Merge pull request #229 from iankko/apply_patches

[RHSSO-1874] Fix the one-off JBoss CLI patch application mechanism

Author: ASzc

image.yaml

@@ -94,26 +94,29 @@ modules:
             path: modules
 
       install:
-          # Define RH-SSO global variables & functions required by subsequent image modules.
+
+          # First define RH-SSO global variables & functions required by subsequent modules
           #
-          # IMPORTANT: This module needs to be included (sourced) in each of the following
-          #            modules using "sed -e" or "sed -i" expressions, where the regex pattern
-          #            or the replacement value is dynamic (coming from env var supplied to the
-          #            container image at runtime). See CIAM-1394 JIRA for details
+          # IMPORTANT: Include this module in each of the subsequent modules using some variable
+          #            or function definition from it
           - name: sso.rcfile
             version: '1.0'
+
+          # Setup nss_wrapper
           - name: sso.security.cve-2020-10695
             version: '1.0'
+
           # Install JDK runtime
           - name: sso-jdk
             version: &jdk_version '11'
-           # Perform all actions required by Wildfly / JBoss EAP Galleon Maven build
-           # See 'used-eap-modules-list.txt' for overview of used JBoss EAP modules,
-           # and the order they need to be called in
+
+          # Perform all actions required by Wildfly / JBoss EAP Galleon Maven build
+          # See 'used-eap-modules-list.txt' for overview of used JBoss EAP modules,
+          # and the order they need to be called in
           - name: eap
             version: '1.0'
 
-          ## RH-SSO product specific modules from modules/ path in this repository
+          # RH-SSO product specific modules from modules/ path in this repository
           - name: keycloak.openshift.clients
             version: '1.0'
           - name: sso.config.launch.setup.75
@@ -124,6 +127,12 @@ modules:
           - name: openshift-layer
           - name: keycloak-layer
 
+          # Apply any possibly needed EAP / RH-SSO patches
+          # Note: In order to properly manage also RH-SSO patches, this module
+          #       can only be called once the 'keycloak' layer was added
+          - name: sso.apply.patches
+            version: '1.0'
+
           # The extensions module can be called only after all updates to standalone-openshift.xml have been done.
           # See eg. https://access.redhat.com/solutions/3402171 for details how to use
           - name: sso-cli-extensions

modules/eap/install-eap-one-offs.sh

@@ -1,8 +1,10 @@
 schema_version: 1
 name: eap
-description: "Installs base EAP to the image."
+version: '1.0'
+description: Module to install base EAP layer to the RH-SSO container image
 
 # NOTE:
+#
 #   The former listing of all specific EAP modules to be included into the RH-SSO
 #   images was replaced with a single 'setup.eap.modules' CEKit module (therefore
 #   one new layer in the resulting built container image).
@@ -20,6 +22,7 @@ description: "Installs base EAP to the image."
 #   failed as a whole.
 #
 # IMPORTANT:
+#
 #   Do not change this approach!
 #
 #   If you need to add / list additional EAP module, not present yet, append the
@@ -36,30 +39,7 @@ description: "Installs base EAP to the image."
 #   the starting and ending comments, so the order in which the modules need
 #   to be included, is preserved and respected.
 
-version: '1.0'
-
 modules:
       install:
           - name: setup.eap.modules
             version: "1.0"
-
-execute:
-    - script: install-eap-one-offs.sh
-
-# Important:
-# ----------
-#
-# All EAP one-offs artifacts must be prefixed with "eap-one-off-" prefix and suffixed with in ".zip".
-# Ensure that only one-offs for the INSTALLED version of EAP are present, and comment all of them
-# that are obsoleted.
-#
-# For an example of proper / intended usage, see the "jbeap-18807.zip" example below.
-#
-# artifacts:
-#
-#      KEYCLOAK-13487 "jbeap-18807.zip" is obsolete in EAP-7.3.1 / RH-SSO 7.5.1, deprecate it
-#
-#      - md5: 1b6036cfcde2cf1dc05c2eb6eca228ff
-#        name: jbeap-18807.zip
-#        target: eap-one-off-jbeap-18807.zip
-#        url: http://$DOWNLOAD_SERVER/devel/candidates/JBSSO/JBSSO-7.5.0.CR2/jbeap-18807.zip

modules/eap/module.yaml

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+set -e
+
+readonly SOURCES_DIR="/tmp/artifacts/"
+export JAVA_OPTS="${JAVA_OPTS} -Dorg.wildfly.patching.jar.invalidation=true"
+
+# Do not use for cycle, it would faile if no such files are found
+find "${SOURCES_DIR}" \( -name 'eap-one-off-*.zip' -o -name 'rh-sso-*.zip' \) | while read -r I; do
+    echo "Applying patch: '$I' ..."
+    "${JBOSS_HOME}"/bin/jboss-cli.sh --command="patch apply $I"
+done

modules/sso/apply/patches/apply-eap-rh-sso-one-off-patches.sh

@@ -0,0 +1,25 @@
+schema_version: 1
+name: sso.apply.patches
+version: '1.0'
+description: Module to apply any possibly needed EAP / RH-SSO one-off patches via jboss-cli.sh
+execute:
+- script: apply-eap-rh-sso-one-off-patches.sh
+
+# Note:
+#
+# All EAP one-offs artifacts must be prefixed with "eap-one-off-" prefix and suffixed with ".zip".
+# All RH-SSO patches must be prefixed with "rh-sso-" prefix and suffixed with ".zip".
+#
+# Ensure that only one-offs for the INSTALLED version of EAP / RH-SSO are present, and comment all
+# of them that are obsoleted.
+#
+# For an example of proper / intended usage, see the "jbeap-18807.zip" example below.
+#
+# artifacts:
+#
+#      KEYCLOAK-13487 "jbeap-18807.zip" is obsolete in EAP-7.3.1 / RH-SSO 7.5.1, deprecate it
+#
+#      - md5: 1b6036cfcde2cf1dc05c2eb6eca228ff
+#        name: jbeap-18807.zip
+#        target: eap-one-off-jbeap-18807.zip
+#        url: http://$DOWNLOAD_SERVER/devel/candidates/JBSSO/JBSSO-7.5.0.CR2/jbeap-18807.zip