libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

KEYCLOAK-5749 Update migration scripts for WildFly 11 Final

Browse source
This commit is contained in:
vramik 2017-10-26 11:21:48 +02:00
parent 74f5c1c160
commit 906538e6aa
4 changed files with 70 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-domain-clustered.cli
View file

@ -283,9 +283,7 @@ if (outcome == failed) of /profile=$clusteredProfile/subsystem=elytron/:read-res
/profile=$clusteredProfile/subsystem=elytron/file-audit-log=local-audit/:add(path=audit.log,relative-to=jboss.server.log.dir,format=JSON) /profile=$clusteredProfile/subsystem=elytron/file-audit-log=local-audit/:add(path=audit.log,relative-to=jboss.server.log.dir,format=JSON)
/profile=$clusteredProfile/subsystem=elytron/identity-realm=local/:add(identity="$local") /profile=$clusteredProfile/subsystem=elytron/identity-realm=local/:add(identity="$local")
/profile=$clusteredProfile/subsystem=elytron/properties-realm=ApplicationRealm/:add(users-properties={path=application-users.properties,relative-to=jboss.domain.config.dir,digest-realm-name=ApplicationRealm},groups-properties={path=application-roles.properties,relative-to=jboss.domain.config.dir}) /profile=$clusteredProfile/subsystem=elytron/properties-realm=ApplicationRealm/:add(users-properties={path=application-users.properties,relative-to=jboss.domain.config.dir,digest-realm-name=ApplicationRealm},groups-properties={path=application-roles.properties,relative-to=jboss.domain.config.dir})
/profile=$clusteredProfile/subsystem=elytron/simple-permission-mapper=anonymous-permission-mapper/:add(permission-mappings=[{principals=[anonymous],permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission}]}] /profile=$clusteredProfile/subsystem=elytron/simple-permission-mapper=default-permission-mapper/:add(mapping-mode=first,permission-mappings=[{principals=[anonymous],permissions=[{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]},{match-all=true,permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission},{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]}])
/profile=$clusteredProfile/subsystem=elytron/constant-permission-mapper=constant-permission-mapper/:add(permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission},{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}])
/profile=$clusteredProfile/subsystem=elytron/logical-permission-mapper=default-permission-mapper/:add(logical-operation=unless,left=constant-permission-mapper,right=anonymous-permission-mapper)
/profile=$clusteredProfile/subsystem=elytron/constant-realm-mapper=local/:add(realm-name=local) /profile=$clusteredProfile/subsystem=elytron/constant-realm-mapper=local/:add(realm-name=local)
/profile=$clusteredProfile/subsystem=elytron/simple-role-decoder=groups-to-roles/:add(attribute=groups) /profile=$clusteredProfile/subsystem=elytron/simple-role-decoder=groups-to-roles/:add(attribute=groups)
/profile=$clusteredProfile/subsystem=elytron/constant-role-mapper=super-user-mapper/:add(roles=[SuperUser]) /profile=$clusteredProfile/subsystem=elytron/constant-role-mapper=super-user-mapper/:add(roles=[SuperUser])
@ -320,6 +318,12 @@ if (result == ASYNC) of /profile=$clusteredProfile/subsystem=infinispan/cache-co
echo echo
end-if end-if
if (result == undefined) of /profile=$clusteredProfile/subsystem=jgroups/channel=ee/:read-attribute(name=cluster)
echo Setting cluster attribute to ejb in jgroups subsystem
/profile=$clusteredProfile/subsystem=jgroups/channel=ee/:write-attribute(name=cluster,value=ejb)
echo
end-if
if (result != undefined) of /profile=$clusteredProfile/subsystem=jgroups/stack=udp/protocol=FD_SOCK/:read-attribute(name=socket-binding) if (result != undefined) of /profile=$clusteredProfile/subsystem=jgroups/stack=udp/protocol=FD_SOCK/:read-attribute(name=socket-binding)
echo Unsetting socket-binding from udp FD_SOCK protocol echo Unsetting socket-binding from udp FD_SOCK protocol
# it has to be done via remove and add, because socket-binding is not writable attribute # it has to be done via remove and add, because socket-binding is not writable attribute
@ -361,6 +365,24 @@ if (outcome == failed) of /profile=$clusteredProfile/subsystem=undertow/server=d
echo echo
end-if end-if
if (outcome == success) of /socket-binding-group=ha-sockets/socket-binding=jgroups-tcp-fd/:read-resource
echo Removing socket-binding jgroups-tcp-fd
/socket-binding-group=ha-sockets/socket-binding=jgroups-tcp-fd/:remove
echo
end-if
if (outcome == success) of /socket-binding-group=ha-sockets/socket-binding=jgroups-udp-fd/:read-resource
echo Removing socket-binding jgroups-udp-fd
/socket-binding-group=ha-sockets/socket-binding=jgroups-udp-fd/:remove
echo
end-if
if (result == 224.0.1.105) of /socket-binding-group=ha-sockets/socket-binding=modcluster/:read-attribute(name=multicast-address)
echo Adding jboss.modcluster.multicast.address property to modcluster multicast-address
/socket-binding-group=ha-sockets/socket-binding=modcluster/:write-attribute(name=multicast-address,value=${jboss.modcluster.multicast.address:224.0.1.105})
echo
end-if
# Migrate from 3.3.0 to 3.4.0 # Migrate from 3.3.0 to 3.4.0
if (outcome == success) of /profile=$clusteredProfile/subsystem=undertow/server=default-server/host=default-host/filter-ref=server-header/:read-resource if (outcome == success) of /profile=$clusteredProfile/subsystem=undertow/server=default-server/host=default-host/filter-ref=server-header/:read-resource
echo Removing X-Powered-By and Server headers from Keycloak responses... echo Removing X-Powered-By and Server headers from Keycloak responses...

22
distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-domain-standalone.cli
View file

@ -263,9 +263,7 @@ if (outcome == failed) of /profile=$standaloneProfile/subsystem=elytron/:read-re
/profile=$standaloneProfile/subsystem=elytron/file-audit-log=local-audit/:add(path=audit.log,relative-to=jboss.server.log.dir,format=JSON) /profile=$standaloneProfile/subsystem=elytron/file-audit-log=local-audit/:add(path=audit.log,relative-to=jboss.server.log.dir,format=JSON)
/profile=$standaloneProfile/subsystem=elytron/identity-realm=local/:add(identity="$local") /profile=$standaloneProfile/subsystem=elytron/identity-realm=local/:add(identity="$local")
/profile=$standaloneProfile/subsystem=elytron/properties-realm=ApplicationRealm/:add(users-properties={path=application-users.properties,relative-to=jboss.domain.config.dir,digest-realm-name=ApplicationRealm},groups-properties={path=application-roles.properties,relative-to=jboss.domain.config.dir}) /profile=$standaloneProfile/subsystem=elytron/properties-realm=ApplicationRealm/:add(users-properties={path=application-users.properties,relative-to=jboss.domain.config.dir,digest-realm-name=ApplicationRealm},groups-properties={path=application-roles.properties,relative-to=jboss.domain.config.dir})
/profile=$standaloneProfile/subsystem=elytron/simple-permission-mapper=anonymous-permission-mapper/:add(permission-mappings=[{principals=[anonymous],permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission}]}] /profile=$standaloneProfile/subsystem=elytron/simple-permission-mapper=default-permission-mapper/:add(mapping-mode=first,permission-mappings=[{principals=[anonymous],permissions=[{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]},{match-all=true,permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission},{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]}])
/profile=$standaloneProfile/subsystem=elytron/constant-permission-mapper=constant-permission-mapper/:add(permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission},{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}])
/profile=$standaloneProfile/subsystem=elytron/logical-permission-mapper=default-permission-mapper/:add(logical-operation=unless,left=constant-permission-mapper,right=anonymous-permission-mapper)
/profile=$standaloneProfile/subsystem=elytron/constant-realm-mapper=local/:add(realm-name=local) /profile=$standaloneProfile/subsystem=elytron/constant-realm-mapper=local/:add(realm-name=local)
/profile=$standaloneProfile/subsystem=elytron/simple-role-decoder=groups-to-roles/:add(attribute=groups) /profile=$standaloneProfile/subsystem=elytron/simple-role-decoder=groups-to-roles/:add(attribute=groups)
/profile=$standaloneProfile/subsystem=elytron/constant-role-mapper=super-user-mapper/:add(roles=[SuperUser]) /profile=$standaloneProfile/subsystem=elytron/constant-role-mapper=super-user-mapper/:add(roles=[SuperUser])
@ -324,6 +322,24 @@ if (outcome == failed) of /profile=$standaloneProfile/subsystem=undertow/server=
echo echo
end-if end-if
if (outcome == success) of /socket-binding-group=ha-sockets/socket-binding=jgroups-tcp-fd/:read-resource
echo Removing socket-binding jgroups-tcp-fd
/socket-binding-group=ha-sockets/socket-binding=jgroups-tcp-fd/:remove
echo
end-if
if (outcome == success) of /socket-binding-group=ha-sockets/socket-binding=jgroups-udp-fd/:read-resource
echo Removing socket-binding jgroups-udp-fd
/socket-binding-group=ha-sockets/socket-binding=jgroups-udp-fd/:remove
echo
end-if
if (result == 224.0.1.105) of /socket-binding-group=ha-sockets/socket-binding=modcluster/:read-attribute(name=multicast-address)
echo Adding jboss.modcluster.multicast.address property to modcluster multicast-address
/socket-binding-group=ha-sockets/socket-binding=modcluster/:write-attribute(name=multicast-address,value=${jboss.modcluster.multicast.address:224.0.1.105})
echo
end-if
# Migrate from 3.3.0 to 3.4.0 # Migrate from 3.3.0 to 3.4.0
if (outcome == success) of /profile=$standaloneProfile/subsystem=undertow/server=default-server/host=default-host/filter-ref=server-header/:read-resource if (outcome == success) of /profile=$standaloneProfile/subsystem=undertow/server=default-server/host=default-host/filter-ref=server-header/:read-resource
echo Removing X-Powered-By and Server headers from Keycloak responses... echo Removing X-Powered-By and Server headers from Keycloak responses...

28
distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-standalone-ha.cli
View file

@ -277,9 +277,7 @@ if (outcome == failed) of /subsystem=elytron/:read-resource
/subsystem=elytron/identity-realm=local/:add(identity="$local") /subsystem=elytron/identity-realm=local/:add(identity="$local")
/subsystem=elytron/properties-realm=ApplicationRealm/:add(users-properties={path=application-users.properties,relative-to=jboss.server.config.dir,digest-realm-name=ApplicationRealm},groups-properties={path=application-roles.properties,relative-to=jboss.server.config.dir}) /subsystem=elytron/properties-realm=ApplicationRealm/:add(users-properties={path=application-users.properties,relative-to=jboss.server.config.dir,digest-realm-name=ApplicationRealm},groups-properties={path=application-roles.properties,relative-to=jboss.server.config.dir})
/subsystem=elytron/properties-realm=ManagementRealm/:add(users-properties={path=mgmt-users.properties,relative-to=jboss.server.config.dir,digest-realm-name=ManagementRealm},groups-properties={path=mgmt-groups.properties,relative-to=jboss.server.config.dir}) /subsystem=elytron/properties-realm=ManagementRealm/:add(users-properties={path=mgmt-users.properties,relative-to=jboss.server.config.dir,digest-realm-name=ManagementRealm},groups-properties={path=mgmt-groups.properties,relative-to=jboss.server.config.dir})
/subsystem=elytron/simple-permission-mapper=anonymous-permission-mapper/:add(permission-mappings=[{principals=[anonymous],permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission}]}] /subsystem=elytron/simple-permission-mapper=default-permission-mapper/:add(mapping-mode=first,permission-mappings=[{principals=[anonymous],permissions=[{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]},{match-all=true,permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission},{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]}])
/subsystem=elytron/constant-permission-mapper=constant-permission-mapper/:add(permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission},{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}])
/subsystem=elytron/logical-permission-mapper=default-permission-mapper/:add(logical-operation=unless,left=constant-permission-mapper,right=anonymous-permission-mapper)
/subsystem=elytron/constant-realm-mapper=local/:add(realm-name=local) /subsystem=elytron/constant-realm-mapper=local/:add(realm-name=local)
/subsystem=elytron/simple-role-decoder=groups-to-roles/:add(attribute=groups) /subsystem=elytron/simple-role-decoder=groups-to-roles/:add(attribute=groups)
/subsystem=elytron/constant-role-mapper=super-user-mapper/:add(roles=[SuperUser]) /subsystem=elytron/constant-role-mapper=super-user-mapper/:add(roles=[SuperUser])
@ -317,6 +315,12 @@ if (result == ASYNC) of /subsystem=infinispan/cache-container=ejb/distributed-ca
echo echo
end-if end-if
if (result == undefined) of /subsystem=jgroups/channel=ee/:read-attribute(name=cluster)
echo Setting cluster attribute to ejb in jgroups subsystem
/subsystem=jgroups/channel=ee/:write-attribute(name=cluster,value=ejb)
echo
end-if
if (result != undefined) of /subsystem=jgroups/stack=udp/protocol=FD_SOCK/:read-attribute(name=socket-binding) if (result != undefined) of /subsystem=jgroups/stack=udp/protocol=FD_SOCK/:read-attribute(name=socket-binding)
echo Unsetting socket-binding from udp FD_SOCK protocol echo Unsetting socket-binding from udp FD_SOCK protocol
# it has to be done via remove and add, because socket-binding is not writable attribute # it has to be done via remove and add, because socket-binding is not writable attribute
@ -358,6 +362,24 @@ if (outcome == failed) of /subsystem=undertow/server=default-server/https-listen
echo echo
end-if end-if
if (outcome == success) of /socket-binding-group=standard-sockets/socket-binding=jgroups-tcp-fd/:read-resource
echo Removing socket-binding jgroups-tcp-fd
/socket-binding-group=standard-sockets/socket-binding=jgroups-tcp-fd/:remove
echo
end-if
if (outcome == success) of /socket-binding-group=standard-sockets/socket-binding=jgroups-udp-fd/:read-resource
echo Removing socket-binding jgroups-udp-fd
/socket-binding-group=standard-sockets/socket-binding=jgroups-udp-fd/:remove
echo
end-if
if (result == 224.0.1.105) of /socket-binding-group=standard-sockets/socket-binding=modcluster/:read-attribute(name=multicast-address)
echo Adding jboss.modcluster.multicast.address property to modcluster multicast-address
/socket-binding-group=standard-sockets/socket-binding=modcluster/:write-attribute(name=multicast-address,value=${jboss.modcluster.multicast.address:224.0.1.105})
echo
end-if
# Migrate from 3.3.0 to 3.4.0 # Migrate from 3.3.0 to 3.4.0
if (outcome == success) of /subsystem=undertow/server=default-server/host=default-host/filter-ref=server-header/:read-resource if (outcome == success) of /subsystem=undertow/server=default-server/host=default-host/filter-ref=server-header/:read-resource
echo Removing X-Powered-By and Server headers from Keycloak responses... echo Removing X-Powered-By and Server headers from Keycloak responses...

4
distribution/feature-packs/server-feature-pack/src/main/resources/content/bin/migrate-standalone.cli
View file

@ -262,9 +262,7 @@ if (outcome == failed) of /subsystem=elytron/:read-resource
/subsystem=elytron/identity-realm=local/:add(identity="$local") /subsystem=elytron/identity-realm=local/:add(identity="$local")
/subsystem=elytron/properties-realm=ApplicationRealm/:add(users-properties={path=application-users.properties,relative-to=jboss.server.config.dir,digest-realm-name=ApplicationRealm},groups-properties={path=application-roles.properties,relative-to=jboss.server.config.dir}) /subsystem=elytron/properties-realm=ApplicationRealm/:add(users-properties={path=application-users.properties,relative-to=jboss.server.config.dir,digest-realm-name=ApplicationRealm},groups-properties={path=application-roles.properties,relative-to=jboss.server.config.dir})
/subsystem=elytron/properties-realm=ManagementRealm/:add(users-properties={path=mgmt-users.properties,relative-to=jboss.server.config.dir,digest-realm-name=ManagementRealm},groups-properties={path=mgmt-groups.properties,relative-to=jboss.server.config.dir}) /subsystem=elytron/properties-realm=ManagementRealm/:add(users-properties={path=mgmt-users.properties,relative-to=jboss.server.config.dir,digest-realm-name=ManagementRealm},groups-properties={path=mgmt-groups.properties,relative-to=jboss.server.config.dir})
/subsystem=elytron/simple-permission-mapper=anonymous-permission-mapper/:add(permission-mappings=[{principals=[anonymous],permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission}]}] /subsystem=elytron/simple-permission-mapper=default-permission-mapper/:add(mapping-mode=first,permission-mappings=[{principals=[anonymous],permissions=[{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]},{match-all=true,permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission},{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}]}])
/subsystem=elytron/constant-permission-mapper=constant-permission-mapper/:add(permissions=[{class-name=org.wildfly.security.auth.permission.LoginPermission},{class-name=org.wildfly.extension.batch.jberet.deployment.BatchPermission,module=org.wildfly.extension.batch.jberet,target-name=*},{class-name=org.wildfly.transaction.client.RemoteTransactionPermission,module=org.wildfly.transaction.client},{class-name=org.jboss.ejb.client.RemoteEJBPermission,module=org.jboss.ejb-client}])
/subsystem=elytron/logical-permission-mapper=default-permission-mapper/:add(logical-operation=unless,left=constant-permission-mapper,right=anonymous-permission-mapper)
/subsystem=elytron/constant-realm-mapper=local/:add(realm-name=local) /subsystem=elytron/constant-realm-mapper=local/:add(realm-name=local)
/subsystem=elytron/simple-role-decoder=groups-to-roles/:add(attribute=groups) /subsystem=elytron/simple-role-decoder=groups-to-roles/:add(attribute=groups)
/subsystem=elytron/constant-role-mapper=super-user-mapper/:add(roles=[SuperUser]) /subsystem=elytron/constant-role-mapper=super-user-mapper/:add(roles=[SuperUser])