Changes for Verrazzano (#713)

* added new target type, wko
* added execute permissions to generated shell script from vz target
* corrected weblogic credential secret name for models targeted to WebLogic Operator
* changed generated Verrazzano binding defaults for DNS name to "*"
* changed generated Verrazzano binding namepace from default to {domainUid}-ns
* corrected log folder name from jcslcm-logs to wdt-logs

Author: ddsharpe

core/src/main/java/oracle/weblogic/deploy/logging/WLSDeployLoggingConfig.java

@@ -344,8 +344,8 @@ private static File findLoggingDirectory(String programName) {
 
         if (!found && tmpDir.canWrite()) {
             try {
-                File parentDir = tmpDir.getCanonicalFile().getParentFile();
-                logDir = FileUtils.createTempDirectory(parentDir, "jcslcm-logs");
+                File parentDir = tmpDir.getCanonicalFile();
+                logDir = FileUtils.createTempDirectory(parentDir, "wdt-logs");
                 found = true;
             } catch (IOException ioe) {
                 String message = MessageFormat.format("{0} failed to create temporary logs directory in {1}: {2}",

core/src/main/java/oracle/weblogic/deploy/util/FileUtils.java

@@ -13,15 +13,17 @@
 import java.io.InputStream;
 import java.nio.file.Files;
 import java.nio.file.Paths;
+import java.nio.file.attribute.PosixFilePermission;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Locale;
+import java.util.Set;
 import java.util.zip.ZipEntry;
 import java.util.zip.ZipInputStream;
-
 import javax.xml.bind.DatatypeConverter;
 
 import oracle.weblogic.deploy.exception.ExceptionHelper;
@@ -783,4 +785,52 @@ public boolean accept(File dir, String name) {
     }
 
 
+    /**
+     * Convert an octal number into Posix File Permisions.
+     * @param octals 3 octal digits representing posix file permissions rwxrwxrwx
+     * @return a set of Posix file permissions
+     */
+    @SuppressWarnings("OctalInteger")
+    static Set<PosixFilePermission> getPermissions(int octals) {
+        Set<PosixFilePermission> result = new HashSet<>();
+        if ( (0400 & octals) > 0) {
+            result.add(PosixFilePermission.OWNER_READ);
+        }
+        if ( (0200 & octals) > 0) {
+            result.add(PosixFilePermission.OWNER_WRITE);
+        }
+        if ( (0100 & octals) > 0) {
+            result.add(PosixFilePermission.OWNER_EXECUTE);
+        }
+        if ( (0040 & octals) > 0) {
+            result.add(PosixFilePermission.GROUP_READ);
+        }
+        if ( (0020 & octals) > 0) {
+            result.add(PosixFilePermission.GROUP_WRITE);
+        }
+        if ( (0010 & octals) > 0) {
+            result.add(PosixFilePermission.GROUP_EXECUTE);
+        }
+        if ( (0004 & octals) > 0) {
+            result.add(PosixFilePermission.OTHERS_READ);
+        }
+        if ( (0002 & octals) > 0) {
+            result.add(PosixFilePermission.OTHERS_WRITE);
+        }
+        if ( (0001 & octals) > 0) {
+            result.add(PosixFilePermission.OTHERS_EXECUTE);
+        }
+        return result;
+    }
+
+    /**
+     * Set OS file permissions given an Octal permission set.
+     * Needed due to Jython 2.2 did not offer a os.chmod function.
+     * @param path file name to be changed
+     * @param octals octal number set like OS chmod permissions
+     * @throws IOException if permissions update fails
+     */
+    public static void chmod(String path, int octals) throws IOException {
+        Files.setPosixFilePermissions(Paths.get(path), getPermissions(octals));
+    }
 }

core/src/main/python/prepare_model.py

@@ -310,7 +310,8 @@ def __substitute_password_with_token(self, model_path, attribute_name, validatio
 
             # for normal secrets, assign the secret name to the attribute
             if credentials_method == SECRETS_METHOD:
-                model_value = target_configuration_helper.format_as_secret_token(cache_key)
+                model_value = target_configuration_helper.format_as_secret_token(cache_key,
+                                                                        self.model_context.get_target_configuration())
                 self.cache[cache_key] = ''
 
             # for config override secrets, assign a placeholder password to the attribute.

core/src/main/python/wlsdeploy/tool/util/variable_injector.py

@@ -400,7 +400,8 @@ def _process_attribute(self, model, attribute, location, injector_values):
             # for credentials_method: secrets, assign a secret token to the attribute
             if credentials_method == SECRETS_METHOD \
                     and variable_value == alias_constants.PASSWORD_TOKEN:
-                model[attribute] = target_configuration_helper.format_as_secret_token(variable_name)
+                model[attribute] = target_configuration_helper.format_as_secret_token(variable_name,
+                                                                        self.__model_context.get_target_configuration())
 
             # for config_override_secrets, assign a placeholder value to the attribute
             elif credentials_method == CONFIG_OVERRIDES_SECRETS_METHOD \

core/src/main/python/wlsdeploy/util/target_configuration.py

@@ -8,6 +8,9 @@
 # types for credential method
 CREDENTIALS_METHOD = "credentials_method"
 
+# Overrides the Kubernetes secret name for the WebLogic admin user credential
+WLS_CREDENTIALS_NAME = "wls_credentials_name"
+
 # put secret tokens in the model, and build a script to create the secrets.
 SECRETS_METHOD = 'secrets'
 
@@ -43,6 +46,13 @@ def get_credentials_method(self):
         """
         return dictionary_utils.get_element(self.config_dictionary, CREDENTIALS_METHOD)
 
+    def get_wls_credentials_name(self):
+        """
+        Returns the method for handling credentials in the model.
+        :return: the method for handling credentials
+        """
+        return dictionary_utils.get_element(self.config_dictionary, WLS_CREDENTIALS_NAME)
+
     def get_additional_output_types(self):
         """
         Return the additional output types for this target environment.

core/src/main/python/wlsdeploy/util/target_configuration_helper.py

@@ -4,9 +4,10 @@
 # Shared methods for using target environments (-target abc).
 # Used by discoverDomain and prepareModel.
 import re
-
 import os
 
+from oracle.weblogic.deploy.util import FileUtils
+
 from wlsdeploy.aliases.model_constants import DEFAULT_WLS_DOMAIN_NAME
 from wlsdeploy.aliases.model_constants import JDBC_DRIVER_PARAMS
 from wlsdeploy.aliases.model_constants import JDBC_RESOURCE
@@ -152,36 +153,31 @@ def generate_k8s_script(model_context, token_dictionary, model_dictionary):
         k8s_script.write(command_string + nl)
 
     k8s_script.close()
+    FileUtils.chmod(k8s_file, 0750)
 
-
-def format_as_secret_token(variable_name):
+def format_as_secret_token(variable_name, target_config):
     """
     Format the variable as a secret name token for use in a model.
     :param variable_name: variable name in dot separated format
     :return: formatted name
     """
+    normal_secret_format = '@@SECRET:@@ENV:DOMAIN_UID@@-%s:%s@@'
     name_lower_tokens = variable_name.lower().split('.')
     if len(name_lower_tokens) == 1:
         admin_lower_token = name_lower_tokens[0]
         if admin_lower_token in ['adminusername', 'adminpassword']:
-            # these should just be 'username' and 'password', to match secrets script
+            # substring removes "admin" and keeps just 'username' or 'password', to match secrets script
             admin_token = admin_lower_token[5:]
-            return get_secret_model_token(WEBLOGIC_CREDENTIALS_SECRET_NAME, admin_token)
+            secret_name = target_config.get_wls_credentials_name()
+            if secret_name == None:
+                return normal_secret_format % (WEBLOGIC_CREDENTIALS_SECRET_NAME, admin_token)
+            else:
+                # if the target configuration declares a special name for the WebLogic credential secret
+                return '@@SECRET:%s:%s@@' % (secret_name, admin_token)
 
     # for paired and single secrets, password key is always named "password"
     secret_name = "password"
-
-    return get_secret_model_token('-'.join(name_lower_tokens[:-1]), secret_name)
-
-
-def get_secret_model_token(name, key):
-    """
-    Returns the substitution string to be put in the model for a secret value.
-    :param name: the name of the secret
-    :param key: the key of the secret
-    :return: the substitution string
-    """
-    return '@@SECRET:@@ENV:DOMAIN_UID@@-%s:%s@@' % (name, key)
+    return normal_secret_format % ('-'.join(name_lower_tokens[:-1]), secret_name)
 
 
 def get_secret_name_for_location(location, domain_uid, aliases):

core/src/main/resources/oracle/weblogic/deploy/targets/vz/binding.yaml

@@ -11,12 +11,12 @@ spec:
   placement:
     - name: local
       namespaces:
-        - name: default
+        - name: "{{{domainUid}}}-ns"
           components:
             - name: {{{domainName}}}
   ingressBindings:
     - name: "{{{domainPrefix}}}-ingress"
-      dnsName: "todo.vz.oracledx.com"
+      dnsName: "*"
 {{#hasDatabases}}
   databaseBindings:
 {{/hasDatabases}}

core/src/main/targetconfigs/vz/target.json

@@ -6,6 +6,7 @@
     },
     "variable_injectors" : {"PORT": {},"HOST": {},"URL": {}},
     "validation_method" : "lax",
-    "credentials_method" : "config_override_secrets",
+    "credentials_method" : "secrets",
+    "wls_credentials_name" : "__weblogic-credentials__",
     "additional_output" : "vz"
 }

core/src/main/targetconfigs/wko/target.json

@@ -0,0 +1,11 @@
+{
+  "model_filters" : {
+        "discover": [
+          { "name": "wko_prep", "path": "@@TARGET_CONFIG_DIR@@/wko_operator_filter.py" }
+        ]
+      },
+  "variable_injectors" : {"PORT": {},"HOST": {},"URL": {}},
+  "validation_method" : "lax",
+  "credentials_method" : "secrets",
+  "wls_credentials_name" : "__weblogic-credentials__"
+}

core/src/main/targetconfigs/wko/wko_operator_filter.py

@@ -0,0 +1,67 @@
+# Copyright (c) 2020, Oracle Corporation and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#
+# ------------
+# Description:
+# ------------
+#  This is a WDT filter for primordial domain creation. It filters out all resources and
+#  apps deployments, leaving only the domainInfo and admin server in topology.
+#
+def filter_model(model):
+    __cleanup_topology(model)
+    __cleanup_resources(model)
+
+def __cleanup_resources(model):
+    if model and 'resources' in model:
+        resources = model['resources']
+
+        for delthis in [ 'PartitionWorkManager', 'Partition', 'ResourceGroup', 'ResourceGroupTemplate', 'VirtualHost',
+                     'ResourceManager', 'ResourceManagement' ]:
+            if resources.has_key(delthis):
+                del resources[delthis]
+
+def __cleanup_topology(model):
+    if model and 'topology' in model:
+        topology = model['topology']
+        for delthis in [ 'NMProperties', 'VirtualTarget', 'Machine']:
+            if topology.has_key(delthis):
+                del topology[delthis]
+
+        if topology.has_key('Cluster'):
+            clusters = topology['Cluster']
+            for cluster in clusters:
+                for delthis in ['MigrationBasis', 'CandidateMachinesForMigratableServer', 'DatabaseLessLeasingBasis',
+                                'ClusterMessagingMode']:
+                    if clusters[cluster].has_key(delthis):
+                        del clusters[cluster][delthis]
+
+        if topology.has_key('Server'):
+            servers = topology['Server']
+            for server in servers:
+                for delthis in ['Machine', 'CandidateMachine', 'AutoMigrationEnabled']:
+                    if servers[server].has_key(delthis):
+                        del servers[server][delthis]
+
+        if topology.has_key('SecurityConfiguration'):
+            for delthis in ['NodeManagerPasswordEncrypted', 'NodeManagerUsername' ]:
+                if topology['SecurityConfiguration'].has_key(delthis):
+                    del topology['SecurityConfiguration'][delthis]
+            if len(topology['SecurityConfiguration'].keys()) == 0:
+                del topology['SecurityConfiguration']
+
+        if topology.has_key('ServerTemplate'):
+            server_templates = topology['ServerTemplate']
+            for server_template in server_templates:
+                server_templates[server_template]['AutoMigrationEnabled'] = False
+        else:
+            topology['ServerTemplate'] = {}
+            server_templates = topology['ServerTemplate']
+            if topology.has_key('Cluster'):
+                clusters = topology['Cluster']
+                for cluster in clusters:
+                    server_templates[cluster] = {}
+                    server_template = server_templates[cluster]
+                    server_template['Cluster'] = cluster
+                    server_template['AutoMigrationEnabled'] = False
+
+