Merge branch 'jira-wdt-907-opss-wallet' into 'main'

Include OPSS wallet passphrase and tokenize in discovered model when using targets

See merge request weblogic-cloud/weblogic-deploy-tooling!1715

Author: robertpatrick

core/src/main/python/discover.py

@@ -328,6 +328,8 @@ def __validate_discover_passwords_and_security_data_args(model_context, argument
     passwords_argument = None
     if model_context.is_discover_passwords():
         passwords_argument = CommandLineArgUtil.DISCOVER_PASSWORDS_SWITCH
+    elif model_context.is_discover_opss_wallet():
+        passwords_argument = CommandLineArgUtil.DISCOVER_OPSS_WALLET_SWITCH
     elif model_context.is_discover_security_provider_passwords():
         passwords_argument = CommandLineArgUtil.DISCOVER_SECURITY_PROVIDER_DATA_SWITCH + " " \
                              + model_context.get_discover_security_provider_data_types_label()
@@ -350,15 +352,9 @@ def __validate_discover_passwords_and_security_data_args(model_context, argument
             __logger.throwing(ex, class_name=_class_name, method_name=_method_name)
             raise ex
 
-    if model_context.is_discover_passwords() or model_context.is_discover_security_provider_data() or \
-            model_context.is_discover_opss_wallet():
+    if passwords_argument:
         if not model_context.is_encrypt_discovered_passwords() and model_context.get_encryption_passphrase() is not None:
             # don't allow turning off encryption and supplying an encryption passphrase
-            if model_context.is_discover_passwords():
-                arg = CommandLineArgUtil.DISCOVER_PASSWORDS_SWITCH
-            else:
-                arg = CommandLineArgUtil.DISCOVER_SECURITY_PROVIDER_DATA_SWITCH
-
             if CommandLineArgUtil.PASSPHRASE_ENV_SWITCH in argument_map:
                 bad_arg = CommandLineArgUtil.PASSPHRASE_ENV_SWITCH
             elif CommandLineArgUtil.PASSPHRASE_FILE_SWITCH in argument_map:
@@ -369,7 +365,7 @@ def __validate_discover_passwords_and_security_data_args(model_context, argument
                 bad_arg = CommandLineArgUtil.PASSPHRASE_SWITCH
 
             ex = exception_helper.create_cla_exception(ExitCode.ARG_VALIDATION_ERROR, 'WLSDPLY-06052',
-                                                       _program_name, arg, bad_arg)
+                                                       _program_name, passwords_argument, bad_arg)
             __logger.throwing(ex, class_name=_class_name, method_name=_method_name)
             raise ex
 

core/src/main/python/wlsdeploy/tool/discover/opss_wallet_discoverer.py

@@ -8,6 +8,7 @@
 from oracle.weblogic.deploy.util import WLSDeployArchiveIOException
 
 from wlsdeploy.aliases.alias_constants import PASSWORD_TOKEN
+from wlsdeploy.aliases.model_constants import DOMAIN_INFO
 from wlsdeploy.aliases.model_constants import OPSS_WALLET_PASSPHRASE
 from wlsdeploy.aliases.wlst_modes import WlstModes
 from wlsdeploy.exception import exception_helper
@@ -30,7 +31,7 @@ def __init__(self, model_context, domain_info, base_location, wlst_mode=WlstMode
         """
         The constructor
         :param model_context:
-        :param model:
+        :param domain_info:
         :param base_location:
         :param wlst_mode:
         :param aliases:
@@ -93,6 +94,11 @@ def _export_opss_wallet(self):
         self._domain_info_dictionary[OPSS_WALLET_PASSPHRASE] = \
             self._get_opss_wallet_passphrase_for_model(opss_wallet_passphrase)
 
+        if self._credential_injector is not None:
+            location = self._aliases.get_model_section_attribute_location(DOMAIN_INFO)
+            self._credential_injector.check_and_tokenize(self._domain_info_dictionary, OPSS_WALLET_PASSPHRASE,
+                                                         location)
+
         _logger.exiting(class_name=_class_name, method_name=_method_name)
 
     def _get_opss_wallet_passphrase_for_model(self, password):

core/src/main/python/wlsdeploy/tool/util/filters/wko_filter.py

@@ -17,16 +17,13 @@
 from wlsdeploy.aliases.model_constants import CLUSTER
 from wlsdeploy.aliases.model_constants import CLUSTER_MESSAGING_MODE
 from wlsdeploy.aliases.model_constants import DATABASE_LESS_LEASING_BASIS
-from wlsdeploy.aliases.model_constants import DOMAIN_INFO
 from wlsdeploy.aliases.model_constants import DYNAMIC_SERVERS
 from wlsdeploy.aliases.model_constants import LISTEN_PORT
 from wlsdeploy.aliases.model_constants import MACHINE
 from wlsdeploy.aliases.model_constants import MIGRATION_BASIS
 from wlsdeploy.aliases.model_constants import NM_PROPERTIES
 from wlsdeploy.aliases.model_constants import NODE_MANAGER_PW_ENCRYPTED
 from wlsdeploy.aliases.model_constants import NODE_MANAGER_USER_NAME
-from wlsdeploy.aliases.model_constants import OPSS_SECRETS
-from wlsdeploy.aliases.model_constants import OPSS_WALLET_PASSPHRASE
 from wlsdeploy.aliases.model_constants import PARTITION
 from wlsdeploy.aliases.model_constants import PARTITION_WORK_MANAGER
 from wlsdeploy.aliases.model_constants import RESOURCES
@@ -149,25 +146,15 @@ def check_clustered_server_ports(model, _model_context):
                 server_port_map[server_cluster] = {"firstServer": server_name, "serverPort": server_port_text}
 
 
-def filter_domain_info(model, _model_context):
+def filter_domain_info(_model, _model_context):
     """
     Remove elements from the domainInfo section of the model that are not relevant in a Kubernetes environment.
-    This may include references to OPSS secret elements.
-    :param model: the model to be updated
-    :param _model_context: used to get target configuration
+    Currently, there are no items to be removed.
+    :param _model: the model to be updated
+    :param _model_context: unused, passed by filter_helper if called independently
     """
     _method_name = 'filter_domain_info'
 
-    target_configuration = _model_context.get_target_configuration()
-    if not target_configuration.uses_opss_secrets():
-        domain_info = dictionary_utils.get_dictionary_element(model, DOMAIN_INFO)
-        for delete_key in [OPSS_WALLET_PASSPHRASE, OPSS_SECRETS]:
-            if delete_key in domain_info:
-                source_name = target_configuration.get_domain_home_source_name()
-                _logger.info('WLSDPLY-20208', delete_key, DOMAIN_INFO, source_name,
-                             class_name=_class_name, method_name=_method_name)
-                del domain_info[delete_key]
-
 
 def filter_topology(model, _model_context):
     """

core/src/main/resources/oracle/weblogic/deploy/aliases/category_modules/DomainInfo.json

@@ -8,7 +8,7 @@
         "AdminUserName":                            [ {"version": "[10,)",       "wlst_mode": "both",    "wlst_name": "AdminUserName",                            "wlst_path": "WP001", "default_value": "weblogic", "wlst_type": "credential" } ],
         "AppDir":                                   [ {"version": "[10,)",       "wlst_mode": "both",    "wlst_name": "AppDir",                                   "wlst_path": "WP001", "default_value": null,       "wlst_type": "string",    "uses_path_tokens": "true" } ],
         "OPSSSecrets":                              [ {"version": "[10,)",       "wlst_mode": "both",    "wlst_name": "OPSSSecrets",                              "wlst_path": "WP001", "default_value": null,       "wlst_type": "password",  "secret_suffix": "opsssecrets", "secret_key": "walletPassword" } ],
-        "OPSSWalletPassphrase":                     [ {"version": "[10,)",       "wlst_mode": "both",    "wlst_name": "OPSSWalletPassphrase",                     "wlst_path": "WP001", "default_value": null,       "wlst_type": "password",  "secret_suffix": "opsssecrets", "secret_key": "walletPassword" } ],
+        "OPSSWalletPassphrase":                     [ {"version": "[10,)",       "wlst_mode": "both",    "wlst_name": "OPSSWalletPassphrase",                     "wlst_path": "WP001", "default_value": null,       "wlst_type": "password",  "secret_suffix": "opsswallet", "secret_key": "passphrase" } ],
         "ServerGroupTargetingLimits":               [ {"version": "[10,)",       "wlst_mode": "both",    "wlst_name": "ServerGroupTargetingLimits",               "wlst_path": "WP001", "default_value": null,       "wlst_type": "dict"       } ],
         "DynamicClusterServerGroupTargetingLimits": [ {"version": "[12.2.1.1,)", "wlst_mode": "both",    "wlst_name": "dynamicClusterServerGroupTargetingLimits", "wlst_path": "WP001", "default_value": null,       "wlst_type": "dict"       } ],
         "ServerStartMode":                          [ {"version": "[10,)",       "wlst_mode": "both",    "wlst_name": "ServerStartMode",                          "wlst_path": "WP001", "default_value": null,       "wlst_type": "string"     } ],

core/src/test/python/wlsdeploy/util/target_configuration_helper_test.py

@@ -94,8 +94,8 @@ def testGetSecretPath(self):
         # domainInfo:/OPSSSecrets has a secret key "walletPassword"
         info_location = LocationContext()
         info_att_location = LocationContext().append_location(DOMAIN_INFO_ALIAS)
-        self.assertEqual('opsssecrets:walletPassword', HELPER.get_secret_path(info_location, info_att_location,
-                                                                              OPSS_WALLET_PASSPHRASE, self.aliases))
+        self.assertEqual('opsswallet:passphrase', HELPER.get_secret_path(info_location, info_att_location,
+                                                                         OPSS_WALLET_PASSPHRASE, self.aliases))
 
         # domainInfo:/RCUDbInfo/javax.net.ssl.keyStorePassword has dots in the name
         rcu_location = LocationContext().append_location(RCU_DB_INFO)