KEYCLOAK-14856 fix migration, add ssl for migration server
This commit is contained in:
vramik
Hynek Mlnařík
parent
24522c298e
commit
dfa27b9f0f
5 changed files with 62 additions and 18 deletions
|
|
@ -60,13 +60,15 @@
|
||||||
</target>
|
</target>
|
||||||
|
|
||||||
<target name="scenario-standalone-generate" depends="io-worker-threads,
|
<target name="scenario-standalone-generate" depends="io-worker-threads,
|
||||||
inject-provider-and-truststore,
|
inject-provider,
|
||||||
|
inject-truststore,
|
||||||
log-level">
|
log-level">
|
||||||
<echo>cli scripts for standalone prepared</echo>
|
<echo>cli scripts for standalone prepared</echo>
|
||||||
</target>
|
</target>
|
||||||
|
|
||||||
<target name="scenario-cluster-generate" depends="io-worker-threads,
|
<target name="scenario-cluster-generate" depends="io-worker-threads,
|
||||||
inject-provider-and-truststore,
|
inject-provider,
|
||||||
|
inject-truststore,
|
||||||
undertow-subsystem-cluster,
|
undertow-subsystem-cluster,
|
||||||
ispn-cache-owners,
|
ispn-cache-owners,
|
||||||
log-level">
|
log-level">
|
||||||
|
|
@ -74,7 +76,8 @@
|
||||||
</target>
|
</target>
|
||||||
|
|
||||||
<target name="scenario-crossdc-generate" depends="io-worker-threads,
|
<target name="scenario-crossdc-generate" depends="io-worker-threads,
|
||||||
inject-provider-and-truststore,
|
inject-provider,
|
||||||
|
inject-truststore,
|
||||||
cross-dc-setup,
|
cross-dc-setup,
|
||||||
log-level">
|
log-level">
|
||||||
<echo>cli scripts for crossdc prepared</echo>
|
<echo>cli scripts for crossdc prepared</echo>
|
||||||
|
|
@ -92,7 +95,7 @@
|
||||||
</copy>
|
</copy>
|
||||||
</target>
|
</target>
|
||||||
|
|
||||||
<target name="inject-provider-and-truststore">
|
<target name="inject-provider">
|
||||||
<copy todir="${cli.tmp.dir}">
|
<copy todir="${cli.tmp.dir}">
|
||||||
<resources>
|
<resources>
|
||||||
<file file="${common.resources}/jboss-cli/keycloak-server-subsystem.cli"/>
|
<file file="${common.resources}/jboss-cli/keycloak-server-subsystem.cli"/>
|
||||||
|
|
@ -100,6 +103,14 @@
|
||||||
</copy>
|
</copy>
|
||||||
</target>
|
</target>
|
||||||
|
|
||||||
|
<target name="inject-truststore">
|
||||||
|
<copy todir="${cli.tmp.dir}">
|
||||||
|
<resources>
|
||||||
|
<file file="${common.resources}/jboss-cli/truststore.cli"/>
|
||||||
|
</resources>
|
||||||
|
</copy>
|
||||||
|
</target>
|
||||||
|
|
||||||
<target name="set-manual-migration-strategy">
|
<target name="set-manual-migration-strategy">
|
||||||
<copy todir="${cli.tmp.dir}">
|
<copy todir="${cli.tmp.dir}">
|
||||||
<resources>
|
<resources>
|
||||||
|
|
|
||||||
|
|
@ -1,13 +1,5 @@
|
||||||
|
|
||||||
echo *** Updating keycloak-server subsystem ***
|
echo *** Updating keycloak-server subsystem ***
|
||||||
echo ** Adding truststore spi**
|
|
||||||
/subsystem=keycloak-server/spi=truststore/:add
|
|
||||||
/subsystem=keycloak-server/spi=truststore/provider=file/:add(enabled=true,properties={ \
|
|
||||||
file => "${auth.server.truststore:${jboss.home.dir}/standalone/configuration/keycloak.truststore}", \
|
|
||||||
password => "${auth.server.truststore.password:secret}", \
|
|
||||||
hostname-verification-policy => "WILDCARD", \
|
|
||||||
disabled => "false"})
|
|
||||||
|
|
||||||
echo ** Adding login-protocol spi **
|
echo ** Adding login-protocol spi **
|
||||||
/subsystem=keycloak-server/spi=login-protocol/:add
|
/subsystem=keycloak-server/spi=login-protocol/:add
|
||||||
/subsystem=keycloak-server/spi=login-protocol/provider=saml/:add(enabled=true,properties={knownProtocols => "[\"http=${auth.server.http.port}\",\"https=${auth.server.https.port}\"]"})
|
/subsystem=keycloak-server/spi=login-protocol/provider=saml/:add(enabled=true,properties={knownProtocols => "[\"http=${auth.server.http.port}\",\"https=${auth.server.https.port}\"]"})
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,8 @@
|
||||||
|
|
||||||
|
echo ** Adding truststore spi**
|
||||||
|
/subsystem=keycloak-server/spi=truststore/:add
|
||||||
|
/subsystem=keycloak-server/spi=truststore/provider=file/:add(enabled=true,properties={ \
|
||||||
|
file => "${auth.server.truststore:${jboss.home.dir}/standalone/configuration/keycloak.truststore}", \
|
||||||
|
password => "${auth.server.truststore.password:secret}", \
|
||||||
|
hostname-verification-policy => "WILDCARD", \
|
||||||
|
disabled => "false"})
|
||||||
|
|
@ -130,6 +130,30 @@
|
||||||
</execution>
|
</execution>
|
||||||
</executions>
|
</executions>
|
||||||
</plugin>
|
</plugin>
|
||||||
|
<plugin>
|
||||||
|
<artifactId>maven-resources-plugin</artifactId>
|
||||||
|
<executions>
|
||||||
|
<execution>
|
||||||
|
<id>copy-keystore</id>
|
||||||
|
<phase>process-resources</phase>
|
||||||
|
<goals>
|
||||||
|
<goal>copy-resources</goal>
|
||||||
|
</goals>
|
||||||
|
<configuration>
|
||||||
|
<outputDirectory>${auth.server.home}/standalone/configuration</outputDirectory>
|
||||||
|
<resources>
|
||||||
|
<resource>
|
||||||
|
<directory>${common.resources}/keystore</directory>
|
||||||
|
<includes>
|
||||||
|
<include>keycloak.jks</include>
|
||||||
|
<include>keycloak.truststore</include>
|
||||||
|
</includes>
|
||||||
|
</resource>
|
||||||
|
</resources>
|
||||||
|
</configuration>
|
||||||
|
</execution>
|
||||||
|
</executions>
|
||||||
|
</plugin>
|
||||||
<plugin>
|
<plugin>
|
||||||
<groupId>org.apache.maven.plugins</groupId>
|
<groupId>org.apache.maven.plugins</groupId>
|
||||||
<artifactId>maven-antrun-plugin</artifactId>
|
<artifactId>maven-antrun-plugin</artifactId>
|
||||||
|
|
@ -157,6 +181,18 @@
|
||||||
</target>
|
</target>
|
||||||
</configuration>
|
</configuration>
|
||||||
</execution>
|
</execution>
|
||||||
|
<execution>
|
||||||
|
<id>inject-truststore</id>
|
||||||
|
<phase>generate-resources</phase>
|
||||||
|
<goals>
|
||||||
|
<goal>run</goal>
|
||||||
|
</goals>
|
||||||
|
<configuration>
|
||||||
|
<target>
|
||||||
|
<ant antfile="${common.resources}/ant/configure.xml" target="inject-truststore" />
|
||||||
|
</target>
|
||||||
|
</configuration>
|
||||||
|
</execution>
|
||||||
<execution>
|
<execution>
|
||||||
<id>ant-apply-prepared-clis</id>
|
<id>ant-apply-prepared-clis</id>
|
||||||
<phase>process-resources</phase>
|
<phase>process-resources</phase>
|
||||||
|
|
|
||||||
|
|
@ -370,6 +370,7 @@ public class AuthServerTestEnricher {
|
||||||
if (suiteContext.isAuthServerMigrationEnabled()) {
|
if (suiteContext.isAuthServerMigrationEnabled()) {
|
||||||
log.info("\n\n### Starting keycloak " + System.getProperty("migrated.auth.server.version", "- previous") + " ###\n\n");
|
log.info("\n\n### Starting keycloak " + System.getProperty("migrated.auth.server.version", "- previous") + " ###\n\n");
|
||||||
startContainerEvent.fire(new StartContainer(suiteContext.getMigratedAuthServerInfo().getArquillianContainer()));
|
startContainerEvent.fire(new StartContainer(suiteContext.getMigratedAuthServerInfo().getArquillianContainer()));
|
||||||
|
initializeTLS(suiteContext.getMigratedAuthServerInfo());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -411,8 +412,6 @@ public class AuthServerTestEnricher {
|
||||||
//frontend-only (either load-balancer or auth-server)
|
//frontend-only (either load-balancer or auth-server)
|
||||||
log.debug("Starting auth server before suite");
|
log.debug("Starting auth server before suite");
|
||||||
|
|
||||||
setJsseSecurityProviderForOutboundSslConnectionsOfElytronClient();
|
|
||||||
|
|
||||||
try {
|
try {
|
||||||
startContainerEvent.fire(new StartContainer(suiteContext.getAuthServerInfo().getArquillianContainer()));
|
startContainerEvent.fire(new StartContainer(suiteContext.getAuthServerInfo().getArquillianContainer()));
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
|
|
@ -550,10 +549,8 @@ public class AuthServerTestEnricher {
|
||||||
public static void initializeTLS(ContainerInfo containerInfo) {
|
public static void initializeTLS(ContainerInfo containerInfo) {
|
||||||
if (ServerURLs.AUTH_SERVER_SSL_REQUIRED && containerInfo.isJBossBased()) {
|
if (ServerURLs.AUTH_SERVER_SSL_REQUIRED && containerInfo.isJBossBased()) {
|
||||||
log.infof("\n\n### Setting up TLS for %s ##\n\n", containerInfo);
|
log.infof("\n\n### Setting up TLS for %s ##\n\n", containerInfo);
|
||||||
try {
|
try (OnlineManagementClient client = getManagementClient(containerInfo)) {
|
||||||
OnlineManagementClient client = getManagementClient(containerInfo);
|
|
||||||
AuthServerTestEnricher.enableTLS(client);
|
AuthServerTestEnricher.enableTLS(client);
|
||||||
client.close();
|
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
log.warn("Failed to set up TLS for container '" + containerInfo.getQualifier() + "'. This may lead to unexpected behavior unless the test" +
|
log.warn("Failed to set up TLS for container '" + containerInfo.getQualifier() + "'. This may lead to unexpected behavior unless the test" +
|
||||||
" sets it up manually", e);
|
" sets it up manually", e);
|
||||||
|
|
@ -584,7 +581,7 @@ public class AuthServerTestEnricher {
|
||||||
* the platform providers for respective property.
|
* the platform providers for respective property.
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
public static void setJsseSecurityProviderForOutboundSslConnectionsOfElytronClient() {
|
public static void setJsseSecurityProviderForOutboundSslConnectionsOfElytronClient(@Observes(precedence = 100) StartSuiteContainers event) {
|
||||||
log.info(
|
log.info(
|
||||||
"Determining the JSSE security provider to use for outbound " +
|
"Determining the JSSE security provider to use for outbound " +
|
||||||
"SSL/TLS connections of the Elytron client..."
|
"SSL/TLS connections of the Elytron client..."
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue