[KEYCLOAK-3573] - Elytron adapter CLI scripts and tests.

This commit is contained in:
Pedro Igor 2017-03-31 11:31:33 -03:00
parent 2d40c8d8c2
commit f857625d07
8 changed files with 197 additions and 120 deletions

View file

@ -0,0 +1,57 @@
if (outcome != success) of /extension=org.keycloak.keycloak-adapter-subsystem:read-resource
/extension=org.keycloak.keycloak-adapter-subsystem/:add(module=org.keycloak.keycloak-adapter-subsystem)
else
echo Keycloak OpenID Connect Extension already installed
end-if
if (outcome != success) of /subsystem=keycloak:read-resource
/subsystem=keycloak:add
else
echo Keycloak OpenID Connect Subsystem already installed
end-if
if (outcome != success) of /subsystem=elytron/custom-realm=KeycloakOIDCRealm:read-resource
/subsystem=elytron/custom-realm=KeycloakOIDCRealm:add(class-name=org.keycloak.adapters.elytron.KeycloakSecurityRealm, module=org.keycloak.keycloak-wildfly-elytron-oidc-adapter)
else
echo Keycloak OpenID Connect Realm already installed
end-if
if (outcome != success) of /subsystem=elytron/security-domain=KeycloakDomain:read-resource
/subsystem=elytron/security-domain=KeycloakDomain:add(default-realm=KeycloakOIDCRealm,permission-mapper=default-permission-mapper,security-event-listener=local-audit,realms=[{realm=KeycloakOIDCRealm}])
else
echo Keycloak Security Domain already installed. Trying to install Keycloak OpenID Connect Realm.
/subsystem=elytron/security-domain=KeycloakDomain:list-add(name=realms, value={realm=KeycloakOIDCRealm})
end-if
if (outcome != success) of /subsystem=elytron/constant-realm-mapper=keycloak-oidc-realm-mapper:read-resource
/subsystem=elytron/constant-realm-mapper=keycloak-oidc-realm-mapper:add(realm-name=KeycloakOIDCRealm)
else
echo Keycloak OpenID Connect Realm Mapper already installed
end-if
if (outcome != success) of /subsystem=elytron/service-loader-http-server-mechanism-factory=keycloak-oidc-http-server-mechanism-factory:read-resource
/subsystem=elytron/service-loader-http-server-mechanism-factory=keycloak-oidc-http-server-mechanism-factory:add(module=org.keycloak.keycloak-wildfly-elytron-oidc-adapter)
else
echo Keycloak OpenID Connect HTTP Mechanism already installed
end-if
if (outcome != success) of /subsystem=elytron/aggregate-http-server-mechanism-factory=keycloak-http-server-mechanism-factory:read-resource
/subsystem=elytron/aggregate-http-server-mechanism-factory=keycloak-http-server-mechanism-factory:add(http-server-factories=[keycloak-oidc-http-server-mechanism-factory, global])
else
echo Keycloak HTTP Mechanism Factory already installed. Trying to install Keycloak OpenID Connect HTTP Mechanism Factory.
/subsystem=elytron/aggregate-http-server-mechanism-factory=keycloak-http-server-mechanism-factory:list-add(name=http-server-factories, value=keycloak-oidc-http-server-mechanism-factory)
end-if
if (outcome != success) of /subsystem=elytron/http-authentication-factory=keycloak-http-authentication:read-resource
/subsystem=elytron/http-authentication-factory=keycloak-http-authentication:add(security-domain=KeycloakDomain,http-server-mechanism-factory=keycloak-http-server-mechanism-factory,mechanism-configurations=[{mechanism-name=KEYCLOAK,mechanism-realm-configurations=[{realm-name=KeycloakOIDCRealm,realm-mapper=keycloak-oidc-realm-mapper}]}])
else
echo Keycloak HTTP Authentication Factory already installed. Trying to install Keycloak OpenID Connect Mechanism Configuration
/subsystem=elytron/http-authentication-factory=keycloak-http-authentication:list-add(name=mechanism-configurations, value={mechanism-name=KEYCLOAK,mechanism-realm-configurations=[{realm-name=KeycloakOIDCRealm,realm-mapper=keycloak-oidc-realm-mapper}]})
end-if
if (outcome != success) of /subsystem=undertow/application-security-domain=other:read-resource
/subsystem=undertow/application-security-domain=other:add(http-authentication-factory=keycloak-http-authentication)
else
echo Undertow already configured with Keycloak
end-if

View file

@ -58,5 +58,13 @@
<source>cli/adapter-install-offline.cli</source>
<outputDirectory>bin</outputDirectory>
</file>
<file>
<source>../../shared-cli/adapter-elytron-install.cli</source>
<outputDirectory>bin</outputDirectory>
</file>
<file>
<source>cli/adapter-elytron-install-offline.cli</source>
<outputDirectory>bin</outputDirectory>
</file>
</files>
</assembly>

View file

@ -0,0 +1,59 @@
embed-server --server-config=standalone.xml
if (outcome != success) of /extension=org.keycloak.keycloak-adapter-subsystem:read-resource
/extension=org.keycloak.keycloak-adapter-subsystem/:add(module=org.keycloak.keycloak-adapter-subsystem)
else
echo Keycloak OpenID Connect Extension already installed
end-if
if (outcome != success) of /subsystem=keycloak:read-resource
/subsystem=keycloak:add
else
echo Keycloak OpenID Connect Subsystem already installed
end-if
if (outcome != success) of /subsystem=elytron/custom-realm=KeycloakOIDCRealm:read-resource
/subsystem=elytron/custom-realm=KeycloakOIDCRealm:add(class-name=org.keycloak.adapters.elytron.KeycloakSecurityRealm, module=org.keycloak.keycloak-wildfly-elytron-oidc-adapter)
else
echo Keycloak OpenID Connect Realm already installed
end-if
if (outcome != success) of /subsystem=elytron/security-domain=KeycloakDomain:read-resource
/subsystem=elytron/security-domain=KeycloakDomain:add(default-realm=KeycloakOIDCRealm,permission-mapper=default-permission-mapper,security-event-listener=local-audit,realms=[{realm=KeycloakOIDCRealm}])
else
echo Keycloak Security Domain already installed. Trying to install Keycloak OpenID Connect Realm.
/subsystem=elytron/security-domain=KeycloakDomain:list-add(name=realms, value={realm=KeycloakOIDCRealm})
end-if
if (outcome != success) of /subsystem=elytron/constant-realm-mapper=keycloak-oidc-realm-mapper:read-resource
/subsystem=elytron/constant-realm-mapper=keycloak-oidc-realm-mapper:add(realm-name=KeycloakOIDCRealm)
else
echo Keycloak OpenID Connect Realm Mapper already installed
end-if
if (outcome != success) of /subsystem=elytron/service-loader-http-server-mechanism-factory=keycloak-oidc-http-server-mechanism-factory:read-resource
/subsystem=elytron/service-loader-http-server-mechanism-factory=keycloak-oidc-http-server-mechanism-factory:add(module=org.keycloak.keycloak-wildfly-elytron-oidc-adapter)
else
echo Keycloak OpenID Connect HTTP Mechanism already installed
end-if
if (outcome != success) of /subsystem=elytron/aggregate-http-server-mechanism-factory=keycloak-http-server-mechanism-factory:read-resource
/subsystem=elytron/aggregate-http-server-mechanism-factory=keycloak-http-server-mechanism-factory:add(http-server-factories=[keycloak-oidc-http-server-mechanism-factory, global])
else
echo Keycloak HTTP Mechanism Factory already installed. Trying to install Keycloak OpenID Connect HTTP Mechanism Factory.
/subsystem=elytron/aggregate-http-server-mechanism-factory=keycloak-http-server-mechanism-factory:list-add(name=http-server-factories, value=keycloak-oidc-http-server-mechanism-factory)
end-if
if (outcome != success) of /subsystem=elytron/http-authentication-factory=keycloak-http-authentication:read-resource
/subsystem=elytron/http-authentication-factory=keycloak-http-authentication:add(security-domain=KeycloakDomain,http-server-mechanism-factory=keycloak-http-server-mechanism-factory,mechanism-configurations=[{mechanism-name=KEYCLOAK,mechanism-realm-configurations=[{realm-name=KeycloakOIDCRealm,realm-mapper=keycloak-oidc-realm-mapper}]}])
else
echo Keycloak HTTP Authentication Factory already installed. Trying to install Keycloak OpenID Connect Mechanism Configuration
/subsystem=elytron/http-authentication-factory=keycloak-http-authentication:list-add(name=mechanism-configurations, value={mechanism-name=KEYCLOAK,mechanism-realm-configurations=[{realm-name=KeycloakOIDCRealm,realm-mapper=keycloak-oidc-realm-mapper}]})
end-if
if (outcome != success) of /subsystem=undertow/application-security-domain=other:read-resource
/subsystem=undertow/application-security-domain=other:add(http-authentication-factory=keycloak-http-authentication)
else
echo Undertow already configured with Keycloak
end-if

View file

@ -0,0 +1,56 @@
if (outcome != success) of /extension=org.keycloak.keycloak-saml-adapter-subsystem:read-resource
/extension=org.keycloak.keycloak-saml-adapter-subsystem/:add(module=org.keycloak.keycloak-saml-adapter-subsystem)
else
echo Keycloak SAML Extension already installed
end-if
if (outcome != success) of /subsystem=keycloak-saml:read-resource
/subsystem=keycloak-saml:add
else
echo Keycloak SAML Subsystem already installed
end-if
if (outcome != success) of /subsystem=elytron/custom-realm=KeycloakSAMLRealm:read-resource
/subsystem=elytron/custom-realm=KeycloakSAMLRealm:add(class-name=org.keycloak.adapters.saml.elytron.KeycloakSecurityRealm, module=org.keycloak.keycloak-saml-wildfly-elytron-adapter)
else
echo Keycloak SAML Realm already installed
end-if
if (outcome != success) of /subsystem=elytron/security-domain=KeycloakDomain:read-resource
/subsystem=elytron/security-domain=KeycloakDomain:add(default-realm=KeycloakSAMLRealm,permission-mapper=default-permission-mapper,security-event-listener=local-audit,realms=[{realm=KeycloakSAMLRealm}])
else
echo Keycloak Security Domain already installed. Trying to install Keycloak SAML Realm.
/subsystem=elytron/security-domain=KeycloakDomain:list-add(name=realms, value={realm=KeycloakSAMLRealm})
end-if
if (outcome != success) of /subsystem=elytron/constant-realm-mapper=keycloak-saml-realm-mapper:read-resource
/subsystem=elytron/constant-realm-mapper=keycloak-saml-realm-mapper:add(realm-name=KeycloakSAMLRealm)
else
echo Keycloak SAML Realm Mapper already installed
end-if
if (outcome != success) of /subsystem=elytron/service-loader-http-server-mechanism-factory=keycloak-saml-http-server-mechanism-factory:read-resource
/subsystem=elytron/service-loader-http-server-mechanism-factory=keycloak-saml-http-server-mechanism-factory:add(module=org.keycloak.keycloak-saml-wildfly-elytron-adapter)
else
echo Keycloak SAML HTTP Mechanism Factory already installed
end-if
if (outcome != success) of /subsystem=elytron/aggregate-http-server-mechanism-factory=keycloak-http-server-mechanism-factory:read-resource
/subsystem=elytron/aggregate-http-server-mechanism-factory=keycloak-http-server-mechanism-factory:add(http-server-factories=[keycloak-saml-http-server-mechanism-factory, global])
else
echo Keycloak HTTP Mechanism Factory already installed. Trying to install Keycloak SAML HTTP Mechanism Factory.
/subsystem=elytron/aggregate-http-server-mechanism-factory=keycloak-http-server-mechanism-factory:list-add(name=http-server-factories, value=keycloak-saml-http-server-mechanism-factory)
end-if
if (outcome != success) of /subsystem=elytron/http-authentication-factory=keycloak-http-authentication:read-resource
/subsystem=elytron/http-authentication-factory=keycloak-http-authentication:add(security-domain=KeycloakDomain,http-server-mechanism-factory=keycloak-http-server-mechanism-factory,mechanism-configurations=[{mechanism-name=KEYCLOAK-SAML,mechanism-realm-configurations=[{realm-name=KeycloakSAMLCRealm,realm-mapper=keycloak-saml-realm-mapper}]}])
else
echo Keycloak HTTP Authentication Factory already installed. Trying to install Keycloak SAML Mechanism Configuration
/subsystem=elytron/http-authentication-factory=keycloak-http-authentication:list-add(name=mechanism-configurations, value={mechanism-name=KEYCLOAK-SAML,mechanism-realm-configurations=[{realm-name=KeycloakSAMLRealm,realm-mapper=keycloak-saml-realm-mapper}]})
end-if
if (outcome != success) of /subsystem=undertow/application-security-domain=other:read-resource
/subsystem=undertow/application-security-domain=other:add(http-authentication-factory=keycloak-http-authentication)
else
echo Undertow already configured with Keycloak
end-if

View file

@ -52,5 +52,9 @@
<source>../../shared-cli/adapter-install-saml.cli</source>
<outputDirectory>bin</outputDirectory>
</file>
<file>
<source>../../shared-cli/adapter-elytron-install-saml.cli</source>
<outputDirectory>bin</outputDirectory>
</file>
</files>
</assembly>

View file

@ -1,90 +0,0 @@
<!--
~ * Copyright 2016 Red Hat, Inc. and/or its affiliates
~ * and other contributors as indicated by the @author tags.
~ *
~ * Licensed under the Apache License, Version 2.0 (the "License");
~ * you may not use this file except in compliance with the License.
~ * You may obtain a copy of the License at
~ *
~ * http://www.apache.org/licenses/LICENSE-2.0
~ *
~ * Unless required by applicable law or agreed to in writing, software
~ * distributed under the License is distributed on an "AS IS" BASIS,
~ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ * See the License for the specific language governing permissions and
~ * limitations under the License.
-->
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:variable name="undertowNamespace" select="'urn:jboss:domain:undertow:'"/>
<xsl:variable name="elytronNamespace" select="'urn:wildfly:elytron:'"/>
<xsl:variable name="securityNamespace" select="'urn:jboss:domain:security:'"/>
<xsl:template match="//*[local-name()='subsystem' and starts-with(namespace-uri(), $elytronNamespace)]/*[local-name()='security-realms']">
<xsl:copy>
<xsl:apply-templates select="@* | *"/>
<custom-realm name="KeycloakSAMLRealm" module="org.keycloak.keycloak-saml-wildfly-elytron-adapter" class-name="org.keycloak.adapters.saml.elytron.KeycloakSecurityRealm"/>
<custom-realm name="KeycloakOIDCRealm" module="org.keycloak.keycloak-wildfly-elytron-oidc-adapter" class-name="org.keycloak.adapters.elytron.KeycloakSecurityRealm"/>
</xsl:copy>
</xsl:template>
<xsl:template match="//*[local-name()='subsystem' and starts-with(namespace-uri(), $elytronNamespace)]/*[local-name()='security-domains']">
<xsl:copy>
<xsl:apply-templates select="@* | *"/>
<security-domain name="KeycloakDomain" default-realm="KeycloakOIDCRealm" permission-mapper="default-permission-mapper" security-event-listener="local-audit">
<realm name="KeycloakOIDCRealm"/>
<realm name="KeycloakSAMLRealm"/>
</security-domain>
</xsl:copy>
</xsl:template>
<xsl:template match="//*[local-name()='subsystem' and starts-with(namespace-uri(), $elytronNamespace)]/*[local-name()='mappers']">
<xsl:copy>
<xsl:apply-templates select="@* | *"/>
<constant-realm-mapper name="keycloak-saml-realm-mapper" realm-name="KeycloakSAMLRealm"/>
<constant-realm-mapper name="keycloak-oidc-realm-mapper" realm-name="KeycloakOIDCRealm"/>
</xsl:copy>
</xsl:template>
<xsl:template match="//*[local-name()='subsystem' and starts-with(namespace-uri(), $elytronNamespace)]/*[local-name()='http']">
<xsl:copy>
<xsl:apply-templates select="@* | *"/>
<http-authentication-factory name="keycloak-http-authentication" http-server-mechanism-factory="keycloak-http-server-mechanism-factory" security-domain="KeycloakDomain">
<mechanism-configuration>
<mechanism mechanism-name="KEYCLOAK">
<mechanism-realm realm-name="KeycloakOIDCRealm" realm-mapper="keycloak-oidc-realm-mapper"/>
</mechanism>
<mechanism mechanism-name="KEYCLOAK-SAML">
<mechanism-realm realm-name="KeycloakSAMLRealm" realm-mapper="keycloak-saml-realm-mapper"/>
</mechanism>
</mechanism-configuration>
</http-authentication-factory>
<service-loader-http-server-mechanism-factory name="keycloak-oidc-http-server-mechanism-factory" module="org.keycloak.keycloak-wildfly-elytron-oidc-adapter"/>
<service-loader-http-server-mechanism-factory name="keycloak-saml-http-server-mechanism-factory" module="org.keycloak.keycloak-saml-wildfly-elytron-adapter"/>
<aggregate-http-server-mechanism-factory name="keycloak-http-server-mechanism-factory">
<http-server-mechanism-factory name="keycloak-oidc-http-server-mechanism-factory"/>
<http-server-mechanism-factory name="keycloak-saml-http-server-mechanism-factory"/>
</aggregate-http-server-mechanism-factory>
</xsl:copy>
</xsl:template>
<xsl:template match="//*[local-name()='subsystem' and starts-with(namespace-uri(), $undertowNamespace)]">
<xsl:copy>
<xsl:apply-templates select="@* | *"/>
<application-security-domains>
<application-security-domain name="other" http-authentication-factory="keycloak-http-authentication"/>
</application-security-domains>
</xsl:copy>
</xsl:template>
<!-- Need to remove the legacy security-domain otherwise Elytron will not be enabled to deployments -->
<xsl:template match="//*[local-name()='subsystem' and starts-with(namespace-uri(), $securityNamespace)]/*[local-name()='security-domains']/*[local-name()='security-domain'][@name='keycloak']"/>
<xsl:template match="@*|node()">
<xsl:copy>
<xsl:apply-templates select="@*|node()"/>
</xsl:copy>
</xsl:template>
</xsl:stylesheet>

View file

@ -23,10 +23,20 @@ do
echo "Server is running. Installing adapter."
./jboss-cli.sh -c --file="adapter-install.cli"
if [ "$ELYTRON_SUPPORTED" = true ]; then
./jboss-cli.sh -c --file="adapter-elytron-install.cli"
fi
if [ $? -ne 0 ]; then RESULT=1; fi
if [ "$SAML_SUPPORTED" = true ]; then
./jboss-cli.sh -c --file="adapter-install-saml.cli"
if [ "$ELYTRON_SUPPORTED" = true ]; then
./jboss-cli.sh -c --file="adapter-elytron-install-saml.cli"
fi
if [ $? -ne 0 ]; then RESULT=1; fi
fi

View file

@ -200,6 +200,7 @@
<JAVA_HOME>${app.server.java.home}</JAVA_HOME>
<JBOSS_HOME>${app.server.jboss.home}</JBOSS_HOME>
<SAML_SUPPORTED>${app.server.saml.adapter.supported}</SAML_SUPPORTED>
<ELYTRON_SUPPORTED>${app.server.elytron.adapter.supported}</ELYTRON_SUPPORTED>
</environmentVariables>
</configuration>
</execution>
@ -452,36 +453,8 @@
</activation>
<properties>
<wildfly.version>${elytron.wildfly.version}</wildfly.version>
<app.server.elytron.adapter.supported>true</app.server.elytron.adapter.supported>
</properties>
<build>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>xml-maven-plugin</artifactId>
<executions>
<execution>
<id>configure-adapter-debug-log</id>
<phase>process-test-resources</phase>
<goals>
<goal>transform</goal>
</goals>
<configuration>
<transformationSets>
<transformationSet>
<dir>${app.server.jboss.home}/standalone/configuration</dir>
<includes>
<include>standalone.xml</include>
</includes>
<stylesheet>${common.resources}/configure-elytron.xsl</stylesheet>
<outputDir>${app.server.jboss.home}/standalone/configuration</outputDir>
</transformationSet>
</transformationSets>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</profile>
</profiles>