[GitHub] brooklyn-server pull request #746: Auto wrap YAML BOMs as catalog bundles

[ahgittin]

Github user ahgittin commented on a diff in the pull request:

    https://github.com/apache/brooklyn-server/pull/746#discussion_r127676219
  
    --- Diff: 
core/src/main/java/org/apache/brooklyn/core/mgmt/ha/OsgiArchiveInstaller.java 
---
    @@ -308,11 +326,16 @@ private synchronized void close() {
                     // no such managed bundle
                     Maybe<Bundle> b = 
Osgis.bundleFinder(osgiManager.framework).symbolicName(result.getMetadata().getSymbolicName()).version(result.getMetadata().getSuppliedVersionString()).find();
                     if (b.isPresent()) {
    -                    // if it's non-brooklyn installed then fail
    -                    // (e.g. someone trying to install brooklyn or guice 
through this mechanism!)
    -                    result.bundle = b.get();
    -                    result.code = 
OsgiBundleInstallationResult.ResultCode.ERROR_INSTALLING_BUNDLE;
    -                    throw new IllegalStateException("Bundle 
"+result.getMetadata().getVersionedName()+" already installed in framework but 
not managed by Brooklyn; cannot install or update through Brooklyn");
    +                    // bundle already installed to OSGi subsystem but 
brooklyn not aware of it;
    +                    // this will often happen on a karaf restart so don't 
be too strict!
    +                    // in this case let's uninstall it to make sure we 
have the right bundle and checksum
    +                    // (in case where user has replaced a JAR file in 
persisted state,
    +                    // or where they osgi installed something and are now 
uploading it or something else) 
    +                    // but let's just assume it's the same; worst case if 
not user will
    +                    // have to uninstall it then reinstall it to do the 
replacement
    +                    // (means you can't just replace a JAR in persisted 
state however)
    +                    log.debug("Brooklyn install of 
"+result.getMetadata().getVersionedName()+" detected already loaded in OSGi; 
uninstalling that to reinstall as Brooklyn-managed");
    +                    b.get().uninstall();
    --- End diff --
    
    GIGO -- adding a bundle should be (and is, at "add catalog" level, though 
we probably want finer grained) blockable by an RBAC scheme.  but i don't think 
we need to prevent it at a code level, and someone who has permission to 
install bundles can break things in many ways, that's not something we need to 
(or can) prevent.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---