Use a custom set method to handle pre-encrypting an attribute (#1132)

rakillen · web-flow · commit 111c08971fa2 · 2022-05-24T13:59:39.000-05:00
diff --git a/core/src/main/python/wlsdeploy/tool/create/creator.py b/core/src/main/python/wlsdeploy/tool/create/creator.py
@@ -36,7 +36,7 @@ def __init__(self, model, model_context, aliases, exception_type=ExceptionType.C
         self.model = Model(model)
         self.model_context = model_context
         self.wls_helper = WebLogicHelper(self.logger)
-        self.attribute_setter = AttributeSetter(self.aliases, self.logger, exception_type)
+        self.attribute_setter = AttributeSetter(self.model_context, self.aliases, exception_type)
         self.custom_folder_helper = CustomFolderHelper(self.aliases, self.logger, self.model_context, exception_type)
 
         # Must be initialized by the subclass since only it has
diff --git a/core/src/main/python/wlsdeploy/tool/deploy/deployer.py b/core/src/main/python/wlsdeploy/tool/deploy/deployer.py
@@ -52,7 +52,7 @@ def __init__(self, model, model_context, aliases, wlst_mode=WlstModes.OFFLINE):
         self.logger = PlatformLogger('wlsdeploy.deploy')
         self.wls_helper = WebLogicHelper(self.logger)
         self.wlst_helper = WlstHelper(ExceptionType.DEPLOY)
-        self.attribute_setter = AttributeSetter(self.aliases, self.logger, ExceptionType.DEPLOY, wlst_mode=wlst_mode)
+        self.attribute_setter = AttributeSetter(model_context, self.aliases, ExceptionType.DEPLOY, wlst_mode=wlst_mode)
         self.topology_helper = TopologyHelper(self.aliases, ExceptionType.DEPLOY, self.logger)
 
         self.archive_helper = None
diff --git a/core/src/main/python/wlsdeploy/tool/util/attribute_setter.py b/core/src/main/python/wlsdeploy/tool/util/attribute_setter.py
@@ -73,8 +73,10 @@
 from wlsdeploy.aliases.model_constants import XML_REGISTRY
 from wlsdeploy.aliases.wlst_modes import WlstModes
 from wlsdeploy.exception import exception_helper
+from wlsdeploy.logging.platform_logger import PlatformLogger
 from wlsdeploy.tool.util.wlst_helper import WlstHelper
 from wlsdeploy.util import model_helper
+from wlsdeploy.util.weblogic_helper import WebLogicHelper
 
 
 class AttributeSetter(object):
@@ -140,13 +142,15 @@ class AttributeSetter(object):
     ]
 
     _class_name = "AttributeSetter"
+    __logger = PlatformLogger('wlsdeploy.tool.util')
 
-    def __init__(self, aliases, logger, exception_type, wlst_mode=WlstModes.OFFLINE):
-        self.__logger = logger
+    def __init__(self, model_context, aliases, exception_type, wlst_mode=WlstModes.OFFLINE):
+        self.__model_context = model_context
         self.__exception_type = exception_type
         self.__wlst_mode = wlst_mode
         self.__aliases = aliases
         self.__wlst_helper = WlstHelper(exception_type)
+        self.__weblogic_helper = WebLogicHelper(self.__logger)
 
     #
     # public set_ methods for special attribute types, signature (self, location, key, value, wlst_value, ...)
@@ -594,7 +598,7 @@ def set_jvm_args(self, location, key, value, wlst_value):
         :param key: the attribute name
         :param value: the string value
         :param wlst_value: the existing value of the attribute from WLST
-        :raises BundleAwareException of the specified type: if target is not found
+        :raises BundleAwareException of the specified type: if an error occurs
         """
         if value is None or len(value) == 0:
             result = value
@@ -618,7 +622,7 @@ def set_boolean(self, location, key, value, wlst_value):
         :param key: the attribute name
         :param value: the string value
         :param wlst_value: the existing value of the attribute from WLST
-        :raises BundleAwareException of the specified type: if target is not found
+        :raises BundleAwareException of the specified type: if an error occurs
         """
         result = alias_utils.convert_to_type(BOOLEAN, value)
         result = result == 'true'
@@ -633,14 +637,29 @@ def set_with_ssl_enabled(self, location, key, value, wlst_value):
         :param key: the attribute name
         :param value: the new attribute value
         :param wlst_value: the existing value of the attribute from WLST
-        :raises BundleAwareException of the specified type: if target is not found
+        :raises BundleAwareException of the specified type: if an error occurs
         """
         wlst_enabled_attribute = self.__aliases.get_wlst_attribute_name(location, ENABLED)
         was_enabled = self.__wlst_helper.get(wlst_enabled_attribute)
         self.set_attribute(location, ENABLED, True)
         self.set_attribute(location, key, value, wlst_merge_value=wlst_value)
         self.set_attribute(location, ENABLED, was_enabled)
 
+    def set_encrypted(self, location, key, value, wlst_value):
+        """
+        Set the specified attribute with a pre-encrypted value in the current location.
+        This is required when WLST does not encrypt a plain-text value during set() as it normally does.
+        This can happen when offline WLST does not include an attribute in a hard-coded list of encrypted values.
+        Currently, only OracleIdentityCloudIntegrator/ClientSecretEncrypted offline has this issue.
+        :param location: the location
+        :param key: the attribute name
+        :param value: the new attribute value
+        :param wlst_value: the existing value of the attribute from WLST
+        :raises BundleAwareException of the specified type: if an error occurs
+        """
+        encrypted_value = self.__weblogic_helper.encrypt(str(value), self.__model_context.get_domain_home())
+        self.set_attribute(location, key, encrypted_value, wlst_merge_value=wlst_value)
+
     #
     # public set_attribute convenience methods
     #
diff --git a/core/src/main/resources/oracle/weblogic/deploy/aliases/category_modules/SecurityConfiguration.json b/core/src/main/resources/oracle/weblogic/deploy/aliases/category_modules/SecurityConfiguration.json
@@ -607,7 +607,7 @@
                                 "ClientIdResourceAttribute":                [ {"version": "[12.2.1.3,)",       "wlst_mode": "both",   "wlst_name": "ClientIdResourceAttribute",              "wlst_path": "WP001", "default_value": null,                                             "wlst_type": "string"           } ],
                                 "ClientIdTokenClaim":                       [ {"version": "[12.2.1.3,)",       "wlst_mode": "both",   "wlst_name": "ClientIdTokenClaim",                     "wlst_path": "WP001", "default_value": "client_id",                                      "wlst_type": "string"           } ],
                                 "ClientNameTokenClaim":                     [ {"version": "[12.2.1.3,)",       "wlst_mode": "both",   "wlst_name": "ClientNameTokenClaim",                   "wlst_path": "WP001", "default_value": "client_name",                                    "wlst_type": "string"           } ],
-                                "ClientSecretEncrypted":                    [ {"version": "[12.2.1.3,)",       "wlst_mode": "both",   "wlst_name": "ClientSecretEncrypted",                  "wlst_path": "WP001", "default_value": null,                                             "wlst_type": "password"         } ],
+                                "ClientSecretEncrypted":                    [ {"version": "[12.2.1.3,)",       "wlst_mode": "both",   "wlst_name": "ClientSecretEncrypted",                  "wlst_path": "WP001", "default_value": null,                                             "wlst_type": "password",        "set_method": "MBEAN.set_encrypted"} ],
                                 "ClientTenant":                             [ {"version": "[12.2.1.3,)",       "wlst_mode": "both",   "wlst_name": "ClientTenant",                           "wlst_path": "WP001", "default_value": null,                                             "wlst_type": "string"           } ],
                                 "ConnectTimeout":                           [ {"version": "[12.2.1.3,)",       "wlst_mode": "both",   "wlst_name": "ConnectTimeout",                         "wlst_path": "WP001", "default_value": "${0:60}",                                        "wlst_type": "integer"          } ],
                                 "ControlFlag":                              [ {"version": "[12.2.1.3,)",       "wlst_mode": "both",   "wlst_name": "ControlFlag",                            "wlst_path": "WP001", "default_value": "${__NULL__:REQUIRED}",                           "wlst_type": "string"           } ],
diff --git a/core/src/test/python/alias_json_file_test.py b/core/src/test/python/alias_json_file_test.py
@@ -58,6 +58,7 @@
 from wlsdeploy.exception.expection_types import ExceptionType
 from wlsdeploy.tool.util.attribute_setter import AttributeSetter
 from wlsdeploy.util import dictionary_utils
+from wlsdeploy.util.model_context import ModelContext
 
 
 class ListTestCase(unittest.TestCase):
@@ -574,7 +575,8 @@ def _verify_attribute_set_method(self, folder_name, attribute_name, wlst_mode, a
                 if len(set_method_value_components) == 2:
                     invoker = set_method_value_components[1]
 
-                    instance = AttributeSetter(aliases, None, ExceptionType.ALIAS, wlst_mode)
+                    model_context = ModelContext("test", {})
+                    instance = AttributeSetter(model_context, aliases, ExceptionType.ALIAS, wlst_mode)
                     try:
                         getattr(instance, invoker)
                     except AttributeError:
