Skip to content

Commit bc0cb43

Browse files
rakillenrakillen
committed
Tokenize credentials discovered from security providers
1 parent 2c584bc commit bc0cb43

File tree

6 files changed

+69
-22
lines changed

6 files changed

+69
-22
lines changed

core/src/main/python/wlsdeploy/tool/discover/security_provider_data_discoverer.py

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@
2020
from wlsdeploy.aliases.model_constants import DEFAULT_AUTHENTICATOR
2121
from wlsdeploy.aliases.model_constants import DEFAULT_CREDENTIAL_MAPPER
2222
from wlsdeploy.aliases.model_constants import DEFAULT_REALM
23+
from wlsdeploy.aliases.model_constants import DOMAIN_INFO
2324
from wlsdeploy.aliases.model_constants import GROUP
2425
from wlsdeploy.aliases.model_constants import REALM
2526
from wlsdeploy.aliases.model_constants import REMOTE_RESOURCE
@@ -157,7 +158,8 @@ def _discover_default_authenticator_instance_data(self, location, provider_name,
157158
local_file = export_file
158159

159160
default_authenticator = \
160-
DefaultAuthenticatorLdift(local_file, self._model_context, exception_type=ExceptionType.DISCOVER,
161+
DefaultAuthenticatorLdift(local_file, self._model_context, self._aliases, self._credential_injector,
162+
exception_type=ExceptionType.DISCOVER,
161163
download_temporary_dir=self._local_tmp_directory)
162164

163165
users = default_authenticator.get_users_dictionary()
@@ -337,7 +339,8 @@ def _discover_default_credential_mapper_instance_data(self, location, provider_n
337339
local_file = export_file
338340

339341
credential_mapper = \
340-
DefaultCredentialMapperLdift(local_file, self._model_context, exception_type=ExceptionType.DISCOVER,
342+
DefaultCredentialMapperLdift(local_file, self._model_context, self._aliases, self._credential_injector,
343+
exception_type=ExceptionType.DISCOVER,
341344
download_temporary_dir=self._local_tmp_directory)
342345
cross_domain_credential_mappings_dict = credential_mapper.get_cross_domain_dictionary()
343346
remote_resource_credential_mapping_dict = credential_mapper.get_remote_resource_dictionary()
@@ -374,6 +377,11 @@ def _populate_admin_user_and_password(self):
374377
else:
375378
self._domain_info_dictionary[ADMIN_PASSWORD] = self._model_context.get_admin_password()
376379

380+
if self._credential_injector is not None:
381+
location = self._aliases.get_model_section_attribute_location(DOMAIN_INFO)
382+
self._credential_injector.check_and_tokenize(self._domain_info_dictionary, ADMIN_USERNAME, location)
383+
self._credential_injector.check_and_tokenize(self._domain_info_dictionary, ADMIN_PASSWORD, location)
384+
377385
_logger.exiting(class_name=_class_name, method_name=_method_name)
378386

379387
###########################################################################

core/src/main/python/wlsdeploy/tool/util/wlst_helper.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1762,7 +1762,7 @@ def __ls(self, method_name, ls_type, path=None, log_throwing=True):
17621762
current_path = self.get_pwd()
17631763
self.cd(path)
17641764
try:
1765-
result = load_ls(returnMap='true', returnType=ls_type)
1765+
result = load_ls(ls_type, returnMap='true', returnType=ls_type)
17661766
except (self.__load_global('WLSTException'), offlineWLSTException), e:
17671767
pwe = exception_helper.create_exception(self.__exception_type, 'WLSDPLY-00029', path, ls_type,
17681768
self.__get_exception_mode(e), _format_exception(e), error=e)

core/src/main/python/wlsdeploy/util/default_authenticator_ldift_helper.py

Lines changed: 15 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,11 +8,14 @@
88
from oracle.weblogic.deploy.util import PyOrderedDict as OrderedDict
99

1010
from wlsdeploy.aliases.alias_constants import PASSWORD_TOKEN
11+
from wlsdeploy.aliases.location_context import LocationContext
1112
from wlsdeploy.aliases.model_constants import DEFAULT_AUTHENTICATOR
1213
from wlsdeploy.aliases.model_constants import DEFAULT_AUTHENTICATOR_USER_ATTRIBUTE_KEYS
1314
from wlsdeploy.aliases.model_constants import DESCRIPTION
1415
from wlsdeploy.aliases.model_constants import GROUP_MEMBER_OF
1516
from wlsdeploy.aliases.model_constants import PASSWORD
17+
from wlsdeploy.aliases.model_constants import SECURITY
18+
from wlsdeploy.aliases.model_constants import USER
1619
from wlsdeploy.aliases.model_constants import USER_ATTRIBUTES
1720
from wlsdeploy.exception.exception_types import ExceptionType
1821
from wlsdeploy.logging.platform_logger import PlatformLogger
@@ -191,10 +194,14 @@ class DefaultAuthenticatorLdift(LdiftBase):
191194
__DEFAULT_GROUPS_DICT = None
192195
__DEFAULT_USER_LIST = [ 'weblogic', 'OracleSystemUser', 'LCMUser' ]
193196

194-
def __init__(self, ldift_file_name, model_context, exception_type=ExceptionType.DISCOVER, download_temporary_dir=None):
197+
def __init__(self, ldift_file_name, model_context, aliases, credential_injector,
198+
exception_type=ExceptionType.DISCOVER, download_temporary_dir=None):
199+
195200
LdiftBase.__init__(self, model_context, exception_type, download_temporary_dir=download_temporary_dir)
196201

197202
self._ldift_file_name = ldift_file_name
203+
self._aliases = aliases
204+
self._credential_injector = credential_injector
198205
self._ldift_entries = self.read_ldift_file(ldift_file_name)
199206

200207

@@ -229,6 +236,13 @@ def get_users_dictionary(self, filter_defaults=False):
229236

230237
user_entry = OrderedDict()
231238
user_entry[PASSWORD] = user_password
239+
240+
if self._credential_injector is not None:
241+
location = LocationContext().append_location(SECURITY).append_location(USER)
242+
name_token = self._aliases.get_name_token(location)
243+
location.add_name_token(name_token, user_name)
244+
self._credential_injector.check_and_tokenize(user_entry, PASSWORD, location)
245+
232246
if not string_utils.is_empty(user_description):
233247
user_entry[DESCRIPTION] = user_description
234248
if len(user_groups_names) > 0:

core/src/main/python/wlsdeploy/util/default_credential_mapper_ldift_helper.py

Lines changed: 29 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@
99
from oracle.weblogic.deploy.util import PyOrderedDict as OrderedDict
1010

1111
from wlsdeploy.aliases.alias_constants import PASSWORD_TOKEN
12+
from wlsdeploy.aliases.location_context import LocationContext
1213
from wlsdeploy.aliases.model_constants import CROSS_DOMAIN
1314
from wlsdeploy.aliases.model_constants import METHOD
1415
from wlsdeploy.aliases.model_constants import PATH
@@ -20,6 +21,7 @@
2021
from wlsdeploy.aliases.model_constants import REMOTE_RESOURCE
2122
from wlsdeploy.aliases.model_constants import REMOTE_USER
2223
from wlsdeploy.aliases.model_constants import USER
24+
from wlsdeploy.aliases.model_constants import WLS_USER_PASSWORD_CREDENTIAL_MAPPINGS
2325
from wlsdeploy.exception.exception_types import ExceptionType
2426
from wlsdeploy.logging.platform_logger import PlatformLogger
2527
from wlsdeploy.util import string_utils
@@ -190,10 +192,14 @@ def _get_resource_name_dict(self, resource_name):
190192
class DefaultCredentialMapperLdift(LdiftBase):
191193
__class_name = 'DefaultCredentialMapperLdift'
192194

193-
def __init__(self, ldift_file_name, model_context, exception_type=ExceptionType.DISCOVER, download_temporary_dir=None):
195+
def __init__(self, ldift_file_name, model_context, aliases, credential_injector,
196+
exception_type=ExceptionType.DISCOVER, download_temporary_dir=None):
197+
194198
LdiftBase.__init__(self, model_context, exception_type, download_temporary_dir=download_temporary_dir)
195199

196200
self._ldift_file_name = ldift_file_name
201+
self._aliases = aliases
202+
self._credential_injector = credential_injector
197203
self._credential_map_ldift_entries, self._resource_map_ldift_entries = self.read_ldift_file(ldift_file_name)
198204

199205
# Override
@@ -229,8 +235,8 @@ def get_cross_domain_dictionary(self):
229235
continue
230236

231237
resource_map_entries = self._find_resource_map_entries_for_credential_map_entry(credential_map_entry)
232-
entry_name = 'CrossDomainCredentialMap-%s' % count
233-
entry_payload = self._get_cross_domain_model_entry(credential_map_entry, resource_map_entries)
238+
entry_name = 'Map-%s' % count
239+
entry_payload = self._get_cross_domain_model_entry(credential_map_entry, resource_map_entries, entry_name)
234240
result[entry_name] = entry_payload
235241
count += 1
236242

@@ -248,8 +254,8 @@ def get_remote_resource_dictionary(self):
248254
continue
249255

250256
resource_map_entries = self._find_resource_map_entries_for_credential_map_entry(credential_map_entry)
251-
entry_name = 'RemoteResourceCredentialMap-%s' % count
252-
entry_payload = self._get_remote_resource_model_entry(credential_map_entry, resource_map_entries)
257+
entry_name = 'Map-%s' % count
258+
entry_payload = self._get_remote_resource_model_entry(credential_map_entry, resource_map_entries, entry_name)
253259
result[entry_name] = entry_payload
254260
count += 1
255261

@@ -270,7 +276,7 @@ def _find_resource_map_entries_for_credential_map_entry(self, credential_map_ldi
270276
_logger.exiting(class_name=self.__class_name, method_name=_method_name, result=resource_map_ldift_entries)
271277
return resource_map_ldift_entries
272278

273-
def _get_cross_domain_model_entry(self, credential_map_ldift_entry, resource_map_ldift_entries):
279+
def _get_cross_domain_model_entry(self, credential_map_ldift_entry, resource_map_ldift_entries, entry_name):
274280
_method_name = '_get_cross_domain_model_entry'
275281
_logger.entering(credential_map_ldift_entry, resource_map_ldift_entries,
276282
class_name=self.__class_name, method_name=_method_name)
@@ -291,10 +297,18 @@ def _get_cross_domain_model_entry(self, credential_map_ldift_entry, resource_map
291297
result[REMOTE_USER] = remote_user
292298
result[REMOTE_PASSWORD] = remote_password
293299

300+
if self._credential_injector is not None:
301+
location = LocationContext().append_location(WLS_USER_PASSWORD_CREDENTIAL_MAPPINGS) \
302+
.append_location(CROSS_DOMAIN)
303+
name_token = self._aliases.get_name_token(location)
304+
location.add_name_token(name_token, entry_name)
305+
self._credential_injector.check_and_tokenize(result, REMOTE_USER, location)
306+
self._credential_injector.check_and_tokenize(result, REMOTE_PASSWORD, location)
307+
294308
_logger.exiting(class_name=self.__class_name, method_name=_method_name)
295309
return result
296310

297-
def _get_remote_resource_model_entry(self, credential_map_ldift_entry, resource_map_ldift_entries):
311+
def _get_remote_resource_model_entry(self, credential_map_ldift_entry, resource_map_ldift_entries, entry_name):
298312
_method_name = '_get_remote_resource_model_entry'
299313
_logger.entering(credential_map_ldift_entry, resource_map_ldift_entries,
300314
class_name=self.__class_name, method_name=_method_name)
@@ -327,6 +341,14 @@ def _get_remote_resource_model_entry(self, credential_map_ldift_entry, resource_
327341
result[REMOTE_USER] = remote_user
328342
result[REMOTE_PASSWORD] = remote_password
329343

344+
if self._credential_injector is not None:
345+
location = LocationContext().append_location(WLS_USER_PASSWORD_CREDENTIAL_MAPPINGS) \
346+
.append_location(REMOTE_RESOURCE)
347+
name_token = self._aliases.get_name_token(location)
348+
location.add_name_token(name_token, entry_name)
349+
self._credential_injector.check_and_tokenize(result, REMOTE_USER, location)
350+
self._credential_injector.check_and_tokenize(result, REMOTE_PASSWORD, location)
351+
330352
_logger.exiting(class_name=self.__class_name, method_name=_method_name, result=result)
331353
return result
332354

core/src/main/resources/oracle/weblogic/deploy/aliases/category_modules/Security.json

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -9,9 +9,9 @@
99
"child_folders_type": "multiple",
1010
"folders": { },
1111
"attributes": {
12-
"Description": [ {"version": "[10,)", "wlst_mode": "offline", "wlst_name": "Description", "wlst_path": "WP001", "default_value": null, "wlst_type": "string", "get_method": "NONE" } ],
13-
"GroupMemberOf": [ {"version": "[10,)", "wlst_mode": "offline", "wlst_name": "GroupMemberOf", "wlst_path": "WP001", "default_value": null, "wlst_type": "delimited_string", "get_method": "NONE" } ],
14-
"Name": [ {"version": "[10,)", "wlst_mode": "offline", "wlst_name": "Name", "wlst_path": "WP001", "default_value": null, "wlst_type": "string", "get_method": "NONE" } ]
12+
"Description": [ {"version": "[10,)", "wlst_mode": "both", "wlst_name": "Description", "wlst_path": "WP001", "default_value": null, "wlst_type": "string", "get_method": "NONE" } ],
13+
"GroupMemberOf": [ {"version": "[10,)", "wlst_mode": "both", "wlst_name": "GroupMemberOf", "wlst_path": "WP001", "default_value": null, "wlst_type": "delimited_string", "get_method": "NONE" } ],
14+
"Name": [ {"version": "[10,)", "wlst_mode": "both", "wlst_name": "Name", "wlst_path": "WP001", "default_value": null, "wlst_type": "string", "get_method": "NONE" } ]
1515
},
1616
"wlst_attributes_path": "WP001",
1717
"wlst_paths": {
@@ -57,11 +57,11 @@
5757
}
5858
},
5959
"attributes": {
60-
"Description": [ {"version": "[10,)", "wlst_mode": "offline", "wlst_name": "Description", "wlst_path": "WP001", "default_value": null, "wlst_type": "string", "get_method": "NONE" } ],
61-
"GroupMemberOf": [ {"version": "[10,)", "wlst_mode": "offline", "wlst_name": "GroupMemberOf", "wlst_path": "WP001", "default_value": null, "wlst_type": "delimited_string", "get_method": "NONE" } ],
62-
"IsDefaultAdmin": [ {"version": "[10,)", "wlst_mode": "offline", "wlst_name": "IsDefaultAdmin", "wlst_path": "WP001", "default_value": false, "wlst_type": "boolean", "get_method": "NONE" } ],
63-
"Name": [ {"version": "[10,)", "wlst_mode": "offline", "wlst_name": "Name", "wlst_path": "WP001", "default_value": null, "wlst_type": "string", "get_method": "NONE" } ],
64-
"Password": [ {"version": "[10,)", "wlst_mode": "offline", "wlst_name": "Password", "wlst_path": "WP001", "default_value": null, "wlst_type": "password", "get_method": "NONE" } ]
60+
"Description": [ {"version": "[10,)", "wlst_mode": "both", "wlst_name": "Description", "wlst_path": "WP001", "default_value": null, "wlst_type": "string", "get_method": "NONE" } ],
61+
"GroupMemberOf": [ {"version": "[10,)", "wlst_mode": "both", "wlst_name": "GroupMemberOf", "wlst_path": "WP001", "default_value": null, "wlst_type": "delimited_string", "get_method": "NONE" } ],
62+
"IsDefaultAdmin": [ {"version": "[10,)", "wlst_mode": "both", "wlst_name": "IsDefaultAdmin", "wlst_path": "WP001", "default_value": false, "wlst_type": "boolean", "get_method": "NONE" } ],
63+
"Name": [ {"version": "[10,)", "wlst_mode": "both", "wlst_name": "Name", "wlst_path": "WP001", "default_value": null, "wlst_type": "string", "get_method": "NONE" } ],
64+
"Password": [ {"version": "[10,)", "wlst_mode": "both", "wlst_name": "Password", "wlst_path": "WP001", "default_value": null, "wlst_type": "password", "get_method": "NONE" } ]
6565
},
6666
"wlst_attributes_path": "WP001",
6767
"wlst_paths": {

core/src/main/resources/oracle/weblogic/deploy/aliases/category_modules/WLSUserPasswordCredentialMappings.json

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,16 +1,18 @@
11
{
2-
"copyright": "Copyright (c) 2020, 2022, Oracle Corporation and/or its affiliates.",
2+
"copyright": "Copyright (c) 2020, 2024, Oracle and/or its affiliates.",
33
"license": "Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl",
44
"wlst_type": "WLSUserPasswordCredentialMappings",
5+
"short_name": "CredentialMap",
56
"folders": {
67
"CrossDomain": {
78
"wlst_type": "CrossDomain",
89
"child_folders_type": "multiple",
10+
"short_name": "CrossDomain",
911
"folders": {},
1012
"attributes": {
1113
"RemoteDomain": [ {"version": "[10,)", "wlst_mode": "both", "wlst_name": "RemoteDomain", "wlst_path": "WP001", "default_value": null, "wlst_type": "string" } ],
1214
"RemotePassword": [ {"version": "[10,)", "wlst_mode": "both", "wlst_name": "RemotePassword", "wlst_path": "WP001", "default_value": null, "wlst_type": "password" } ],
13-
"RemoteUser": [ {"version": "[10,)", "wlst_mode": "both", "wlst_name": "RemoteUser", "wlst_path": "WP001", "default_value": null, "wlst_type": "string" } ]
15+
"RemoteUser": [ {"version": "[10,)", "wlst_mode": "both", "wlst_name": "RemoteUser", "wlst_path": "WP001", "default_value": null, "wlst_type": "credential" } ]
1416
},
1517
"wlst_attributes_path": "WP001",
1618
"wlst_paths": {
@@ -20,6 +22,7 @@
2022
"RemoteResource": {
2123
"wlst_type": "RemoteResource",
2224
"child_folders_type": "multiple",
25+
"short_name": "RemoteResource",
2326
"folders": {},
2427
"attributes": {
2528
"Method": [ {"version": "[10,)", "wlst_mode": "both", "wlst_name": "Method", "wlst_path": "WP001", "default_value": null, "wlst_type": "string" } ],
@@ -28,7 +31,7 @@
2831
"RemoteHost": [ {"version": "[10,)", "wlst_mode": "both", "wlst_name": "RemoteHost", "wlst_path": "WP001", "default_value": null, "wlst_type": "string" } ],
2932
"RemotePassword": [ {"version": "[10,)", "wlst_mode": "both", "wlst_name": "RemotePassword", "wlst_path": "WP001", "default_value": null, "wlst_type": "password" } ],
3033
"RemotePort": [ {"version": "[10,)", "wlst_mode": "both", "wlst_name": "RemotePort", "wlst_path": "WP001", "default_value": null, "wlst_type": "integer" } ],
31-
"RemoteUser": [ {"version": "[10,)", "wlst_mode": "both", "wlst_name": "RemoteUser", "wlst_path": "WP001", "default_value": null, "wlst_type": "string" } ],
34+
"RemoteUser": [ {"version": "[10,)", "wlst_mode": "both", "wlst_name": "RemoteUser", "wlst_path": "WP001", "default_value": null, "wlst_type": "credential" } ],
3235
"User": [ {"version": "[10,)", "wlst_mode": "both", "wlst_name": "User", "wlst_path": "WP001", "default_value": null, "wlst_type": "list" } ]
3336
},
3437
"wlst_attributes_path": "WP001",

0 commit comments

Comments
 (0)