Merge pull request #319 from istudens/CMTOOL-364

[CMTOOL-364] fixed migration of keycloak sasl authentication factory

servers/wildfly26.0/src/main/java/org/jboss/migration/wfly/task/security/LegacySecurityConfiguration.java

@@ -28,6 +28,7 @@ public class LegacySecurityConfiguration {
 
     public static final String DEFAULT_ELYTRON_APPLICATION_DOMAIN_NAME = "migration-defaultApplicationDomain";
     public static final String DEFAULT_ELYTRON_APPLICATION_HTTP_AUTHENTICATION_FACTORY_NAME = "migration-defaultApplicationHttpAuthenticationFactory";
+    public static final String DEFAULT_ELYTRON_APPLICATION_SASL_AUTHENTICATION_FACTORY_NAME = "migration-defaultApplicationSaslAuthenticationFactory";
 
     private final JBossServerConfiguration targetConfiguration;
     private final Map<String, LegacySecurityRealm> legacySecurityRealms = new HashMap<>();
@@ -92,7 +93,7 @@ public String getDefaultElytronManagementHttpAuthenticationFactoryName() {
     }
 
     public String getDefaultElytronApplicationSaslAuthenticationFactoryName() {
-        return "migration-defaultApplicationSaslAuthenticationFactory";
+        return DEFAULT_ELYTRON_APPLICATION_SASL_AUTHENTICATION_FACTORY_NAME;
     }
 
     public String getDefaultElytronManagementSaslAuthenticationFactoryName() {

servers/wildfly27.0/src/main/java/org/jboss/migration/wfly/task/subsystem/keycloak/MigrateKeycloakSubsystem.java

@@ -33,6 +33,7 @@
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.HTTP_AUTHENTICATION_FACTORY;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.MODULE;
 import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.REALM;
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.SASL_AUTHENTICATION_FACTORY;
 import static org.jboss.as.domain.management.ModelDescriptionConstants.SECURITY_DOMAIN;
 import static org.jboss.migration.wfly.task.security.MigrateLegacySecurityDomainsToElytron.UpdateSubsystems.APPLICATION_SECURITY_DOMAIN;
 
@@ -53,11 +54,14 @@ protected static class MigrateKeycloakSubsystemSubtaskBuilder<S> extends Migrate
         private static final String CONSTANT_REALM_MAPPER = "constant-realm-mapper";
         private static final String CUSTOM_REALM = "custom-realm";
         private static final String DEFAULT_MIGRATED_APPLICATION_HTTP_AUTHENTICATION_FACTORY = LegacySecurityConfiguration.DEFAULT_ELYTRON_APPLICATION_HTTP_AUTHENTICATION_FACTORY_NAME;
+        private static final String DEFAULT_MIGRATED_APPLICATION_SASL_AUTHENTICATION_FACTORY = LegacySecurityConfiguration.DEFAULT_ELYTRON_APPLICATION_SASL_AUTHENTICATION_FACTORY_NAME;
         private static final String DEFAULT_MIGRATED_APPLICATION_SECURITY_DOMAIN = LegacySecurityConfiguration.DEFAULT_ELYTRON_APPLICATION_DOMAIN_NAME;
+        private static final String HTTP_CONNECTOR = "http-connector";
         private static final String REALM_NAME = "realm-name";
         private static final String REALMS = "realms";
         private static final String SERVICE_LOADER_HTTP_SERVER_MECHANISM = "service-loader-http-server-mechanism-factory";
 
+
         public MigrateKeycloakSubsystemSubtaskBuilder() {
             super(JBossSubsystemNames.KEYCLOAK);
         }
@@ -164,6 +168,9 @@ protected void removeKeycloakSecurityDomain(String keycloakRealmName, SubsystemR
                                 // remove http authentication factory bounded to the keycloak security domain if any
                                 removeKeycloakHttpAuthenticationFactory(securityDomainName, keycloakSubsystemResource, elytronSubsystemConfig, elytronSubsystemAddress, compositeOperationBuilder);
 
+                                // remove sasl authentication factory bounded to the keycloak security domain if any
+                                removeKeycloakSaslAuthenticationFactory(securityDomainName, keycloakSubsystemResource, elytronSubsystemConfig, elytronSubsystemAddress, compositeOperationBuilder);
+
                                 // update ejb3's application security domain based by keycloak if any and point it to another one
                                 updateKeycloakEJB3ApplicationSecurityDomain(securityDomainName, keycloakSubsystemResource, compositeOperationBuilder);
 
@@ -189,6 +196,43 @@ protected void removeKeycloakHttpAuthenticationFactory(String keycloakSecurityDo
                     });
         }
 
+        protected void removeKeycloakSaslAuthenticationFactory(String keycloakSecurityDomainName, SubsystemResource keycloakSubsystemResource, ModelNode elytronSubsystemConfig, PathAddress elytronSubsystemAddress, Operations.CompositeOperationBuilder compositeOperationBuilder) {
+            // look for any http authentication factory configured to the given keycloak security domain
+            elytronSubsystemConfig.get(SASL_AUTHENTICATION_FACTORY).asPropertyListOrEmpty()
+                    .stream()
+                    .filter(p -> p.getValue().hasDefined(SECURITY_DOMAIN))
+                    .filter(p -> p.getValue().get(SECURITY_DOMAIN).asString().equals(keycloakSecurityDomainName))
+                    .forEach(p -> {
+                        final String saslAuthenticationFactoryName = p.getName();
+                        // update Remoting's http connector based by keycloak if any and point it to the default sasl authentication factory
+                        updateKeycloakRemotingHttpConnectorSaslAuthenticationFactory(saslAuthenticationFactoryName, keycloakSubsystemResource, compositeOperationBuilder);
+
+                        // remove the keycloak sasl authentication factory
+                        compositeOperationBuilder.addStep(Util.createRemoveOperation(elytronSubsystemAddress.append(SASL_AUTHENTICATION_FACTORY, saslAuthenticationFactoryName)));
+                    });
+        }
+
+        protected void updateKeycloakRemotingHttpConnectorSaslAuthenticationFactory(String keycloakSaslAuthenticationFactoryName, SubsystemResource keycloakSubsystemResource, Operations.CompositeOperationBuilder compositeOperationBuilder) {
+            final SubsystemResource remotingSubsystemResource = keycloakSubsystemResource.getParentResource().getSubsystemResource(JBossSubsystemNames.REMOTING);
+            final ModelNode remotingSubsystemConfig = remotingSubsystemResource.getResourceConfiguration();
+            final PathAddress remotingSubsystemAddress = remotingSubsystemResource.getResourcePathAddress();
+            // look for any Remoting's http-connector configured to the given keycloak sasl authentication factory
+            remotingSubsystemConfig.get(HTTP_CONNECTOR).asPropertyListOrEmpty()
+                    .stream()
+                    .filter(p -> p.getValue().hasDefined(SASL_AUTHENTICATION_FACTORY))
+                    .filter(p -> p.getValue().get(SASL_AUTHENTICATION_FACTORY).asString().equals(keycloakSaslAuthenticationFactoryName))
+                    .forEach(p -> {
+                        final String httpConnectorName = p.getName();
+                        // update Remoting http connector's sasl authentication factory to the migrated default one
+                        ModelNode updateOp = Util.getWriteAttributeOperation(
+                                remotingSubsystemAddress.append(HTTP_CONNECTOR, httpConnectorName),
+                                SASL_AUTHENTICATION_FACTORY,
+                                DEFAULT_MIGRATED_APPLICATION_SASL_AUTHENTICATION_FACTORY);
+                        //FIXME check if there is any such migrated factory
+                        compositeOperationBuilder.addStep(updateOp);
+                    });
+        }
+
         protected void updateKeycloakUndertowApplicationSecurityDomain(String keycloakHttpAuthenticationFactoryName, SubsystemResource keycloakSubsystemResource, Operations.CompositeOperationBuilder compositeOperationBuilder) {
             final SubsystemResource undertowSubsystemResource = keycloakSubsystemResource.getParentResource().getSubsystemResource(JBossSubsystemNames.UNDERTOW);
             final ModelNode undertowSubsystemConfig = undertowSubsystemResource.getResourceConfiguration();