On branch edburns/o-647-update-identity-driver (#352)

* On branch edburns/o-647-update-identity-driver
modified:   weblogic-azure-aks/src/main/arm/scripts/common.sh

- Update MSSQLDriver to version that works with azure-identity 1.12.2.

Signed-off-by: Ed Burns <[email protected]>

* On branch edburns/o-647-update-identity-driver
modified:   weblogic-azure-aks/src/main/resources/azure-identity-extensions.xml

Cause dependency on `com.azure:azure-identity-extensions:jar:1.12.2:compile`.

Signed-off-by: Ed Burns <[email protected]>

* On branch edburns/o-647-update-identity-driver
modified:   weblogic-azure-aks/src/main/arm/scripts/common.sh

- Make it so the POM is resolvable during testing of the offer.

Signed-off-by: Ed Burns <[email protected]>

* Update azure-identity-extensions.xml

* Update common.sh to add azure-identity link.

* Update common.sh to add constAzureIdentityForMSSQLJarName

* Download azure-identity jar for MSSQL

* On branch edburns/o-647-update-identity-driver
modified:   weblogic-azure-aks/src/main/arm/scripts/common.sh

- Make it so the POM is resolvable during testing of the offer.

Signed-off-by: Ed Burns <[email protected]>

* Update common.sh for variable name constAzureIdentityForMSSQLJarName

* fix 'uri' expects its first argument to be a uri string

* Use mssql 12.10 and azure-identity 1.15.3

* Update MSSQL driver version and remove azure-identity dependency

* update  the ubuntu base image

* use SSO auth token

* update description for Oracle SSO account password parameter to reflect auth token usage

* use latest ubuntu 24 LTS

* fix AMR64info  condition

* fix visibility condition for unsupported platform info in UI definition

---------

Signed-off-by: Ed Burns <[email protected]>
Co-authored-by: Haixia Cheng <[email protected]>

Author: edburns

pom.xml

@@ -40,7 +40,7 @@
     <properties>    
         <!--  versions  start -->
         <!--  weblogic azure aks versions  -->
-        <version.wls-on-aks-azure-marketplace>1.0.90</version.wls-on-aks-azure-marketplace>
+        <version.wls-on-aks-azure-marketplace>1.0.91</version.wls-on-aks-azure-marketplace>
         <!--  weblogic azure vm versions  -->
         <version.arm-oraclelinux-wls>1.0.31</version.arm-oraclelinux-wls>
         <version.arm-oraclelinux-wls-admin>1.0.56</version.arm-oraclelinux-wls-admin>

weblogic-azure-aks/src/main/arm/createUiDefinition.json

@@ -504,18 +504,28 @@
                                 },
                                 "visible": true
                             },
+                            {
+                                "name": "ocrSSOTokenInfo",
+                                "type": "Microsoft.Common.InfoBox",
+                                "visible": true,
+                                "options": {
+                                    "icon": "Info",
+                                    "text": "Please use an Auth Token associated with an SSO user. Select the link to see more details.",
+                                    "uri": "https://aka.ms/wls-auth-token"
+                                }
+                            },
                             {
                                 "name": "ocrSSOPassword",
                                 "type": "Microsoft.Common.PasswordBox",
                                 "label": {
-                                    "password": "Password for Oracle Single Sign-On authentication",
-                                    "confirmPassword": "Confirm password"
+                                    "password": "Auth token for Oracle Single Sign-On authentication",
+                                    "confirmPassword": "Confirm token"
                                 },
-                                "toolTip": "Password for Oracle Single Sign-On authentication to login the Oracle Container Registry.",
+                                "toolTip": "Auth token for Oracle Single Sign-On authentication to login the Oracle Container Registry.",
                                 "constraints": {
                                     "required": true,
                                     "regex": "^(?=.*[A-Z])(?=.*[a-z])(?=.*\\d)[A-Za-z\\d\\$\\&\\+\\,:\\=\\?@#|'.\\^\\*!\\-_~/'\\[\\]\\{\\}\"]{8,}$",
-                                    "validationMessage": "The password must contain at least 8 characters, with at least 1 uppercase letter, 1 lowercase letter and 1 number, and special characters, but should not contain > < ( ) % ; \\."
+                                    "validationMessage": "The token must contain at least 8 characters, with at least 1 uppercase letter, 1 lowercase letter and 1 number, and special characters, but should not contain > < ( ) % ; \\."
                                 },
                                 "options": {
                                     "hideConfirmation": false
@@ -641,7 +651,7 @@
                             {
                                 "name": "unsupportedPlatformInfo1",
                                 "type": "Microsoft.Common.InfoBox",
-                                "visible": "[and(contains(steps('section_aks').clusterInfo.nodeVMSizeSelector,'p'), not(contains(parse('[\"14.1.1.0-11\", \"14.1.1.0-8\", \"14.1.1.0-slim-11\", \"14.1.1.0-slim-8\", \"12.2.1.4\", \"12.2.1.4-slim\"]'),if(equals(steps('section_aks').imageInfo.oracleImageSelector, 'others'), steps('section_aks').imageInfo.fromOracleImage, steps('section_aks').imageInfo.oracleImageSelector))))]",
+                                "visible": "[and(contains(steps('section_aks').clusterInfo.nodeVMSizeSelector,'p'), contains(parse('[\"14.1.1.0-11\", \"14.1.1.0-8\", \"14.1.1.0-slim-11\", \"14.1.1.0-slim-8\", \"12.2.1.4\", \"12.2.1.4-slim\"]'),if(equals(steps('section_aks').imageInfo.oracleImageSelector, 'others'), steps('section_aks').imageInfo.fromOracleImage, steps('section_aks').imageInfo.oracleImageSelector)))]",
                                 "options": {
                                     "icon": "Error",
                                     "text": "The selected image is not compatible with the ARM64 platform. Please choose a different image or select a different size from <b>AKS</b> -> <b>Azure Kubernetes Service</b> -> <b>Node size</b>. For more information, see <a href=https://learn.microsoft.com/azure/virtual-machines/vm-naming-conventions>the Azure documentation</a>."

weblogic-azure-aks/src/main/arm/scripts/common.sh

@@ -35,7 +35,7 @@ export constFalse="false"
 export constTrue="true"
 export constIntrospectorJobActiveDeadlineSeconds=300  # for Guaranteed Qos
 export constPostgreDriverName="postgresql-42.7.5.jar"
-export constMSSQLDriverName="mssql-jdbc-11.2.3.jre17.jar"
+export constMSSQLDriverName="mssql-jdbc-11.2.3.jre8.jar"
 export constAzureCoreVersion="1.34.0"
 export constDbPodIdentitySelector="db-pod-identity" # do not change the value
 export constPreclassDirectoryName="preclassLibraries"
@@ -54,7 +54,7 @@ export gitUrl4CpuImages="https://raw.githubusercontent.com/oracle/weblogic-azure
 export gitUrl4AksWellTestedVersionJsonFile="https://raw.githubusercontent.com/oracle/weblogic-azure/main/weblogic-azure-aks/src/main/resources/aks_well_tested_version.json"
 export gitUrl4AksToolingWellTestedVersionJsonFile="https://raw.githubusercontent.com/oracle/weblogic-azure/main/weblogic-azure-aks/src/main/resources/aks_tooling_well_tested_versions.json"
 export gitUrl4WLSToolingFamilyJsonFile="https://raw.githubusercontent.com/oracle/weblogic-azure/main/weblogic-azure-aks/src/main/resources/weblogic_tooling_family.json"
-export gitUrl4AzureIdentityExtensionsPomFile="https://raw.githubusercontent.com/oracle/weblogic-azure/main/weblogic-azure-aks/src/main/resources/azure-identity-extensions.xml"
+export gitUrl4AzureIdentityExtensionsPomFile="https://raw.githubusercontent.com/oracle/weblogic-azure/b67a5f95a6c2f590fe8ff938daa298fe7adf7a45/weblogic-azure-aks/src/main/resources/azure-identity-extensions.xml" # PR https://github.com/oracle/weblogic-azure/pull/352 "https://raw.githubusercontent.com/oracle/weblogic-azure/main/weblogic-azure-aks/src/main/resources/azure-identity-extensions.xml"
 export gitUrl4MySQLDriverPomFile="https://raw.githubusercontent.com/oracle/weblogic-azure/main/weblogic-azure-aks/src/main/resources/mysql-connector-java.xml"
 
 export optUninstallMaxTry=5 # Max attempts to wait for the operator uninstalled
@@ -65,5 +65,5 @@ export retryInterval=10
 
 export wlsContainerName="weblogic-server"
 export wlsPostgresqlDriverUrl="https://jdbc.postgresql.org/download/postgresql-42.7.5.jar"
-export wlsMSSQLDriverUrl="https://repo1.maven.org/maven2/com/microsoft/sqlserver/mssql-jdbc/11.2.3.jre17/mssql-jdbc-11.2.3.jre17.jar"
-export jdkArm64Url="https://aka.ms/download-jdk/microsoft-jdk-11.0.23-linux-aarch64.tar.gz"
+export wlsMSSQLDriverUrl="https://repo1.maven.org/maven2/com/microsoft/sqlserver/mssql-jdbc/11.2.3.jre8/mssql-jdbc-11.2.3.jre8.jar"
+export jdkArm64Url="https://aka.ms/download-jdk/microsoft-jdk-11.0.23-linux-aarch64.tar.gz"

weblogic-azure-aks/src/main/arm/scripts/createVMAndBuildImage.sh

@@ -96,11 +96,11 @@ function build_docker_image() {
     # Create vm to build docker image
     vmName="VM-UBUNTU-WLS-AKS-$(date +%s)"
 
-    # az vm image list --publisher Canonical --offer UbuntuServer --all -o table
-    ubuntuImage="Canonical:UbuntuServer:18.04-LTS:latest"
+    # az vm image list --publisher Canonical --offer 0001-com-ubuntu-server-focal --all -o table
+    ubuntuImage="Canonical:ubuntu-24_04-lts:server:latest"
 
     if [[ "${CPU_PLATFORM}" == "${constARM64Platform}" ]]; then
-        ubuntuImage="Canonical:UbuntuServer:18_04-lts-arm64:latest"
+        ubuntuImage="Canonical:ubuntu-24_04-lts:server-arm64:latest"
     fi
 
     # query AKS vm size

weblogic-azure-aks/src/main/bicep/mainTemplate.bicep

@@ -165,7 +165,7 @@ param managedServerPrefix string = 'managed-server'
 @description('To mitigate ARM-TTK error: Control Named vnetForApplicationGateway must output the newOrExisting property when hideExisting is false')
 param newOrExistingVnetForApplicationGateway string = 'new'
 @secure()
-@description('Password of Oracle SSO account.')
+@description('Auth token of Oracle SSO account.')
 param ocrSSOPSW string = newGuid()
 @description('User name of Oracle SSO account.')
 param ocrSSOUser string = 'null'

weblogic-azure-aks/src/main/bicep/modules/_setupPasswordlessDBConnection.bicep

@@ -136,7 +136,7 @@ module configDataSource '_deployment-scripts/_ds-datasource-connection.bicep' =
     dbConfigurationType: dbConfigurationType
     dbGlobalTranPro: dbGlobalTranPro
     dbUser: dbUser
-    dsConnectionURL: uri(format('{0}{4}{1}{4}{3}={2}', const_connectionString, name_jdbcPlugins[databaseType], reference(items(dbIdentity.userAssignedIdentities)[0].key, const_identityAPIVersion, 'full').properties.clientId, array_msiClientId[databaseType], array_urlJoiner[databaseType]), '')
+    dsConnectionURL: format('{0}{4}{1}{4}{3}={2}', const_connectionString, name_jdbcPlugins[databaseType], reference(items(dbIdentity.userAssignedIdentities)[0].key, const_identityAPIVersion, 'full').properties.clientId, array_msiClientId[databaseType], array_urlJoiner[databaseType])
     enablePswlessConnection: true
     identity: identity
     jdbcDataSourceName: jdbcDataSourceName

weblogic-azure-aks/src/main/bicep/modules/setupWebLogicCluster.bicep

@@ -77,7 +77,7 @@ param location string
 @description('Name prefix of managed server.')
 param managedServerPrefix string = 'managed-server'
 @secure()
-@description('Password of Oracle SSO account.')
+@description('Auth token of Oracle SSO account.')
 param ocrSSOPSW string
 @description('User name of Oracle SSO account.')
 param ocrSSOUser string

weblogic-azure-aks/src/main/bicep/modules/updateWebLogicApplications.bicep

@@ -21,7 +21,7 @@ Parameters
     - containerName: container name.
   - identity: Azure user managed identity used, make sure the identity has permission to create/update/delete Azure resources. It's recommended to assign "Contributor" role.
   - isSSOSupportEntitled: Is the specified SSO account associated with an active Oracle support contract?
-  - ocrSSOPSW: Password of Oracle SSO account. The script will pull image from Oracle Container Registry (OCR), Oracle account is required. Make sure the account has checkout WebLogic images.
+  - ocrSSOPSW: Auth token of Oracle SSO account. The script will pull image from Oracle Container Registry (OCR), Oracle account is required. Make sure the account has checkout WebLogic images.
   - ocrSSOUser: User name of Oracle SSO account.
   - wlsDomainName: Name of the domain that you are going to update. Make sure it's the same with the initial cluster deployment.
   - wlsDomainUID: UID of the domain that you are going to update. Make sure it's the same with the initial cluster deployment.
@@ -56,7 +56,7 @@ param identity object = {}
 @description('Is the specified SSO account associated with an active Oracle support contract?')
 param isSSOSupportEntitled bool = false
 @secure()
-@description('Password of Oracle SSO account.')
+@description('Auth token of Oracle SSO account.')
 param ocrSSOPSW string = 'null'
 @description('User name of Oracle SSO account.')
 param ocrSSOUser string = 'null'

weblogic-azure-aks/src/main/resources/azure-identity-extensions.xml

@@ -15,7 +15,7 @@
         <dependency>
             <groupId>com.azure</groupId>
             <artifactId>azure-identity-extensions</artifactId>
-            <version>1.2.0</version>
+            <version>1.2.2</version>
         </dependency>
     </dependencies>
-</project>
+</project>