Merge branch 'filter-model-opss-secrets' into 'main'

Filter model OPSS secrets for MII and PV domain home source types

See merge request weblogic-cloud/weblogic-deploy-tooling!1483

Author: robertpatrick

core/src/main/python/wlsdeploy/tool/util/filter_helper.py

@@ -26,6 +26,7 @@
     'wko_filter': wko_filter.filter_model_for_wko,
 
     # individual filters for custom target environments
+    'domain_info_filter': wko_filter.filter_domain_info,
     'online_attributes_filter': wko_filter.filter_online_attributes,
     'resources_filter': wko_filter.filter_resources,
     'topology_filter': wko_filter.filter_topology,

core/src/main/python/wlsdeploy/tool/util/filters/wko_filter.py

@@ -6,7 +6,9 @@
 # ------------
 # WDT filters to prepare a model for use a target environment, using the createDomain or prepareModel tools.
 # These operations can be invoked as a single call, or independently of each other.
+
 from oracle.weblogic.deploy.util import PyRealBoolean
+
 from wlsdeploy.aliases import alias_utils
 from wlsdeploy.aliases.model_constants import AUTO_MIGRATION_ENABLED
 from wlsdeploy.aliases.model_constants import CALCULATED_LISTEN_PORTS
@@ -15,13 +17,15 @@
 from wlsdeploy.aliases.model_constants import CLUSTER
 from wlsdeploy.aliases.model_constants import CLUSTER_MESSAGING_MODE
 from wlsdeploy.aliases.model_constants import DATABASE_LESS_LEASING_BASIS
+from wlsdeploy.aliases.model_constants import DOMAIN_INFO
 from wlsdeploy.aliases.model_constants import DYNAMIC_SERVERS
 from wlsdeploy.aliases.model_constants import LISTEN_PORT
 from wlsdeploy.aliases.model_constants import MACHINE
 from wlsdeploy.aliases.model_constants import MIGRATION_BASIS
 from wlsdeploy.aliases.model_constants import NM_PROPERTIES
 from wlsdeploy.aliases.model_constants import NODE_MANAGER_PW_ENCRYPTED
 from wlsdeploy.aliases.model_constants import NODE_MANAGER_USER_NAME
+from wlsdeploy.aliases.model_constants import OPSS_SECRETS
 from wlsdeploy.aliases.model_constants import PARTITION
 from wlsdeploy.aliases.model_constants import PARTITION_WORK_MANAGER
 from wlsdeploy.aliases.model_constants import RESOURCES
@@ -57,6 +61,7 @@ def filter_model(model, model_context):
     :param model: the model to be filtered
     :param model_context: used by nested filters
     """
+    filter_domain_info(model, model_context)
     filter_topology(model, model_context)
     filter_resources(model, model_context)
     filter_online_attributes(model, model_context)
@@ -143,6 +148,26 @@ def check_clustered_server_ports(model, _model_context):
                 server_port_map[server_cluster] = {"firstServer": server_name, "serverPort": server_port_text}
 
 
+def filter_domain_info(model, _model_context):
+    """
+    Remove elements from the domainInfo section of the model that are not relevant in a Kubernetes environment.
+    This may include references to OPSS secret elements.
+    :param model: the model to be updated
+    :param _model_context: used to get target configuration
+    """
+    _method_name = 'filter_domain_info'
+
+    target_configuration = _model_context.get_target_configuration()
+    if not target_configuration.uses_opss_secrets():
+        domain_info = dictionary_utils.get_dictionary_element(model, DOMAIN_INFO)
+        for delete_key in [OPSS_SECRETS]:
+            if delete_key in domain_info:
+                source_name = target_configuration.get_domain_home_source_name()
+                _logger.info('WLSDPLY-20208', OPSS_SECRETS, DOMAIN_INFO, source_name, class_name=_class_name,
+                             method_name=_method_name)
+                del domain_info[delete_key]
+
+
 def filter_topology(model, _model_context):
     """
     Remove elements from the topology section of the model that are not relevant in a Kubernetes environment.

core/src/main/python/wlsdeploy/util/model_context.py

@@ -674,7 +674,8 @@ def get_target_configuration(self):
         :return: target configuration object
         """
         if self._target_configuration is None:
-            configuration_dict = {}
+            # if no target declared, construct TargetConfiguration with None
+            configuration_dict = None
 
             if self._target:
                 target_configuration_file = self.get_target_configuration_file()

core/src/main/python/wlsdeploy/util/target_configuration.py

@@ -83,8 +83,10 @@ def __init__(self, config_dictionary):
         """
         if config_dictionary is None:
             self.config_dictionary = {}
+            self.is_targeted = False  # no target was declared, methods are still usable
         else:
             self.config_dictionary = config_dictionary
+            self.is_targeted = True
 
     def get_credentials_method(self):
         """
@@ -96,10 +98,11 @@ def get_credentials_method(self):
     def get_results_output_method(self):
         """
         Returns the method for generating results output.
-        :return: "default" (script and additional files) or "json" (single results file)
+        :return: "default" (script and additional files) or "json" (single results file), or None if not
+        using a targeted configuration
         """
         result = dictionary_utils.get_element(self.config_dictionary, RESULTS_OUTPUT_METHOD)
-        if result is None:
+        if not result and self.is_targeted:
             result = DEFAULT_RESULTS_OUTPUT_METHOD
         return result
 
@@ -219,15 +222,26 @@ def uses_wdt_model(self):
         :return: True if a model is included, False otherwise
         """
         source_type = self._get_domain_home_source_type()
-        return source_type == MODEL_IN_IMAGE_SOURCE_TYPE
+        return source_type in [None, MODEL_IN_IMAGE_SOURCE_TYPE]
+
+    def uses_opss_secrets(self):
+        """
+        Determine if OPSS secrets are applicable to this target configuration.
+        They are applicable for non-targeted scenarios.
+        :return: True if a model is included, False otherwise
+        """
+        source_type = self._get_domain_home_source_type()
+        return source_type not in [MODEL_IN_IMAGE_SOURCE_TYPE, PERSISTENT_VOLUME_SOURCE_TYPE]
 
     def get_domain_home_source_name(self):
         """
         Return the name associated with the domain home source type key.
         :return: the domain home source name
         """
         source_type = self._get_domain_home_source_type()
-        return SOURCE_TYPE_NAMES[source_type]
+        if source_type:
+            return SOURCE_TYPE_NAMES[source_type]
+        return None
 
     def sets_cluster_replicas(self):
         """
@@ -272,11 +286,11 @@ def validate_configuration(self, exit_code, target_configuration_file):
         self._validate_enumerated_field(PRODUCT_VERSION, product_version, valid_product_versions, exit_code,
                                         target_configuration_file)
 
-        source_type = self._get_domain_home_source_type()
+        source_type = dictionary_utils.get_element(self.config_dictionary, DOMAIN_HOME_SOURCE_TYPE)
         self._validate_enumerated_field(DOMAIN_HOME_SOURCE_TYPE, source_type, SOURCE_TYPE_NAMES.keys(), exit_code,
                                         target_configuration_file)
 
-        output_method = self.get_results_output_method()
+        output_method = dictionary_utils.get_element(self.config_dictionary, RESULTS_OUTPUT_METHOD)
         self._validate_enumerated_field(RESULTS_OUTPUT_METHOD, output_method, RESULTS_OUTPUT_METHODS, exit_code,
                                         target_configuration_file)
 
@@ -287,10 +301,13 @@ def validate_configuration(self, exit_code, target_configuration_file):
     def _get_domain_home_source_type(self):
         """
         Get the domain home source type (private method).
-        :return: the domain home source type key, or the default MODEL_IN_IMAGE_SOURCE_TYPE
+        :return: the configured domain home source type key, or MODEL_IN_IMAGE_SOURCE_TYPE. If not using a
+        targeted configuration, None is returned.
         """
         source_type = dictionary_utils.get_element(self.config_dictionary, DOMAIN_HOME_SOURCE_TYPE)
-        return source_type or MODEL_IN_IMAGE_SOURCE_TYPE
+        if not source_type and self.is_targeted:
+            source_type = MODEL_IN_IMAGE_SOURCE_TYPE
+        return source_type
 
     def _validate_enumerated_field(self, key, value, valid_values, exit_code, target_configuration_file):
         method_name = '_validate_enumerated_field'

core/src/main/python/wlsdeploy/util/target_configuration_helper.py

@@ -112,20 +112,19 @@ def generate_all_output_files(model, aliases, credential_injector, model_context
     :param model_context: used to determine location and content for the output
     :param exception_type: the type of exception to throw if needed
     """
-    if model_context.is_targetted_config():
-        target_config = model_context.get_target_configuration()
-        credential_cache = credential_injector.get_variable_cache()
+    target_config = model_context.get_target_configuration()
+    credential_cache = credential_injector.get_variable_cache()
 
-        if target_config.generate_results_file():
-            generate_results_json(model_context, credential_cache, model.get_model(), exception_type)
+    if target_config.generate_results_file():
+        generate_results_json(model_context, credential_cache, model.get_model(), exception_type)
 
-        if target_config.generate_output_files():
-            # Generate k8s create secret script
-            generate_k8s_script(model_context, credential_cache, model.get_model(), exception_type)
+    if target_config.generate_output_files():
+        # Generate k8s create secret script
+        generate_k8s_script(model_context, credential_cache, model.get_model(), exception_type)
 
-            # create additional output files
-            additional_output_helper.create_additional_output(model, model_context, aliases, credential_injector,
-                                                              exception_type)
+        # create additional output files
+        additional_output_helper.create_additional_output(model, model_context, aliases, credential_injector,
+                                                          exception_type)
 
 
 def _prepare_k8s_secrets(model_context, token_dictionary, model_dictionary):

core/src/main/resources/oracle/weblogic/deploy/messages/wlsdeploy_rb.properties

@@ -1819,6 +1819,7 @@ WLSDPLY-20204=Adding {0} "{1}" to dynamic cluster "{2}" for compatibility with {
 WLSDPLY-20205=The {0} value "{1}" is used by multiple dynamic clusters, which will cause deployment to fail
 WLSDPLY-20206=Adding {0} value "{1}" to model for compatibility with {2} target
 WLSDPLY-20207=Adding {0} "{1}" to model for compatibility with {2} target
+WLSDPLY-20208=Removing {0} from {1} for domain home source type {2}
 
 # Common messages used for tool exit and clean-up
 WLSDPLY-21000={0} Messages:

core/src/main/targetconfigs/k8s/target.json

@@ -10,6 +10,5 @@
   ],
   "variable_injectors" : {"PORT": {},"HOST": {},"URL": {}},
   "validation_method" : "lax",
-  "credentials_method" : "secrets",
-  "credentials_output_method" : "script"
+  "credentials_method" : "secrets"
 }

core/src/main/targetconfigs/vz-dii/target.json

@@ -11,7 +11,6 @@
     "validation_method" : "lax",
     "product_key": "vz",
     "domain_home_source_type" : "dii",
-    "credentials_output_method" : "script",
     "exclude_domain_bin_contents": true,
     "additional_output" : "vz-application.yaml"
 }

core/src/main/targetconfigs/vz-pv/target.json

@@ -11,7 +11,6 @@
     "validation_method" : "lax",
     "product_key": "vz",
     "domain_home_source_type" : "pv",
-    "credentials_output_method" : "script",
     "exclude_domain_bin_contents": true,
     "use_persistent_volume" : true,
     "additional_output" : "vz-application.yaml"

core/src/main/targetconfigs/vz/target.json

@@ -13,7 +13,6 @@
     "product_key": "vz",
     "domain_home_source_type" : "mii",
     "credentials_method" : "secrets",
-    "credentials_output_method" : "script",
     "exclude_domain_bin_contents": true,
     "wls_credentials_name" : "__weblogic-credentials__",
     "additional_secrets": "runtime-encryption-secret",

core/src/main/targetconfigs/wko-dii/target.json

@@ -10,7 +10,6 @@
   "variable_injectors" : {"PORT": {},"HOST": {},"URL": {}},
   "validation_method" : "lax",
   "domain_home_source_type" : "dii",
-  "credentials_output_method" : "script",
   "exclude_domain_bin_contents": true,
   "additional_output" : "wko-domain.yaml"
 }

core/src/main/targetconfigs/wko-pv/target.json

@@ -10,7 +10,6 @@
   "variable_injectors" : {"PORT": {},"HOST": {},"URL": {}},
   "validation_method" : "lax",
   "domain_home_source_type" : "pv",
-  "credentials_output_method" : "script",
   "exclude_domain_bin_contents": true,
   "use_persistent_volume" : true,
   "additional_output" : "wko-domain.yaml"

core/src/main/targetconfigs/wko/target.json

@@ -12,8 +12,6 @@
   "validation_method" : "lax",
   "domain_home_source_type" : "mii",
   "credentials_method" : "secrets",
-  "-- results_output_method" : "json",
-  "credentials_output_method" : "script",
   "exclude_domain_bin_contents": true,
   "wls_credentials_name" : "__weblogic-credentials__",
   "additional_secrets": "runtime-encryption-secret",

core/src/main/targetconfigs/wko4-dii/target.json

@@ -10,7 +10,6 @@
   "variable_injectors" : {"PORT": {},"HOST": {},"URL": {}},
   "validation_method" : "lax",
   "domain_home_source_type" : "dii",
-  "credentials_output_method" : "script",
   "exclude_domain_bin_contents": true,
   "product_version" : "v4",
   "additional_output" : "wko-domain.yaml"

core/src/main/targetconfigs/wko4-pv/target.json

@@ -10,7 +10,6 @@
   "variable_injectors" : {"PORT": {},"HOST": {},"URL": {}},
   "validation_method" : "lax",
   "domain_home_source_type" : "pv",
-  "credentials_output_method" : "script",
   "exclude_domain_bin_contents": true,
   "use_persistent_volume" : true,
   "product_version" : "v4",

core/src/main/targetconfigs/wko4/target.json

@@ -11,7 +11,6 @@
   "validation_method" : "lax",
   "domain_home_source_type" : "mii",
   "credentials_method" : "secrets",
-  "credentials_output_method" : "script",
   "exclude_domain_bin_contents": true,
   "product_version" : "v4",
   "wls_credentials_name" : "__weblogic-credentials__",