[WFCORE-6755] Move the org.wildfly.security:wildfly-elytron-dynamic-ssl artifact into its own module

[Skyllarr]

https://issues.redhat.com/browse/WFCORE-6755

[wildfly-ci]

Core -> Full Integration Build 13459 outcome was FAILURE using a merge of 7f57b63
Summary: Exit code 1 (Step: Build full with JDK 17 (Maven)) Build time: 00:04:55

[wildfly-ci]

Core -> WildFly Preview Integration Build 13519 outcome was FAILURE using a merge of 7f57b63
Summary: Exit code 1 (Step: Build & test full (Maven)) Build time: 00:06:37

[wildfly-ci]

Core -> Full Integration Build 13718 outcome was FAILURE using a merge of 7f57b63
Summary: Exit code 1 (Step: Build full with JDK 17 (Maven)) Build time: 00:07:28

[yersan]

Hello @Skyllarr , we need a WFLY Jira/PR in place to fix the layers test case in WildFly. We can merge this WFCORE PR as the latest PR for this release, but we need the Jira/PR to run manually the integration Job.

An alternative is to hack the WidlFly LayersTestCase to ignore this specific layer, and then remove the hack once Core is bumped on WildFly

[wildfly-ci]

Core -> WildFly Preview Integration Build 13527 outcome was FAILURE using a merge of a218264
Summary: Tests failed: 1, passed: 4975, ignored: 86 Build time: 02:49:56

Failed tests

org.jboss.as.test.layers.expansion.LayersTestCase.testLayersModuleUse: java.lang.AssertionError: Some expected modules have not been provisioned in test-all-layers: org.wildfly.security.elytron-dynamic-ssl
	at org.jboss.as.test.layers.LayersTest.testLayersModuleUse(LayersTest.java:172)
	at org.jboss.as.test.shared.LayersTestBase.testLayersModuleUse(LayersTestBase.java:409)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

[Skyllarr]

Hello @Skyllarr , we need a WFLY Jira/PR in place to fix the layers test case in WildFly. We can merge this WFCORE PR as the latest PR for this release, but we need the Jira/PR to run manually the integration Job.

An alternative is to hack the WidlFly LayersTestCase to ignore this specific layer, and then remove the hack once Core is bumped on WildFly

Thanks @yersan , I've created https://issues.redhat.com/browse/WFLY-19223 and I'm working on fixing the test

[yersan]

Integration Jobs:

https://ci.wildfly.org/buildConfiguration/WF_WildFlyCoreIntegrationExperiments/429188 (Galleon Integration)
https://ci.wildfly.org/buildConfiguration/WF_WildFlyCoreIntegrationExperiments/429204 (WildFly Preview Integration JDK 17)

[yersan]

@Skyllarr The integration test failed, if we really don't want to provision this module when we are trimming the server, the fix in WildFly Full should be to add it at https://github.com/wildfly/wildfly/blob/a53eba00bde46400befd053c4a104e7107da0071/testsuite/shared/src/main/java/org/jboss/as/test/shared/LayersTestBase.java#L45 instead.

But I have doubts whether this is want we want to do, I would expect this feature also when we are trimming the server but we are including the Elytron layer

[yersan]

If the intention is to leave the usage of this module when the server is trimmed including the Elytron layer, this change could be fine but we need to add a comment above it explaining the reason why this module is not provided when using layers.

I have doubts we want that, it looks like the intention could be to also provide the capabilities of the dynamic SSL context even when we are using the Elytron layer. If that's the case, I guess you have to register the module with

wildfly-core/controller/src/main/java/org/jboss/as/controller/ResourceDefinition.java

Line 127 in d5456e9

default void registerAdditionalRuntimePackages(final ManagementResourceRegistration resourceRegistration) {

, which in turns should be invoked depending on the current Stability level

[yersan]

should be invoked depending on the current Stability level

or as a different way to see it, be invoked when the management resource associated with this Elytron Dynamic SSL is being registered, which I would assume is registered for community only stability level

[Skyllarr]

@yersan yes, this module should be provided when using elytron layer and the community stability. I'll fix this, thank you!

[Skyllarr]

@yersan I've addressed your feedback. I closed the affiliated wildfly PR since these latest changes do not introduce a failure in wildfly testsuite. Thank you!

[Skyllarr]

@darranl / @fjuma Please review, thanks!

[wildfly-ci]

Core -> Full Integration Build 13495 outcome was UNKNOWN using a merge of f56300e
Summary: Canceled (Swabra) Build time: 02:31:31

[wildfly-ci]

Core -> WildFly Preview Integration Build 13556 outcome was FAILURE using a merge of f56300e
Summary: Tests failed: 1, passed: 4977, ignored: 86 Build time: 03:35:09

Failed tests

org.jboss.as.test.layers.expansion.LayersTestCase.testLayersModuleUse: java.lang.AssertionError: Some expected modules have not been provisioned in test-all-layers: org.wildfly.security.elytron-dynamic-ssl
	at org.jboss.as.test.layers.LayersTest.testLayersModuleUse(LayersTest.java:172)
	at org.jboss.as.test.shared.LayersTestBase.testLayersModuleUse(LayersTestBase.java:409)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

[wildfly-ci]

Core -> Full Integration Build 13757 outcome was UNKNOWN using a merge of f56300e
Summary: Canceled (Step 2/7) Build time: 04:21:51

[wildfly-ci]

Core -> Full Integration Build 13497 outcome was UNKNOWN using a merge of 7bf0715
Summary: Canceled (Exit code 143 (Step: Build full with JDK 17 (Maven)) (new)) Build time: 00:07:22

[wildfly-ci]

Core -> Full Integration Build 13498 outcome was FAILURE using a merge of 7bf0715
Summary: Tests failed: 2, passed: 4039, ignored: 51 Build time: 02:40:00

Failed tests

org.jboss.as.test.layers.base.LayersTestCase.testLayersModuleUse: java.lang.AssertionError: Some expected modules have not been provisioned in test-all-layers: org.wildfly.security.elytron-dynamic-ssl
	at org.jboss.as.test.layers.LayersTest.testLayersModuleUse(LayersTest.java:172)
	at org.jboss.as.test.shared.LayersTestBase.testLayersModuleUse(LayersTestBase.java:409)
	at org.jboss.as.test.layers.base.LayersTestCase.testLayersModuleUse(LayersTestCase.java:37)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)


org.jboss.as.test.layers.expansion.LayersTestCase.testLayersModuleUse: java.lang.AssertionError: Some expected modules have not been provisioned in test-all-layers: org.wildfly.security.elytron-dynamic-ssl
	at org.jboss.as.test.layers.LayersTest.testLayersModuleUse(LayersTest.java:172)
	at org.jboss.as.test.shared.LayersTestBase.testLayersModuleUse(LayersTestBase.java:409)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

[wildfly-ci]

Core -> WildFly Preview Integration Build 13557 outcome was FAILURE using a merge of 7bf0715
Summary: Tests failed: 1, passed: 4976, ignored: 87 Build time: 02:46:59

Failed tests

org.jboss.as.test.layers.expansion.LayersTestCase.testLayersModuleUse: java.lang.AssertionError: Some expected modules have not been provisioned in test-all-layers: org.wildfly.security.elytron-dynamic-ssl
	at org.jboss.as.test.layers.LayersTest.testLayersModuleUse(LayersTest.java:172)
	at org.jboss.as.test.shared.LayersTestBase.testLayersModuleUse(LayersTestBase.java:409)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

[yersan]

In my opinion, this is completed, although we are waiting for https://issues.redhat.com/browse/WFCORE-6805 to do more testing and see if the approach is the correct one. We are waiting to have the ability to limit the available stability levels based on the provisioning stability level

[yersan]

In my opinion, this is completed, although we are waiting for https://issues.redhat.com/browse/WFCORE-6805 to do more testing and see if the approach is the correct one. We are waiting to have the ability to limit the available stability levels based on the provisioning stability level

Well, current failures on integration tests are not expected, so it still requires investigation into what is causing them.

[Skyllarr]

In my opinion, this is completed, although we are waiting for https://issues.redhat.com/browse/WFCORE-6805 to do more testing and see if the approach is the correct one. We are waiting to have the ability to limit the available stability levels based on the provisioning stability level

I see, thanks @yersan ! I will look into the integration tests failures

[wildfly-ci]

Core -> Full Integration Build 13532 outcome was FAILURE using a merge of af6dd7c
Summary: Tests failed: 2, passed: 3954, ignored: 59 Build time: 02:03:15

Failed tests

org.jboss.as.test.layers.base.LayersTestCase.testLayersModuleUse: java.lang.AssertionError: Some expected modules have not been provisioned in test-all-layers: org.wildfly.security.elytron-dynamic-ssl
	at org.jboss.as.test.layers.LayersTest.testLayersModuleUse(LayersTest.java:172)
	at org.jboss.as.test.shared.LayersTestBase.testLayersModuleUse(LayersTestBase.java:409)
	at org.jboss.as.test.layers.base.LayersTestCase.testLayersModuleUse(LayersTestCase.java:37)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)


org.jboss.as.test.layers.expansion.LayersTestCase.testLayersModuleUse: java.lang.AssertionError: Some expected modules have not been provisioned in test-all-layers: org.wildfly.security.elytron-dynamic-ssl
	at org.jboss.as.test.layers.LayersTest.testLayersModuleUse(LayersTest.java:172)
	at org.jboss.as.test.shared.LayersTestBase.testLayersModuleUse(LayersTestBase.java:409)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

[wildfly-ci]

Core -> WildFly Preview Integration Build 13587 outcome was FAILURE using a merge of af6dd7c
Summary: Tests failed: 1, passed: 4994, ignored: 82 Build time: 02:26:13

Failed tests

org.jboss.as.test.layers.expansion.LayersTestCase.testLayersModuleUse: java.lang.AssertionError: Some expected modules have not been provisioned in test-all-layers: org.wildfly.security.elytron-dynamic-ssl
	at org.jboss.as.test.layers.LayersTest.testLayersModuleUse(LayersTest.java:172)
	at org.jboss.as.test.shared.LayersTestBase.testLayersModuleUse(LayersTestBase.java:409)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

[Skyllarr]

In my opinion, this is completed, although we are waiting for https://issues.redhat.com/browse/WFCORE-6805 to do more testing and see if the approach is the correct one. We are waiting to have the ability to limit the available stability levels based on the provisioning stability level

Well, current failures on integration tests are not expected, so it still requires investigation into what is causing them.

@yersan This PR should solve the issues with LayersTestCase wildfly/wildfly#17862 , locally it works for me

[yersan]

@Skyllarr There is a relevant error on the "Galleon Linux - JDK 11 (Pull Request)" Job:

java.lang.AssertionError: Some expected modules have not been provisioned in test-all-layers: org.wildfly.security.elytron-dynamic-ssl
  at org.junit.Assert.fail(Assert.java:89)
  at org.jboss.as.test.layers.LayersTest.testLayersModuleUse(LayersTest.java:172)
  at org.jboss.as.test.layers.LayersTestCase.testLayersModuleUse(LayersTestCase.java:111)
  at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
  at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
  at java.base/java.lang.reflect.Method.invoke(Method.java:566)

I don't know exactly what is causing that, but the problem seems to be that elytron galleon layer is not provisioning the org.wildfly.security.elytron-dynamic-ssl

I've just taken a look but I don't see the root cause, since Elytron subsystem is advertising to Galleon the requirement of this package at https://github.com/wildfly/wildfly-core/pull/5947/files#diff-263be4d2ab5108fc2de76f44766487703d2444e7bcc70bac0aaa4be6a27a9089R114

@jfdenise Could you shed some light on this?

I've just done a quick test and, although the relevant package is correctly advertised with resourceRegistration.registerAdditionalRuntimePackages(RuntimePackageDependency.required(dependencyPackageName)), the expected set of provisioned packages for the Elytron galleon layer does not includes the org.wildfly.security.elytron-dynamic-ssl package name.

What we are missing here?

[yersan]

@jfdenise a friendly reminder, do you have any points about why Galleon does not provision the advertised package?

[yersan]

Hello @jfdenise this is still a blocker for us, could you provide your feedback about why Galleon is not working as we expect for this case? I am not sure if we are missing something here.

[bstansberry]

@Skyllarr There is a relevant error on the "Galleon Linux - JDK 11 (Pull Request)" Job:

java.lang.AssertionError: Some expected modules have not been provisioned in test-all-layers: org.wildfly.security.elytron-dynamic-ssl
  at org.junit.Assert.fail(Assert.java:89)
  at org.jboss.as.test.layers.LayersTest.testLayersModuleUse(LayersTest.java:172)
  at org.jboss.as.test.layers.LayersTestCase.testLayersModuleUse(LayersTestCase.java:111)
  at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
  at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
  at java.base/java.lang.reflect.Method.invoke(Method.java:566)

I don't know exactly what is causing that, but the problem seems to be that elytron galleon layer is not provisioning the org.wildfly.security.elytron-dynamic-ssl

I've just taken a look but I don't see the root cause, since Elytron subsystem is advertising to Galleon the requirement of this package at https://github.com/wildfly/wildfly-core/pull/5947/files#diff-263be4d2ab5108fc2de76f44766487703d2444e7bcc70bac0aaa4be6a27a9089R114

@jfdenise Could you shed some light on this?

I've just done a quick test and, although the relevant package is correctly advertised with resourceRegistration.registerAdditionalRuntimePackages(RuntimePackageDependency.required(dependencyPackageName)), the expected set of provisioned packages for the Elytron galleon layer does not includes the org.wildfly.security.elytron-dynamic-ssl package name.

What we are missing here?

@yersan Is the resource part of the elytron subsystem configuration provided by the 'elytron' layer? Or, less likely, some other layer included in the test-all-layers set?

I haven't looked at what the 'elytron' layer configures but I suspect it doesn't add this resource.

The resourceRegistration.registerAdditionalRuntimePackages stuff is only relevant if the resource is part of the configuration. It doesn't tell Galleon to provision things that are not in the configuration just in case they user might want to add them later.

If that's the case the solution is to tell LayersTestCase not to expect the module to be provisioned.

[yersan]

@bstansberry

Is the resource part of the elytron subsystem configuration provided by the 'elytron' layer? Or, less likely, some other layer included in the test-all-layers set?

The resource is just a subresource of the standard Elytron subsystem, however, it is distributed via an optional module, which, in turn, is never provisioned by any other Galleon Layer.

The resourceRegistration.registerAdditionalRuntimePackages stuff is only relevant if the resource is part of the configuration. It doesn't tell Galleon to provision things that are not in the configuration just in case they user might want to add them later.

Ok, thanks for clarifying it. Now I understand the issue is that since not configured by the Elytron subsystem when it is provisioned as a Galleon layer, then the source code will never advertise it requires such a package.

However, this subresource does not require any Elytron subsystem configuration, so, I don't know how it can be added to the Elytron layer as an empty feature.

I can only think of adding it as a required package for the Elytron layer at:

wildfly-core/core-feature-pack/galleon-common/src/main/resources/layers/standalone/elytron/layer-spec.xml

Lines 16 to 20 in bb0806b

	<packages>
	<!-- required by default configuration-->
	<package name="org.wildfly.extension.elytron.jaas-realm"/>
	<package name="org.wildfly.openssl"/>
	</packages>

But not sure if that is the correct approach. It fixes the problem, since it makes it provisioned always when Elytron is configured. but not sure if that is the approach or even if we add it there, whether we would still need the resourceRegistration.registerAdditionalRuntimePackages stuff

[darranl]

I think to invert some of the discussions the two times we would expect that this module is NOT provisioned are:

• provisioning a server that does not contain the elytron extension
• provisioning a server that only supports default stability level

In all other cases this module should be present in the installation

[yersan]

Superseded by #6066