Needed for appliance.
After upgrading all nodes to EJBCA 6.8.0 we want to:
- Remove all old admin groups and referenced objects, but not the still mapped tables (cleanup)
- Check that no TYPE_NOT_EQUALCASE or TYPE_NOT_EQUALCASEINS match operator still exists (for future consistency)
- Change the behavior to make a union of all matched role's access rules instead of priority match (to avoid unintentional privelege escalation)
For UI niceness,
- we should write to the database when upgrade begins and prevent multiple nodes to start the post-upgrade (unless forced if a node doing the upgrade has crashed). This is not super-useful since the config is cached normally, but might prevent some bad behavior for users running default (which are also probably the ones most likely not to read the instructions).
- have a pattern where upgrade can log in such a way that this could be seen in the GUI of the node doing the post-upgrade
(For debugging the admin still needs to check the server log, but expected errors should be visible via the GUI.)