KEYCLOAK-5749 Update migration scripts for WildFly 11 Final

distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-domain-clustered.cli

@@ -283,9 +283,7 @@ if (outcome == failed) of /profile=$clusteredProfile/subsystem=elytron/:read-res
     /profile=$clusteredProfile/subsystem=elytron/file-audit-log=local-audit/:add(path=audit.log,relative-to=jboss.server.log.dir,format=JSON)
     /profile=$clusteredProfile/subsystem=elytron/identity-realm=local/:add(identity="$local")
     /profile=$clusteredProfile/subsystem=elytron/properties-realm=ApplicationRealm/:add(users-properties={path=application-users.properties,relative-to=jboss.domain.config.dir,digest-realm-name=ApplicationRealm},groups-properties={path=application-roles.properties,relative-to=jboss.domain.config.dir})
-    /profile=$clusteredProfile/subsystem=elytron/simple-permission-mapper=anonymous-permission-mapper/:add(permission-mappings=[{principals=[anonymous],permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission}]}]
-    /profile=$clusteredProfile/subsystem=elytron/constant-permission-mapper=constant-permission-mapper/:add(permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission},{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}])
-    /profile=$clusteredProfile/subsystem=elytron/logical-permission-mapper=default-permission-mapper/:add(logical-operation=unless,left=constant-permission-mapper,right=anonymous-permission-mapper)
+    /profile=$clusteredProfile/subsystem=elytron/simple-permission-mapper=default-permission-mapper/:add(mapping-mode=first,permission-mappings=[{principals=[anonymous],permissions=[{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]},{match-all=true,permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission},{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]}])
     /profile=$clusteredProfile/subsystem=elytron/constant-realm-mapper=local/:add(realm-name=local)
     /profile=$clusteredProfile/subsystem=elytron/simple-role-decoder=groups-to-roles/:add(attribute=groups)
     /profile=$clusteredProfile/subsystem=elytron/constant-role-mapper=super-user-mapper/:add(roles=[SuperUser])
@@ -320,6 +318,12 @@ if (result == ASYNC) of /profile=$clusteredProfile/subsystem=infinispan/cache-co
     echo
 end-if
 
+if (result == undefined) of /profile=$clusteredProfile/subsystem=jgroups/channel=ee/:read-attribute(name=cluster)
+    echo Setting cluster attribute to ejb in jgroups subsystem
+    /profile=$clusteredProfile/subsystem=jgroups/channel=ee/:write-attribute(name=cluster,value=ejb)
+    echo
+end-if
+
 if (result != undefined) of /profile=$clusteredProfile/subsystem=jgroups/stack=udp/protocol=FD_SOCK/:read-attribute(name=socket-binding)
     echo Unsetting socket-binding from udp FD_SOCK protocol
     # it has to be done via remove and add, because socket-binding is not writable attribute
@@ -361,6 +365,24 @@ if (outcome == failed) of /profile=$clusteredProfile/subsystem=undertow/server=d
     echo
 end-if
 
+if (outcome == success) of /socket-binding-group=ha-sockets/socket-binding=jgroups-tcp-fd/:read-resource
+    echo Removing socket-binding jgroups-tcp-fd
+    /socket-binding-group=ha-sockets/socket-binding=jgroups-tcp-fd/:remove
+    echo
+end-if
+
+if (outcome == success) of /socket-binding-group=ha-sockets/socket-binding=jgroups-udp-fd/:read-resource
+    echo Removing socket-binding jgroups-udp-fd
+    /socket-binding-group=ha-sockets/socket-binding=jgroups-udp-fd/:remove
+    echo
+end-if
+
+if (result == 224.0.1.105) of /socket-binding-group=ha-sockets/socket-binding=modcluster/:read-attribute(name=multicast-address)
+    echo Adding jboss.modcluster.multicast.address property to modcluster multicast-address
+    /socket-binding-group=ha-sockets/socket-binding=modcluster/:write-attribute(name=multicast-address,value=${jboss.modcluster.multicast.address:224.0.1.105})
+    echo
+end-if
+
 # Migrate from 3.3.0 to 3.4.0
 if (outcome == success) of /profile=$clusteredProfile/subsystem=undertow/server=default-server/host=default-host/filter-ref=server-header/:read-resource
   echo Removing X-Powered-By and Server headers from Keycloak responses...

distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-domain-standalone.cli

@@ -263,9 +263,7 @@ if (outcome == failed) of /profile=$standaloneProfile/subsystem=elytron/:read-re
     /profile=$standaloneProfile/subsystem=elytron/file-audit-log=local-audit/:add(path=audit.log,relative-to=jboss.server.log.dir,format=JSON)
     /profile=$standaloneProfile/subsystem=elytron/identity-realm=local/:add(identity="$local")
     /profile=$standaloneProfile/subsystem=elytron/properties-realm=ApplicationRealm/:add(users-properties={path=application-users.properties,relative-to=jboss.domain.config.dir,digest-realm-name=ApplicationRealm},groups-properties={path=application-roles.properties,relative-to=jboss.domain.config.dir})
-    /profile=$standaloneProfile/subsystem=elytron/simple-permission-mapper=anonymous-permission-mapper/:add(permission-mappings=[{principals=[anonymous],permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission}]}]
-    /profile=$standaloneProfile/subsystem=elytron/constant-permission-mapper=constant-permission-mapper/:add(permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission},{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}])
-    /profile=$standaloneProfile/subsystem=elytron/logical-permission-mapper=default-permission-mapper/:add(logical-operation=unless,left=constant-permission-mapper,right=anonymous-permission-mapper)
+    /profile=$standaloneProfile/subsystem=elytron/simple-permission-mapper=default-permission-mapper/:add(mapping-mode=first,permission-mappings=[{principals=[anonymous],permissions=[{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]},{match-all=true,permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission},{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]}])
     /profile=$standaloneProfile/subsystem=elytron/constant-realm-mapper=local/:add(realm-name=local)
     /profile=$standaloneProfile/subsystem=elytron/simple-role-decoder=groups-to-roles/:add(attribute=groups)
     /profile=$standaloneProfile/subsystem=elytron/constant-role-mapper=super-user-mapper/:add(roles=[SuperUser])
@@ -324,6 +322,24 @@ if (outcome == failed) of /profile=$standaloneProfile/subsystem=undertow/server=
     echo
 end-if
 
+if (outcome == success) of /socket-binding-group=ha-sockets/socket-binding=jgroups-tcp-fd/:read-resource
+    echo Removing socket-binding jgroups-tcp-fd
+    /socket-binding-group=ha-sockets/socket-binding=jgroups-tcp-fd/:remove
+    echo
+end-if
+
+if (outcome == success) of /socket-binding-group=ha-sockets/socket-binding=jgroups-udp-fd/:read-resource
+    echo Removing socket-binding jgroups-udp-fd
+    /socket-binding-group=ha-sockets/socket-binding=jgroups-udp-fd/:remove
+    echo
+end-if
+
+if (result == 224.0.1.105) of /socket-binding-group=ha-sockets/socket-binding=modcluster/:read-attribute(name=multicast-address)
+    echo Adding jboss.modcluster.multicast.address property to modcluster multicast-address
+    /socket-binding-group=ha-sockets/socket-binding=modcluster/:write-attribute(name=multicast-address,value=${jboss.modcluster.multicast.address:224.0.1.105})
+    echo
+end-if
+
 # Migrate from 3.3.0 to 3.4.0
 if (outcome == success) of /profile=$standaloneProfile/subsystem=undertow/server=default-server/host=default-host/filter-ref=server-header/:read-resource
   echo Removing X-Powered-By and Server headers from Keycloak responses...

distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-standalone-ha.cli

@@ -277,9 +277,7 @@ if (outcome == failed) of /subsystem=elytron/:read-resource
     /subsystem=elytron/identity-realm=local/:add(identity="$local")
     /subsystem=elytron/properties-realm=ApplicationRealm/:add(users-properties={path=application-users.properties,relative-to=jboss.server.config.dir,digest-realm-name=ApplicationRealm},groups-properties={path=application-roles.properties,relative-to=jboss.server.config.dir})
     /subsystem=elytron/properties-realm=ManagementRealm/:add(users-properties={path=mgmt-users.properties,relative-to=jboss.server.config.dir,digest-realm-name=ManagementRealm},groups-properties={path=mgmt-groups.properties,relative-to=jboss.server.config.dir})
-    /subsystem=elytron/simple-permission-mapper=anonymous-permission-mapper/:add(permission-mappings=[{principals=[anonymous],permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission}]}]
-    /subsystem=elytron/constant-permission-mapper=constant-permission-mapper/:add(permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission},{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}])
-    /subsystem=elytron/logical-permission-mapper=default-permission-mapper/:add(logical-operation=unless,left=constant-permission-mapper,right=anonymous-permission-mapper)
+    /subsystem=elytron/simple-permission-mapper=default-permission-mapper/:add(mapping-mode=first,permission-mappings=[{principals=[anonymous],permissions=[{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]},{match-all=true,permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission},{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]}])
     /subsystem=elytron/constant-realm-mapper=local/:add(realm-name=local)
     /subsystem=elytron/simple-role-decoder=groups-to-roles/:add(attribute=groups)
     /subsystem=elytron/constant-role-mapper=super-user-mapper/:add(roles=[SuperUser])
@@ -317,6 +315,12 @@ if (result == ASYNC) of /subsystem=infinispan/cache-container=ejb/distributed-ca
     echo
 end-if
 
+if (result == undefined) of /subsystem=jgroups/channel=ee/:read-attribute(name=cluster)
+    echo Setting cluster attribute to ejb in jgroups subsystem
+    /subsystem=jgroups/channel=ee/:write-attribute(name=cluster,value=ejb)
+    echo
+end-if
+
 if (result != undefined) of /subsystem=jgroups/stack=udp/protocol=FD_SOCK/:read-attribute(name=socket-binding)
     echo Unsetting socket-binding from udp FD_SOCK protocol
     # it has to be done via remove and add, because socket-binding is not writable attribute
@@ -358,6 +362,24 @@ if (outcome == failed) of /subsystem=undertow/server=default-server/https-listen
     echo
 end-if
 
+if (outcome == success) of /socket-binding-group=standard-sockets/socket-binding=jgroups-tcp-fd/:read-resource
+    echo Removing socket-binding jgroups-tcp-fd
+    /socket-binding-group=standard-sockets/socket-binding=jgroups-tcp-fd/:remove
+    echo
+end-if
+
+if (outcome == success) of /socket-binding-group=standard-sockets/socket-binding=jgroups-udp-fd/:read-resource
+    echo Removing socket-binding jgroups-udp-fd
+    /socket-binding-group=standard-sockets/socket-binding=jgroups-udp-fd/:remove
+    echo
+end-if
+
+if (result == 224.0.1.105) of /socket-binding-group=standard-sockets/socket-binding=modcluster/:read-attribute(name=multicast-address)
+    echo Adding jboss.modcluster.multicast.address property to modcluster multicast-address
+    /socket-binding-group=standard-sockets/socket-binding=modcluster/:write-attribute(name=multicast-address,value=${jboss.modcluster.multicast.address:224.0.1.105})
+    echo
+end-if
+
 # Migrate from 3.3.0 to 3.4.0
 if (outcome == success) of /subsystem=undertow/server=default-server/host=default-host/filter-ref=server-header/:read-resource
   echo Removing X-Powered-By and Server headers from Keycloak responses...

distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-standalone.cli

@@ -262,9 +262,7 @@ if (outcome == failed) of /subsystem=elytron/:read-resource
     /subsystem=elytron/identity-realm=local/:add(identity="$local")
     /subsystem=elytron/properties-realm=ApplicationRealm/:add(users-properties={path=application-users.properties,relative-to=jboss.server.config.dir,digest-realm-name=ApplicationRealm},groups-properties={path=application-roles.properties,relative-to=jboss.server.config.dir})
     /subsystem=elytron/properties-realm=ManagementRealm/:add(users-properties={path=mgmt-users.properties,relative-to=jboss.server.config.dir,digest-realm-name=ManagementRealm},groups-properties={path=mgmt-groups.properties,relative-to=jboss.server.config.dir})
-    /subsystem=elytron/simple-permission-mapper=anonymous-permission-mapper/:add(permission-mappings=[{principals=[anonymous],permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission}]}]
-    /subsystem=elytron/constant-permission-mapper=constant-permission-mapper/:add(permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission},{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}])
-    /subsystem=elytron/logical-permission-mapper=default-permission-mapper/:add(logical-operation=unless,left=constant-permission-mapper,right=anonymous-permission-mapper)
+    /subsystem=elytron/simple-permission-mapper=default-permission-mapper/:add(mapping-mode=first,permission-mappings=[{principals=[anonymous],permissions=[{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]},{match-all=true,permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission},{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]}])
     /subsystem=elytron/constant-realm-mapper=local/:add(realm-name=local)
     /subsystem=elytron/simple-role-decoder=groups-to-roles/:add(attribute=groups)
     /subsystem=elytron/constant-role-mapper=super-user-mapper/:add(roles=[SuperUser])