +59,7 @@ allow users to specify that the search should continue on to the next realm if a === Non-Requirements == Test Plan -Tests will be added to the Elytron testsuite. +WildFly integration tests will be added. Tests also will be added to the Elytron testsuite. == Community Documentation From c300854cc7ce2f9252787f4f61b5030f59b5c0c5 Mon Sep 17 00:00:00 2001 From: lvydra <lvydra@redhat.com> Date: Tue, 8 Feb 2022 14:27:49 +0000 Subject: [PATCH 3/5] [WFCORE-5740] SecurityRealmUnavailableEvent emitting --- ...y-to-ignore-unavailable-realms-for-a-distributed-realm.adoc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/elytron/WFCORE-5740-ability-to-ignore-unavailable-realms-for-a-distributed-realm.adoc b/elytron/WFCORE-5740-ability-to-ignore-unavailable-realms-for-a-distributed-realm.adoc index 841c5a4bc..e36430b76 100644 --- a/elytron/WFCORE-5740-ability-to-ignore-unavailable-realms-for-a-distributed-realm.adoc +++ b/elytron/WFCORE-5740-ability-to-ignore-unavailable-realms-for-a-distributed-realm.adoc @@ -53,6 +53,9 @@ This enhancmend will add an ignore-unavailable-realms boolean attribute to a dis * It should be possible to configure an ```distributed-realm``` with the optional attribute ```ignore-unavailable-realms``` which allow users to specify that the search should continue on to the next realm if a realm happens to be unavailable. +When ```ignore-unavailable-realms``` is set to true and realm happens to be unavailable, SecurityRealmUnavailableEvent will be emitted to the corresponding SecurityDomain. +This can be turned off by adding `emit-events` attribute and setting it to `false`. + === Nice-to-Have Requirements From 88d44e1bad88de528b4ab2948263db21d5464777 Mon Sep 17 00:00:00 2001 From: lvydra <lvydra@redhat.com> Date: Thu, 10 Feb 2022 13:33:55 +0000 Subject: [PATCH 4/5] [WFCORE-5740] Documentation and Release Note Content --- ...re-unavailable-realms-for-a-distributed-realm.adoc | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/elytron/WFCORE-5740-ability-to-ignore-unavailable-realms-for-a-distributed-realm.adoc b/elytron/WFCORE-5740-ability-to-ignore-unavailable-realms-for-a-distributed-realm.adoc index e36430b76..39d9d27b8 100644 --- a/elytron/WFCORE-5740-ability-to-ignore-unavailable-realms-for-a-distributed-realm.adoc +++ b/elytron/WFCORE-5740-ability-to-ignore-unavailable-realms-for-a-distributed-realm.adoc @@ -37,9 +37,9 @@ This enhancmend will add an ignore-unavailable-realms boolean attribute to a dis * mailto:{email}[{author}] === Testing By -[ ] Engineering +[x] Engineering -[x] QE +[ ] QE === Affected Projects or Components * WildFly, Security, WildFly-Core, Elytron @@ -52,9 +52,11 @@ This enhancmend will add an ignore-unavailable-realms boolean attribute to a dis * It should be possible to configure an ```distributed-realm``` with the optional attribute ```ignore-unavailable-realms``` which allow users to specify that the search should continue on to the next realm if a realm happens to be unavailable. +Default value for the ```ignore-unavailable-realms``` attribute will be `false`. When ```ignore-unavailable-realms``` is set to true and realm happens to be unavailable, SecurityRealmUnavailableEvent will be emitted to the corresponding SecurityDomain. This can be turned off by adding `emit-events` attribute and setting it to `false`. +`emit-events` is a new optional attribute with a default value set to `true`. === Nice-to-Have Requirements @@ -66,3 +68,8 @@ WildFly integration tests will be added. Tests also will be added to the Elytron == Community Documentation +Documentation should be added under elytron/components in the WildFly documentation, describing there added ```ignore-unavailable-realms``` attribute. + +== Release Note Content + +* New Distributed Realm attribute ```ignore-unavailable-realms```enables user to switch to ignore unavailable realms during search and continue searching in subsequent realms. \ No newline at end of file From 85a9f9cd9f0fe287bf02f54afc857e037b08d9e6 Mon Sep 17 00:00:00 2001 From: lvydra <lvydra@redhat.com> Date: Thu, 10 Feb 2022 14:27:19 +0000 Subject: [PATCH 5/5] [WFCORE-5740] Fix --- ...ty-to-ignore-unavailable-realms-for-a-distributed-realm.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/elytron/WFCORE-5740-ability-to-ignore-unavailable-realms-for-a-distributed-realm.adoc b/elytron/WFCORE-5740-ability-to-ignore-unavailable-realms-for-a-distributed-realm.adoc index 39d9d27b8..75070045a 100644 --- a/elytron/WFCORE-5740-ability-to-ignore-unavailable-realms-for-a-distributed-realm.adoc +++ b/elytron/WFCORE-5740-ability-to-ignore-unavailable-realms-for-a-distributed-realm.adoc @@ -72,4 +72,4 @@ Documentation should be added under elytron/components in the WildFly documentat == Release Note Content -* New Distributed Realm attribute ```ignore-unavailable-realms```enables user to switch to ignore unavailable realms during search and continue searching in subsequent realms. \ No newline at end of file +* New Distributed Realm attribute ```ignore-unavailable-realms``` enables user to switch to ignore unavailable realms during search and continue searching in subsequent realms. \ No newline at end of file