Merge branch 'jrfopss_empty' into 'main'

Jrf on PV P2 testcase: empty opss wallet file secret and opss.walletFileSecret does not have an entry with --from-file=walletFile

See merge request weblogic-cloud/weblogic-kubernetes-operator!4293

Author: rjeberhard

integration-tests/src/test/java/oracle/weblogic/kubernetes/ItFmwDomainInPvUserCreateRcu.java

@@ -21,6 +21,7 @@
 import oracle.weblogic.kubernetes.annotations.IntegrationTest;
 import oracle.weblogic.kubernetes.annotations.Namespaces;
 import oracle.weblogic.kubernetes.logging.LoggingFacade;
+import oracle.weblogic.kubernetes.utils.ExecResult;
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.DisplayName;
 import org.junit.jupiter.api.MethodOrderer;
@@ -56,6 +57,7 @@
 import static oracle.weblogic.kubernetes.utils.DomainUtils.createDomainAndVerify;
 import static oracle.weblogic.kubernetes.utils.DomainUtils.deleteDomainResource;
 import static oracle.weblogic.kubernetes.utils.FmwUtils.createDomainResourceSimplifyJrfPv;
+import static oracle.weblogic.kubernetes.utils.FmwUtils.restoreOpssWalletfileSecret;
 import static oracle.weblogic.kubernetes.utils.FmwUtils.saveAndRestoreOpssWalletfileSecret;
 import static oracle.weblogic.kubernetes.utils.FmwUtils.verifyDomainReady;
 import static oracle.weblogic.kubernetes.utils.ImageUtils.createBaseRepoSecret;
@@ -65,12 +67,15 @@
 import static oracle.weblogic.kubernetes.utils.PodUtils.checkPodDoesNotExist;
 import static oracle.weblogic.kubernetes.utils.PodUtils.checkPodLogContains;
 import static oracle.weblogic.kubernetes.utils.PodUtils.getExternalServicePodName;
+import static oracle.weblogic.kubernetes.utils.SecretUtils.createOpsswalletFileSecretWithoutFile;
 import static oracle.weblogic.kubernetes.utils.SecretUtils.createOpsswalletpasswordSecret;
 import static oracle.weblogic.kubernetes.utils.SecretUtils.createSecretWithUsernamePassword;
 import static oracle.weblogic.kubernetes.utils.ThreadSafeLogger.getLogger;
+import static org.apache.commons.io.FileUtils.delete;
 import static org.apache.commons.io.FileUtils.deleteDirectory;
 import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
 
 /**
  * Test to create a FMW domain on PV with DomainOnPvSimplification feature when user pre-creates RCU.
@@ -94,16 +99,23 @@ public class ItFmwDomainInPvUserCreateRcu {
   private static LoggingFacade logger = null;
   private static String DOMAINHOMEPREFIX = null;
   private static final String domainUid1 = "jrfdomainonpv-userrcu1";
+  private static final String domainUid4 = "jrfdomainonpv-userrcu4";
   private static final String miiAuxiliaryImage1Tag = "jrf1" + MII_BASIC_IMAGE_TAG;
   private final String adminSecretName1 = domainUid1 + "-weblogic-credentials";
   private final String rcuaccessSecretName1 = domainUid1 + "-rcu-credentials";
   private final String opsswalletpassSecretName1 = domainUid1 + "-opss-wallet-password-secret";
   private final String opsswalletfileSecretName1 = domainUid1 + "-opss-wallet-file-secret";
+  private final String adminSecretName4 = domainUid4 + "-weblogic-credentials";
+  private final String rcuaccessSecretName4 = domainUid4 + "-rcu-credentials";
+  private final String opsswalletpassSecretName4 = domainUid4 + "-opss-wallet-password-secret";
+  private final String opsswalletfileSecretName4 = domainUid4 + "-opss-wallet-file-secret";
   private static final int replicaCount = 1;
 
   private final String fmwModelFilePrefix = "model-fmwdomainonpv-rcu-wdt";
   private final String fmwModelFile = fmwModelFilePrefix + ".yaml";
   private static DomainCreationImage domainCreationImage1 = null;
+  private static List<DomainCreationImage> domainCreationImages4 = new ArrayList<>();
+  private static String configMapName = null;
 
   /**
    * Assigns unique namespaces for DB, operator and domain.
@@ -273,6 +285,13 @@ void testFmwDomainOnPvUserProvideOpss() {
     assertDoesNotThrow(() -> deletePod("rcu", dbNamespace),
               "Got exception while deleting server " + "rcu");
     checkPodDoesNotExist("rcu", null, dbNamespace);
+    //delete the wallet file ewallet.p12
+    try {
+      delete(new File("./ewallet.p12"));
+      logger.info("Wallet file ewallet.p12 is deleted");
+    } catch (IOException ioe) {
+      logger.severe("Failed to delete file ewallet.p12", ioe);
+    }
 
   }
 
@@ -476,7 +495,6 @@ void testFmwDomainOnPvUserCreatesRCUMultiImages() {
 
   }
 
-
   /**
    * User creates RCU, Operate creates PV/PVC and FMW domain with additional WDT config map.
    * Verify Pod is ready and service exists for both admin server and managed servers.
@@ -485,19 +503,16 @@ void testFmwDomainOnPvUserCreatesRCUMultiImages() {
   @Order(5)
   @DisplayName("Create a FMW domain on PV with additional WDT config map when user per-creates RCU")
   void testFmwDomainOnPvUserCreatesRCUwdtConfigMap() {
-    String domainUid = "jrfdomainonpv-userrcu4";
-    String adminSecretName = domainUid + "-weblogic-credentials";
-    String rcuaccessSecretName = domainUid + "-rcu-credentials";
-    String opsswalletpassSecretName = domainUid + "-opss-wallet-password-secret";
-    final String pvName = getUniqueName(domainUid + "-pv-");
-    final String pvcName = getUniqueName(domainUid + "-pvc-");
+
+    final String pvName = getUniqueName(domainUid4 + "-pv-");
+    final String pvcName = getUniqueName(domainUid4 + "-pvc-");
 
     //create RCU schema
     assertDoesNotThrow(() -> createRcuSchema(FMWINFRA_IMAGE_TO_USE_IN_SPEC, RCUSCHEMAPREFIX + "4",
         dbUrl, dbNamespace), "create RCU schema failed");
 
     // create a model property file
-    File fmwModelPropFile = createWdtPropertyFile(domainUid, RCUSCHEMAPREFIX + "4");
+    File fmwModelPropFile = createWdtPropertyFile(domainUid4, RCUSCHEMAPREFIX + "4");
 
     // Create the repo secret to pull the image
     // this secret is used only for non-kind cluster
@@ -506,64 +521,129 @@ void testFmwDomainOnPvUserCreatesRCUwdtConfigMap() {
     // create secret for admin credentials
     logger.info("Create secret for admin credentials");
     assertDoesNotThrow(() -> createSecretWithUsernamePassword(
-        adminSecretName,
+        adminSecretName4,
         domainNamespace,
         ADMIN_USERNAME_DEFAULT,
         ADMIN_PASSWORD_DEFAULT),
-        String.format("createSecret failed for %s", adminSecretName));
+        String.format("createSecret failed for %s", adminSecretName4));
 
     // create RCU access secret
     logger.info("Creating RCU access secret: {0}, with prefix: {1}, dbUrl: {2}, schemapassword: {3})",
-        rcuaccessSecretName, RCUSCHEMAPREFIX + "4", RCUSCHEMAPASSWORD, dbUrl);
+        rcuaccessSecretName4, RCUSCHEMAPREFIX + "4", RCUSCHEMAPASSWORD, dbUrl);
     assertDoesNotThrow(() -> createRcuAccessSecret(
-        rcuaccessSecretName,
+        rcuaccessSecretName4,
         domainNamespace,
         RCUSCHEMAPREFIX + "4",
         RCUSCHEMAPASSWORD,
         dbUrl),
-        String.format("createSecret failed for %s", rcuaccessSecretName));
+        String.format("createSecret failed for %s", rcuaccessSecretName4));
 
     logger.info("Create OPSS wallet password secret");
     assertDoesNotThrow(() -> createOpsswalletpasswordSecret(
-        opsswalletpassSecretName,
+        opsswalletpassSecretName4,
         domainNamespace,
         ADMIN_PASSWORD_DEFAULT),
-        String.format("createSecret failed for %s", opsswalletpassSecretName));
+        String.format("createSecret failed for %s", opsswalletpassSecretName4));
 
-    DomainCreationImage domainCreationImage1 = createImage(fmwModelFile,fmwModelPropFile,"jrf4");
-    List<DomainCreationImage> domainCreationImages = new ArrayList<>();
-    domainCreationImages.add(domainCreationImage1);
+    DomainCreationImage domainCreationImage = createImage(fmwModelFile,fmwModelPropFile,"jrf4");
+    domainCreationImages4.add(domainCreationImage);
 
     logger.info("create WDT configMap with jms model");
-    String configMapName = "jmsconfigmap";
+    configMapName = "jmsconfigmap";
     createConfigMapAndVerify(
-        configMapName, domainUid, domainNamespace,
+        configMapName, domainUid4, domainNamespace,
         Arrays.asList(MODEL_DIR + "/model.jms2.yaml"));
 
     // create a domain custom resource configuration object
     logger.info("Creating domain custom resource with pvName: {0}", pvName);
     DomainResource domain = createDomainResourceSimplifyJrfPv(
-        domainUid, domainNamespace, adminSecretName,
+        domainUid4, domainNamespace, adminSecretName4,
         TEST_IMAGES_REPO_SECRET_NAME,
-        rcuaccessSecretName,
-        opsswalletpassSecretName, null,
-        pvName, pvcName, domainCreationImages, configMapName);
+        rcuaccessSecretName4,
+        opsswalletpassSecretName4, null,
+        pvName, pvcName, domainCreationImages4, configMapName);
 
     createDomainAndVerify(domain, domainNamespace);
 
     // verify that all servers are ready
-    verifyDomainReady(domainNamespace, domainUid, replicaCount, "nosuffix");
+    verifyDomainReady(domainNamespace, domainUid4, replicaCount, "nosuffix");
 
     //create router for admin service on OKD
-    String adminServerPodName = domainUid + "-admin-server";
+    String adminServerPodName = domainUid4 + "-admin-server";
     String adminSvcExtHost = createRouteForOKD(getExternalServicePodName(adminServerPodName), domainNamespace);
     logger.info("admin svc host = {0}", adminSvcExtHost);
 
     // check configuration for JMS
     checkConfiguredJMSresouce(domainNamespace, adminServerPodName, adminSvcExtHost);
 
+  }
+
+  /**
+   * The user provides opss.walletFileSecret that is empty.
+   * If "ewallet.p12" is an empty file, running opss-wallet.sh to restore the wallet file
+   * secret will fail and return "Error: Wallet file 'ewallet.p12' is empty"
+   * Create opss.walletFileSecret without entry with --from-file=walletFile to get an empty walletFileSecret
+   * The operator will not mount the secret but proceed with normal domain creation without error
+   */
+  @Test
+  @Order(6)
+  @DisplayName("Create a FMW domain on PV when user provide OPSS wallet file is empty")
+  void testFmwDomainOnPvUserProvideEmptyOpss() {
+
+    final String pvName = getUniqueName(domainUid4 + "-pv-");
+    final String pvcName = getUniqueName(domainUid4 + "-pvc-");
+
+    //create empty wallet file ewallet.p12
+    try {
+      File file = new File("ewallet.p12");
+      if (file.createNewFile()) {
+        logger.info("Empty wallet file ewallet.p12 is created: " + file.getAbsolutePath());
+      } else {
+        logger.info("Failed to create file ewallet.p12 ");
+      }
+    } catch (IOException ioe) {
+      logger.severe("Failed to create file ewallet.p12", ioe);
+    }
+
+    ExecResult result = restoreOpssWalletfileSecret(domainNamespace, domainUid4, opsswalletfileSecretName4);
+    logger.info("restoreOpssWalletfileSecret returns msg: " + result.stdout());
+    assertTrue(result.stdout().contains("Error: Wallet file 'ewallet.p12' is empty"));
+
+    //delete the empty wallet file ewallet.p12
+    try {
+      delete(new File("./ewallet.p12"));
+      logger.info("Wallet file ewallet.p12 is deleted");
+    } catch (IOException ioe) {
+      logger.severe("Failed to delete file ewallet.p12", ioe);
+    }
+
+    //create empty walletFileSecret
+    createOpsswalletFileSecretWithoutFile(opsswalletfileSecretName4, domainNamespace);
+    logger.info("Empty walletFile secret {0} is created in the namespace {1}",
+        opsswalletfileSecretName4, domainNamespace);
+
+    logger.info("Deleting domain custom resource with namespace: {0}, domainUid {1}", domainNamespace, domainUid4);
+    deleteDomainResource(domainNamespace, domainUid4);
+    try {
+      deleteDirectory(Paths.get("/share").toFile());
+    } catch (IOException ioe) {
+      logger.severe("Failed to cleanup directory /share", ioe);
+    }
+    logger.info("Creating domain custom resource with pvName: {0}", pvName);
+    DomainResource domain = createDomainResourceSimplifyJrfPv(
+        domainUid4, domainNamespace, adminSecretName4,
+        TEST_IMAGES_REPO_SECRET_NAME,
+        rcuaccessSecretName4,
+        opsswalletpassSecretName4, opsswalletfileSecretName4,
+        pvName, pvcName, domainCreationImages4, configMapName);
+
+    createDomainAndVerify(domain, domainNamespace);
+
+    // verify that all servers are ready
+    verifyDomainReady(domainNamespace, domainUid4, replicaCount, "nosuffix");
+
     // delete the domain
-    deleteDomainResource(domainNamespace, domainUid);
+    deleteDomainResource(domainNamespace, domainUid4);
     //delete the rcu pod
     assertDoesNotThrow(() -> deletePod("rcu", dbNamespace),
               "Got exception while deleting server " + "rcu");

integration-tests/src/test/java/oracle/weblogic/kubernetes/utils/FmwUtils.java

@@ -456,7 +456,7 @@ public static DomainResource createDomainResourceSimplifyJrfPv(
   }
 
   /**
-   * Save the OPSS key wallet from a running JRF domain's introspector configmap to a file.
+   * Save and restore the OPSS key wallet from a running JRF domain's introspector configmap to a file.
    * @param namespace namespace where JRF domain exists
    * @param domainUid unique domain Uid
    * @param walletfileSecretName name of wallet file secret
@@ -492,4 +492,34 @@ public static void saveAndRestoreOpssWalletfileSecret(String namespace, String d
 
   }
 
+  /**
+   * Restore the OPSS key wallet from a running JRF domain's introspector configmap to a file.
+   * @param namespace namespace where JRF domain exists
+   * @param domainUid unique domain Uid
+   * @param walletfileSecretName name of wallet file secret
+   * @return ExecResult result of running corresponding script
+   */
+  public static ExecResult restoreOpssWalletfileSecret(String namespace, String domainUid,
+       String walletfileSecretName) {
+
+    logger = getLogger();
+    Path saveAndRestoreOpssPath =
+         Paths.get(RESOURCE_DIR, "bash-scripts", "opss-wallet.sh");
+    String script = saveAndRestoreOpssPath.toString();
+    logger.info("Script for saveAndRestoreOpss is {0)", script);
+
+    //restore opss wallet password secret
+    String command = script + " -d " + domainUid + " -n " + namespace + " -r" + " -ws " + walletfileSecretName;
+    logger.info("Restore wallet file command: {0}", command);
+    ExecResult result = Command.withParams(
+          defaultCommandParams()
+            .command(command)
+            .saveResults(true)
+            .redirect(true))
+        .executeAndReturnResult();
+
+    return result;
+
+  }
+
 }

integration-tests/src/test/java/oracle/weblogic/kubernetes/utils/SecretUtils.java

@@ -125,6 +125,22 @@ public static void createOpsswalletpasswordSecret(String secretName, String name
     assertTrue(secretCreated, String.format("create secret failed for %s", secretName));
   }
 
+  /**
+   * Create a OPSS wallet file secret without file in the specified namespace.
+   * This is for a negative test scenario
+   * @param secretName secret name to create
+   * @param namespace namespace in which the secret will be created
+   */
+  public static void createOpsswalletFileSecretWithoutFile(String secretName, String namespace) {
+
+    boolean secretCreated = assertDoesNotThrow(() -> createSecret(new V1Secret()
+        .metadata(new V1ObjectMeta()
+            .name(secretName)
+            .namespace(namespace))),
+         "Create secret failed with ApiException");
+    assertTrue(secretCreated, String.format("create secret failed for %s", secretName));
+  }
+
   /**
    * Create a secret with username and password and Elasticsearch host and port in the specified namespace.
    *