Jira#wdt 418 encrypt multiple models (#647)

* Encrypt multiple model files and one variable file

* add details to the encryptModel shell scripts

Author: CarolynRountree

core/src/main/python/encrypt.py

@@ -28,6 +28,7 @@
 from wlsdeploy.logging.platform_logger import PlatformLogger
 from wlsdeploy.tool.encrypt import encryption_utils
 from wlsdeploy.tool.util.alias_helper import AliasHelper
+from wlsdeploy.util import cla_utils
 from wlsdeploy.util import getcreds
 from wlsdeploy.util import variables as variable_helper
 from wlsdeploy.util.cla_utils import CommandLineArgUtil
@@ -62,6 +63,7 @@ def __process_args(args):
     _method_name = '__process_args'
 
     cla_util = CommandLineArgUtil(_program_name, __required_arguments, __optional_arguments)
+    cla_util.set_allow_multiple_models(True)
     argument_map = cla_util.process_args(args)
 
     __validate_mode_args(argument_map)
@@ -92,17 +94,8 @@ def __validate_mode_args(optional_arg_map):
     """
     _method_name = '__validate_mode_args'
 
-    if CommandLineArgUtil.MODEL_FILE_SWITCH in optional_arg_map:
-        model_file_name = optional_arg_map[CommandLineArgUtil.MODEL_FILE_SWITCH]
-        try:
-            FileUtils.validateExistingFile(model_file_name)
-        except IllegalArgumentException, iae:
-            ex = exception_helper.create_cla_exception('WLSDPLY-20006', _program_name, model_file_name,
-                                                       iae.getLocalizedMessage(), error=iae)
-            ex.setExitCode(CommandLineArgUtil.ARG_VALIDATION_ERROR_EXIT_CODE)
-            __logger.throwing(ex, class_name=_class_name, method_name=_method_name)
-            raise ex
-    elif CommandLineArgUtil.ENCRYPT_MANUAL_SWITCH not in optional_arg_map:
+    if CommandLineArgUtil.MODEL_FILE_SWITCH not in optional_arg_map \
+            and CommandLineArgUtil.ENCRYPT_MANUAL_SWITCH not in optional_arg_map:
         ex = exception_helper.create_cla_exception('WLSDPLY-04202', _program_name, CommandLineArgUtil.MODEL_FILE_SWITCH,
                                                    CommandLineArgUtil.ENCRYPT_MANUAL_SWITCH)
         ex.setExitCode(CommandLineArgUtil.USAGE_ERROR_EXIT_CODE)
@@ -152,13 +145,15 @@ def __encrypt_model_and_variables(model_context):
     """
     _method_name = '__encrypt_model_and_variables'
 
-    model_file = model_context.get_model_file()
-    try:
-        model = FileToPython(model_file, True).parse()
-    except TranslateException, te:
-        __logger.severe('WLSDPLY-04206', _program_name, model_file, te.getLocalizedMessage(), error=te,
-                        class_name=_class_name, method_name=_method_name)
-        return CommandLineArgUtil.PROG_ERROR_EXIT_CODE
+    model_files = cla_utils.get_model_files(model_context.get_model_file())
+    models = dict()
+    for model_file in model_files:
+        try:
+            models[model_file] = FileToPython(model_file, True).parse()
+        except TranslateException, te:
+            __logger.severe('WLSDPLY-04206', _program_name, model_file, te.getLocalizedMessage(), error=te,
+                            class_name=_class_name, method_name=_method_name)
+            return CommandLineArgUtil.PROG_ERROR_EXIT_CODE
 
     variable_file = model_context.get_variable_file()
     variables = None
@@ -173,35 +168,36 @@ def __encrypt_model_and_variables(model_context):
     aliases = Aliases(model_context, wlst_mode=WlstModes.OFFLINE)
     alias_helper = AliasHelper(aliases, __logger, ExceptionType.ENCRYPTION)
 
-    try:
-        passphrase = model_context.get_encryption_passphrase()
-        model_change_count, variable_change_count = \
-            encryption_utils.encrypt_model_dictionary(passphrase, model, alias_helper, variables)
-    except EncryptionException, ee:
-        __logger.severe('WLSDPLY-04208', _program_name, ee.getLocalizedMessage(), error=ee,
-                        class_name=_class_name, method_name=_method_name)
-        return CommandLineArgUtil.PROG_ERROR_EXIT_CODE
-
-    if variable_change_count > 0:
+    for model_file, model in models.iteritems():
         try:
-            variable_helper.write_variables(_program_name, variables, variable_file)
-            __logger.info('WLSDPLY-04209', _program_name, variable_change_count, variable_file,
-                          class_name=_class_name, method_name=_method_name)
-        except VariableException, ve:
-            __logger.severe('WLSDPLY-20007', _program_name, variable_file, ve.getLocalizedMessage(), error=ve,
+            passphrase = model_context.get_encryption_passphrase()
+            model_change_count, variable_change_count = \
+                encryption_utils.encrypt_model_dictionary(passphrase, model, alias_helper, variables)
+        except EncryptionException, ee:
+            __logger.severe('WLSDPLY-04208', _program_name, ee.getLocalizedMessage(), error=ee,
                             class_name=_class_name, method_name=_method_name)
             return CommandLineArgUtil.PROG_ERROR_EXIT_CODE
 
-    if model_change_count > 0:
-        try:
-            model_writer = PythonToFile(model)
-            model_writer.write_to_file(model_file)
-            __logger.info('WLSDPLY-04210', _program_name, model_change_count, model_file,
-                          class_name=_class_name, method_name=_method_name)
-        except TranslateException, te:
-            __logger.severe('WLSDPLY-04211', _program_name, model_file, te.getLocalizedMessage(), error=te,
-                            class_name=_class_name, method_name=_method_name)
-            return CommandLineArgUtil.PROG_ERROR_EXIT_CODE
+        if variable_change_count > 0:
+            try:
+                variable_helper.write_variables(_program_name, variables, variable_file)
+                __logger.info('WLSDPLY-04209', _program_name, variable_change_count, variable_file,
+                              class_name=_class_name, method_name=_method_name)
+            except VariableException, ve:
+                __logger.severe('WLSDPLY-20007', _program_name, variable_file, ve.getLocalizedMessage(), error=ve,
+                                class_name=_class_name, method_name=_method_name)
+                return CommandLineArgUtil.PROG_ERROR_EXIT_CODE
+
+        if model_change_count > 0:
+            try:
+                model_writer = PythonToFile(model)
+                model_writer.write_to_file(model_file)
+                __logger.info('WLSDPLY-04210', _program_name, model_change_count, model_file,
+                              class_name=_class_name, method_name=_method_name)
+            except TranslateException, te:
+                __logger.severe('WLSDPLY-04211', _program_name, model_file, te.getLocalizedMessage(), error=te,
+                                class_name=_class_name, method_name=_method_name)
+                return CommandLineArgUtil.PROG_ERROR_EXIT_CODE
 
     return CommandLineArgUtil.PROG_OK_EXIT_CODE
 

core/src/main/python/wlsdeploy/tool/encrypt/encryption_utils.py

@@ -34,7 +34,7 @@ def __init__(self, passphrase, alias_helper, variables=None):
         self.alias_helper = alias_helper
         self.variables = variables
         self.model_changes = 0
-        self.variables_changed = []
+        self.variable_changes = 0
 
     def encrypt_model_dictionary(self, model_dict):
         """
@@ -66,7 +66,7 @@ def encrypt_model_dictionary(self, model_dict):
             location = LocationContext()
             self._encrypt_nodes(location, deployments_nodes, top_folder_names)
 
-        return self.model_changes, len(self.variables_changed)
+        return self.model_changes, self.variable_changes
 
     def _encrypt_info_nodes(self, info_nodes):
         """
@@ -173,16 +173,19 @@ def _encrypt_variable_value(self, folder_name, field_name, var_name):
         if self.variables is None:
             return
 
-        # this variable may have been encrypted for another attribute
-        if var_name in self.variables_changed:
-            return
-
+        # Do not encrypt already encrypted to match model encryption: Don't encrypt encrypted value
         if var_name in self.variables:
             var_value = self.variables[var_name]
             if len(var_value) > 0:
+
+                # don't encrypt an already encrypted variable. Matches logic in model
+                if EncryptionUtils.isEncryptedString(var_value):
+                    self._logger.fine('WLSDPLY-04109', folder_name, field_name, var_name)
+                    return
+
                 encrypted_value = EncryptionUtils.encryptString(var_value, String(self.passphrase).toCharArray())
                 self.variables[var_name] = encrypted_value
-                self.variables_changed.append(var_name)
+                self.variable_changes += 1
                 self._logger.fine('WLSDPLY-04106', folder_name, field_name, var_name,
                                   class_name=self._class_name, method_name=_method_name)
         else:

core/src/main/resources/oracle/weblogic/deploy/messages/wlsdeploy_rb.properties

@@ -375,6 +375,7 @@ WLSDPLY-04105=The value for password field {1} from folder {0} unexpectedly had
 WLSDPLY-04106=Encrypted the value of variable {1} referenced from field {0} from folder {2}
 WLSDPLY-04107=Unable to find variable {0} definition that was used for field {1} from folder {2}
 WLSDPLY-04108=The provider {0} at location {1} was not recognized, and will not be encrypted
+WLSDPLY-04109=The field {1} from folder {0} is already encrypted for variable property {2}
 
 # encrypt.py
 WLSDPLY-04200=Enter the password to encrypt

core/src/test/python/encryption_test.py

@@ -23,7 +23,9 @@ class EncryptionTestCase(unittest.TestCase):
     _oracle_home = None
 
     _src_model_file_wo_variables = os.path.join(_resources_dir, 'encryption-test.yaml')
+    _src_model_file_wo_variables_for_multi = os.path.join(_resources_dir, 'encryption-test-multiple.yaml')
     _src_model_file_w_variables = os.path.join(_resources_dir, 'encryption-test-variables.yaml')
+    _src_model_file_w_variables_multi = os.path.join(_resources_dir, 'encryption-test-variables-multiple.yaml')
     _src_variable_file = os.path.join(_resources_dir, 'encryption-test-variables.properties')
 
     _target_model_test1 = os.path.join(_execution_dir, 'model-test1.yaml')
@@ -33,6 +35,7 @@ class EncryptionTestCase(unittest.TestCase):
 
     _passphrase = 'my dog is a rottweiler'
     _unencrypted_password = 'welcome1'
+    _unencrypted_password_second = 'another1'
 
     def setUp(self):
         if not os.path.exists(self._execution_dir):
@@ -178,3 +181,115 @@ def testIndirectEncryptionVariables(self):
         self.assertEquals(str(String(_decrypted_ds2_pass)), self._unencrypted_password)
         return
 
+    def testMultipleModelDirectEncryption(self):
+        copy2(self._src_model_file_wo_variables, self._target_model_test1)
+        copy2(self._src_model_file_wo_variables_for_multi, self._target_model_test2)
+
+        args = list()
+        args.append('encrypt')  # dummy arg for args[0] to get arg padding right
+        args.append(CommandLineArgUtil.ORACLE_HOME_SWITCH)
+        args.append(self._oracle_home)
+        args.append(CommandLineArgUtil.MODEL_FILE_SWITCH)
+        args.append(self._target_model_test1 + ',' + self._target_model_test2)
+        args.append(CommandLineArgUtil.PASSPHRASE_SWITCH)
+        args.append(self._passphrase)
+        exit_code = encrypt._process_request(args)
+        self.assertEquals(exit_code, 0)
+
+        model1 = FileToPython(self._target_model_test1).parse()
+        model2 = FileToPython(self._target_model_test2).parse()
+        passphrase_array = String(self._passphrase).toCharArray()
+
+        admin_pass = model1['domainInfo']['AdminPassword']
+        self.assertEquals(admin_pass.startswith('{AES}'), True)
+        _decrypted_admin_pass = EncryptionUtils.decryptString(admin_pass, passphrase_array)
+        self.assertEquals(str(String(_decrypted_admin_pass)), self._unencrypted_password)
+
+        admin_pass = model2['domainInfo']['AdminPassword']
+        self.assertEquals(admin_pass.startswith('{AES}'), True)
+        _decrypted_admin_pass = EncryptionUtils.decryptString(admin_pass, passphrase_array)
+        self.assertEquals(str(String(_decrypted_admin_pass)), self._unencrypted_password_second)
+
+        return
+
+    def testMultipleModelsIndirectEncryptionVariables(self):
+        copy2(self._src_model_file_w_variables, self._target_model_test2)
+        copy2(self._src_model_file_w_variables_multi, self._target_model_test3)
+        copy2(self._src_variable_file, self._target_variables_test3)
+
+        args = list()
+        args.append('encrypt')  # dummy arg for args[0] to get arg padding right
+        args.append(CommandLineArgUtil.ORACLE_HOME_SWITCH)
+        args.append(self._oracle_home)
+        args.append(CommandLineArgUtil.MODEL_FILE_SWITCH)
+        args.append(self._target_model_test2 + ',' + self._target_model_test3)
+        args.append(CommandLineArgUtil.VARIABLE_FILE_SWITCH)
+        args.append(self._target_variables_test3)
+        args.append(CommandLineArgUtil.PASSPHRASE_SWITCH)
+        args.append(self._passphrase)
+        exit_code = encrypt._process_request(args)
+        self.assertEquals(exit_code, 0)
+
+        model2 = FileToPython(self._target_model_test2).parse()
+        model3 = FileToPython(self._target_model_test3).parse()
+        variables = variables_helper.load_variables(self._target_variables_test3)
+        passphrase_array = String(self._passphrase).toCharArray()
+
+        admin_pass = model2['domainInfo']['AdminPassword']
+        self.assertNotEquals(admin_pass.startswith('{AES}'), True)
+        admin_pass = model3['domainInfo']['AdminPassword']
+        self.assertNotEquals(admin_pass.startswith('{AES}'), True)
+        admin_pass = variables['admin.password']
+        self.assertEquals(admin_pass.startswith('{AES}'), True)
+        _decrypted_admin_pass = EncryptionUtils.decryptString(admin_pass, passphrase_array)
+        self.assertEquals(str(String(_decrypted_admin_pass)), self._unencrypted_password)
+
+        nm_pass = model2['topology']['SecurityConfiguration']['NodeManagerPasswordEncrypted']
+        self.assertNotEquals(nm_pass.startswith('{AES}'), True)
+        nm_pass = variables['nm.password']
+        self.assertEquals(nm_pass.startswith('{AES}'), True)
+        _decrypted_nm_pass = EncryptionUtils.decryptString(nm_pass, passphrase_array)
+        self.assertEquals(str(String(_decrypted_nm_pass)), self._unencrypted_password)
+
+        ds1_pass = model2['resources']['JDBCSystemResource']['Generic1']['JdbcResource']['JDBCDriverParams']['PasswordEncrypted']
+        self.assertEquals(ds1_pass.startswith('{AES}'), True)
+        _decrypted_ds1_pass = EncryptionUtils.decryptString(ds1_pass, passphrase_array)
+        self.assertEquals(str(String(_decrypted_ds1_pass)), self._unencrypted_password)
+
+        return
+
+    def testMultipleModelsDirectAndVariables(self):
+        copy2(self._src_model_file_w_variables, self._target_model_test1)
+        copy2(self._src_model_file_wo_variables_for_multi, self._target_model_test2)
+        copy2(self._src_variable_file, self._target_variables_test3)
+
+        args = list()
+        args.append('encrypt')  # dummy arg for args[0] to get arg padding right
+        args.append(CommandLineArgUtil.ORACLE_HOME_SWITCH)
+        args.append(self._oracle_home)
+        args.append(CommandLineArgUtil.MODEL_FILE_SWITCH)
+        args.append(self._target_model_test1 + ',' + self._target_model_test2)
+        args.append(CommandLineArgUtil.VARIABLE_FILE_SWITCH)
+        args.append(self._target_variables_test3)
+        args.append(CommandLineArgUtil.PASSPHRASE_SWITCH)
+        args.append(self._passphrase)
+        exit_code = encrypt._process_request(args)
+        self.assertEquals(exit_code, 0)
+
+        model2 = FileToPython(self._target_model_test1).parse()
+        model3 = FileToPython(self._target_model_test2).parse()
+        variables = variables_helper.load_variables(self._target_variables_test3)
+        passphrase_array = String(self._passphrase).toCharArray()
+
+        admin_pass = model2['domainInfo']['AdminPassword']
+        self.assertNotEquals(admin_pass.startswith('{AES}'), True)
+        admin_pass = variables['admin.password']
+        self.assertEquals(admin_pass.startswith('{AES}'), True)
+        _decrypted_admin_pass = EncryptionUtils.decryptString(admin_pass, passphrase_array)
+        self.assertEquals(str(String(_decrypted_admin_pass)), self._unencrypted_password)
+        admin_pass = model3['domainInfo']['AdminPassword']
+        self.assertEquals(admin_pass.startswith('{AES}'), True)
+        _decrypted_admin_pass = EncryptionUtils.decryptString(admin_pass, passphrase_array)
+        self.assertEquals(str(String(_decrypted_admin_pass)), self._unencrypted_password_second)
+
+        return