Runtime only resources

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Runtime only resources

Michael Musgrove
We have a transaction case where the customer is trying to delete a (transaction log) model resource via the CLI and is seeing the error:

"was directly invoked by the user. User operations are not permitted to directly update the persistent configuration of a server in a managed domain."

This is coming from ControllerLogger#modelUpdateNotAuthorized (in wildfly-core) because we define the resource as *not* being runtime only:

public boolean isRuntime() {return false;}

My question is should we be defining the resource as a runtime resource or should we tell the customer not to delete the resouce from the controller?

Thanks,
Mike


--
Michael Musgrove
Transactions Team

Our mission:To be the catalyst in communities of customers, contributors, and partners creating better technology the open source way. 

JBoss, by Red Hat
Registered Address: Red Hat Ltd, 6700 Cork Airport Business Park, Kinsale Road, Co. Cork.
Registered in the Companies Registration Office, Parnell House, 14 Parnell Square, Dublin 1, Ireland, No.304873
Directors:Michael Cunningham (USA), Vicky Wiseman (USA), Michael O'Neill, Keith Phelan, Matt Parson (USA)

_______________________________________________
wildfly-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/wildfly-dev
Reply | Threaded
Open this post in threaded view
|

Re: Runtime only resources

Michael Musgrove
The operation used to work and I suspect that the root cause is WFCORE-2858 (Roll out READ_ONLY + RUNTIME_ONLY ops to the domain) and the fix for the transaction subsystem is https://issues.jboss.org/browse/JBEAP-11651. It would be great if someone with more knowledge than I of the domain model could verify my hypothesis.

On Wed, Jun 28, 2017 at 12:31 PM, Michael Musgrove <[hidden email]> wrote:
We have a transaction case where the customer is trying to delete a (transaction log) model resource via the CLI and is seeing the error:

"was directly invoked by the user. User operations are not permitted to directly update the persistent configuration of a server in a managed domain."

This is coming from ControllerLogger#modelUpdateNotAuthorized (in wildfly-core) because we define the resource as *not* being runtime only:

public boolean isRuntime() {return false;}

My question is should we be defining the resource as a runtime resource or should we tell the customer not to delete the resouce from the controller?

Thanks,
Mike


--
Michael Musgrove
Transactions Team

Our mission:To be the catalyst in communities of customers, contributors, and partners creating better technology the open source way. 

JBoss, by Red Hat
Registered Address: Red Hat Ltd, 6700 Cork Airport Business Park, Kinsale Road, Co. Cork.
Registered in the Companies Registration Office, Parnell House, 14 Parnell Square, Dublin 1, Ireland, No.304873
Directors:Michael Cunningham (USA), Vicky Wiseman (USA), Michael O'Neill, Keith Phelan, Matt Parson (USA)



--
Michael Musgrove
Transactions Team

Our mission:To be the catalyst in communities of customers, contributors, and partners creating better technology the open source way. 

JBoss, by Red Hat
Registered Address: Red Hat Ltd, 6700 Cork Airport Business Park, Kinsale Road, Co. Cork.
Registered in the Companies Registration Office, Parnell House, 14 Parnell Square, Dublin 1, Ireland, No.304873
Directors:Michael Cunningham (USA), Vicky Wiseman (USA), Michael O'Neill, Keith Phelan, Matt Parson (USA)

_______________________________________________
wildfly-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/wildfly-dev
Reply | Threaded
Open this post in threaded view
|

Re: Runtime only resources

Brian Stansberry
I’ll have a look.

> On Jun 28, 2017, at 8:27 AM, Michael Musgrove <[hidden email]> wrote:
>
> The operation used to work and I suspect that the root cause is WFCORE-2858 (Roll out READ_ONLY + RUNTIME_ONLY ops to the domain) and the fix for the transaction subsystem is https://issues.jboss.org/browse/JBEAP-11651. It would be great if someone with more knowledge than I of the domain model could verify my hypothesis.
>
> On Wed, Jun 28, 2017 at 12:31 PM, Michael Musgrove <[hidden email]> wrote:
> We have a transaction case where the customer is trying to delete a (transaction log) model resource via the CLI and is seeing the error:
>
> "was directly invoked by the user. User operations are not permitted to directly update the persistent configuration of a server in a managed domain."
>
> This is coming from ControllerLogger#modelUpdateNotAuthorized (in wildfly-core) because we define the resource as *not* being runtime only:
>
> public boolean isRuntime() {return false;}
>
> My question is should we be defining the resource as a runtime resource or should we tell the customer not to delete the resouce from the controller?
>
> Thanks,
> Mike
>
>
> --
> Michael Musgrove
> Transactions Team
> e: [hidden email]
>
> Our mission:To be the catalyst in communities of customers, contributors, and partners creating better technology the open source way.
>
> JBoss, by Red Hat
> Registered Address: Red Hat Ltd, 6700 Cork Airport Business Park, Kinsale Road, Co. Cork.
> Registered in the Companies Registration Office, Parnell House, 14 Parnell Square, Dublin 1, Ireland, No.304873
> Directors:Michael Cunningham (USA), Vicky Wiseman (USA), Michael O'Neill, Keith Phelan, Matt Parson (USA)
>
>
>
> --
> Michael Musgrove
> Transactions Team
> e: [hidden email]
>
> Our mission:To be the catalyst in communities of customers, contributors, and partners creating better technology the open source way.
>
> JBoss, by Red Hat
> Registered Address: Red Hat Ltd, 6700 Cork Airport Business Park, Kinsale Road, Co. Cork.
> Registered in the Companies Registration Office, Parnell House, 14 Parnell Square, Dublin 1, Ireland, No.304873
> Directors:Michael Cunningham (USA), Vicky Wiseman (USA), Michael O'Neill, Keith Phelan, Matt Parson (USA)
> _______________________________________________
> wildfly-dev mailing list
> [hidden email]
> https://lists.jboss.org/mailman/listinfo/wildfly-dev

--
Brian Stansberry
Manager, Senior Principal Software Engineer
JBoss by Red Hat




_______________________________________________
wildfly-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/wildfly-dev
Reply | Threaded
Open this post in threaded view
|

Re: Runtime only resources

Brian Stansberry
What is the operation they are trying to invoke?

LogStoreResource itself isn’t runtime-only but its children are. The “delete” operations on the “transactions” and “participants” children will trigger a check that could lead to ControllerLogger#modelUpdateNotAuthorized, but those resources are runtime-only.

One possibibility is the child they are trying to delete is already gone (these are dynamic) so perhaps since it’s non-existent the fact that it’s runtime-only is not being detected. I’ll work up a quick improvement that will help with that.


> On Jun 28, 2017, at 11:51 AM, Brian Stansberry <[hidden email]> wrote:
>
> I’ll have a look.
>
>> On Jun 28, 2017, at 8:27 AM, Michael Musgrove <[hidden email]> wrote:
>>
>> The operation used to work and I suspect that the root cause is WFCORE-2858 (Roll out READ_ONLY + RUNTIME_ONLY ops to the domain) and the fix for the transaction subsystem is https://issues.jboss.org/browse/JBEAP-11651. It would be great if someone with more knowledge than I of the domain model could verify my hypothesis.
>>
>> On Wed, Jun 28, 2017 at 12:31 PM, Michael Musgrove <[hidden email]> wrote:
>> We have a transaction case where the customer is trying to delete a (transaction log) model resource via the CLI and is seeing the error:
>>
>> "was directly invoked by the user. User operations are not permitted to directly update the persistent configuration of a server in a managed domain."
>>
>> This is coming from ControllerLogger#modelUpdateNotAuthorized (in wildfly-core) because we define the resource as *not* being runtime only:
>>
>> public boolean isRuntime() {return false;}
>>
>> My question is should we be defining the resource as a runtime resource or should we tell the customer not to delete the resouce from the controller?
>>
>> Thanks,
>> Mike
>>
>>
>> --
>> Michael Musgrove
>> Transactions Team
>> e: [hidden email]
>>
>> Our mission:To be the catalyst in communities of customers, contributors, and partners creating better technology the open source way.
>>
>> JBoss, by Red Hat
>> Registered Address: Red Hat Ltd, 6700 Cork Airport Business Park, Kinsale Road, Co. Cork.
>> Registered in the Companies Registration Office, Parnell House, 14 Parnell Square, Dublin 1, Ireland, No.304873
>> Directors:Michael Cunningham (USA), Vicky Wiseman (USA), Michael O'Neill, Keith Phelan, Matt Parson (USA)
>>
>>
>>
>> --
>> Michael Musgrove
>> Transactions Team
>> e: [hidden email]
>>
>> Our mission:To be the catalyst in communities of customers, contributors, and partners creating better technology the open source way.
>>
>> JBoss, by Red Hat
>> Registered Address: Red Hat Ltd, 6700 Cork Airport Business Park, Kinsale Road, Co. Cork.
>> Registered in the Companies Registration Office, Parnell House, 14 Parnell Square, Dublin 1, Ireland, No.304873
>> Directors:Michael Cunningham (USA), Vicky Wiseman (USA), Michael O'Neill, Keith Phelan, Matt Parson (USA)
>> _______________________________________________
>> wildfly-dev mailing list
>> [hidden email]
>> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>
> --
> Brian Stansberry
> Manager, Senior Principal Software Engineer
> JBoss by Red Hat
>
>
>

--
Brian Stansberry
Manager, Senior Principal Software Engineer
JBoss by Red Hat




_______________________________________________
wildfly-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/wildfly-dev
Reply | Threaded
Open this post in threaded view
|

Re: Runtime only resources

Michael Musgrove
Thanks for looking into this. The operation they are running is:

[domain@...:9990 /] /host=host-jbosshost7-1/server=GPD1/subsystem=transactions/log-store=log-store/transactions=0\:ffff0afc4420\:3b2568af\:594b9528\::delete()
{
    "outcome" => "failed",
    "result" => undefined,
    "failure-description" => "WFLYCTL0249: Operação 'delete' marcada no recurso '[
    (\"subsystem\" => \"transactions\"),
    (\"log-store\" => \"log-store\"),
    (\"transactions\" => \"0:ffff0afc4420:3b2568af:594b9528:\")
]' foi diretamente invocada pelo usuário. As operações do usuário não são permitidas para atualizar diretamente a configuração persistente de um servidor no domain controller.",
    "rolled-back" => true
}

On Wed, Jun 28, 2017 at 6:17 PM, Brian Stansberry <[hidden email]> wrote:
What is the operation they are trying to invoke?

LogStoreResource itself isn’t runtime-only but its children are. The “delete” operations on the “transactions” and “participants” children will trigger a check that could lead to ControllerLogger#modelUpdateNotAuthorized, but those resources are runtime-only.

One possibibility is the child they are trying to delete is already gone (these are dynamic) so perhaps since it’s non-existent the fact that it’s runtime-only is not being detected. I’ll work up a quick improvement that will help with that.


> On Jun 28, 2017, at 11:51 AM, Brian Stansberry <[hidden email]> wrote:
>
> I’ll have a look.
>
>> On Jun 28, 2017, at 8:27 AM, Michael Musgrove <[hidden email]> wrote:
>>
>> The operation used to work and I suspect that the root cause is WFCORE-2858 (Roll out READ_ONLY + RUNTIME_ONLY ops to the domain) and the fix for the transaction subsystem is https://issues.jboss.org/browse/JBEAP-11651. It would be great if someone with more knowledge than I of the domain model could verify my hypothesis.
>>
>> On Wed, Jun 28, 2017 at 12:31 PM, Michael Musgrove <[hidden email]> wrote:
>> We have a transaction case where the customer is trying to delete a (transaction log) model resource via the CLI and is seeing the error:
>>
>> "was directly invoked by the user. User operations are not permitted to directly update the persistent configuration of a server in a managed domain."
>>
>> This is coming from ControllerLogger#modelUpdateNotAuthorized (in wildfly-core) because we define the resource as *not* being runtime only:
>>
>> public boolean isRuntime() {return false;}
>>
>> My question is should we be defining the resource as a runtime resource or should we tell the customer not to delete the resouce from the controller?
>>
>> Thanks,
>> Mike
>>
>>
>> --
>> Michael Musgrove
>> Transactions Team
>> e: [hidden email]
>>
>> Our mission:To be the catalyst in communities of customers, contributors, and partners creating better technology the open source way.
>>
>> JBoss, by Red Hat
>> Registered Address: Red Hat Ltd, 6700 Cork Airport Business Park, Kinsale Road, Co. Cork.
>> Registered in the Companies Registration Office, Parnell House, 14 Parnell Square, Dublin 1, Ireland, No.304873
>> Directors:Michael Cunningham (USA), Vicky Wiseman (USA), Michael O'Neill, Keith Phelan, Matt Parson (USA)
>>
>>
>>
>> --
>> Michael Musgrove
>> Transactions Team
>> e: [hidden email]
>>
>> Our mission:To be the catalyst in communities of customers, contributors, and partners creating better technology the open source way.
>>
>> JBoss, by Red Hat
>> Registered Address: Red Hat Ltd, 6700 Cork Airport Business Park, Kinsale Road, Co. Cork.
>> Registered in the Companies Registration Office, Parnell House, 14 Parnell Square, Dublin 1, Ireland, No.304873
>> Directors:Michael Cunningham (USA), Vicky Wiseman (USA), Michael O'Neill, Keith Phelan, Matt Parson (USA)
>> _______________________________________________
>> wildfly-dev mailing list
>> [hidden email]
>> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>
> --
> Brian Stansberry
> Manager, Senior Principal Software Engineer
> JBoss by Red Hat
>
>
>

--
Brian Stansberry
Manager, Senior Principal Software Engineer
JBoss by Red Hat






--
Michael Musgrove
Transactions Team

Our mission:To be the catalyst in communities of customers, contributors, and partners creating better technology the open source way. 

JBoss, by Red Hat
Registered Address: Red Hat Ltd, 6700 Cork Airport Business Park, Kinsale Road, Co. Cork.
Registered in the Companies Registration Office, Parnell House, 14 Parnell Square, Dublin 1, Ireland, No.304873
Directors:Michael Cunningham (USA), Vicky Wiseman (USA), Michael O'Neill, Keith Phelan, Matt Parson (USA)

_______________________________________________
wildfly-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/wildfly-dev
Reply | Threaded
Open this post in threaded view
|

Re: Runtime only resources

Brian Stansberry
https://github.com/wildfly/wildfly/compare/master...bstansberry:tx-runtime-only is the quick improvement I mentioned.

https://ci.wildfly.org/viewLog.html?buildId=66224&tab=buildResultsDiv&buildTypeId=WF_WildFlyCoreIntegrationExperiments is a custom CI job for that branch. (I’ve done no testing locally other than checking the transactions module compiles.)

I don’t see how that op would get to ControllerLogger#modelUpdateNotAuthorized though, unless the transactions=0\:ffff0afc4420\:3b2568af\:594b9528\: resource doesn’t exist. If it doesn’t then the op would fail anyway, just with a different message.

> On Jun 28, 2017, at 12:19 PM, Michael Musgrove <[hidden email]> wrote:
>
> Thanks for looking into this. The operation they are running is:
>
> [[hidden email]:9990 /] /host=host-jbosshost7-1/server=GPD1/subsystem=transactions/log-store=log-store/transactions=0\:ffff0afc4420\:3b2568af\:594b9528\::delete()
> {
>     "outcome" => "failed",
>     "result" => undefined,
>     "failure-description" => "WFLYCTL0249: Operação 'delete' marcada no recurso '[
>     (\"subsystem\" => \"transactions\"),
>     (\"log-store\" => \"log-store\"),
>     (\"transactions\" => \"0:ffff0afc4420:3b2568af:594b9528:\")
> ]' foi diretamente invocada pelo usuário. As operações do usuário não são permitidas para atualizar diretamente a configuração persistente de um servidor no domain controller.",
>     "rolled-back" => true
> }
>
> On Wed, Jun 28, 2017 at 6:17 PM, Brian Stansberry <[hidden email]> wrote:
> What is the operation they are trying to invoke?
>
> LogStoreResource itself isn’t runtime-only but its children are. The “delete” operations on the “transactions” and “participants” children will trigger a check that could lead to ControllerLogger#modelUpdateNotAuthorized, but those resources are runtime-only.
>
> One possibibility is the child they are trying to delete is already gone (these are dynamic) so perhaps since it’s non-existent the fact that it’s runtime-only is not being detected. I’ll work up a quick improvement that will help with that.
>
>
> > On Jun 28, 2017, at 11:51 AM, Brian Stansberry <[hidden email]> wrote:
> >
> > I’ll have a look.
> >
> >> On Jun 28, 2017, at 8:27 AM, Michael Musgrove <[hidden email]> wrote:
> >>
> >> The operation used to work and I suspect that the root cause is WFCORE-2858 (Roll out READ_ONLY + RUNTIME_ONLY ops to the domain) and the fix for the transaction subsystem is https://issues.jboss.org/browse/JBEAP-11651. It would be great if someone with more knowledge than I of the domain model could verify my hypothesis.
> >>
> >> On Wed, Jun 28, 2017 at 12:31 PM, Michael Musgrove <[hidden email]> wrote:
> >> We have a transaction case where the customer is trying to delete a (transaction log) model resource via the CLI and is seeing the error:
> >>
> >> "was directly invoked by the user. User operations are not permitted to directly update the persistent configuration of a server in a managed domain."
> >>
> >> This is coming from ControllerLogger#modelUpdateNotAuthorized (in wildfly-core) because we define the resource as *not* being runtime only:
> >>
> >> public boolean isRuntime() {return false;}
> >>
> >> My question is should we be defining the resource as a runtime resource or should we tell the customer not to delete the resouce from the controller?
> >>
> >> Thanks,
> >> Mike
> >>
> >>
> >> --
> >> Michael Musgrove
> >> Transactions Team
> >> e: [hidden email]
> >>
> >> Our mission:To be the catalyst in communities of customers, contributors, and partners creating better technology the open source way.
> >>
> >> JBoss, by Red Hat
> >> Registered Address: Red Hat Ltd, 6700 Cork Airport Business Park, Kinsale Road, Co. Cork.
> >> Registered in the Companies Registration Office, Parnell House, 14 Parnell Square, Dublin 1, Ireland, No.304873
> >> Directors:Michael Cunningham (USA), Vicky Wiseman (USA), Michael O'Neill, Keith Phelan, Matt Parson (USA)
> >>
> >>
> >>
> >> --
> >> Michael Musgrove
> >> Transactions Team
> >> e: [hidden email]
> >>
> >> Our mission:To be the catalyst in communities of customers, contributors, and partners creating better technology the open source way.
> >>
> >> JBoss, by Red Hat
> >> Registered Address: Red Hat Ltd, 6700 Cork Airport Business Park, Kinsale Road, Co. Cork.
> >> Registered in the Companies Registration Office, Parnell House, 14 Parnell Square, Dublin 1, Ireland, No.304873
> >> Directors:Michael Cunningham (USA), Vicky Wiseman (USA), Michael O'Neill, Keith Phelan, Matt Parson (USA)
> >> _______________________________________________
> >> wildfly-dev mailing list
> >> [hidden email]
> >> https://lists.jboss.org/mailman/listinfo/wildfly-dev
> >
> > --
> > Brian Stansberry
> > Manager, Senior Principal Software Engineer
> > JBoss by Red Hat
> >
> >
> >
>
> --
> Brian Stansberry
> Manager, Senior Principal Software Engineer
> JBoss by Red Hat
>
>
>
>
>
>
> --
> Michael Musgrove
> Transactions Team
> e: [hidden email]
>
> Our mission:To be the catalyst in communities of customers, contributors, and partners creating better technology the open source way.
>
> JBoss, by Red Hat
> Registered Address: Red Hat Ltd, 6700 Cork Airport Business Park, Kinsale Road, Co. Cork.
> Registered in the Companies Registration Office, Parnell House, 14 Parnell Square, Dublin 1, Ireland, No.304873
> Directors:Michael Cunningham (USA), Vicky Wiseman (USA), Michael O'Neill, Keith Phelan, Matt Parson (USA)

--
Brian Stansberry
Manager, Senior Principal Software Engineer
JBoss by Red Hat




_______________________________________________
wildfly-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/wildfly-dev
Reply | Threaded
Open this post in threaded view
|

Re: Runtime only resources

Brian Stansberry
https://github.com/wildfly/wildfly/pull/10258 will result in the correct failure message when ‘delete’ is invoked against a non-existing resource.

> On Jun 28, 2017, at 12:36 PM, Brian Stansberry <[hidden email]> wrote:
>
> https://github.com/wildfly/wildfly/compare/master...bstansberry:tx-runtime-only is the quick improvement I mentioned.
>
> https://ci.wildfly.org/viewLog.html?buildId=66224&tab=buildResultsDiv&buildTypeId=WF_WildFlyCoreIntegrationExperiments is a custom CI job for that branch. (I’ve done no testing locally other than checking the transactions module compiles.)
>
> I don’t see how that op would get to ControllerLogger#modelUpdateNotAuthorized though, unless the transactions=0\:ffff0afc4420\:3b2568af\:594b9528\: resource doesn’t exist. If it doesn’t then the op would fail anyway, just with a different message.
>
>> On Jun 28, 2017, at 12:19 PM, Michael Musgrove <[hidden email]> wrote:
>>
>> Thanks for looking into this. The operation they are running is:
>>
>> [[hidden email]:9990 /] /host=host-jbosshost7-1/server=GPD1/subsystem=transactions/log-store=log-store/transactions=0\:ffff0afc4420\:3b2568af\:594b9528\::delete()
>> {
>>    "outcome" => "failed",
>>    "result" => undefined,
>>    "failure-description" => "WFLYCTL0249: Operação 'delete' marcada no recurso '[
>>    (\"subsystem\" => \"transactions\"),
>>    (\"log-store\" => \"log-store\"),
>>    (\"transactions\" => \"0:ffff0afc4420:3b2568af:594b9528:\")
>> ]' foi diretamente invocada pelo usuário. As operações do usuário não são permitidas para atualizar diretamente a configuração persistente de um servidor no domain controller.",
>>    "rolled-back" => true
>> }
>>
>> On Wed, Jun 28, 2017 at 6:17 PM, Brian Stansberry <[hidden email]> wrote:
>> What is the operation they are trying to invoke?
>>
>> LogStoreResource itself isn’t runtime-only but its children are. The “delete” operations on the “transactions” and “participants” children will trigger a check that could lead to ControllerLogger#modelUpdateNotAuthorized, but those resources are runtime-only.
>>
>> One possibibility is the child they are trying to delete is already gone (these are dynamic) so perhaps since it’s non-existent the fact that it’s runtime-only is not being detected. I’ll work up a quick improvement that will help with that.
>>
>>
>>> On Jun 28, 2017, at 11:51 AM, Brian Stansberry <[hidden email]> wrote:
>>>
>>> I’ll have a look.
>>>
>>>> On Jun 28, 2017, at 8:27 AM, Michael Musgrove <[hidden email]> wrote:
>>>>
>>>> The operation used to work and I suspect that the root cause is WFCORE-2858 (Roll out READ_ONLY + RUNTIME_ONLY ops to the domain) and the fix for the transaction subsystem is https://issues.jboss.org/browse/JBEAP-11651. It would be great if someone with more knowledge than I of the domain model could verify my hypothesis.
>>>>
>>>> On Wed, Jun 28, 2017 at 12:31 PM, Michael Musgrove <[hidden email]> wrote:
>>>> We have a transaction case where the customer is trying to delete a (transaction log) model resource via the CLI and is seeing the error:
>>>>
>>>> "was directly invoked by the user. User operations are not permitted to directly update the persistent configuration of a server in a managed domain."
>>>>
>>>> This is coming from ControllerLogger#modelUpdateNotAuthorized (in wildfly-core) because we define the resource as *not* being runtime only:
>>>>
>>>> public boolean isRuntime() {return false;}
>>>>
>>>> My question is should we be defining the resource as a runtime resource or should we tell the customer not to delete the resouce from the controller?
>>>>
>>>> Thanks,
>>>> Mike
>>>>
>>>>
>>>> --
>>>> Michael Musgrove
>>>> Transactions Team
>>>> e: [hidden email]
>>>>
>>>> Our mission:To be the catalyst in communities of customers, contributors, and partners creating better technology the open source way.
>>>>
>>>> JBoss, by Red Hat
>>>> Registered Address: Red Hat Ltd, 6700 Cork Airport Business Park, Kinsale Road, Co. Cork.
>>>> Registered in the Companies Registration Office, Parnell House, 14 Parnell Square, Dublin 1, Ireland, No.304873
>>>> Directors:Michael Cunningham (USA), Vicky Wiseman (USA), Michael O'Neill, Keith Phelan, Matt Parson (USA)
>>>>
>>>>
>>>>
>>>> --
>>>> Michael Musgrove
>>>> Transactions Team
>>>> e: [hidden email]
>>>>
>>>> Our mission:To be the catalyst in communities of customers, contributors, and partners creating better technology the open source way.
>>>>
>>>> JBoss, by Red Hat
>>>> Registered Address: Red Hat Ltd, 6700 Cork Airport Business Park, Kinsale Road, Co. Cork.
>>>> Registered in the Companies Registration Office, Parnell House, 14 Parnell Square, Dublin 1, Ireland, No.304873
>>>> Directors:Michael Cunningham (USA), Vicky Wiseman (USA), Michael O'Neill, Keith Phelan, Matt Parson (USA)
>>>> _______________________________________________
>>>> wildfly-dev mailing list
>>>> [hidden email]
>>>> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>>
>>> --
>>> Brian Stansberry
>>> Manager, Senior Principal Software Engineer
>>> JBoss by Red Hat
>>>
>>>
>>>
>>
>> --
>> Brian Stansberry
>> Manager, Senior Principal Software Engineer
>> JBoss by Red Hat
>>
>>
>>
>>
>>
>>
>> --
>> Michael Musgrove
>> Transactions Team
>> e: [hidden email]
>>
>> Our mission:To be the catalyst in communities of customers, contributors, and partners creating better technology the open source way.
>>
>> JBoss, by Red Hat
>> Registered Address: Red Hat Ltd, 6700 Cork Airport Business Park, Kinsale Road, Co. Cork.
>> Registered in the Companies Registration Office, Parnell House, 14 Parnell Square, Dublin 1, Ireland, No.304873
>> Directors:Michael Cunningham (USA), Vicky Wiseman (USA), Michael O'Neill, Keith Phelan, Matt Parson (USA)
>
> --
> Brian Stansberry
> Manager, Senior Principal Software Engineer
> JBoss by Red Hat
>
>
>

--
Brian Stansberry
Manager, Senior Principal Software Engineer
JBoss by Red Hat




_______________________________________________
wildfly-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/wildfly-dev
Reply | Threaded
Open this post in threaded view
|

Re: Runtime only resources

Michael Musgrove
Thanks Brian for the analysis and the fix.

On Wed, Jun 28, 2017 at 10:14 PM, Brian Stansberry <[hidden email]> wrote:
https://github.com/wildfly/wildfly/pull/10258 will result in the correct failure message when ‘delete’ is invoked against a non-existing resource.

> On Jun 28, 2017, at 12:36 PM, Brian Stansberry <[hidden email]> wrote:
>
> https://github.com/wildfly/wildfly/compare/master...bstansberry:tx-runtime-only is the quick improvement I mentioned.
>
> https://ci.wildfly.org/viewLog.html?buildId=66224&tab=buildResultsDiv&buildTypeId=WF_WildFlyCoreIntegrationExperiments is a custom CI job for that branch. (I’ve done no testing locally other than checking the transactions module compiles.)
>
> I don’t see how that op would get to ControllerLogger#modelUpdateNotAuthorized though, unless the transactions=0\:ffff0afc4420\:3b2568af\:594b9528\: resource doesn’t exist. If it doesn’t then the op would fail anyway, just with a different message.
>
>> On Jun 28, 2017, at 12:19 PM, Michael Musgrove <[hidden email]> wrote:
>>
>> Thanks for looking into this. The operation they are running is:
>>
>> [domain@....gov.br:9990 /] /host=host-jbosshost7-1/server=GPD1/subsystem=transactions/log-store=log-store/transactions=0\:ffff0afc4420\:3b2568af\:594b9528\::delete()
>> {
>>    "outcome" => "failed",
>>    "result" => undefined,
>>    "failure-description" => "WFLYCTL0249: Operação 'delete' marcada no recurso '[
>>    (\"subsystem\" => \"transactions\"),
>>    (\"log-store\" => \"log-store\"),
>>    (\"transactions\" => \"0:ffff0afc4420:3b2568af:594b9528:\")
>> ]' foi diretamente invocada pelo usuário. As operações do usuário não são permitidas para atualizar diretamente a configuração persistente de um servidor no domain controller.",
>>    "rolled-back" => true
>> }
>>
>> On Wed, Jun 28, 2017 at 6:17 PM, Brian Stansberry <[hidden email]> wrote:
>> What is the operation they are trying to invoke?
>>
>> LogStoreResource itself isn’t runtime-only but its children are. The “delete” operations on the “transactions” and “participants” children will trigger a check that could lead to ControllerLogger#modelUpdateNotAuthorized, but those resources are runtime-only.
>>
>> One possibibility is the child they are trying to delete is already gone (these are dynamic) so perhaps since it’s non-existent the fact that it’s runtime-only is not being detected. I’ll work up a quick improvement that will help with that.
>>
>>
>>> On Jun 28, 2017, at 11:51 AM, Brian Stansberry <[hidden email]> wrote:
>>>
>>> I’ll have a look.
>>>
>>>> On Jun 28, 2017, at 8:27 AM, Michael Musgrove <[hidden email]> wrote:
>>>>
>>>> The operation used to work and I suspect that the root cause is WFCORE-2858 (Roll out READ_ONLY + RUNTIME_ONLY ops to the domain) and the fix for the transaction subsystem is https://issues.jboss.org/browse/JBEAP-11651. It would be great if someone with more knowledge than I of the domain model could verify my hypothesis.
>>>>
>>>> On Wed, Jun 28, 2017 at 12:31 PM, Michael Musgrove <[hidden email]> wrote:
>>>> We have a transaction case where the customer is trying to delete a (transaction log) model resource via the CLI and is seeing the error:
>>>>
>>>> "was directly invoked by the user. User operations are not permitted to directly update the persistent configuration of a server in a managed domain."
>>>>
>>>> This is coming from ControllerLogger#modelUpdateNotAuthorized (in wildfly-core) because we define the resource as *not* being runtime only:
>>>>
>>>> public boolean isRuntime() {return false;}
>>>>
>>>> My question is should we be defining the resource as a runtime resource or should we tell the customer not to delete the resouce from the controller?
>>>>
>>>> Thanks,
>>>> Mike
>>>>
>>>>
>>>> --
>>>> Michael Musgrove
>>>> Transactions Team
>>>> e: [hidden email]
>>>>
>>>> Our mission:To be the catalyst in communities of customers, contributors, and partners creating better technology the open source way.
>>>>
>>>> JBoss, by Red Hat
>>>> Registered Address: Red Hat Ltd, 6700 Cork Airport Business Park, Kinsale Road, Co. Cork.
>>>> Registered in the Companies Registration Office, Parnell House, 14 Parnell Square, Dublin 1, Ireland, No.304873
>>>> Directors:Michael Cunningham (USA), Vicky Wiseman (USA), Michael O'Neill, Keith Phelan, Matt Parson (USA)
>>>>
>>>>
>>>>
>>>> --
>>>> Michael Musgrove
>>>> Transactions Team
>>>> e: [hidden email]
>>>>
>>>> Our mission:To be the catalyst in communities of customers, contributors, and partners creating better technology the open source way.
>>>>
>>>> JBoss, by Red Hat
>>>> Registered Address: Red Hat Ltd, 6700 Cork Airport Business Park, Kinsale Road, Co. Cork.
>>>> Registered in the Companies Registration Office, Parnell House, 14 Parnell Square, Dublin 1, Ireland, No.304873
>>>> Directors:Michael Cunningham (USA), Vicky Wiseman (USA), Michael O'Neill, Keith Phelan, Matt Parson (USA)
>>>> _______________________________________________
>>>> wildfly-dev mailing list
>>>> [hidden email]
>>>> https://lists.jboss.org/mailman/listinfo/wildfly-dev
>>>
>>> --
>>> Brian Stansberry
>>> Manager, Senior Principal Software Engineer
>>> JBoss by Red Hat
>>>
>>>
>>>
>>
>> --
>> Brian Stansberry
>> Manager, Senior Principal Software Engineer
>> JBoss by Red Hat
>>
>>
>>
>>
>>
>>
>> --
>> Michael Musgrove
>> Transactions Team
>> e: [hidden email]
>>
>> Our mission:To be the catalyst in communities of customers, contributors, and partners creating better technology the open source way.
>>
>> JBoss, by Red Hat
>> Registered Address: Red Hat Ltd, 6700 Cork Airport Business Park, Kinsale Road, Co. Cork.
>> Registered in the Companies Registration Office, Parnell House, 14 Parnell Square, Dublin 1, Ireland, No.304873
>> Directors:Michael Cunningham (USA), Vicky Wiseman (USA), Michael O'Neill, Keith Phelan, Matt Parson (USA)
>
> --
> Brian Stansberry
> Manager, Senior Principal Software Engineer
> JBoss by Red Hat
>
>
>

--
Brian Stansberry
Manager, Senior Principal Software Engineer
JBoss by Red Hat






--
Michael Musgrove
Transactions Team

Our mission:To be the catalyst in communities of customers, contributors, and partners creating better technology the open source way. 

JBoss, by Red Hat
Registered Address: Red Hat Ltd, 6700 Cork Airport Business Park, Kinsale Road, Co. Cork.
Registered in the Companies Registration Office, Parnell House, 14 Parnell Square, Dublin 1, Ireland, No.304873
Directors:Michael Cunningham (USA), Vicky Wiseman (USA), Michael O'Neill, Keith Phelan, Matt Parson (USA)

_______________________________________________
wildfly-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/wildfly-dev