KEYCLOAK-14856 fix migration, add ssl for migration server
This commit is contained in:
vramik
Hynek Mlnařík
parent
24522c298e
commit
dfa27b9f0f
5 changed files with 62 additions and 18 deletions
|
|
@ -60,13 +60,15 @@
|
|||
</target>
|
||||
|
||||
<target name="scenario-standalone-generate" depends="io-worker-threads,
|
||||
inject-provider-and-truststore,
|
||||
inject-provider,
|
||||
inject-truststore,
|
||||
log-level">
|
||||
<echo>cli scripts for standalone prepared</echo>
|
||||
</target>
|
||||
|
||||
<target name="scenario-cluster-generate" depends="io-worker-threads,
|
||||
inject-provider-and-truststore,
|
||||
inject-provider,
|
||||
inject-truststore,
|
||||
undertow-subsystem-cluster,
|
||||
ispn-cache-owners,
|
||||
log-level">
|
||||
|
|
@ -74,7 +76,8 @@
|
|||
</target>
|
||||
|
||||
<target name="scenario-crossdc-generate" depends="io-worker-threads,
|
||||
inject-provider-and-truststore,
|
||||
inject-provider,
|
||||
inject-truststore,
|
||||
cross-dc-setup,
|
||||
log-level">
|
||||
<echo>cli scripts for crossdc prepared</echo>
|
||||
|
|
@ -92,7 +95,7 @@
|
|||
</copy>
|
||||
</target>
|
||||
|
||||
<target name="inject-provider-and-truststore">
|
||||
<target name="inject-provider">
|
||||
<copy todir="${cli.tmp.dir}">
|
||||
<resources>
|
||||
<file file="${common.resources}/jboss-cli/keycloak-server-subsystem.cli"/>
|
||||
|
|
@ -100,6 +103,14 @@
|
|||
</copy>
|
||||
</target>
|
||||
|
||||
<target name="inject-truststore">
|
||||
<copy todir="${cli.tmp.dir}">
|
||||
<resources>
|
||||
<file file="${common.resources}/jboss-cli/truststore.cli"/>
|
||||
</resources>
|
||||
</copy>
|
||||
</target>
|
||||
|
||||
<target name="set-manual-migration-strategy">
|
||||
<copy todir="${cli.tmp.dir}">
|
||||
<resources>
|
||||
|
|
|
|||
|
|
@ -1,13 +1,5 @@
|
|||
|
||||
echo *** Updating keycloak-server subsystem ***
|
||||
echo ** Adding truststore spi**
|
||||
/subsystem=keycloak-server/spi=truststore/:add
|
||||
/subsystem=keycloak-server/spi=truststore/provider=file/:add(enabled=true,properties={ \
|
||||
file => "${auth.server.truststore:${jboss.home.dir}/standalone/configuration/keycloak.truststore}", \
|
||||
password => "${auth.server.truststore.password:secret}", \
|
||||
hostname-verification-policy => "WILDCARD", \
|
||||
disabled => "false"})
|
||||
|
||||
echo ** Adding login-protocol spi **
|
||||
/subsystem=keycloak-server/spi=login-protocol/:add
|
||||
/subsystem=keycloak-server/spi=login-protocol/provider=saml/:add(enabled=true,properties={knownProtocols => "[\"http=${auth.server.http.port}\",\"https=${auth.server.https.port}\"]"})
|
||||
|
|
|
|||
|
|
@ -0,0 +1,8 @@
|
|||
|
||||
echo ** Adding truststore spi**
|
||||
/subsystem=keycloak-server/spi=truststore/:add
|
||||
/subsystem=keycloak-server/spi=truststore/provider=file/:add(enabled=true,properties={ \
|
||||
file => "${auth.server.truststore:${jboss.home.dir}/standalone/configuration/keycloak.truststore}", \
|
||||
password => "${auth.server.truststore.password:secret}", \
|
||||
hostname-verification-policy => "WILDCARD", \
|
||||
disabled => "false"})
|
||||
|
|
@ -130,6 +130,30 @@
|
|||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<artifactId>maven-resources-plugin</artifactId>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>copy-keystore</id>
|
||||
<phase>process-resources</phase>
|
||||
<goals>
|
||||
<goal>copy-resources</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<outputDirectory>${auth.server.home}/standalone/configuration</outputDirectory>
|
||||
<resources>
|
||||
<resource>
|
||||
<directory>${common.resources}/keystore</directory>
|
||||
<includes>
|
||||
<include>keycloak.jks</include>
|
||||
<include>keycloak.truststore</include>
|
||||
</includes>
|
||||
</resource>
|
||||
</resources>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
<plugin>
|
||||
<groupId>org.apache.maven.plugins</groupId>
|
||||
<artifactId>maven-antrun-plugin</artifactId>
|
||||
|
|
@ -157,6 +181,18 @@
|
|||
</target>
|
||||
</configuration>
|
||||
</execution>
|
||||
<execution>
|
||||
<id>inject-truststore</id>
|
||||
<phase>generate-resources</phase>
|
||||
<goals>
|
||||
<goal>run</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<target>
|
||||
<ant antfile="${common.resources}/ant/configure.xml" target="inject-truststore" />
|
||||
</target>
|
||||
</configuration>
|
||||
</execution>
|
||||
<execution>
|
||||
<id>ant-apply-prepared-clis</id>
|
||||
<phase>process-resources</phase>
|
||||
|
|
|
|||
|
|
@ -370,6 +370,7 @@ public class AuthServerTestEnricher {
|
|||
if (suiteContext.isAuthServerMigrationEnabled()) {
|
||||
log.info("\n\n### Starting keycloak " + System.getProperty("migrated.auth.server.version", "- previous") + " ###\n\n");
|
||||
startContainerEvent.fire(new StartContainer(suiteContext.getMigratedAuthServerInfo().getArquillianContainer()));
|
||||
initializeTLS(suiteContext.getMigratedAuthServerInfo());
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -411,8 +412,6 @@ public class AuthServerTestEnricher {
|
|||
//frontend-only (either load-balancer or auth-server)
|
||||
log.debug("Starting auth server before suite");
|
||||
|
||||
setJsseSecurityProviderForOutboundSslConnectionsOfElytronClient();
|
||||
|
||||
try {
|
||||
startContainerEvent.fire(new StartContainer(suiteContext.getAuthServerInfo().getArquillianContainer()));
|
||||
} catch (Exception e) {
|
||||
|
|
@ -550,10 +549,8 @@ public class AuthServerTestEnricher {
|
|||
public static void initializeTLS(ContainerInfo containerInfo) {
|
||||
if (ServerURLs.AUTH_SERVER_SSL_REQUIRED && containerInfo.isJBossBased()) {
|
||||
log.infof("\n\n### Setting up TLS for %s ##\n\n", containerInfo);
|
||||
try {
|
||||
OnlineManagementClient client = getManagementClient(containerInfo);
|
||||
try (OnlineManagementClient client = getManagementClient(containerInfo)) {
|
||||
AuthServerTestEnricher.enableTLS(client);
|
||||
client.close();
|
||||
} catch (Exception e) {
|
||||
log.warn("Failed to set up TLS for container '" + containerInfo.getQualifier() + "'. This may lead to unexpected behavior unless the test" +
|
||||
" sets it up manually", e);
|
||||
|
|
@ -584,7 +581,7 @@ public class AuthServerTestEnricher {
|
|||
* the platform providers for respective property.
|
||||
*
|
||||
*/
|
||||
public static void setJsseSecurityProviderForOutboundSslConnectionsOfElytronClient() {
|
||||
public static void setJsseSecurityProviderForOutboundSslConnectionsOfElytronClient(@Observes(precedence = 100) StartSuiteContainers event) {
|
||||
log.info(
|
||||
"Determining the JSSE security provider to use for outbound " +
|
||||
"SSL/TLS connections of the Elytron client..."
|
||||
|
|
|
|||
Loading…
Reference in a new issue