From 2f75be2226443b5b0d1cb165027ed66d83b96a2c Mon Sep 17 00:00:00 2001
From: Ivo Studensky <istudens@redhat.com>
Date: Fri, 8 Sep 2023 16:00:49 +0200
Subject: [PATCH] [CMTOOL-352] migrated legacy security domains of
 resource-adapters subsystem

---
 ...MigrateLegacySecurityDomainsToElytron.java | 80 +++++++++++++++++--
 1 file changed, 72 insertions(+), 8 deletions(-)

diff --git a/servers/wildfly26.0/src/main/java/org/jboss/migration/wfly/task/security/MigrateLegacySecurityDomainsToElytron.java b/servers/wildfly26.0/src/main/java/org/jboss/migration/wfly/task/security/MigrateLegacySecurityDomainsToElytron.java
index 50ad8de21..0d2e70b31 100644
--- a/servers/wildfly26.0/src/main/java/org/jboss/migration/wfly/task/security/MigrateLegacySecurityDomainsToElytron.java
+++ b/servers/wildfly26.0/src/main/java/org/jboss/migration/wfly/task/security/MigrateLegacySecurityDomainsToElytron.java
@@ -54,22 +54,25 @@ public static class UpdateSubsystems<S> extends ManageableServerConfigurationLea
 
         private static final String SUBTASK_NAME = TASK_NAME + ".update-subsystems";
 
-        public static final String SECURITY_DOMAIN = "security-domain";
-
         public static final String SECURITY_ENABLED = "security-enabled";
         public static final String APPLICATION_SECURITY_DOMAIN = "application-security-domain";
         public static final String DEFAULT_SECURITY_DOMAIN = "default-security-domain";
-        public static final String REALM = "realm";
         public static final String SECURITY = "security";
         public static final String CLIENT = "client";
         public static final String IDENTITY = "identity";
         public static final String ELYTRON = "elytron";
         public static final String ELYTRON_DOMAIN = "elytron-domain";
-        private static final String ELYTRON_ENABLED = "elytron-enabled";
-        private static final String DATA_SOURCE = "data-source";
-        private static final String XA_DATA_SOURCE = "xa-data-source";
-        private static final String RECOVERY_SECURITY_DOMAIN = "recovery-security-domain";
-        private static final String RECOVERY_ELYTRON_ENABLED = "recovery-elytron-enabled";
+        public static final String DATA_SOURCE = "data-source";
+        public static final String XA_DATA_SOURCE = "xa-data-source";
+        public static final String SECURITY_DOMAIN = "security-domain";
+        public static final String RESOURCE_ADAPTERS = "resource-adapters";
+        public static final String RESOURCE_ADAPTER = "resource-adapter";
+        public static final String CONNECTION_DEFINITIONS = "connection-definitions";
+        public static final String CONNECTION_DEFINITION = "connection-definition";
+        public static final String SECURITY_DOMAIN_AND_APPLICATION = "security-domain-and-application";
+        public static final String ELYTRON_ENABLED = "elytron-enabled";
+        public static final String RECOVERY_SECURITY_DOMAIN = "recovery-security-domain";
+        public static final String RECOVERY_ELYTRON_ENABLED = "recovery-elytron-enabled";
 
         protected UpdateSubsystems(final LegacySecurityConfigurations legacySecurityConfigurations) {
             name(SUBTASK_NAME);
@@ -94,6 +97,9 @@ protected UpdateSubsystems(final LegacySecurityConfigurations legacySecurityConf
                     if (migrateSubsystemDatasources(legacySecurityConfiguration, subsystemResource, context)) {
                         taskResult = ServerMigrationTaskResult.SUCCESS;
                     }
+                    if (migrateSubsystemResourceAdapters(legacySecurityConfiguration, subsystemResource, context)) {
+                        taskResult = ServerMigrationTaskResult.SUCCESS;
+                    }
                 }
                 return taskResult;
             };
@@ -235,5 +241,63 @@ private boolean migrateSecurityDomainInDatasource(PathAddress datasourceAddress,
             }
             return requiresUpdate;
         }
+
+        protected boolean migrateSubsystemResourceAdapters(LegacySecurityConfiguration legacySecurityConfiguration, SubsystemResource subsystemResource, TaskContext taskContext) {
+            taskContext.getLogger().debugf("Looking for resource-adapters subsystem resources using a legacy security-domain...");
+            final Operations.CompositeOperationBuilder compositeOperationBuilder = Operations.CompositeOperationBuilder.create();
+            boolean requiresUpdate = false;
+            final SubsystemResource raSubsystemResource = subsystemResource.getParentResource().getSubsystemResource(JBossSubsystemNames.RESOURCE_ADAPTERS);
+            if (raSubsystemResource != null) {
+                final ModelNode subsystemConfig = raSubsystemResource.getResourceConfiguration();
+                if (subsystemConfig.hasDefined(RESOURCE_ADAPTERS)) {
+                    for (Property raProperty : subsystemConfig.get(RESOURCE_ADAPTERS).asPropertyList()) {
+                        final String raName = raProperty.getName();
+                        final ModelNode raConfig = raProperty.getValue();
+                        final PathAddress raAddress = raSubsystemResource.getResourcePathAddress().append(RESOURCE_ADAPTER, raName);
+                        requiresUpdate |= migrateSecurityDomainInConnectionDefinition(raAddress, raConfig, compositeOperationBuilder, taskContext);
+                    }
+                }
+            }
+            if (requiresUpdate) {
+                subsystemResource.getServerConfiguration().executeManagementOperation(compositeOperationBuilder.build().getOperation());
+            }
+            return requiresUpdate;
+        }
+
+        private boolean migrateSecurityDomainInConnectionDefinition(PathAddress parentResourceAddress, ModelNode parentResourceConfig, Operations.CompositeOperationBuilder compositeOperationBuilder, TaskContext taskContext) {
+            boolean requiresUpdate = false;
+            if (parentResourceConfig.hasDefined(CONNECTION_DEFINITIONS)) {
+                for (Property connectionDefinitionProperty : parentResourceConfig.get(CONNECTION_DEFINITIONS).asPropertyList()) {
+                    final String connectionDefinitionName = connectionDefinitionProperty.getName();
+                    final ModelNode connectionDefinitionConfig = connectionDefinitionProperty.getValue();
+                    final PathAddress connectionDefinitionAddress = PathAddress.pathAddress(parentResourceAddress).append(CONNECTION_DEFINITION, connectionDefinitionName);
+                    if (connectionDefinitionConfig.hasDefined(SECURITY_DOMAIN)) {
+                        final String securityDomain = connectionDefinitionConfig.get(SECURITY_DOMAIN).asString();
+                        taskContext.getLogger().debugf("Found resource-adapter resource %s using the legacy security domain %s.", connectionDefinitionAddress.toPathStyleString(), securityDomain);
+                        compositeOperationBuilder.addStep(getUndefineAttributeOperation(connectionDefinitionAddress, SECURITY_DOMAIN));
+                        compositeOperationBuilder.addStep(getWriteAttributeOperation(connectionDefinitionAddress, ELYTRON_ENABLED, ModelNode.TRUE));
+                        taskContext.getLogger().warnf("Undefined legacy security-domain %s attribute of resource-adapter resource %s. Please note that further manual Elytron configuration is needed to define appropriate authentication context for it!", securityDomain, connectionDefinitionAddress.toPathStyleString());
+                        requiresUpdate = true;
+                    }
+                    if (connectionDefinitionConfig.hasDefined(SECURITY_DOMAIN_AND_APPLICATION)) {
+                        final String securityDomain = connectionDefinitionConfig.get(SECURITY_DOMAIN_AND_APPLICATION).asString();
+                        taskContext.getLogger().debugf("Found resource-adapter resource %s using the legacy security-domain-and-application %s.", connectionDefinitionAddress.toPathStyleString(), securityDomain);
+                        compositeOperationBuilder.addStep(getUndefineAttributeOperation(connectionDefinitionAddress, SECURITY_DOMAIN_AND_APPLICATION));
+                        compositeOperationBuilder.addStep(getWriteAttributeOperation(connectionDefinitionAddress, ELYTRON_ENABLED, ModelNode.TRUE));
+                        taskContext.getLogger().warnf("Undefined legacy security-domain-and-application %s attribute of resource-adapter resource %s. Please note that further manual Elytron configuration is needed to define appropriate authentication-context-and-application for it!", securityDomain, connectionDefinitionAddress.toPathStyleString());
+                        requiresUpdate = true;
+                    }
+                    if (connectionDefinitionConfig.hasDefined(RECOVERY_SECURITY_DOMAIN)) {
+                        final String securityDomain = connectionDefinitionConfig.get(RECOVERY_SECURITY_DOMAIN).asString();
+                        taskContext.getLogger().debugf("Found resource-adapter resource %s using the legacy recovery security domain %s.", connectionDefinitionAddress.toPathStyleString(), securityDomain);
+                        compositeOperationBuilder.addStep(getUndefineAttributeOperation(connectionDefinitionAddress, RECOVERY_SECURITY_DOMAIN));
+                        compositeOperationBuilder.addStep(getWriteAttributeOperation(connectionDefinitionAddress, ELYTRON_ENABLED, ModelNode.TRUE));
+                        taskContext.getLogger().warnf("Undefined legacy recovery security domain %s attribute of resource-adapter resource %s. Please note that further manual Elytron configuration is needed to define appropriate authentication context for it!", securityDomain, connectionDefinitionAddress.toPathStyleString());
+                        requiresUpdate = true;
+                    }
+                }
+            }
+            return requiresUpdate;
+        }
     }
 }
\ No newline at end of file