Merge pull request #282 from oracle/issue-281-security-config-default-realm

rakillen · web-flow · commit 23029b7b92ba · 2019-03-14T18:41:45.000-05:00
Issue #281 - Fix MBean lookup for SecurityConfiguration/DefaultRealm …
diff --git a/core/src/main/python/wlsdeploy/tool/create/creator.py b/core/src/main/python/wlsdeploy/tool/create/creator.py
@@ -96,10 +96,7 @@ def _create_named_mbeans(self, type_name, model_nodes, base_location, log_create
                 self.wlst_helper.cd(attribute_path)
 
             child_nodes = dictionary_utils.get_dictionary_element(model_nodes, name)
-            self.logger.finest('WLSDPLY-12111', self.alias_helper.get_model_folder_path(location),
-                               self.wlst_helper.get_pwd(), class_name=self.__class_name, method_name=_method_name)
-            self._set_attributes(location, child_nodes)
-            self._create_subfolders(location, child_nodes)
+            self._process_child_nodes(location, child_nodes)
 
         self.logger.exiting(class_name=self.__class_name, method_name=_method_name)
         return
@@ -158,10 +155,7 @@ def _create_mbean(self, type_name, model_nodes, base_location, log_created=False
             attribute_path = self.alias_helper.get_wlst_attributes_path(location)
             self.wlst_helper.cd(attribute_path)
 
-        self.logger.finest('WLSDPLY-12111', self.alias_helper.get_model_folder_path(location),
-                           self.wlst_helper.get_pwd(), class_name=self.__class_name, method_name=_method_name)
-        self._set_attributes(location, model_nodes)
-        self._create_subfolders(location, model_nodes)
+        self._process_child_nodes(location, model_nodes)
         self.logger.exiting(class_name=self.__class_name, method_name=_method_name)
         return
 
@@ -219,6 +213,22 @@ def _create_subfolders(self, location, model_nodes):
         self.logger.exiting(class_name=self.__class_name, method_name=_method_name)
         return
 
+    def _process_child_nodes(self, location, model_nodes):
+        """
+        Process the model nodes at the specified location.
+        The default behavior is to process attributes, then sub-folders.
+        Sub-classes may override to reverse this order, or for other special processing.
+        :param location: the location where the nodes should be applied
+        :param model_nodes: the model dictionary of the nodes to be applied
+        :raises: CreateException: if an error occurs
+        """
+        _method_name = '_process_child_nodes'
+
+        self.logger.finest('WLSDPLY-12111', self.alias_helper.get_model_folder_path(location),
+                           self.wlst_helper.get_pwd(), class_name=self.__class_name, method_name=_method_name)
+        self._set_attributes(location, model_nodes)
+        self._create_subfolders(location, model_nodes)
+
     def _set_attributes(self, location, model_nodes):
         """
         Set the attributes for the MBean at the specified location.
diff --git a/core/src/main/python/wlsdeploy/tool/create/security_provider_creator.py b/core/src/main/python/wlsdeploy/tool/create/security_provider_creator.py
@@ -6,6 +6,7 @@
 from oracle.weblogic.deploy.exception import BundleAwareException
 
 from wlsdeploy.aliases.location_context import LocationContext
+from wlsdeploy.aliases.model_constants import REALM
 from wlsdeploy.aliases.model_constants import SECURITY_CONFIGURATION
 from wlsdeploy.exception import exception_helper
 from wlsdeploy.tool.create.creator import Creator
@@ -186,6 +187,31 @@ def _create_named_subtype_mbeans(self, type_name, model_nodes, base_location, lo
         self.logger.exiting(class_name=self.__class_name, method_name=_method_name)
         return
 
+    # Override
+    def _process_child_nodes(self, location, model_nodes):
+        """
+        Process the model nodes at the specified location.
+        Override default behavior to process security configuration and realm sub-folders before attributes.
+        Security configration attribute DefaultRealm needs to get the MBean of the referenced realm.
+        Realm attribute CertPathBuilder needs to get the MBean of the referenced certificate registry.
+        :param location: the location where the nodes should be processed
+        :param model_nodes: the model dictionary of the nodes to be processed
+        :raises: CreateException: if an error occurs
+        """
+        _method_name = '_process_child_nodes'
+
+        model_type, model_name = self.alias_helper.get_model_type_and_name(location)
+        if model_type in [SECURITY_CONFIGURATION, REALM]:
+            self.logger.finest('WLSDPLY-12143', self.alias_helper.get_model_folder_path(location),
+                               self.wlst_helper.get_pwd(), class_name=self.__class_name, method_name=_method_name)
+
+            self._create_subfolders(location, model_nodes)
+            self.wlst_helper.cd(self.alias_helper.get_wlst_attributes_path(location))
+            self._set_attributes(location, model_nodes)
+            return
+
+        Creator._process_child_nodes(self, location, model_nodes)
+
     def _delete_existing_providers(self, location):
         """
         The security realms providers in the model are processed as merge to the model. Each realm provider
diff --git a/core/src/main/python/wlsdeploy/tool/util/attribute_setter.py b/core/src/main/python/wlsdeploy/tool/util/attribute_setter.py
@@ -1,5 +1,5 @@
 """
-Copyright (c) 2017, 2018, Oracle and/or its affiliates. All rights reserved.
+Copyright (c) 2017, 2019, Oracle and/or its affiliates. All rights reserved.
 The Universal Permissive License (UPL), Version 1.0
 """
 from sets import Set
@@ -19,6 +19,7 @@
 from wlsdeploy.tool.util.wlst_helper import WlstHelper
 
 from wlsdeploy.aliases.model_constants import CAPACITY
+from wlsdeploy.aliases.model_constants import CERT_PATH_PROVIDER
 from wlsdeploy.aliases.model_constants import CLUSTER
 from wlsdeploy.aliases.model_constants import COHERENCE_CLUSTER_SYSTEM_RESOURCE
 from wlsdeploy.aliases.model_constants import CONTEXT_REQUEST_CLASS
@@ -497,7 +498,7 @@ def set_mt_target_mbeans(self, location, key, value, wlst_value):
         self.set_attribute(location, key, targets_value, wlst_merge_value=wlst_value, use_raw_value=True)
         return
 
-    def set_partition_security_realm(self, location, key, value, wlst_value):
+    def set_security_realm_mbean(self, location, key, value, wlst_value):
         """
         Set the security realm MBean.
         :param location: the location
@@ -511,6 +512,20 @@ def set_partition_security_realm(self, location, key, value, wlst_value):
         self.set_attribute(location, key, mbean, wlst_merge_value=wlst_value, use_raw_value=True)
         return
 
+    def set_certificate_registry_mbean(self, location, key, value, wlst_value):
+        """
+        Set the certificate registry MBean.
+        :param location: the location
+        :param key: the attribute name
+        :param value: the string value
+        :param wlst_value: the existing value of the attribute from WLST
+        :raises BundleAwareException of the specified type: if target is not found
+        """
+        realm_location = self.__get_parent_location(location, REALM)
+        mbean = self.__find_in_location(realm_location, CERT_PATH_PROVIDER, value, required=True)
+        self.set_attribute(location, key, mbean, wlst_merge_value=wlst_value, use_raw_value=True)
+        return
+
     def set_resource_group_template_mbean(self, location, key, value, wlst_value):
         """
         Set the resource group template MBean.
@@ -855,7 +870,8 @@ def __find_in_location(self, location, element_type, name, required=False):
                 return self.__wlst_helper.get_mbean_for_wlst_path(path)
 
         if required:
-            ex = exception_helper.create_exception(self.__exception_type, 'WLSDPLY-19202', element_type, name)
+            ex = exception_helper.create_exception(self.__exception_type, 'WLSDPLY-19210', element_type, name,
+                                                   self.__alias_helper.get_model_folder_path(location))
             self.__logger.throwing(class_name=self._class_name, method_name=method_name, error=ex)
             raise ex
 
diff --git a/core/src/main/resources/oracle/weblogic/deploy/aliases/category_modules/Partition.json b/core/src/main/resources/oracle/weblogic/deploy/aliases/category_modules/Partition.json
@@ -1,5 +1,5 @@
 {
-    "copyright": "Copyright (c) 2017, 2018, Oracle and/or its affiliates. All rights reserved.",
+    "copyright": "Copyright (c) 2017, 2019, Oracle and/or its affiliates. All rights reserved.",
     "license": "The Universal Permissive License (UPL), Version 1.0",
     "wlst_type": "Partition${:s}",
     "version": "[12.2.1,)",
@@ -570,7 +570,7 @@
         "PartitionWorkManagerRef":               [ {"version": "[12.2.1,)",         "wlst_mode": "both",    "wlst_name": "PartitionWorkManagerRef",                 "wlst_path": "WP001", "value": { "default": "None"           }, "wlst_type": "string",           "get_method": "LSA", "set_method": "MBEAN.set_partition_work_manager_mbean", "set_mbean_type": "weblogic.management.configuration.PartitionWorkManagerMBean" } ],
         "PrimaryIdentityDomain":                 [ {"version": "[12.2.1,)",         "wlst_mode": "both",    "wlst_name": "PrimaryIdentityDomain",                   "wlst_path": "WP001", "value": { "default": "None"           }, "wlst_type": "string"            } ],
         "RCMHistoricalDataBufferLimit":          [ {"version": "[12.2.1,)",         "wlst_mode": "both",    "wlst_name": "RCMHistoricalDataBufferLimit",            "wlst_path": "WP001", "value": { "default": 250              }, "wlst_type": "integer"           } ],
-        "Realm":                                 [ {"version": "[12.2.1,)",         "wlst_mode": "both",    "wlst_name": "Realm",                                   "wlst_path": "WP001", "value": { "default": "None"           }, "wlst_type": "string",           "get_method": "LSA", "set_method": "MBEAN.set_partition_security_realm", "set_mbean_type": "weblogic.management.security.RealmMBean" } ],
+        "Realm":                                 [ {"version": "[12.2.1,)",         "wlst_mode": "both",    "wlst_name": "Realm",                                   "wlst_path": "WP001", "value": { "default": "None"           }, "wlst_type": "string",           "get_method": "LSA", "set_method": "MBEAN.set_security_realm_mbean", "set_mbean_type": "weblogic.management.security.RealmMBean" } ],
         "ResourceDeploymentPlan":                [ {"version": "[12.2.1,)",         "wlst_mode": "online",  "wlst_name": "ResourceDeploymentPlan",                  "wlst_path": "WP001", "value": { "default": "None"           }, "wlst_type": "string",           "access": "RO"} ],
         "ResourceDeploymentPlanExternalDescriptors": [ {"version": "[12.2.1,)",     "wlst_mode": "online",  "wlst_name": "ResourceDeploymentPlanExternalDescriptors", "wlst_path": "WP001", "value": { "default": "None"         }, "wlst_type": "string",           "access": "RO"} ],
         "ResourceDeploymentPlanPath":            [ {"version": "[12.2.1,)",         "wlst_mode": "both",    "wlst_name": "ResourceDeploymentPlanPath",              "wlst_path": "WP001", "value": { "default": "None"           }, "wlst_type": "string",           "uses_path_tokens": "true" } ],
diff --git a/core/src/main/resources/oracle/weblogic/deploy/aliases/category_modules/SecurityConfiguration.json b/core/src/main/resources/oracle/weblogic/deploy/aliases/category_modules/SecurityConfiguration.json
@@ -969,7 +969,7 @@
                             },
                             "wlst_attributes_path": "WP001",
                             "wlst_paths": {
-                                "WP001": "/SecurityConfiguration/%SEC_CONFIG%/Realm${:s}/%REALM%/CertPathProvider/%PROVIDER%"
+                                "WP001": "/SecurityConfiguration/%SEC_CONFIG%/Realm${:s}/%REALM%/CertPathProvider${:s}/%PROVIDER%"
                             }
                         },
                         "WebLogicCertPathProvider": {
@@ -981,14 +981,14 @@
                             },
                             "wlst_attributes_path": "WP001",
                             "wlst_paths": {
-                                "WP001": "/SecurityConfiguration/%SEC_CONFIG%/Realm${:s}/%REALM%/CertPathProvider/%PROVIDER%"
+                                "WP001": "/SecurityConfiguration/%SEC_CONFIG%/Realm${:s}/%REALM%/CertPathProvider${:s}/%PROVIDER%"
                             }
                         }
                     },
                     "attributes" : { },
                     "wlst_attributes_path": "WP001",
                     "wlst_paths": {
-                        "WP001": "/SecurityConfiguration/%SEC_CONFIG%/Realm${:s}/%REALM%/CertPathProvider/%PROVIDER%"
+                        "WP001": "/SecurityConfiguration/%SEC_CONFIG%/Realm${:s}/%REALM%/CertPathProvider${:s}/%PROVIDER%"
                     }
                 },
                 "CredentialMapper" : {
@@ -1197,7 +1197,7 @@
             "attributes" : {
                 "AuthMethods":                              [ {"version": "[10,)",       "wlst_mode": "both", "wlst_name": "AuthMethods",                              "wlst_path": "WP001", "value": {"default": "None"                     }, "wlst_type": "string"  } ],
                 "AutoRestartOnNonDynamicChanges":           [ {"version": "[12.2.1,)",   "wlst_mode": "both", "wlst_name": "AutoRestartOnNonDynamicChanges",           "wlst_path": "WP001", "value": {"default": "false"                    }, "wlst_type": "boolean" } ],
-                "CertPathBuilder":                          [ {"version": "[10,)",       "wlst_mode": "both", "wlst_name": "CertPathBuilder",                          "wlst_path": "WP001", "value": {"default": "WebLogicCertPathProvider" }, "wlst_type": "string"  } ],
+                "CertPathBuilder":                          [ {"version": "[10,)",       "wlst_mode": "both", "wlst_name": "CertPathBuilder",                          "wlst_path": "WP001", "value": {"default": "WebLogicCertPathProvider" }, "wlst_type": "string", "set_method": "MBEAN.set_certificate_registry_mbean", "set_mbean_type": "weblogic.security.providers.pk.CertificateRegistryMBean"  } ],
                 "CombinedRoleMappingEnabled":               [ {"version": "[10,)",       "wlst_mode": "both", "wlst_name": "CombinedRoleMappingEnabled",               "wlst_path": "WP001", "value": {"default": "true"                     }, "wlst_type": "boolean" } ],
                 "CompatibilityObjectName":                  [ {"version": "[10,)",       "wlst_mode": "both", "wlst_name": "CompatibilityObjectName",                  "wlst_path": "WP001", "value": {"default": "None"                     }, "wlst_type": "string"  } ],
                 "DelegateMBeanAuthorization":               [ {"version": "[10,)",       "wlst_mode": "both", "wlst_name": "DelegateMBeanAuthorization",               "wlst_path": "WP001", "value": {"default": "false"                    }, "wlst_type": "boolean" } ],
@@ -1260,7 +1260,7 @@
         "CredentialEncrypted":                   [ {"version": "[10,)",       "wlst_mode": "both", "wlst_name": "CredentialEncrypted",                   "wlst_path": "WP001", "value": {"default": "None"    }, "wlst_type": "password",        "get_method": "GET"} ],
         "CredentialGenerated":                   [ {"version": "[10,)",       "wlst_mode": "online", "wlst_name": "CredentialGenerated",                 "wlst_path": "WP001", "value": {"default": "false"   }, "wlst_type": "boolean",         "get_method": "GET", "restart_required": "true"} ],
         "CrossDomainSecurityEnabled":            [ {"version": "[10,)",       "wlst_mode": "both", "wlst_name": "CrossDomainSecurityEnabled",            "wlst_path": "WP001", "value": {"default": "false"   }, "wlst_type": "boolean"          } ],
-        "DefaultRealm":                          [ {"version": "[10,)",       "wlst_mode": "both", "wlst_name": "DefaultRealm",                          "wlst_path": "WP001", "value": {"default": "myrealm" }, "wlst_type": "string",          "get_method": "${LSA:GET}", "set_method": "MBEAN.set_server_mbean", "set_mbean_type": "weblogic.management.configuration.SecurityMBean", "restart_required": "true" } ],
+        "DefaultRealm":                          [ {"version": "[10,)",       "wlst_mode": "both", "wlst_name": "DefaultRealm",                          "wlst_path": "WP001", "value": {"default": "myrealm" }, "wlst_type": "string",          "get_method": "${LSA:GET}", "set_method": "MBEAN.set_security_realm_mbean", "set_mbean_type": "weblogic.management.configuration.SecurityMBean", "restart_required": "true" } ],
         "DefaultRealmInternal":                  [ {"version": "[10,)",       "wlst_mode": "offline", "wlst_name": "DefaultRealmInternal",               "wlst_path": "WP001", "value": {"default": "None"    }, "wlst_type": "string"           } ],
         "DowngradeUntrustedPrincipals":          [ {"version": "[10,12.2.1)", "wlst_mode": "both", "wlst_name": "DowngradeUntrustedPrincipals",          "wlst_path": "WP001", "value": {"default": "false"   }, "wlst_type": "boolean",         "restart_required": "true" } ,
                                                    {"version": "[12.2.1,)",   "wlst_mode": "both", "wlst_name": "DowngradeUntrustedPrincipals",          "wlst_path": "WP001", "value": {"default": "false"   }, "wlst_type": "boolean"          } ],
diff --git a/core/src/main/resources/oracle/weblogic/deploy/messages/wlsdeploy_rb.properties b/core/src/main/resources/oracle/weblogic/deploy/messages/wlsdeploy_rb.properties
@@ -986,6 +986,7 @@ WLSDPLY-12139=Security configuration adjudicator name is {0}
 WLSDPLY-12140=Security configuration adjudicator has {0} subtypes
 WLSDPLY-12141=Security configuration adjudicator subtype is {0}
 WLSDPLY-12142=Security configuration adjudicator has {0} attributes
+WLSDPLY-12143=Setting subfolders, then attributes for model location path {0} from WLST path {1}
 
 # domain_creator.py
 WLSDPLY-12200={0} did not find the required {1} section in the model file {2}
@@ -1200,6 +1201,7 @@ WLSDPLY-19206=Unable to locate partition work manager {0} for partition {1}
 WLSDPLY-19207=Unable to locate resource manager {0} for partition {1}
 WLSDPLY-19208=Unable to locate log filter {0} for log at location {1}
 WLSDPLY-19209=Assign {0} {1} to {2} {3}
+WLSDPLY-19210={0} {1} not found in location {2}
 
 # wlsdeploy/tool/util/archive_helper.py
 WLSDPLY-19300=Failed to open archive file {0}: {1}
