Skip to content

Commit

Permalink
[CMTOOL-352] migrated legacy security domains of resource-adapters su…
Browse files Browse the repository at this point in the history 
…bsystem
  • Loading branch information
@istudens
istudens committed Oct 11, 2023
1 parent 944fee7 commit 2f75be2
Showing 1 changed file with 72 additions and 8 deletions.
80 changes: 72 additions & 8 deletions ...in/java/org/jboss/migration/wfly/task/security/MigrateLegacySecurityDomainsToElytron.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,22 +54,25 @@ public static class UpdateSubsystems<S> extends ManageableServerConfigurationLea

private static final String SUBTASK_NAME = TASK_NAME + ".update-subsystems";

public static final String SECURITY_DOMAIN = "security-domain";

public static final String SECURITY_ENABLED = "security-enabled";
public static final String APPLICATION_SECURITY_DOMAIN = "application-security-domain";
public static final String DEFAULT_SECURITY_DOMAIN = "default-security-domain";
public static final String REALM = "realm";
public static final String SECURITY = "security";
public static final String CLIENT = "client";
public static final String IDENTITY = "identity";
public static final String ELYTRON = "elytron";
public static final String ELYTRON_DOMAIN = "elytron-domain";
private static final String ELYTRON_ENABLED = "elytron-enabled";
private static final String DATA_SOURCE = "data-source";
private static final String XA_DATA_SOURCE = "xa-data-source";
private static final String RECOVERY_SECURITY_DOMAIN = "recovery-security-domain";
private static final String RECOVERY_ELYTRON_ENABLED = "recovery-elytron-enabled";
public static final String DATA_SOURCE = "data-source";
public static final String XA_DATA_SOURCE = "xa-data-source";
public static final String SECURITY_DOMAIN = "security-domain";
public static final String RESOURCE_ADAPTERS = "resource-adapters";
public static final String RESOURCE_ADAPTER = "resource-adapter";
public static final String CONNECTION_DEFINITIONS = "connection-definitions";
public static final String CONNECTION_DEFINITION = "connection-definition";
public static final String SECURITY_DOMAIN_AND_APPLICATION = "security-domain-and-application";
public static final String ELYTRON_ENABLED = "elytron-enabled";
public static final String RECOVERY_SECURITY_DOMAIN = "recovery-security-domain";
public static final String RECOVERY_ELYTRON_ENABLED = "recovery-elytron-enabled";

protected UpdateSubsystems(final LegacySecurityConfigurations legacySecurityConfigurations) {
name(SUBTASK_NAME);
Expand All @@ -94,6 +97,9 @@ protected UpdateSubsystems(final LegacySecurityConfigurations legacySecurityConf
if (migrateSubsystemDatasources(legacySecurityConfiguration, subsystemResource, context)) {
taskResult = ServerMigrationTaskResult.SUCCESS;
}
if (migrateSubsystemResourceAdapters(legacySecurityConfiguration, subsystemResource, context)) {
taskResult = ServerMigrationTaskResult.SUCCESS;
}
}
return taskResult;
};
Expand Down Expand Up @@ -235,5 +241,63 @@ private boolean migrateSecurityDomainInDatasource(PathAddress datasourceAddress,
}
return requiresUpdate;
}

protected boolean migrateSubsystemResourceAdapters(LegacySecurityConfiguration legacySecurityConfiguration, SubsystemResource subsystemResource, TaskContext taskContext) {
taskContext.getLogger().debugf("Looking for resource-adapters subsystem resources using a legacy security-domain...");
final Operations.CompositeOperationBuilder compositeOperationBuilder = Operations.CompositeOperationBuilder.create();
boolean requiresUpdate = false;
final SubsystemResource raSubsystemResource = subsystemResource.getParentResource().getSubsystemResource(JBossSubsystemNames.RESOURCE_ADAPTERS);
if (raSubsystemResource != null) {
final ModelNode subsystemConfig = raSubsystemResource.getResourceConfiguration();
if (subsystemConfig.hasDefined(RESOURCE_ADAPTERS)) {
for (Property raProperty : subsystemConfig.get(RESOURCE_ADAPTERS).asPropertyList()) {
final String raName = raProperty.getName();
final ModelNode raConfig = raProperty.getValue();
final PathAddress raAddress = raSubsystemResource.getResourcePathAddress().append(RESOURCE_ADAPTER, raName);
requiresUpdate |= migrateSecurityDomainInConnectionDefinition(raAddress, raConfig, compositeOperationBuilder, taskContext);
}
}
}
if (requiresUpdate) {
subsystemResource.getServerConfiguration().executeManagementOperation(compositeOperationBuilder.build().getOperation());
}
return requiresUpdate;
}

private boolean migrateSecurityDomainInConnectionDefinition(PathAddress parentResourceAddress, ModelNode parentResourceConfig, Operations.CompositeOperationBuilder compositeOperationBuilder, TaskContext taskContext) {
boolean requiresUpdate = false;
if (parentResourceConfig.hasDefined(CONNECTION_DEFINITIONS)) {
for (Property connectionDefinitionProperty : parentResourceConfig.get(CONNECTION_DEFINITIONS).asPropertyList()) {
final String connectionDefinitionName = connectionDefinitionProperty.getName();
final ModelNode connectionDefinitionConfig = connectionDefinitionProperty.getValue();
final PathAddress connectionDefinitionAddress = PathAddress.pathAddress(parentResourceAddress).append(CONNECTION_DEFINITION, connectionDefinitionName);
if (connectionDefinitionConfig.hasDefined(SECURITY_DOMAIN)) {
final String securityDomain = connectionDefinitionConfig.get(SECURITY_DOMAIN).asString();
taskContext.getLogger().debugf("Found resource-adapter resource %s using the legacy security domain %s.", connectionDefinitionAddress.toPathStyleString(), securityDomain);
compositeOperationBuilder.addStep(getUndefineAttributeOperation(connectionDefinitionAddress, SECURITY_DOMAIN));
compositeOperationBuilder.addStep(getWriteAttributeOperation(connectionDefinitionAddress, ELYTRON_ENABLED, ModelNode.TRUE));
taskContext.getLogger().warnf("Undefined legacy security-domain %s attribute of resource-adapter resource %s. Please note that further manual Elytron configuration is needed to define appropriate authentication context for it!", securityDomain, connectionDefinitionAddress.toPathStyleString());
requiresUpdate = true;
}
if (connectionDefinitionConfig.hasDefined(SECURITY_DOMAIN_AND_APPLICATION)) {
final String securityDomain = connectionDefinitionConfig.get(SECURITY_DOMAIN_AND_APPLICATION).asString();
taskContext.getLogger().debugf("Found resource-adapter resource %s using the legacy security-domain-and-application %s.", connectionDefinitionAddress.toPathStyleString(), securityDomain);
compositeOperationBuilder.addStep(getUndefineAttributeOperation(connectionDefinitionAddress, SECURITY_DOMAIN_AND_APPLICATION));
compositeOperationBuilder.addStep(getWriteAttributeOperation(connectionDefinitionAddress, ELYTRON_ENABLED, ModelNode.TRUE));
taskContext.getLogger().warnf("Undefined legacy security-domain-and-application %s attribute of resource-adapter resource %s. Please note that further manual Elytron configuration is needed to define appropriate authentication-context-and-application for it!", securityDomain, connectionDefinitionAddress.toPathStyleString());
requiresUpdate = true;
}
if (connectionDefinitionConfig.hasDefined(RECOVERY_SECURITY_DOMAIN)) {
final String securityDomain = connectionDefinitionConfig.get(RECOVERY_SECURITY_DOMAIN).asString();
taskContext.getLogger().debugf("Found resource-adapter resource %s using the legacy recovery security domain %s.", connectionDefinitionAddress.toPathStyleString(), securityDomain);
compositeOperationBuilder.addStep(getUndefineAttributeOperation(connectionDefinitionAddress, RECOVERY_SECURITY_DOMAIN));
compositeOperationBuilder.addStep(getWriteAttributeOperation(connectionDefinitionAddress, ELYTRON_ENABLED, ModelNode.TRUE));
taskContext.getLogger().warnf("Undefined legacy recovery security domain %s attribute of resource-adapter resource %s. Please note that further manual Elytron configuration is needed to define appropriate authentication context for it!", securityDomain, connectionDefinitionAddress.toPathStyleString());
requiresUpdate = true;
}
}
}
return requiresUpdate;
}
}
}

0 comments on commit 2f75be2

Please sign in to comment.