-
Notifications
You must be signed in to change notification settings - Fork 26
/
jboss-kie-wildfly-security.sh
executable file
·237 lines (193 loc) · 8.06 KB
/
jboss-kie-wildfly-security.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
#!/bin/bash
source "${JBOSS_HOME}/bin/launch/launch-common.sh"
source "${JBOSS_HOME}/bin/launch/logging.sh"
########## Environment Variables ##########
function unset_kie_security_env() {
# please keep these in alphabetical order
unset KIE_ADMIN_PWD
unset KIE_ADMIN_ROLES
unset KIE_ADMIN_USER
unset KIE_MAVEN_PWD
unset KIE_MAVEN_ROLES
unset KIE_MAVEN_USER
unset KIE_SERVER_BYPASS_AUTH_USER
unset KIE_SERVER_CONTROLLER_PWD
unset KIE_SERVER_CONTROLLER_ROLES
unset KIE_SERVER_CONTROLLER_TOKEN
unset KIE_SERVER_CONTROLLER_USER
unset KIE_SERVER_DOMAIN
unset KIE_SERVER_PWD
unset KIE_SERVER_ROLES
unset KIE_SERVER_TOKEN
unset KIE_SERVER_USER
}
########## Defaults ##########
function get_default_kie_user() {
local kie_type="${1}"
echo "${kie_type}User"
}
function get_default_kie_pwd() {
local kie_type="${1}"
echo "${kie_type}1!"
}
function esc_kie_pwd() {
local kie_pwd="${1}"
echo ${kie_pwd//\"/\\\"}
}
########## KIE Admin ##########
function get_kie_admin_user() {
local default_kie_user=$(get_default_kie_user "admin")
echo $(find_env "KIE_ADMIN_USER" "${default_kie_user}")
}
function get_kie_admin_pwd() {
local default_kie_pwd=$(get_default_kie_pwd "admin")
echo $(find_env "KIE_ADMIN_PWD" "${default_kie_pwd}")
}
function esc_kie_admin_pwd() {
local orig_kie_pwd=$(get_kie_admin_pwd)
echo $(esc_kie_pwd "${orig_kie_pwd}")
}
function get_kie_admin_roles() {
local default_kie_roles="kie-server,rest-all,admin,kiemgmt,Administrators"
echo $(find_env "KIE_ADMIN_ROLES" "${default_kie_roles}")
}
function add_kie_admin_user() {
add_eap_user "admin" "$(get_kie_admin_user)" "$(get_kie_admin_pwd)" "$(get_kie_admin_roles)"
}
########## KIE Maven ##########
function get_kie_maven_user() {
local default_kie_user=$(get_default_kie_user "maven")
echo $(find_env "KIE_MAVEN_USER" "${default_kie_user}")
}
function get_kie_maven_pwd() {
local default_kie_pwd=$(get_default_kie_pwd "maven")
echo $(find_env "KIE_MAVEN_PWD" "${default_kie_pwd}")
}
function esc_kie_maven_pwd() {
local orig_kie_pwd=$(get_kie_maven_pwd)
echo $(esc_kie_pwd "${orig_kie_pwd}")
}
function get_kie_maven_roles() {
local default_kie_roles=""
echo $(find_env "KIE_MAVEN_ROLES" "${default_kie_roles}")
}
function add_kie_maven_user() {
add_eap_user "maven" "$(get_kie_maven_user)" "$(get_kie_maven_pwd)" "$(get_kie_maven_roles)"
}
########## KIE Server ##########
function get_kie_server_user() {
local default_kie_user=$(get_default_kie_user "execution")
echo $(find_env "KIE_SERVER_USER" "${default_kie_user}")
}
function get_kie_server_pwd() {
local default_kie_pwd=$(get_default_kie_pwd "execution")
echo $(find_env "KIE_SERVER_PWD" "${default_kie_pwd}")
}
function esc_kie_server_pwd() {
local orig_kie_pwd=$(get_kie_server_pwd)
echo $(esc_kie_pwd "${orig_kie_pwd}")
}
function get_kie_server_token() {
local default_kie_token=""
echo $(find_env "KIE_SERVER_TOKEN" "${default_kie_token}")
}
function get_kie_server_roles() {
local default_kie_roles="kie-server,rest-all,user"
echo $(find_env "KIE_SERVER_ROLES" "${default_kie_roles}")
}
function get_kie_server_domain() {
local default_kie_domain="other"
echo $(find_env "KIE_SERVER_DOMAIN" "${default_kie_domain}")
}
function get_kie_server_bypass_auth_user() {
local bypass_auth_user=$(echo "${KIE_SERVER_BYPASS_AUTH_USER}" | tr "[:upper:]" "[:lower:]")
if [ "x${bypass_auth_user}" != "x" ] && [ "${bypass_auth_user}" != "true" ]; then
bypass_auth_user="false"
fi
echo "${bypass_auth_user}"
}
function add_kie_server_user() {
add_eap_user "execution" "$(get_kie_server_user)" "$(get_kie_server_pwd)" "$(get_kie_server_roles)"
}
########## KIE Server Controller ##########
function get_kie_server_controller_user() {
local default_kie_user=$(get_default_kie_user "controller")
echo $(find_env "KIE_SERVER_CONTROLLER_USER" "${default_kie_user}")
}
function get_kie_server_controller_pwd() {
local default_kie_pwd=$(get_default_kie_pwd "controller")
echo $(find_env "KIE_SERVER_CONTROLLER_PWD" "${default_kie_pwd}")
}
function esc_kie_server_controller_pwd() {
local orig_kie_pwd=$(get_kie_server_controller_pwd)
echo $(esc_kie_pwd "${orig_kie_pwd}")
}
function get_kie_server_controller_token() {
local default_kie_token=""
echo $(find_env "KIE_SERVER_CONTROLLER_TOKEN" "${default_kie_token}")
}
function get_kie_server_controller_roles() {
local default_kie_roles="kie-server,rest-all,user"
echo $(find_env "KIE_SERVER_CONTROLLER_ROLES" "${default_kie_roles}")
}
function add_kie_server_controller_user() {
add_eap_user "controller" "$(get_kie_server_controller_user)" "$(get_kie_server_controller_pwd)" "$(get_kie_server_controller_roles)"
}
# print information if the users creation is skipped
# This function only have the purpose to print user information based on product
# to guide the user about what users they need to create on the external auth provider, if enabled.
#
# $1 - type/component
print_user_information() {
if [ "${AUTH_LDAP_URL}x" != "x" ] || [ "${SSO_URL}x" != "x" ]; then
log_info "External authentication/authorization enabled, skipping the embedded users creation."
if [ "${1}" == "kieadmin" ] || [ "${1}" == "central" ] || [ "${1}" == "kieserver" ]; then
if [ "${KIE_ADMIN_USER}x" != "x" ]; then
log_info "KIE_ADMIN_USER is set to ${KIE_ADMIN_USER}, make sure to configure this user with the provided password on the external auth provider with the roles $(get_kie_admin_roles)"
else
log_info "Make sure to configure a ADMIN user to access the Business Central with the roles $(get_kie_admin_roles)"
fi
fi
if [ "${1}" == "central" ] || [ "${1}" == "kieserver" ]; then
if [ "${KIE_MAVEN_USER}x" != "x" ]; then
log_info "KIE_MAVEN_USER is set to ${KIE_MAVEN_USER}, make sure to configure this user with the provided password on the external auth provider."
else
log_info "Make sure to configure the KIE_MAVEN_USER user to interact with Business Central embedded maven server"
fi
fi
if [ "${1}" == "central" ] || [ "${1}" == "kieserver" ] || [ "${1}" == "controller" ]; then
if [ "${KIE_SERVER_CONTROLLER_USER}x" != "x" ]; then
log_info "KIE_SERVER_CONTROLLER_USER is set to ${KIE_SERVER_CONTROLLER_USER}, make sure to configure this user with the provided password on the external auth provider with the roles $(get_kie_server_controller_roles)"
else
log_info "Make sure to configure the KIE_SERVER_CONTROLLER_USER user to interact with KIE Server rest api with the roles $(get_kie_server_controller_roles)"
fi
fi
if [ "${1}" == "kieserver" ] || [ "${1}" == "controller" ]; then
if [ "${KIE_SERVER_USER}x" != "x" ]; then
log_info "KIE_SERVER_USER is set to ${KIE_SERVER_USER}, make sure to configure this user with the provided password on the external auth provider with the roles $(get_kie_server_roles)"
else
log_info "Make sure to configure the KIE_SERVER_USER user to interact with KIE Server rest api with the roles $(get_kie_server_roles)"
fi
fi
fi
}
########## EAP ##########
# If LDAP/SSO integration is enabled, do not create eap users.
function add_eap_user() {
if [ "${AUTH_LDAP_URL}x" == "x" ] && [ "${SSO_URL}x" == "x" ]; then
local kie_type="${1}"
local eap_user="${2}"
local eap_pwd="${3}"
local eap_roles="${4}"
if [ "x${eap_roles}" != "x" ]; then
${JBOSS_HOME}/bin/add-user.sh -a --user "${eap_user}" --password "${eap_pwd}" --role "${eap_roles}"
else
${JBOSS_HOME}/bin/add-user.sh -a --user "${eap_user}" --password "${eap_pwd}"
fi
if [ "$?" -ne "0" ]; then
log_error "Failed to add KIE ${kie_type} user \"${eap_user}\" in EAP"
log_error "Exiting..."
exit
fi
fi
}