Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
Describe the issue:
GroupsAndRolesMigrator step fails there are internal roles and external groups having the same name.
How to reproduce:
In the IS-5.9.0/5.10.0 server make sure you create an internal role that has the same name as an external role. eg since the normal admin role is already there, create an Internal/admin role so that the role name matches.
Do a test migration from IS-5.9.0/5.10.0 to IS-5.11.0[1].
The following error would be observed in the logs.
[2021-02-24 16:19:02,903] [] ERROR {org.wso2.carbon.is.migration.service.v5110.migrator.GroupsAndRolesMigrator} - WSO2 Product Migration Service Task : Error while migrating external role permissions. org.wso2.carbon.user.core.UserStoreException: 30012 - RoleExistingRole name: admin exists in the system. Please pick another role name.
at org.wso2.carbon.user.core.common.AbstractUserStoreManager.handleRoleAlreadyExistException(AbstractUserStoreManager.java:7550)
at org.wso2.carbon.user.core.common.AbstractUserStoreManager.doAddInternalRole(AbstractUserStoreManager.java:7517)
at org.wso2.carbon.user.core.common.AbstractUserStoreManager.addRole(AbstractUserStoreManager.java:6800)
at org.wso2.carbon.user.core.common.AbstractUserStoreManager.addRole(AbstractUserStoreManager.java:9057)
at org.wso2.carbon.is.migration.service.v5110.migrator.GroupsAndRolesMigrator.migrateSuperTenantData(GroupsAndRolesMigrator.java:168)
at org.wso2.carbon.is.migration.service.v5110.migrator.GroupsAndRolesMigrator.migrate(GroupsAndRolesMigrator.java:136)
at org.wso2.carbon.is.migration.VersionMigration.migrate(VersionMigration.java:52)
at org.wso2.carbon.is.migration.MigrationClientImpl.execute(MigrationClientImpl.java:85)
at org.wso2.carbon.identity.core.internal.IdentityCoreServiceComponent.activate(IdentityCoreServiceComponent.java:149)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.eclipse.equinox.internal.ds.model.ServiceComponent.activate(ServiceComponent.java:260)
at org.eclipse.equinox.internal.ds.model.ServiceComponentProp.activate(ServiceComponentProp.java:146)
at org.eclipse.equinox.internal.ds.model.ServiceComponentProp.build(ServiceComponentProp.java:345)
at org.eclipse.equinox.internal.ds.InstanceProcess.buildComponent(InstanceProcess.java:620)
at org.eclipse.equinox.internal.ds.InstanceProcess.buildComponents(InstanceProcess.java:197)
at org.eclipse.equinox.internal.ds.Resolver.getEligible(Resolver.java:343)
at org.eclipse.equinox.internal.ds.SCRManager.serviceChanged(SCRManager.java:222)
at org.eclipse.osgi.internal.serviceregistry.FilteredServiceListener.serviceChanged(FilteredServiceListener.java:113)
at org.eclipse.osgi.internal.framework.BundleContextImpl.dispatchEvent(BundleContextImpl.java:985)
at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:234)
at org.eclipse.osgi.framework.eventmgr.ListenerQueue.dispatchEventSynchronous(ListenerQueue.java:151)
at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.publishServiceEventPrivileged(ServiceRegistry.java:866)
at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.publishServiceEvent(ServiceRegistry.java:804)
at org.eclipse.osgi.internal.serviceregistry.ServiceRegistrationImpl.register(ServiceRegistrationImpl.java:130)
at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.registerService(ServiceRegistry.java:228)
at org.eclipse.osgi.internal.framework.BundleContextImpl.registerService(BundleContextImpl.java:525)
at org.eclipse.osgi.internal.framework.BundleContextImpl.registerService(BundleContextImpl.java:544)
at org.wso2.carbon.core.init.CarbonServerManager.initializeCarbon(CarbonServerManager.java:529)
at org.wso2.carbon.core.init.CarbonServerManager.removePendingItem(CarbonServerManager.java:305)
at org.wso2.carbon.core.init.PreAxis2ConfigItemListener.bundleChanged(PreAxis2ConfigItemListener.java:118)
at org.eclipse.osgi.internal.framework.BundleContextImpl.dispatchEvent(BundleContextImpl.java:973)
at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:234)
at org.eclipse.osgi.framework.eventmgr.EventManager$EventThread.run(EventManager.java:345)
Note, the rest of the external roles would not be migrated properly when the above error occurs[1].
Expected behavior:
If an internal role exists with the same name, a new role should be created to represent the existing external role.
Environment information (Please complete the following information; remove any unnecessary fields) :
IS-5.9.0 - IS-5.11.0 Migration
We also noticed this issue with other customers, and we resolved it by re-naming the internal/admin role to another. Appriciate to resolve this issue soon.
Describe the issue: GroupsAndRolesMigrator step fails there are internal roles and external groups having the same name.
How to reproduce:
Note, the rest of the external roles would not be migrated properly when the above error occurs[1].
Expected behavior: If an internal role exists with the same name, a new role should be created to represent the existing external role.
Environment information (Please complete the following information; remove any unnecessary fields) : IS-5.9.0 - IS-5.11.0 Migration
Related issues: https://github.com/wso2/product-is/issues/11327
[1]https://github.com/wso2-extensions/identity-migration-resources/blob/master/components/org.wso2.is.migration/migration-service/src/main/java/org/wso2/carbon/is/migration/service/v5110/migrator/GroupsAndRolesMigrator.java#L168