Additional rcudb validation (#1396)

* Add extra validation for RCUDbinfo

* default databaseType is ORACLE

* add fine info for rcu driver params values

* reformat message

* mask encrypted value as ***

* replace net ssl version value with constants

* sonar fix

Author: jshum2479

core/src/main/python/wlsdeploy/aliases/model_constants.py

@@ -374,6 +374,7 @@
 DRIVER_PARAMS_KEYSTOREPWD_PROPERTY = 'javax.net.ssl.keyStorePassword'
 DRIVER_PARAMS_NET_SERVER_DN_MATCH_PROPERTY = 'oracle.net.ssl_server_dn_match'
 DRIVER_PARAMS_NET_SSL_VERSION = 'oracle.net.ssl_version'
+DRIVER_PARAMS_NET_SSL_VERSION_VALUE = '1.2'
 DRIVER_PARAMS_NET_TNS_ADMIN = 'oracle.net.tns_admin'
 DRIVER_PARAMS_NET_FAN_ENABLED = 'oracle.jdbc.fanEnabled'
 DYNAMIC_CLUSTER_SIZE = 'DynamicClusterSize'

core/src/main/python/wlsdeploy/tool/create/atp_helper.py

@@ -8,6 +8,7 @@
 
 from wlsdeploy.logging.platform_logger import PlatformLogger
 import wlsdeploy.util.unicode_helper as str_helper
+from wlsdeploy.aliases.model_constants import DRIVER_PARAMS_NET_SSL_VERSION_VALUE
 
 _logger = PlatformLogger('wlsdeploy.create')
 
@@ -29,7 +30,7 @@ def set_ssl_properties(xml_doc, atp_creds_path, keystore_password, truststore_pa
     for prop in props:
         if prop.getAttribute('name') == 'props.db.1':
             set_property(dom_tree, prop, 'oracle.net.ssl_server_dn_match', 'true')
-            set_property(dom_tree, prop, 'oracle.net.ssl_version', '1.2')
+            set_property(dom_tree, prop, 'oracle.net.ssl_version', DRIVER_PARAMS_NET_SSL_VERSION_VALUE)
             set_property(dom_tree, prop, 'oracle.net.tns_admin', atp_creds_path)
             set_property(dom_tree, prop, 'javax.net.ssl.trustStoreType', truststore_type)
             set_property(dom_tree, prop, 'javax.net.ssl.keyStoreType', keystore_type)

core/src/main/python/wlsdeploy/tool/create/domain_creator.py

@@ -31,6 +31,7 @@
 from wlsdeploy.aliases.model_constants import DRIVER_PARAMS_KEYSTOREPWD_PROPERTY
 from wlsdeploy.aliases.model_constants import DRIVER_PARAMS_NET_SERVER_DN_MATCH_PROPERTY
 from wlsdeploy.aliases.model_constants import DRIVER_PARAMS_NET_SSL_VERSION
+from wlsdeploy.aliases.model_constants import DRIVER_PARAMS_NET_SSL_VERSION_VALUE
 from wlsdeploy.aliases.model_constants import DRIVER_PARAMS_NET_TNS_ADMIN
 from wlsdeploy.aliases.model_constants import DRIVER_PARAMS_NET_FAN_ENABLED
 from wlsdeploy.aliases.model_constants import DRIVER_PARAMS_PROPERTY_VALUE
@@ -272,6 +273,11 @@ def __run_rcu(self):
         rcu_sys_pass = rcu_db_info.get_preferred_sys_pass()
         rcu_schema_pass = rcu_db_info.get_preferred_schema_pass()
 
+        database_type = rcu_db_info.get_database_type()
+        if database_type is not None and database_type not in ['SSL', 'ATP', 'ORACLE']:
+            ex = exception_helper.create_create_exception('WLSDPLY-12573', database_type)
+            raise ex
+
         if rcu_db_info.is_use_atp():
             # ATP database, build runner map from RCUDbInfo in the model.
 
@@ -298,7 +304,7 @@ def __run_rcu(self):
 
             # hard coding for now, may need to expose it if ATP access changed later
             ssl_conn_properties[DRIVER_PARAMS_NET_FAN_ENABLED] = 'false'
-            ssl_conn_properties[DRIVER_PARAMS_NET_SSL_VERSION] = '1.2'
+            ssl_conn_properties[DRIVER_PARAMS_NET_SSL_VERSION] = DRIVER_PARAMS_NET_SSL_VERSION_VALUE
             ssl_conn_properties[DRIVER_PARAMS_NET_SERVER_DN_MATCH_PROPERTY] = 'false'
 
             # reset these to pick up any defaults from rcu_db_info
@@ -337,6 +343,11 @@ def __run_rcu(self):
         else:
             # Non-ATP database, use DB config from the command line or RCUDbInfo in the model.
             rcu_db = rcu_db_info.get_preferred_db()
+
+            if rcu_db is None:
+                ex = exception_helper.create_create_exception('WLSDPLY-12572')
+                raise ex
+
             rcu_db_user = rcu_db_info.get_preferred_db_user()
 
             runner = RCURunner.createRunner(domain_type, oracle_home, java_home, rcu_db, rcu_prefix, rcu_schemas,
@@ -364,6 +375,19 @@ def _set_rcu_ssl_args_properties(self, ssl_conn_properties, rcu_db_info, keystor
         ssl_conn_properties[DRIVER_PARAMS_KEYSTORE_PROPERTY] = self.__get_store_path(rcu_db_info.get_tns_admin(),
                                                                                      keystore)
 
+        if not os.path.exists(ssl_conn_properties[DRIVER_PARAMS_KEYSTORE_PROPERTY]):
+            ex = exception_helper.create_create_exception('WLSDPLY-12574',
+                                                          ssl_conn_properties[DRIVER_PARAMS_KEYSTORE_PROPERTY],
+                                                          DRIVER_PARAMS_KEYSTORE_PROPERTY)
+            raise ex
+
+        if not os.path.exists(ssl_conn_properties[DRIVER_PARAMS_TRUSTSTORE_PROPERTY]):
+            ex = exception_helper.create_create_exception('WLSDPLY-12574',
+                                                          ssl_conn_properties[DRIVER_PARAMS_TRUSTSTORE_PROPERTY],
+                                                          DRIVER_PARAMS_TRUSTSTORE_PROPERTY)
+            raise ex
+
+
     def __fail_mt_1221_domain_creation(self):
         """
         Abort create if domain contains MT artifacts that cannot be created in the version of WLST offline being used
@@ -974,6 +998,10 @@ def __create_other_domain_artifacts(self, location, mbean_type_list):
         self.logger.exiting(class_name=self.__class_name, method_name=_method_name)
         return
 
+    def __set_connection_property_info(self, root_location, property_name, property_value, info_bucket, encrypted=False):
+        p = self.__set_connection_property(root_location, property_name, property_value, encrypted)
+        info_bucket.append(p)
+
     def __set_connection_property(self, root_location, property_name, property_value, encrypted=False):
         create_path = self.aliases.get_wlst_create_path(root_location)
 
@@ -1004,6 +1032,10 @@ def __set_connection_property(self, root_location, property_name, property_value
         self.wlst_helper.set(wlst_name, wlst_value)
 
         root_location.remove_name_token(property_name)
+        if encrypted:
+            return {property_name: '******'}
+        else:
+            return {property_name: property_value}
 
     def __validate_and_get_atp_rcudbinfo(self, rcu_db_info, check_admin_pwd=False):
         """
@@ -1192,17 +1224,20 @@ def __set_rcu_datasource_parameters_without_shadow_table(self, rcu_db_info):
         for ds_name in ds_names:
 
             # Set the driver params
-            self.__set_datasource_url(ds_name, fmw_database)
+            actual_url = self.__set_datasource_url(ds_name, fmw_database)
             self.__set_datasource_password(ds_name, rcu_schema_pwd)
-            self.__reset_datasource_template_userid(ds_name, rcu_prefix)
-
+            actual_schema = self.__reset_datasource_template_userid(ds_name, rcu_prefix)
+            pset = None
             if is_atp_ds:
-                self.__set_atp_standard_conn_properties(ds_name, tns_admin, truststore, truststore_pwd, truststore_type,
+                pset = self.__set_atp_standard_conn_properties(ds_name, tns_admin, truststore, truststore_pwd, truststore_type,
                                                         keystore_pwd, keystore_type, keystore)
             elif is_ssl_ds:
-                self.__set_ssl_standard_conn_properties(ds_name, tns_admin, truststore, truststore_pwd, truststore_type,
+                pset = self.__set_ssl_standard_conn_properties(ds_name, tns_admin, truststore, truststore_pwd, truststore_type,
                                 keystore_pwd, keystore_type, keystore)
 
+            self.logger.info('WLSDPLY_12575', ds_name, actual_url, actual_schema, pset,
+                             class_name=self.__class_name, method_name=_method_name)
+
     def __reset_datasource_template_userid(self, datasource_name, rcu_prefix):
         location = deployer_utils.get_jdbc_driver_params_location(datasource_name, self.aliases)
         location.append_location(JDBC_DRIVER_PARAMS_PROPERTIES)
@@ -1219,6 +1254,7 @@ def __reset_datasource_template_userid(self, datasource_name, rcu_prefix):
             self.aliases.get_wlst_attribute_name_and_value(location, DRIVER_PARAMS_PROPERTY_VALUE,
                                                            schema_user)
         self.wlst_helper.set_if_needed(wlst_name, wlst_value)
+        return wlst_value
 
     def __set_datasource_password(self, datasource_name, rcu_schema_pwd):
         location = deployer_utils.get_jdbc_driver_params_location(datasource_name, self.aliases)
@@ -1236,6 +1272,7 @@ def __set_datasource_url(self, datasource_name, url_string):
         wlst_name, wlst_value = \
             self.aliases.get_wlst_attribute_name_and_value(location, URL, url)
         self.wlst_helper.set_if_needed(wlst_name, wlst_value)
+        return wlst_value
 
     def __get_store_path(self, tns_admin, store):
         result = store
@@ -1247,52 +1284,63 @@ def __get_store_path(self, tns_admin, store):
     def __set_ssl_standard_conn_properties(self, datasource_name, tns_admin, truststore, truststore_pwd,
                                            truststore_type, keystore_pwd, keystore_type, keystore):
         location = deployer_utils.get_jdbc_driver_params_properties_location(datasource_name, self.aliases)
+        properties_set = []
 
         # Should always have trust store
-        self.__set_connection_property(location, DRIVER_PARAMS_TRUSTSTORE_PROPERTY,
-                                       self.__get_store_path(tns_admin, truststore))
+        self.__set_connection_property_info(location, DRIVER_PARAMS_TRUSTSTORE_PROPERTY,
+                                       self.__get_store_path(tns_admin, truststore), properties_set)
 
-        self.__set_connection_property(location, DRIVER_PARAMS_TRUSTSTORETYPE_PROPERTY,
-                                       truststore_type)
+        self.__set_connection_property_info(location, DRIVER_PARAMS_TRUSTSTORETYPE_PROPERTY,
+                                       truststore_type, properties_set)
 
         # if not sso type then user must provide pwd
         if truststore_pwd is not None and truststore_pwd != 'None':
-            self.__set_connection_property(location, DRIVER_PARAMS_TRUSTSTOREPWD_PROPERTY, truststore_pwd,
-                                           encrypted=True)
+            self.__set_connection_property_info(location, DRIVER_PARAMS_TRUSTSTOREPWD_PROPERTY, truststore_pwd,
+                                                properties_set, encrypted=True)
 
         if keystore_pwd is not None and keystore_pwd != 'None':
-            self.__set_connection_property(location, DRIVER_PARAMS_KEYSTOREPWD_PROPERTY, keystore_pwd, encrypted=True)
+            self.__set_connection_property_info(location, DRIVER_PARAMS_KEYSTOREPWD_PROPERTY, keystore_pwd,
+                                                properties_set, encrypted=True)
 
         # if it is 2 ways SSL
         if keystore is not None and keystore != 'None':
-            self.__set_connection_property(location, DRIVER_PARAMS_KEYSTORE_PROPERTY,
-                                           self.__get_store_path(tns_admin, keystore))
+            self.__set_connection_property_info(location, DRIVER_PARAMS_KEYSTORE_PROPERTY,
+                                           self.__get_store_path(tns_admin, keystore), properties_set)
 
         if keystore_type is not None and keystore_type != 'None':
-            self.__set_connection_property(location, DRIVER_PARAMS_KEYSTORETYPE_PROPERTY, keystore_type)
+            self.__set_connection_property_info(location, DRIVER_PARAMS_KEYSTORETYPE_PROPERTY, keystore_type,
+                                                properties_set)
+        return properties_set
 
     def __set_atp_standard_conn_properties(self, datasource_name, tns_admin, truststore, truststore_pwd,
                                            truststore_type, keystore_pwd, keystore_type, keystore):
         location = deployer_utils.get_jdbc_driver_params_properties_location(datasource_name, self.aliases)
         keystore, keystore_type, truststore, truststore_type = atp_helper.fix_store_type_and_default_value(keystore,
                                                                     keystore_type, truststore, truststore_type)
 
+        properties_set = []
+        self.__set_connection_property_info(location, DRIVER_PARAMS_KEYSTORE_PROPERTY, self.__get_store_path(tns_admin,
+                                        keystore), properties_set)
+
+        self.__set_connection_property_info(location, DRIVER_PARAMS_KEYSTORETYPE_PROPERTY, keystore_type, properties_set)
 
-        self.__set_connection_property(location, DRIVER_PARAMS_KEYSTORE_PROPERTY, self.__get_store_path(tns_admin,
-                                        keystore))
-        self.__set_connection_property(location, DRIVER_PARAMS_KEYSTORETYPE_PROPERTY, keystore_type)
         if keystore_pwd:
-            self.__set_connection_property(location, DRIVER_PARAMS_KEYSTOREPWD_PROPERTY, keystore_pwd, encrypted=True)
-        self.__set_connection_property(location, DRIVER_PARAMS_TRUSTSTORE_PROPERTY, self.__get_store_path(tns_admin,
-                                       truststore))
-        self.__set_connection_property(location, DRIVER_PARAMS_TRUSTSTORETYPE_PROPERTY, truststore_type)
+            self.__set_connection_property_info(location, DRIVER_PARAMS_KEYSTOREPWD_PROPERTY, keystore_pwd,
+                 properties_set, encrypted=True)
+        self.__set_connection_property_info(location, DRIVER_PARAMS_TRUSTSTORE_PROPERTY, self.__get_store_path(tns_admin,
+                                       truststore), properties_set)
+        self.__set_connection_property_info(location, DRIVER_PARAMS_TRUSTSTORETYPE_PROPERTY, truststore_type,
+                                            properties_set)
         if truststore_pwd:
-            self.__set_connection_property(location, DRIVER_PARAMS_TRUSTSTOREPWD_PROPERTY, truststore_pwd,
-                                           encrypted=True)
-        self.__set_connection_property(location, DRIVER_PARAMS_NET_SSL_VERSION, '1.2')
-        self.__set_connection_property(location, DRIVER_PARAMS_NET_SERVER_DN_MATCH_PROPERTY, 'true')
-        self.__set_connection_property(location, DRIVER_PARAMS_NET_TNS_ADMIN, tns_admin)
-        self.__set_connection_property(location, DRIVER_PARAMS_NET_FAN_ENABLED, 'false')
+            self.__set_connection_property_info(location, DRIVER_PARAMS_TRUSTSTOREPWD_PROPERTY, truststore_pwd,
+                 properties_set, encrypted=True)
+        self.__set_connection_property_info(location, DRIVER_PARAMS_NET_SSL_VERSION,
+                                            DRIVER_PARAMS_NET_SSL_VERSION_VALUE , properties_set)
+        self.__set_connection_property_info(location, DRIVER_PARAMS_NET_SERVER_DN_MATCH_PROPERTY, 'true', properties_set)
+        self.__set_connection_property_info(location, DRIVER_PARAMS_NET_TNS_ADMIN, tns_admin, properties_set)
+        self.__set_connection_property_info(location, DRIVER_PARAMS_NET_FAN_ENABLED, 'false', properties_set)
+
+        return properties_set
 
     def __set_app_dir(self):
         """

core/src/main/resources/oracle/weblogic/deploy/messages/wlsdeploy_rb.properties

@@ -1449,6 +1449,11 @@ WLSDPLY-12568=Creating empty folder {0}. Folder contains no attributes or sub-fo
 WLSDPLY-12569=Setting the topology profile to {0}
 WLSDPLY-12570=Unable to retrieve database connection info: {0}
 WLSDPLY-12571=Error in setting up ATP connection string: {0}
+WLSDPLY-12572=Failed to create domain because either RCUDbinfo is missing rcu_db_conn_string or -rcu_db is not specified \
+  in command line option
+WLSDPLY-12573=Invalid databaseType specified in RCUDbInfo: {0}.  It must be 'SSL' or 'ATP'
+WLSDPLY-12574=Path: {0} specified for JDBC driver property: {1} does not exists.  Please check your model's RCUDbInfo section.
+WLSDPLY_12575=Setting rcu datasource {0} driver params - url: {1} schema: {2} properties: {3}
 
 # domain_typedef.py
 WLSDPLY-12300={0} got the domain type {1} but the domain type definition file {2} was not valid: {3}