[WFCORE-5740] Add the ability to ignore unavailable realms for a distributed-realm #454
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,68 @@ | ||
| = [WFCORE-5740] Add the ability to ignore unavailable realms for a distributed-realm | ||
| :author: Lukas Vydra | ||
| :email: [email protected] | ||
| :toc: left | ||
| :icons: font | ||
| :idprefix: | ||
| :idseparator: - | ||
|
|
||
| == Overview | ||
| A distributed-realm is made up of a list of realms. Each realm in the list is attempted until we either find the user or run out of realms. | ||
| If a realm happens to be unavailable, we currently stop searching altogether. This is undesirable if the user could have been found in a subsequent realm. | ||
|
|
||
| This enhancmend will add an ignore-unavailable-realms boolean attribute to a distributed-realm to allow users to specify that the search should continue on to the next realm if a realm happens to be unavailable. | ||
|
|
||
| ** Example configuration: | ||
|
|
||
| ``` | ||
| /subsystem=elytron/distributed-realm=distributedRealm:add(realms=[realm1, realm2], ignore-unavailable-realms=true) | ||
| ``` | ||
|
|
||
| == Issue Metadata | ||
|
|
||
| === Issue | ||
| * https://issues.redhat.com/browse/WFCORE-5740[WFCORE-5740] | ||
|
|
||
|
|
||
| === Related Issues | ||
|
|
||
| * https://issues.redhat.com/browse/ELY-2305[ELY-2305] | ||
| * https://issues.redhat.com/browse/EAP7-1862[EAP7-1862] | ||
|
|
||
| === Dev Contacts | ||
|
|
||
| * mailto:{email}[{author}] | ||
|
|
||
| === QE Contacts | ||
| * mailto:{email}[{author}] | ||
|
|
||
| === Testing By | ||
| [ ] Engineering | ||
|
|
||
| [x] QE | ||
|
|
||
| === Affected Projects or Components | ||
| * WildFly, Security, WildFly-Core, Elytron | ||
|
|
||
| === Other Interested Projects | ||
|
|
||
| == Requirements | ||
|
|
||
| === Hard Requirements | ||
|
There was a problem hiding this comment. What about (a switch enabling) emitting There was a problem hiding this comment. Hi @OndrejKotek , thank you for your review. To be honest I'm not sure if adding another attribute isn't a bit out of the issue scope. There was a problem hiding this comment. Do you mean the event will be emitted, no option to disable it? Are there some requirements from the user side (as this RFE was brought by users AFAIK)? My suggestion aims to keep consistency with the There was a problem hiding this comment. Thanks @OndrejKotek , added. |
||
|
|
||
| * It should be possible to configure an ```distributed-realm``` with the optional attribute ```ignore-unavailable-realms``` which | ||
| allow users to specify that the search should continue on to the next realm if a realm happens to be unavailable. | ||
|
There was a problem hiding this comment. It would be good to mention that the default value for the |
||
|
|
||
| When ```ignore-unavailable-realms``` is set to true and realm happens to be unavailable, SecurityRealmUnavailableEvent will be emitted to the corresponding SecurityDomain. | ||
| This can be turned off by adding `emit-events` attribute and setting it to `false`. | ||
|
There was a problem hiding this comment. Thanks for adding this in! It would be good to clarify here that |
||
|
|
||
|
|
||
| === Nice-to-Have Requirements | ||
|
|
||
| === Non-Requirements | ||
|
|
||
| == Test Plan | ||
| WildFly integration tests will be added. Tests also will be added to the Elytron testsuite. | ||
|
|
||
| == Community Documentation | ||
|
|
||
|
There was a problem hiding this comment. The Elytron documentation can be found here: The source for the documentation is in the WildFly repo: In the "Community Documentation" section, we should mention that documentation about the new attribute will be added to an appropriate section of the Elytron docs. There was a problem hiding this comment. A "Release Note" content section should also be added. As explained in design-doc-template.adoc, this section just includes a couple sentences that could be used when drafting the release notes for a release that includes this new feature. |
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@lvydra Since you'll be writing tests for the WildFly Elytron / Core / WildFly testsuites, we can select Engineering here.