Skip to content

Commit

Permalink
Merge pull request #300 from istudens/CMTOOL-352_2
Browse files Browse the repository at this point in the history 
[CMTOOL-352] migrated legacy security domains on datasources and resource-adapters to elytron
  • Loading branch information
@emmartins
emmartins authored Jun 12, 2024
2 parents a572c7a + 2f75be2 commit 78e5786
Showing 1 changed file with 125 additions and 3 deletions.
128 changes: 125 additions & 3 deletions ...in/java/org/jboss/migration/wfly/task/security/MigrateLegacySecurityDomainsToElytron.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,17 +54,25 @@ public static class UpdateSubsystems<S> extends ManageableServerConfigurationLea

private static final String SUBTASK_NAME = TASK_NAME + ".update-subsystems";

public static final String SECURITY_DOMAIN = "security-domain";

public static final String SECURITY_ENABLED = "security-enabled";
public static final String APPLICATION_SECURITY_DOMAIN = "application-security-domain";
public static final String DEFAULT_SECURITY_DOMAIN = "default-security-domain";
public static final String REALM = "realm";
public static final String SECURITY = "security";
public static final String CLIENT = "client";
public static final String IDENTITY = "identity";
public static final String ELYTRON = "elytron";
public static final String ELYTRON_DOMAIN = "elytron-domain";
public static final String DATA_SOURCE = "data-source";
public static final String XA_DATA_SOURCE = "xa-data-source";
public static final String SECURITY_DOMAIN = "security-domain";
public static final String RESOURCE_ADAPTERS = "resource-adapters";
public static final String RESOURCE_ADAPTER = "resource-adapter";
public static final String CONNECTION_DEFINITIONS = "connection-definitions";
public static final String CONNECTION_DEFINITION = "connection-definition";
public static final String SECURITY_DOMAIN_AND_APPLICATION = "security-domain-and-application";
public static final String ELYTRON_ENABLED = "elytron-enabled";
public static final String RECOVERY_SECURITY_DOMAIN = "recovery-security-domain";
public static final String RECOVERY_ELYTRON_ENABLED = "recovery-elytron-enabled";

protected UpdateSubsystems(final LegacySecurityConfigurations legacySecurityConfigurations) {
name(SUBTASK_NAME);
Expand All @@ -86,6 +94,12 @@ protected UpdateSubsystems(final LegacySecurityConfigurations legacySecurityConf
if (migrateSubsystemIIOP(legacySecurityConfiguration, subsystemResource, context)) {
taskResult = ServerMigrationTaskResult.SUCCESS;
}
if (migrateSubsystemDatasources(legacySecurityConfiguration, subsystemResource, context)) {
taskResult = ServerMigrationTaskResult.SUCCESS;
}
if (migrateSubsystemResourceAdapters(legacySecurityConfiguration, subsystemResource, context)) {
taskResult = ServerMigrationTaskResult.SUCCESS;
}
}
return taskResult;
};
Expand Down Expand Up @@ -177,5 +191,113 @@ protected boolean migrateSubsystemMessaging(LegacySecurityConfiguration legacySe
}
return requiresUpdate;
}

protected boolean migrateSubsystemDatasources(LegacySecurityConfiguration legacySecurityConfiguration, SubsystemResource subsystemResource, TaskContext taskContext) {
taskContext.getLogger().debugf("Looking for datasources subsystem resources using a legacy security-domain...");
final Operations.CompositeOperationBuilder compositeOperationBuilder = Operations.CompositeOperationBuilder.create();
boolean requiresUpdate = false;
final SubsystemResource datasourcesSubsystemResource = subsystemResource.getParentResource().getSubsystemResource(JBossSubsystemNames.DATASOURCES);
if (datasourcesSubsystemResource != null) {
final ModelNode subsystemConfig = datasourcesSubsystemResource.getResourceConfiguration();
if (subsystemConfig.hasDefined(DATA_SOURCE)) {
for (Property dataSourceProperty : subsystemConfig.get(DATA_SOURCE).asPropertyList()) {
final String dataSourceName = dataSourceProperty.getName();
final ModelNode dataSourceConfig = dataSourceProperty.getValue();
requiresUpdate |= migrateSecurityDomainInDatasource(datasourcesSubsystemResource.getResourcePathAddress().append(DATA_SOURCE, dataSourceName), dataSourceConfig, compositeOperationBuilder, taskContext);
}
}
if (subsystemConfig.hasDefined(XA_DATA_SOURCE)) {
for (Property xaDataSourceProperty : subsystemConfig.get(XA_DATA_SOURCE).asPropertyList()) {
final String xaDataSourceName = xaDataSourceProperty.getName();
final ModelNode xaDataSourceConfig = xaDataSourceProperty.getValue();
requiresUpdate |= migrateSecurityDomainInDatasource(datasourcesSubsystemResource.getResourcePathAddress().append(XA_DATA_SOURCE, xaDataSourceName), xaDataSourceConfig, compositeOperationBuilder, taskContext);
}
}
}
if (requiresUpdate) {
subsystemResource.getServerConfiguration().executeManagementOperation(compositeOperationBuilder.build().getOperation());
}
return requiresUpdate;
}

private boolean migrateSecurityDomainInDatasource(PathAddress datasourceAddress, ModelNode dataSourceConfig, Operations.CompositeOperationBuilder compositeOperationBuilder, TaskContext taskContext) {
boolean requiresUpdate = false;
if (dataSourceConfig.hasDefined(SECURITY_DOMAIN)) {
final String securityDomain = dataSourceConfig.get(SECURITY_DOMAIN).asString();
taskContext.getLogger().debugf("Found resource %s using the legacy security domain %s.", datasourceAddress.toPathStyleString(), securityDomain);
compositeOperationBuilder.addStep(getUndefineAttributeOperation(datasourceAddress, SECURITY_DOMAIN));
compositeOperationBuilder.addStep(getWriteAttributeOperation(datasourceAddress, ELYTRON_ENABLED, ModelNode.TRUE));
taskContext.getLogger().warnf("Undefined legacy security-domain %s attribute of data source resource %s. Please note that further manual Elytron configuration is needed to define appropriate authentication context for it!", securityDomain, datasourceAddress.toPathStyleString());
requiresUpdate = true;
}
if (dataSourceConfig.hasDefined(RECOVERY_SECURITY_DOMAIN)) {
// this applies to xa-data-source only
final String recoverySecurityDomain = dataSourceConfig.get(RECOVERY_SECURITY_DOMAIN).asString();
taskContext.getLogger().debugf("Found resource %s using the legacy recovery security domain %s.", datasourceAddress.toPathStyleString(), recoverySecurityDomain);
compositeOperationBuilder.addStep(getUndefineAttributeOperation(datasourceAddress, RECOVERY_SECURITY_DOMAIN));
compositeOperationBuilder.addStep(getWriteAttributeOperation(datasourceAddress, RECOVERY_ELYTRON_ENABLED, ModelNode.TRUE));
taskContext.getLogger().warnf("Undefined legacy recovery-security-domain %s attribute of data source resource %s. Please note that further manual Elytron configuration is needed to define appropriate authentication context for it!", recoverySecurityDomain, datasourceAddress.toPathStyleString());
requiresUpdate = true;
}
return requiresUpdate;
}

protected boolean migrateSubsystemResourceAdapters(LegacySecurityConfiguration legacySecurityConfiguration, SubsystemResource subsystemResource, TaskContext taskContext) {
taskContext.getLogger().debugf("Looking for resource-adapters subsystem resources using a legacy security-domain...");
final Operations.CompositeOperationBuilder compositeOperationBuilder = Operations.CompositeOperationBuilder.create();
boolean requiresUpdate = false;
final SubsystemResource raSubsystemResource = subsystemResource.getParentResource().getSubsystemResource(JBossSubsystemNames.RESOURCE_ADAPTERS);
if (raSubsystemResource != null) {
final ModelNode subsystemConfig = raSubsystemResource.getResourceConfiguration();
if (subsystemConfig.hasDefined(RESOURCE_ADAPTERS)) {
for (Property raProperty : subsystemConfig.get(RESOURCE_ADAPTERS).asPropertyList()) {
final String raName = raProperty.getName();
final ModelNode raConfig = raProperty.getValue();
final PathAddress raAddress = raSubsystemResource.getResourcePathAddress().append(RESOURCE_ADAPTER, raName);
requiresUpdate |= migrateSecurityDomainInConnectionDefinition(raAddress, raConfig, compositeOperationBuilder, taskContext);
}
}
}
if (requiresUpdate) {
subsystemResource.getServerConfiguration().executeManagementOperation(compositeOperationBuilder.build().getOperation());
}
return requiresUpdate;
}

private boolean migrateSecurityDomainInConnectionDefinition(PathAddress parentResourceAddress, ModelNode parentResourceConfig, Operations.CompositeOperationBuilder compositeOperationBuilder, TaskContext taskContext) {
boolean requiresUpdate = false;
if (parentResourceConfig.hasDefined(CONNECTION_DEFINITIONS)) {
for (Property connectionDefinitionProperty : parentResourceConfig.get(CONNECTION_DEFINITIONS).asPropertyList()) {
final String connectionDefinitionName = connectionDefinitionProperty.getName();
final ModelNode connectionDefinitionConfig = connectionDefinitionProperty.getValue();
final PathAddress connectionDefinitionAddress = PathAddress.pathAddress(parentResourceAddress).append(CONNECTION_DEFINITION, connectionDefinitionName);
if (connectionDefinitionConfig.hasDefined(SECURITY_DOMAIN)) {
final String securityDomain = connectionDefinitionConfig.get(SECURITY_DOMAIN).asString();
taskContext.getLogger().debugf("Found resource-adapter resource %s using the legacy security domain %s.", connectionDefinitionAddress.toPathStyleString(), securityDomain);
compositeOperationBuilder.addStep(getUndefineAttributeOperation(connectionDefinitionAddress, SECURITY_DOMAIN));
compositeOperationBuilder.addStep(getWriteAttributeOperation(connectionDefinitionAddress, ELYTRON_ENABLED, ModelNode.TRUE));
taskContext.getLogger().warnf("Undefined legacy security-domain %s attribute of resource-adapter resource %s. Please note that further manual Elytron configuration is needed to define appropriate authentication context for it!", securityDomain, connectionDefinitionAddress.toPathStyleString());
requiresUpdate = true;
}
if (connectionDefinitionConfig.hasDefined(SECURITY_DOMAIN_AND_APPLICATION)) {
final String securityDomain = connectionDefinitionConfig.get(SECURITY_DOMAIN_AND_APPLICATION).asString();
taskContext.getLogger().debugf("Found resource-adapter resource %s using the legacy security-domain-and-application %s.", connectionDefinitionAddress.toPathStyleString(), securityDomain);
compositeOperationBuilder.addStep(getUndefineAttributeOperation(connectionDefinitionAddress, SECURITY_DOMAIN_AND_APPLICATION));
compositeOperationBuilder.addStep(getWriteAttributeOperation(connectionDefinitionAddress, ELYTRON_ENABLED, ModelNode.TRUE));
taskContext.getLogger().warnf("Undefined legacy security-domain-and-application %s attribute of resource-adapter resource %s. Please note that further manual Elytron configuration is needed to define appropriate authentication-context-and-application for it!", securityDomain, connectionDefinitionAddress.toPathStyleString());
requiresUpdate = true;
}
if (connectionDefinitionConfig.hasDefined(RECOVERY_SECURITY_DOMAIN)) {
final String securityDomain = connectionDefinitionConfig.get(RECOVERY_SECURITY_DOMAIN).asString();
taskContext.getLogger().debugf("Found resource-adapter resource %s using the legacy recovery security domain %s.", connectionDefinitionAddress.toPathStyleString(), securityDomain);
compositeOperationBuilder.addStep(getUndefineAttributeOperation(connectionDefinitionAddress, RECOVERY_SECURITY_DOMAIN));
compositeOperationBuilder.addStep(getWriteAttributeOperation(connectionDefinitionAddress, ELYTRON_ENABLED, ModelNode.TRUE));
taskContext.getLogger().warnf("Undefined legacy recovery security domain %s attribute of resource-adapter resource %s. Please note that further manual Elytron configuration is needed to define appropriate authentication context for it!", securityDomain, connectionDefinitionAddress.toPathStyleString());
requiresUpdate = true;
}
}
}
return requiresUpdate;
}
}
}

0 comments on commit 78e5786

Please sign in to comment.