Merge branch 'wdt-878' into 'main'

Adding -discover_opss_wallet feature

See merge request weblogic-cloud/weblogic-deploy-tooling!1689

Author: robertpatrick

core/src/main/python/create.py

@@ -66,9 +66,9 @@
     CommandLineArgUtil.PASSPHRASE_ENV_SWITCH,
     CommandLineArgUtil.PASSPHRASE_FILE_SWITCH,
     CommandLineArgUtil.OPSS_WALLET_SWITCH,
-    CommandLineArgUtil.OPSS_WALLET_PASSPHRASE,
-    CommandLineArgUtil.OPSS_WALLET_FILE_PASSPHRASE,
-    CommandLineArgUtil.OPSS_WALLET_ENV_PASSPHRASE,
+    CommandLineArgUtil.OPSS_WALLET_PASSPHRASE_SWITCH,
+    CommandLineArgUtil.OPSS_WALLET_PASSPHRASE_FILE_SWITCH,
+    CommandLineArgUtil.OPSS_WALLET_PASSPHRASE_ENV_SWITCH,
     CommandLineArgUtil.UPDATE_RCU_SCHEMA_PASS_SWITCH,
     CommandLineArgUtil.PASSPHRASE_PROMPT_SWITCH,
     # deprecated in 4.2.0
@@ -174,15 +174,15 @@ def __process_opss_args(optional_arg_map):
     _method_name = '__process_opss_args'
 
     if CommandLineArgUtil.OPSS_WALLET_SWITCH in optional_arg_map and \
-            CommandLineArgUtil.OPSS_WALLET_PASSPHRASE not in optional_arg_map:
+            CommandLineArgUtil.OPSS_WALLET_PASSPHRASE_SWITCH not in optional_arg_map:
         try:
             passphrase = getcreds.getpass('WLSDPLY-20027')
         except IOException, ioe:
             ex = exception_helper.create_cla_exception(ExitCode.ARG_VALIDATION_ERROR,
                                                        'WLSDPLY-20028', ioe.getLocalizedMessage(), error=ioe)
             __logger.throwing(ex, class_name=_class_name, method_name=_method_name)
             raise ex
-        optional_arg_map[CommandLineArgUtil.OPSS_WALLET_PASSPHRASE] = str(String(passphrase))
+        optional_arg_map[CommandLineArgUtil.OPSS_WALLET_PASSPHRASE_SWITCH] = str(String(passphrase))
 
 
 def _get_domain_path(model_context, model):

core/src/main/python/discover.py

@@ -8,8 +8,10 @@
 import sys
 
 from java.io import File
+from java.io import IOException
 from java.lang import IllegalArgumentException
 from java.lang import IllegalStateException
+from java.lang import String
 from java.lang import System
 from oracle.weblogic.deploy.aliases import AliasException
 from oracle.weblogic.deploy.discover import DiscoverException
@@ -39,6 +41,7 @@
 from wlsdeploy.tool.discover.deployments_discoverer import DeploymentsDiscoverer
 from wlsdeploy.tool.discover.domain_info_discoverer import DomainInfoDiscoverer
 from wlsdeploy.tool.discover.multi_tenant_discoverer import MultiTenantDiscoverer
+from wlsdeploy.tool.discover.opss_wallet_discoverer import OpssWalletDiscoverer
 from wlsdeploy.tool.discover.resources_discoverer import ResourcesDiscoverer
 from wlsdeploy.tool.discover.security_provider_data_discoverer import SecurityProviderDataDiscoverer
 from wlsdeploy.tool.discover.topology_discoverer import TopologyDiscoverer
@@ -52,6 +55,7 @@
 from wlsdeploy.util import cla_helper
 from wlsdeploy.util import cla_utils
 from wlsdeploy.util import env_helper
+from wlsdeploy.util import getcreds
 from wlsdeploy.util import model_translator
 from wlsdeploy.util import path_helper
 from wlsdeploy.util import tool_main
@@ -60,6 +64,7 @@
 from wlsdeploy.util.exit_code import ExitCode
 from wlsdeploy.util.model import Model
 from wlsdeploy.util import target_configuration_helper
+from wlsdeploy.util import unicode_helper as str_helper
 
 wlst_helper.wlst_functions = globals()
 
@@ -96,6 +101,10 @@
     CommandLineArgUtil.PASSPHRASE_FILE_SWITCH,
     CommandLineArgUtil.PASSPHRASE_PROMPT_SWITCH,
     CommandLineArgUtil.DISCOVER_SECURITY_PROVIDER_DATA_SWITCH,
+    CommandLineArgUtil.DISCOVER_OPSS_WALLET_SWITCH,
+    CommandLineArgUtil.OPSS_WALLET_PASSPHRASE_SWITCH,
+    CommandLineArgUtil.OPSS_WALLET_PASSPHRASE_ENV_SWITCH,
+    CommandLineArgUtil.OPSS_WALLET_PASSPHRASE_FILE_SWITCH,
     CommandLineArgUtil.TARGET_SWITCH,
     CommandLineArgUtil.REMOTE_SWITCH,
     CommandLineArgUtil.SSH_HOST_SWITCH,
@@ -140,6 +149,7 @@ def __process_args(args, is_encryption_supported):
 
     model_context = model_context_helper.create_context(_program_name, argument_map)
     __validate_discover_passwords_and_security_data_args(model_context, argument_map, is_encryption_supported)
+    __validate_discover_opss_wallet_args(model_context, argument_map, is_encryption_supported)
     model_context.get_validate_configuration().set_disregard_version_invalid_elements(True)
     return model_context
 
@@ -280,13 +290,22 @@ def __validate_discover_passwords_and_security_data_args(model_context, argument
             __logger.throwing(ex, class_name=_class_name, method_name=_method_name)
             raise ex
     elif model_context.is_discover_security_provider_data():
+        if model_context.get_target_wlst_mode() == WlstModes.OFFLINE:
+            ex = exception_helper.create_cla_exception(ExitCode.ARG_VALIDATION_ERROR, 'WLSDPLY-06059',_program_name,
+                                                       CommandLineArgUtil.DISCOVER_SECURITY_PROVIDER_DATA_SWITCH)
+            __logger.throwing(ex, class_name=_class_name, method_name=_method_name)
+            raise ex
+
         # -remote cannot be supported because we need access to the exported data files and possibly SSI.dat.
         if model_context.is_remote():
             ex = exception_helper.create_cla_exception(ExitCode.ARG_VALIDATION_ERROR, 'WLSDPLY-06058',_program_name,
                                                        CommandLineArgUtil.DISCOVER_SECURITY_PROVIDER_DATA_SWITCH,
                                                        CommandLineArgUtil.REMOTE_SWITCH)
             __logger.throwing(ex, class_name=_class_name, method_name=_method_name)
             raise ex
+    elif model_context.is_discover_opss_wallet():
+        # Allow the encryption passphrase
+        pass
     elif model_context.get_encryption_passphrase() is not None:
         # Don't allow the passphrase arg unless we are discovering passwords or security provider data.
         if CommandLineArgUtil.PASSPHRASE_ENV_SWITCH in argument_map:
@@ -323,7 +342,8 @@ def __validate_discover_passwords_and_security_data_args(model_context, argument
             __logger.throwing(ex, class_name=_class_name, method_name=_method_name)
             raise ex
 
-    if model_context.is_discover_passwords() or model_context.is_discover_security_provider_data():
+    if model_context.is_discover_passwords() or model_context.is_discover_security_provider_data() or \
+            model_context.is_discover_opss_wallet():
         if not model_context.is_encrypt_discovered_passwords() and model_context.get_encryption_passphrase() is not None:
             # don't allow turning off encryption and supplying an encryption passphrase
             if model_context.is_discover_passwords():
@@ -345,6 +365,36 @@ def __validate_discover_passwords_and_security_data_args(model_context, argument
             __logger.throwing(ex, class_name=_class_name, method_name=_method_name)
             raise ex
 
+
+def __validate_discover_opss_wallet_args(model_context, argument_map, is_encryption_supported):
+    _method_name = '__validate_discover_opss_wallet_args'
+
+    if CommandLineArgUtil.DISCOVER_OPSS_WALLET_SWITCH in argument_map:
+        if model_context.get_target_wlst_mode() == WlstModes.OFFLINE:
+            ex = exception_helper.create_cla_exception(ExitCode.ARG_VALIDATION_ERROR, 'WLSDPLY-06060',_program_name,
+                                                       CommandLineArgUtil.DISCOVER_OPSS_WALLET_SWITCH)
+            __logger.throwing(ex, class_name=_class_name, method_name=_method_name)
+            raise ex
+
+        # Cannot verify that JRF is installed because the model_content is not fully
+        # initialized at this point so the domain typedef is not available.
+        if model_context.get_opss_wallet_passphrase() is None:
+            try:
+                passphrase_char_array = getcreds.getpass('WLSDPLY-06061')
+            except IOException, ioe:
+                ex = exception_helper.create_cla_exception(ExitCode.ARG_VALIDATION_ERROR,'WLSDPLY-06062',
+                                                           ioe.getLocalizedMessage(), error=ioe)
+                __logger.throwing(ex, class_name=_class_name, method_name=_method_name)
+                raise ex
+
+            if passphrase_char_array is not None:
+                opss_wallet_passphrase = str_helper.to_string(String(passphrase_char_array))
+                model_context.set_opss_wallet_passphrase(opss_wallet_passphrase)
+            else:
+                ex = exception_helper.create_cla_exception(ExitCode.ARG_VALIDATION_ERROR,'WLSDPLY-06063')
+                __logger.throwing(ex, class_name=_class_name, method_name=_method_name)
+                raise ex
+
 def __discover(model_context, aliases, credential_injector, helper, extra_tokens):
     """
     Populate the model from the domain.
@@ -378,6 +428,8 @@ def __discover(model_context, aliases, credential_injector, helper, extra_tokens
                               extra_tokens=extra_tokens).discover()
         SecurityProviderDataDiscoverer(model_context, model, base_location, wlst_mode=__wlst_mode, aliases=aliases,
                                        credential_injector=credential_injector).discover(security_provider_map)
+        OpssWalletDiscoverer(model_context, model.get_model_domain_info(), base_location, wlst_mode=__wlst_mode,
+                             aliases=aliases, credential_injector=credential_injector).discover()
         __discover_multi_tenant(model, model_context, base_location, aliases, credential_injector)
     except AliasException, ae:
         wls_version = model_context.get_effective_wls_version()

core/src/main/python/wlsdeploy/tool/create/domain_creator.py

@@ -437,7 +437,7 @@ def __extend_domain_with_select_template(self, domain_home):
         fmw_ds_names = []
         if len(extension_templates) > 0:
             fmw_ds_names = self.rcu_helper.configure_fmw_infra_database()
-            self.__configure_opss_secrets()
+            self.__configure_opss_wallet_and_passphrase()
 
         topology_folder_list = self.aliases.get_model_topology_top_level_folder_names()
         topology_folder_list.remove(SECURITY)
@@ -1055,30 +1055,50 @@ def __run_post_create_domain_script(self):
         self.logger.info('WLSDPLY-12576', script, class_name=self.__class_name, method_name=_method_name)
         self.logger.exiting(class_name=self.__class_name, method_name=_method_name)
 
-    def __configure_opss_secrets(self):
-        _method_name = '__configure_opss_secrets'
+    def __configure_opss_wallet_and_passphrase(self):
+        _method_name = '__configure_opss_wallet_and_passphrase'
         self.logger.entering(class_name=self.__class_name, method_name=_method_name)
 
         if not self._domain_typedef.has_jrf_with_database_store():
             return
 
-        domain_info = self._domain_info
+        # Check the model for the OPSS wallet passphrase first
+        key = 'WLSDPLY-12579'
         opss_wallet_password = None
-        if OPSS_WALLET_PASSPHRASE in domain_info:
-            opss_wallet_password = domain_info[OPSS_WALLET_PASSPHRASE]
-        elif OPSS_SECRETS in domain_info:
+        if OPSS_WALLET_PASSPHRASE in self._domain_info:
+            opss_wallet_password = self.aliases.decrypt_password(self._domain_info[OPSS_WALLET_PASSPHRASE])
+        elif OPSS_SECRETS in self._domain_info:
             self.logger.deprecation('WLSDPLY-22000', OPSS_SECRETS, OPSS_WALLET_PASSPHRASE,
                                     class_name=self.__class_name, method_name=_method_name)
-            opss_wallet_password = domain_info[OPSS_SECRETS]
+            opss_wallet_password = self.aliases.decrypt_password(self._domain_info[OPSS_SECRETS])
 
-        if opss_wallet_password is not None:
-            if self.archive_helper and opss_wallet_password:
-                extract_path = self.archive_helper.extract_opss_wallet()
-                self.wlst_helper.set_shared_secret_store_with_password(extract_path, opss_wallet_password)
-        else:
-            opss_wallet_password = self.model_context.get_opss_wallet_passphrase()
-            opss_wallet = self.model_context.get_opss_wallet()
-            if opss_wallet is not None and opss_wallet_password is not None:
+        # Check the command-line args for the OPSS wallet passphrase
+        # and give it preference over the one in the model.
+        cla_passphrase = self.model_context.get_opss_wallet_passphrase()
+        if not string_utils.is_empty(cla_passphrase):
+            opss_wallet_password = cla_passphrase
+            key = 'WLSDPLY-12580'
+
+        if not string_utils.is_empty(opss_wallet_password):
+            opss_wallet = None
+
+            # Check the archive for the OPSS wallet and extract it, if present
+            if self.archive_helper:
+                opss_wallet = self.archive_helper.extract_opss_wallet()
+
+            # Check the OPSS wallet in the command-line args and give it
+            # preference over the one in the archive.
+            cla__wallet = self.model_context.get_opss_wallet()
+            if not string_utils.is_empty(cla__wallet):
+                opss_wallet = cla__wallet
+
+            if not string_utils.is_empty(opss_wallet):
                 self.wlst_helper.set_shared_secret_store_with_password(opss_wallet, opss_wallet_password)
+            else:
+                # It seems like the user wanted to create a domain with
+                # RCU schemas and attach to the existing RCU schemas.
+                ex = exception_helper.create_create_exception(key)
+                self.logger.throwing(ex, class_name=self.__class_name, method_name=_method_name)
+                raise ex
 
         self.logger.exiting(class_name=self.__class_name, method_name=_method_name)

core/src/main/python/wlsdeploy/tool/discover/discoverer.py

@@ -77,6 +77,8 @@ def __init__(self, model_context, base_location, wlst_mode, aliases=None, creden
         self._mbean_utils = MBeanUtils(self._model_context, self._aliases, ExceptionType.DISCOVER)
         self._wls_version = model_context.get_effective_wls_version()
         self.path_helper = path_helper.get_path_helper()
+        self._export_tmp_directory = None
+        self._local_tmp_directory = None
 
         if model_context.is_ssh():
             if _ssh_download_dir is None:
@@ -95,7 +97,7 @@ def __init__(self, model_context, base_location, wlst_mode, aliases=None, creden
                                                                   'SerializedSystemIni.dat')
                     self.download_deployment_from_remote_server(remote_ssi_dat, _ssh_download_dir, 'security')
 
-            self.download_temporary_dir = _ssh_download_dir
+        self.download_temporary_dir = _ssh_download_dir
 
     def add_to_remote_map(self, local_name, archive_name, file_type):
         # we don't know the remote machine type, so automatically
@@ -909,6 +911,52 @@ def wlst_cd(self, path, location):
                             class_name=_class_name, method_name=_method_name)
         return result
 
+    def _create_tmp_directories(self, error_key):
+        """
+        Create the temporary directory(ies) required for exporting the data files and reading the data files.
+        In the case of SSH, the export directory is remote and the read directory is local.  Otherwise, they are
+        the same.
+        :return:
+        """
+        _method_name = '_create_tmp_directories'
+        _logger.entering(error_key, class_name=_class_name, method_name=_method_name)
+        if self._model_context.is_ssh():
+            export_tmp_directory = \
+                self._model_context.get_ssh_context().create_temp_directory_for_security_data_export()
+            local_tmp_directory = self.download_temporary_dir
+        else:
+            try:
+                export_dir_file = FileUtils.createTempDirectory('wdt_export_temp')
+                # comment out this line to see exported files...
+                export_dir_file.deleteOnExit()
+            except IOException, e:
+                ex = exception_helper.create_discover_exception(error_key,e.getLocalizedMessage(), error=e)
+                _logger.throwing(ex, class_name=_class_name, method_name=_method_name)
+                raise ex
+            export_tmp_directory = export_dir_file.getAbsolutePath()
+            local_tmp_directory = export_tmp_directory
+
+        _logger.exiting(class_name=_class_name, method_name=_method_name,
+                        result=[export_tmp_directory, local_tmp_directory])
+        return export_tmp_directory, local_tmp_directory
+
+    def _clean_up_tmp_directories(self, error_key):
+        _method_name = '_clean_up_tmp_directories'
+        _logger.entering(class_name=_class_name, method_name=_method_name)
+
+        # local directory in both SSH and non-SSH case is already set with java.io.File.deleteOnExit() so
+        # the only cleanup needed is the temp directory on the SSH host machine, if applicable.
+        if self._model_context.is_ssh():
+            ssh_helper = self._model_context.get_ssh_context()
+            try:
+                if ssh_helper.does_directory_exist(self._export_tmp_directory):
+                    ssh_helper.remove_file_or_directory(self._export_tmp_directory)
+            except DiscoverException, de:
+                # Best effort to remove.  If remove fails, log a warning and continue...
+                _logger.warning(error_key, self._export_tmp_directory, self._model_context.get_ssh_host(),
+                                de.getLocalizedMessage(), class_name=_class_name, method_name=_method_name)
+
+        _logger.exiting(class_name=_class_name, method_name=_method_name)
     def _validate_artificial_folder_name(self, folder_name, location):
         """
         Validate the folder name.