Add the SKIP_SSO_FEATURE_INSTALL flag

kabicin · kabicin · commit f8d5ea430808 · 2023-06-12T14:59:11.000-04:00
diff --git a/README.md b/README.md
@@ -78,16 +78,19 @@ Refer to [Repository and proxy modifications](https://openliberty.io/docs/ref/co
 
 ## Enterprise Functionality
 
-This section describes the optional enterprise functionality that can be enabled via the Dockerfile during `build` time, by setting particular build-arguments (`ARG`) and calling `RUN configure.sh`.  Each of these options trigger the inclusion of specific configuration via XML snippets (except for `VERBOSE`), described below:
+This section describes the optional enterprise functionality that can be enabled via the Dockerfile during `build` time, by setting particular build-arguments (`ARG`) and calling `RUN configure.sh`.  Each of these options trigger the inclusion/exclusion of specific configuration via XML snippets (except for `VERBOSE`), described below:
 
-* `TLS` (`SSL` is deprecated)
-  *  Description: Enable Transport Security in Liberty by adding the `transportSecurity-1.0` feature (includes support for SSL).
-  *  XML Snippet Location:  [keystore.xml](/releases/latest/kernel-slim/helpers/build/configuration_snippets/keystore.xml).
 * `HZ_SESSION_CACHE`
   *  Description: Enable the persistence of HTTP sessions using JCache by adding the `sessionCache-1.0` feature.
   *  XML Snippet Location: [hazelcast-sessioncache.xml](/releases/latest/kernel-slim/helpers/build/configuration_snippets/hazelcast-sessioncache.xml)
+* `SKIP_SSO_FEATURE_INSTALL`
+  *  Description: Disable the install of `appSecurity-2.0` and `socialLogin-1.0` when `SEC_SSO_PROVIDERS` is set. (see [SECURITY.md](/SECURITY.md) for usage.)
+  *  XML Snippet Location: [sso-features.xml](/releases/latest/kernel-slim/helpers/build/configuration_snippets/sso-features.xml)
+* `TLS` (`SSL` is deprecated)
+  *  Description: Enable Transport Security in Liberty by adding the `transportSecurity-1.0` feature (includes support for SSL).
+  *  XML Snippet Location:  [keystore.xml](/releases/latest/kernel-slim/helpers/build/configuration_snippets/keystore.xml).
 * `VERBOSE`
-  *  Description: When set to `true` it outputs the commands and results to stdout from `configure.sh`. Otherwise, default setting is `false` and `configure.sh` is silenced.
+  *  Description: When set to `true` it outputs the commands and results to stdout from `features.sh` and `configure.sh`. Otherwise, default setting is `false` and `features.sh` and `configure.sh` are silenced.
 
 ### Deprecated Enterprise Functionality
 
diff --git a/SECURITY.md b/SECURITY.md
@@ -38,7 +38,20 @@ The following variables configure container security for Single Sign-On using th
 
  * Providers usually require the use of HTTPS.  Specify `ARG TLS=true` in your Dockerfile. 
 
- * Your Dockerfile must call `RUN configure.sh` for these to take effect. 
+ * Your Dockerfile must call `RUN configure.sh` for these to take effect.
+
+#### The `<feature>` and `appSecurity-2.0` configured features include an incompatible combination of features. 
+
+ * When specifying the `SEC_SSO_PROVIDERS` ARG, you might get an incompatible set of features with `appSecurity-2.0` similar to the snippet below:   
+
+  ```
+  CWWKF0044E: The persistence-3.1 and appSecurity-2.0 features cannot be loaded at the same time. 
+  The persistence-3.1 feature of Jakarta EE 10 is incompatible with the appSecurity-2.0 feature of Java EE 6. 
+  The persistence-3.1 and appSecurity-2.0 configured features include an incompatible combination of features. 
+  Your configuration is not supported. Update the configuration to use features that support either the Jakarta EE or Java EE programming models, but not both.
+  ```
+
+  * To avoid this error, set `ARG SKIP_SSO_FEATURE_INSTALL=true` in your Dockerfile.
 
 ### Configuration needed at image build time or at container deploy time:
 
diff --git a/releases/22.0.0.12/full/helpers/build/configure.sh b/releases/22.0.0.12/full/helpers/build/configure.sh
@@ -86,7 +86,9 @@ function main() {
   fi
 
   if [[ -n "$SEC_SSO_PROVIDERS" ]]; then
-    cp $SNIPPETS_SOURCE/sso-features.xml $SNIPPETS_TARGET_DEFAULTS
+    if [[ "$SKIP_SSO_FEATURE_INSTALL" != "true" ]]; then
+      cp $SNIPPETS_SOURCE/sso-features.xml $SNIPPETS_TARGET_DEFAULTS
+    fi
     parseProviders $SEC_SSO_PROVIDERS
   fi
 
diff --git a/releases/22.0.0.12/kernel-slim/helpers/build/features.sh b/releases/22.0.0.12/kernel-slim/helpers/build/features.sh
@@ -20,7 +20,7 @@ if [ -n "$INFINISPAN_SERVICE_NAME" ] || [ "${HZ_SESSION_CACHE}" == "client" ] ||
 fi
 
 # SSO
-if [[ -n "$SEC_SSO_PROVIDERS" ]]; then
+if [[ -n "$SEC_SSO_PROVIDERS" ]] && [[ "$SKIP_SSO_FEATURE_INSTALL" != "true" ]]; then
   cp $SNIPPETS_SOURCE/sso-features.xml $SNIPPETS_TARGET_DEFAULTS
 fi
 
diff --git a/releases/23.0.0.3/full/helpers/build/configure.sh b/releases/23.0.0.3/full/helpers/build/configure.sh
@@ -86,7 +86,9 @@ function main() {
   fi
 
   if [[ -n "$SEC_SSO_PROVIDERS" ]]; then
-    cp $SNIPPETS_SOURCE/sso-features.xml $SNIPPETS_TARGET_DEFAULTS
+    if [[ "$SKIP_SSO_FEATURE_INSTALL" != "true" ]]; then
+      cp $SNIPPETS_SOURCE/sso-features.xml $SNIPPETS_TARGET_DEFAULTS
+    fi
     parseProviders $SEC_SSO_PROVIDERS
   fi
 
diff --git a/releases/23.0.0.3/kernel-slim/helpers/build/features.sh b/releases/23.0.0.3/kernel-slim/helpers/build/features.sh
@@ -20,7 +20,7 @@ if [ -n "$INFINISPAN_SERVICE_NAME" ] || [ "${HZ_SESSION_CACHE}" == "client" ] ||
 fi
 
 # SSO
-if [[ -n "$SEC_SSO_PROVIDERS" ]]; then
+if [[ -n "$SEC_SSO_PROVIDERS" ]] && [[ "$SKIP_SSO_FEATURE_INSTALL" != "true" ]]; then
   cp $SNIPPETS_SOURCE/sso-features.xml $SNIPPETS_TARGET_DEFAULTS
 fi
 
diff --git a/releases/23.0.0.5/full/helpers/build/configure.sh b/releases/23.0.0.5/full/helpers/build/configure.sh
@@ -86,7 +86,9 @@ function main() {
   fi
 
   if [[ -n "$SEC_SSO_PROVIDERS" ]]; then
-    cp $SNIPPETS_SOURCE/sso-features.xml $SNIPPETS_TARGET_DEFAULTS
+    if [[ "$SKIP_SSO_FEATURE_INSTALL" != "true" ]]; then
+      cp $SNIPPETS_SOURCE/sso-features.xml $SNIPPETS_TARGET_DEFAULTS
+    fi
     parseProviders $SEC_SSO_PROVIDERS
   fi
 
diff --git a/releases/23.0.0.5/kernel-slim/helpers/build/features.sh b/releases/23.0.0.5/kernel-slim/helpers/build/features.sh
@@ -20,7 +20,7 @@ if [ -n "$INFINISPAN_SERVICE_NAME" ] || [ "${HZ_SESSION_CACHE}" == "client" ] ||
 fi
 
 # SSO
-if [[ -n "$SEC_SSO_PROVIDERS" ]]; then
+if [[ -n "$SEC_SSO_PROVIDERS" ]] && [[ "$SKIP_SSO_FEATURE_INSTALL" != "true" ]]; then
   cp $SNIPPETS_SOURCE/sso-features.xml $SNIPPETS_TARGET_DEFAULTS
 fi
 
diff --git a/releases/latest/beta/helpers/build/configure.sh b/releases/latest/beta/helpers/build/configure.sh
@@ -86,7 +86,9 @@ function main() {
   fi
 
   if [[ -n "$SEC_SSO_PROVIDERS" ]]; then
-    cp $SNIPPETS_SOURCE/sso-features.xml $SNIPPETS_TARGET_DEFAULTS
+    if [[ "$SKIP_SSO_FEATURE_INSTALL" != "true" ]]; then
+      cp $SNIPPETS_SOURCE/sso-features.xml $SNIPPETS_TARGET_DEFAULTS
+    fi
     parseProviders $SEC_SSO_PROVIDERS
   fi
 
diff --git a/releases/latest/full/helpers/build/configure.sh b/releases/latest/full/helpers/build/configure.sh
@@ -86,7 +86,9 @@ function main() {
   fi
 
   if [[ -n "$SEC_SSO_PROVIDERS" ]]; then
-    cp $SNIPPETS_SOURCE/sso-features.xml $SNIPPETS_TARGET_DEFAULTS
+    if [[ "$SKIP_SSO_FEATURE_INSTALL" != "true" ]]; then
+      cp $SNIPPETS_SOURCE/sso-features.xml $SNIPPETS_TARGET_DEFAULTS
+    fi
     parseProviders $SEC_SSO_PROVIDERS
   fi
 
diff --git a/releases/latest/kernel-slim/helpers/build/features.sh b/releases/latest/kernel-slim/helpers/build/features.sh
@@ -20,7 +20,7 @@ if [ -n "$INFINISPAN_SERVICE_NAME" ] || [ "${HZ_SESSION_CACHE}" == "client" ] ||
 fi
 
 # SSO
-if [[ -n "$SEC_SSO_PROVIDERS" ]]; then
+if [[ -n "$SEC_SSO_PROVIDERS" ]] && [[ "$SKIP_SSO_FEATURE_INSTALL" != "true" ]]; then
   cp $SNIPPETS_SOURCE/sso-features.xml $SNIPPETS_TARGET_DEFAULTS
 fi
 
