WFLY-6977 Transformers for Security

wildfly · Jul 25, 2017 · 89abbee · 89abbee
1 parent b64b124
commit 89abbee
Show file tree

Hide file tree

Showing 8 changed files with 484 additions and 100 deletions.
diff --git a/security/subsystem/src/main/java/org/jboss/as/security/AuditResourceDefinition.java b/security/subsystem/src/main/java/org/jboss/as/security/AuditResourceDefinition.java
@@ -27,7 +27,6 @@
 import org.jboss.as.controller.OperationStepHandler;
 import org.jboss.as.controller.SimpleResourceDefinition;
 import org.jboss.as.controller.registry.ManagementResourceRegistration;
-import org.jboss.as.controller.transform.description.ResourceTransformationDescriptionBuilder;
 import org.jboss.dmr.ModelNode;
 
 /**
@@ -74,9 +73,4 @@ protected void updateModel(OperationContext context, ModelNode operation) throws
                }
     }
 
-    static void registerTransformers_1_3_0(ResourceTransformationDescriptionBuilder parentBuilder) {
-        ResourceTransformationDescriptionBuilder builder = parentBuilder.addChildResource(SecurityExtension.PATH_AUDIT_CLASSIC);
-        MappingProviderModuleDefinition.registerTransformers_1_3_0(builder);
-    }
-
 }
diff --git a/security/subsystem/src/main/java/org/jboss/as/security/MappingProviderModuleDefinition.java b/security/subsystem/src/main/java/org/jboss/as/security/MappingProviderModuleDefinition.java
@@ -26,10 +26,6 @@
 
 import org.jboss.as.controller.AttributeDefinition;
 import org.jboss.as.controller.PathElement;
-import org.jboss.as.controller.transform.description.DiscardAttributeChecker;
-import org.jboss.as.controller.transform.description.RejectAttributeChecker;
-import org.jboss.as.controller.transform.description.ResourceTransformationDescriptionBuilder;
-import org.jboss.dmr.ModelNode;
 
 /**
  * This class should better be called {@code AuditProviderModuleDefinition} rather than {@code MappingProviderModuleDefinition},
@@ -51,12 +47,5 @@ public AttributeDefinition[] getAttributes() {
         return ATTRIBUTES;
     }
 
-    static void registerTransformers_1_3_0(ResourceTransformationDescriptionBuilder parentBuilder) {
-        ResourceTransformationDescriptionBuilder builder = parentBuilder.addChildResource(PATH_PROVIDER_MODULE);
-        builder.getAttributeBuilder()
-                .setDiscard(new DiscardAttributeChecker.DiscardAttributeValueChecker(false, true,
-                        new ModelNode(ModuleName.PICKETBOX.getName())), MODULE)
-                .addRejectCheck(RejectAttributeChecker.DEFINED, MODULE).end();
-    }
 
 }
diff --git a/security/subsystem/src/main/java/org/jboss/as/security/SecurityDomainResourceDefinition.java b/security/subsystem/src/main/java/org/jboss/as/security/SecurityDomainResourceDefinition.java
@@ -48,7 +48,6 @@
 import org.jboss.as.controller.operations.validation.StringAllowedValuesValidator;
 import org.jboss.as.controller.registry.ManagementResourceRegistration;
 import org.jboss.as.controller.registry.OperationEntry;
-import org.jboss.as.controller.transform.description.ResourceTransformationDescriptionBuilder;
 import org.jboss.as.security.logging.SecurityLogger;
 import org.jboss.as.security.plugins.SecurityDomainContext;
 import org.jboss.as.security.service.SecurityDomainService;
@@ -230,9 +229,4 @@ private static void waitForService(final ServiceController<?> controller) throws
         }
     }
 
-    static void registerTransformers_1_3_0(ResourceTransformationDescriptionBuilder parentBuilder) {
-        ResourceTransformationDescriptionBuilder builder = parentBuilder.addChildResource(SecurityExtension.SECURITY_DOMAIN_PATH);
-        AuditResourceDefinition.registerTransformers_1_3_0(builder);
-    }
-
 }
diff --git a/security/subsystem/src/main/java/org/jboss/as/security/SecurityTransformers.java b/security/subsystem/src/main/java/org/jboss/as/security/SecurityTransformers.java
@@ -22,6 +22,10 @@
 
 package org.jboss.as.security;
 
+import static org.jboss.as.security.Constants.MODULE;
+import static org.jboss.as.security.MappingProviderModuleDefinition.PATH_PROVIDER_MODULE;
+import static org.jboss.as.security.SecuritySubsystemRootResourceDefinition.INITIALIZE_JACC;
+
 import org.jboss.as.controller.ModelVersion;
 import org.jboss.as.controller.PathElement;
 import org.jboss.as.controller.transform.ExtensionTransformerRegistration;
@@ -30,6 +34,7 @@
 import org.jboss.as.controller.transform.description.RejectAttributeChecker;
 import org.jboss.as.controller.transform.description.ResourceTransformationDescriptionBuilder;
 import org.jboss.as.controller.transform.description.TransformationDescription;
+import org.jboss.dmr.ModelNode;
 
 /**
  * @author Tomaz Cerar (c) 2017 Red Hat Inc.
@@ -42,7 +47,7 @@ public String getSubsystemName() {
 
     @Override
     public void registerTransformers(SubsystemTransformerRegistration subsystemRegistration) {
-// only register transformers for model version 1.3.0 (EAP 6.2+).
+        // only register transformers for model version 1.3.0 (EAP 6.2+).
         registerTransformers_1_3_0(subsystemRegistration);
     }
 
@@ -53,12 +58,18 @@ private void registerTransformers_1_3_0(SubsystemTransformerRegistration subsyst
         builder.rejectChildResource(PathElement.pathElement(Constants.ELYTRON_TRUST_STORE));
         builder.rejectChildResource(PathElement.pathElement(Constants.ELYTRON_KEY_MANAGER));
         builder.rejectChildResource(PathElement.pathElement(Constants.ELYTRON_TRUST_MANAGER));
-        builder.addChildResource(PathElement.pathElement(Constants.SECURITY_MANAGEMENT))
+        builder.getAttributeBuilder()
-                .getAttributeBuilder()
+                .setDiscard(new DiscardAttributeChecker.DiscardAttributeValueChecker(INITIALIZE_JACC.getDefaultValue()), INITIALIZE_JACC)
-                .addRejectCheck(RejectAttributeChecker.DEFINED, SecuritySubsystemRootResourceDefinition.INITIALIZE_JACC)
+                .addRejectCheck(RejectAttributeChecker.DEFINED, INITIALIZE_JACC);
-                .setDiscard(DiscardAttributeChecker.UNDEFINED, SecuritySubsystemRootResourceDefinition.INITIALIZE_JACC);
 
-        SecurityDomainResourceDefinition.registerTransformers_1_3_0(builder);
+
+        builder
+                .addChildResource(SecurityExtension.SECURITY_DOMAIN_PATH)
+                .addChildResource(SecurityExtension.PATH_AUDIT_CLASSIC)
+                .addChildResource(PATH_PROVIDER_MODULE)
+                .getAttributeBuilder()
+                    .setDiscard(new DiscardAttributeChecker.DiscardAttributeValueChecker(new ModelNode(ModuleName.PICKETBOX.getName())), MODULE)
+                    .addRejectCheck(RejectAttributeChecker.DEFINED, MODULE).end();
 
         TransformationDescription.Tools.register(builder.build(), subsystemRegistration, ModelVersion.create(1, 3, 0));
     }

diff --git a/...ity/subsystem/src/test/java/org/jboss/as/security/SecurityDomainModelv20UnitTestCase.java b/...ity/subsystem/src/test/java/org/jboss/as/security/SecurityDomainModelv20UnitTestCase.java
@@ -15,24 +15,12 @@
  */
 package org.jboss.as.security;
 
-import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.SUBSYSTEM;
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertTrue;
-
 import java.io.File;
 import java.io.IOException;
 import java.util.Properties;
 
-import org.jboss.as.controller.ModelVersion;
-import org.jboss.as.controller.PathAddress;
-import org.jboss.as.controller.PathElement;
-import org.jboss.as.model.test.FailedOperationTransformationConfig;
-import org.jboss.as.model.test.ModelTestControllerVersion;
-import org.jboss.as.model.test.ModelTestUtils;
 import org.jboss.as.subsystem.test.AbstractSubsystemBaseTest;
 import org.jboss.as.subsystem.test.AdditionalInitialization;
-import org.jboss.as.subsystem.test.KernelServices;
-import org.jboss.as.subsystem.test.KernelServicesBuilder;
 import org.junit.AfterClass;
 import org.junit.BeforeClass;
 import org.junit.Test;
@@ -107,63 +95,4 @@ public void testSchemaOfSubsystemTemplates() throws Exception {
     protected AdditionalInitialization createAdditionalInitialization() {
         return AdditionalInitialization.withCapabilities("org.wildfly.clustering.infinispan.default-cache-configuration.security");
     }
-
-    @Test
-    public void testTransformersEAP64() throws Exception {
-        testTransformers(ModelTestControllerVersion.EAP_6_4_0);
-    }
-
-    @Test
-    public void testTransformersEAP70() throws Exception {
-        testTransformers(ModelTestControllerVersion.EAP_7_0_0);
-    }
-
-    private void testTransformers(ModelTestControllerVersion controllerVersion) throws Exception {
-
-        KernelServicesBuilder builder = createKernelServicesBuilder(createAdditionalInitialization());
-        ModelVersion version = ModelVersion.create(1, 3, 0);
-
-        final String mavenGavVersion = controllerVersion.getMavenGavVersion();
-        final String artifactId;
-        if (controllerVersion.isEap() && mavenGavVersion.equals(controllerVersion.getCoreVersion())) {
-            /* EAP 6 */
-            artifactId = "jboss-as-security";
-        } else {
-            artifactId = "wildfly-security";
-        }
-
-        builder.createLegacyKernelServicesBuilder(AdditionalInitialization.MANAGEMENT, controllerVersion, version)
-                .addMavenResourceURL(controllerVersion.getMavenGroupId() + ":"+ artifactId +":" + mavenGavVersion);
-
-        KernelServices mainServices = builder.build();
-        assertTrue(mainServices.isSuccessfulBoot());
-        KernelServices legacyServices = mainServices.getLegacyServices(version);
-        assertNotNull(legacyServices);
-        assertTrue(legacyServices.isSuccessfulBoot());
-
-        // any elytron-related resources in the model should get rejected as those are not supported in model version 1.3.0.
-        PathAddress subsystemAddress = PathAddress.pathAddress(PathElement.pathElement(SUBSYSTEM, getMainSubsystemName()));
-        ModelTestUtils.checkFailedTransformedBootOperations(mainServices, version,
-                builder.parseXmlResource("securitysubsystemv20.xml"),
-                new FailedOperationTransformationConfig()
-                        .addFailedAttribute(PathAddress.pathAddress(subsystemAddress, PathElement.pathElement(Constants.ELYTRON_REALM)),
-                                FailedOperationTransformationConfig.REJECTED_RESOURCE)
-                        .addFailedAttribute(PathAddress.pathAddress(subsystemAddress, PathElement.pathElement(Constants.ELYTRON_KEY_STORE)),
-                                FailedOperationTransformationConfig.REJECTED_RESOURCE)
-                        .addFailedAttribute(PathAddress.pathAddress(subsystemAddress, PathElement.pathElement(Constants.ELYTRON_TRUST_STORE)),
-                                FailedOperationTransformationConfig.REJECTED_RESOURCE)
-                        .addFailedAttribute(PathAddress.pathAddress(subsystemAddress, PathElement.pathElement(Constants.ELYTRON_KEY_MANAGER)),
-                                FailedOperationTransformationConfig.REJECTED_RESOURCE)
-                        .addFailedAttribute(PathAddress.pathAddress(subsystemAddress, PathElement.pathElement(Constants.ELYTRON_TRUST_MANAGER)),
-                                FailedOperationTransformationConfig.REJECTED_RESOURCE)
-                        .addFailedAttribute(
-                                PathAddress.pathAddress(subsystemAddress,
-                                        PathElement.pathElement(Constants.SECURITY_DOMAIN, "domain-with-custom-audit-provider"),
-                                        SecurityExtension.PATH_AUDIT_CLASSIC,
-                                        PathElement.pathElement(Constants.PROVIDER_MODULE,
-                                                "org.myorg.security.MyCustomLogAuditProvider")),
-                                new FailedOperationTransformationConfig.NewAttributesConfig(Constants.MODULE))
-                        .addFailedAttribute(PathAddress.pathAddress(subsystemAddress, PathElement.pathElement(Constants.SECURITY_MANAGEMENT)),
-                                new FailedOperationTransformationConfig.NewAttributesConfig(Constants.INITIALIZE_JACC)));
-    }
 }
diff --git a/security/subsystem/src/test/java/org/jboss/as/security/SecurityTransformersTestCase.java b/security/subsystem/src/test/java/org/jboss/as/security/SecurityTransformersTestCase.java
@@ -0,0 +1,155 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2017, Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+
+package org.jboss.as.security;
+
+import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.SUBSYSTEM;
+import static org.junit.Assert.assertTrue;
+
+import java.io.IOException;
+
+import org.jboss.as.controller.ModelVersion;
+import org.jboss.as.controller.PathAddress;
+import org.jboss.as.controller.PathElement;
+import org.jboss.as.model.test.FailedOperationTransformationConfig;
+import org.jboss.as.model.test.ModelTestControllerVersion;
+import org.jboss.as.model.test.ModelTestUtils;
+import org.jboss.as.subsystem.test.AbstractSubsystemBaseTest;
+import org.jboss.as.subsystem.test.AdditionalInitialization;
+import org.jboss.as.subsystem.test.KernelServices;
+import org.jboss.as.subsystem.test.KernelServicesBuilder;
+import org.junit.Assert;
+import org.junit.Test;
+
+/**
+ * @author Tomaz Cerar (c) 2017 Red Hat Inc.
+ */
+public class SecurityTransformersTestCase extends AbstractSubsystemBaseTest {
+
+    public SecurityTransformersTestCase() {
+        super(SecurityExtension.SUBSYSTEM_NAME, new SecurityExtension());
+    }
+
+    @Override
+    protected String getSubsystemXml() throws IOException {
+        return readResource("securitysubsystemv20.xml");
+    }
+
+
+    @Override
+    protected AdditionalInitialization createAdditionalInitialization() {
+        return AdditionalInitialization.withCapabilities("org.wildfly.clustering.infinispan.default-cache-configuration.security");
+    }
+
+    @Test
+    public void testTransformersEAP64() throws Exception {
+        testTransformers(ModelTestControllerVersion.EAP_6_4_0);
+    }
+
+    @Test
+    public void testTransformersEAP70() throws Exception {
+        testTransformers(ModelTestControllerVersion.EAP_7_0_0);
+    }
+
+    private void testTransformers(ModelTestControllerVersion controllerVersion) throws Exception {
+        ModelVersion version = ModelVersion.create(1, 3, 0);
+
+        final String mavenGavVersion = controllerVersion.getMavenGavVersion();
+        final String artifactId;
+        if (controllerVersion.isEap() && mavenGavVersion.equals(controllerVersion.getCoreVersion())) {
+               /* EAP 6 */
+            artifactId = "jboss-as-security";
+        } else {
+            artifactId = "wildfly-security";
+        }
+
+        String mavenGav = String.format("%s:%s:%s", controllerVersion.getMavenGroupId(), artifactId, controllerVersion.getMavenGavVersion());
+
+        testTransformers(controllerVersion, version, mavenGav);
+        testReject(controllerVersion, version, mavenGav);
+    }
+
+    private void testReject(ModelTestControllerVersion controllerVersion, ModelVersion targetVersion, String mavenGAV) throws Exception {
+        KernelServicesBuilder builder = createKernelServicesBuilder(createAdditionalInitialization());
+        builder.createLegacyKernelServicesBuilder(null, controllerVersion, targetVersion)
+                .configureReverseControllerCheck(createAdditionalInitialization(), null)
+                //.skipReverseControllerCheck()
+                .addMavenResourceURL(mavenGAV)
+                .dontPersistXml();
+
+        KernelServices mainServices = builder.build();
+        Assert.assertTrue(mainServices.isSuccessfulBoot());
+        KernelServices legacyServices = mainServices.getLegacyServices(targetVersion);
+        Assert.assertTrue(legacyServices.isSuccessfulBoot());
+        Assert.assertNotNull(legacyServices);
+
+        // any elytron-related resources in the model should get rejected as those are not supported in model version 1.3.0.
+        PathAddress subsystemAddress = PathAddress.pathAddress(PathElement.pathElement(SUBSYSTEM, getMainSubsystemName()));
+        ModelTestUtils.checkFailedTransformedBootOperations(mainServices, targetVersion,
+                builder.parseXmlResource("security-transformers-reject_2.0.xml"),
+                new FailedOperationTransformationConfig()
+                        .addFailedAttribute(PathAddress.pathAddress(subsystemAddress, PathElement.pathElement(Constants.ELYTRON_REALM)),
+                                FailedOperationTransformationConfig.REJECTED_RESOURCE)
+                        .addFailedAttribute(PathAddress.pathAddress(subsystemAddress, PathElement.pathElement(Constants.ELYTRON_KEY_STORE)),
+                                FailedOperationTransformationConfig.REJECTED_RESOURCE)
+                        .addFailedAttribute(PathAddress.pathAddress(subsystemAddress, PathElement.pathElement(Constants.ELYTRON_TRUST_STORE)),
+                                FailedOperationTransformationConfig.REJECTED_RESOURCE)
+                        .addFailedAttribute(PathAddress.pathAddress(subsystemAddress, PathElement.pathElement(Constants.ELYTRON_KEY_MANAGER)),
+                                FailedOperationTransformationConfig.REJECTED_RESOURCE)
+                        .addFailedAttribute(PathAddress.pathAddress(subsystemAddress, PathElement.pathElement(Constants.ELYTRON_TRUST_MANAGER)),
+                                FailedOperationTransformationConfig.REJECTED_RESOURCE)
+                        .addFailedAttribute(
+                                PathAddress.pathAddress(subsystemAddress,
+                                        PathElement.pathElement(Constants.SECURITY_DOMAIN, "domain-with-custom-audit-provider"),
+                                        SecurityExtension.PATH_AUDIT_CLASSIC,
+                                        PathElement.pathElement(Constants.PROVIDER_MODULE,
+                                                "org.myorg.security.MyCustomLogAuditProvider")),
+                                new FailedOperationTransformationConfig.NewAttributesConfig(Constants.MODULE))
+                        .addFailedAttribute(PathAddress.pathAddress(subsystemAddress),
+                                new FailedOperationTransformationConfig.NewAttributesConfig(Constants.INITIALIZE_JACC)));
+        legacyServices.shutdown();
+        mainServices.shutdown();
+    }
+
+
+    private void testTransformers(ModelTestControllerVersion controllerVersion, ModelVersion targetVersion, String mavenGAV) throws Exception {
+        //Boot up empty controllers with the resources needed for the ops coming from the xml to work
+        KernelServicesBuilder builder = createKernelServicesBuilder(createAdditionalInitialization())
+                .setSubsystemXmlResource("security-transformers_2.0.xml");
+        builder.createLegacyKernelServicesBuilder(null, controllerVersion, targetVersion)
+                .addMavenResourceURL(mavenGAV)
+                .configureReverseControllerCheck(createAdditionalInitialization(), null)
+                .dontPersistXml();
+
+        KernelServices mainServices = builder.build();
+        assertTrue(mainServices.isSuccessfulBoot());
+        assertTrue(mainServices.getLegacyServices(targetVersion).isSuccessfulBoot());
+
+        checkSubsystemModelTransformation(mainServices, targetVersion, null);
+        mainServices.shutdown();
+    }
+
+
+    @Override
+    public void testSchema() throws Exception {
+    }
+}