Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 18 Next »

This article will describe the steps that you need to take when making a change to the service schema in AM (aka the configuration), in particular this will focus on how the upgrade rules should be created and applied.

Currently there are two ways to change the service schema in AM:

  1. In the xml schema files that use the sms.dtd
  2. Through annotations on POJO's in the AM codebase 

In either case when a change is made upgrade rules will need to be written so that customers can continue to use their configuration.

Currently there are 3 ways a customer might upgrade AM's configuration:

  1. Manually through the use of the Upgrade step org.forgerock.openam.upgrade.steps.UpgradeStep
  2. Using the openam-config-upgrader and rules
    1. to update Amster files
    2. to update FBC files

Checklist of required actions

Rules to upgrade FBC

TODO: How to find the service name as it is not the Amster name

TODO: Outline the structure of the fbc

master.groovy

Set of idempotent rules that will upgrade file based configuration files to be compatible with the latest version of AM on a branch.  master.groovy is contained in the AM.zip release.

Examples

Idempotency can be achieved using the configuration version.  More information can be found here Upgrade rule filtering based on version.

Idempotency using configuration version
def UPGRADE_TO_VERSION = "1.0.0.1"    
def APPLICABLE_VERSIONS = ["1.1.0.0","2.0.0.0"]
return
    [
    setVersion(UPGRADE_TO_VERSION),
    forRealmService("authenticationTreesService",
       forVersionsBefore(APPLICABLE_VERSIONS,
           forRealmDefaults(
               addAttribute("new").with("attribute"))
            )
       )
    ]

From authenticationTreesService-realm-defaults-add-attribute.groovy


Guards can be used to achieve idempotency.

Idempotency using guards
return
    [
        forRealmService("OAuth2Provider",
            forRealmDefaults(
                within("advancedOIDCConfig",
                    where(key("authorisedIdmDelegationClients").isNotPresent(),
                        addAttribute("authorisedIdmDelegationClients").with(Collections.emptySet())))),
            forSettings(
                within("advancedOIDCConfig",
                    where(key("authorisedIdmDelegationClients").isNotPresent(),
                        addAttribute("authorisedIdmDelegationClients").with(Collections.emptySet()))))),
    ]

From oauth2Provider-realm-instances-add-attribute-idempontent.groovy

Testing

Unit tests will run against master.groovy for these test cases.  When adding rules it is expected that test case files are added to test those rules.


Child Pages

  • No labels