Tokenize credential attributes even if it's value is already a property (#952)

jshum2479 · web-flow · commit 2eb9e719268e · 2021-07-22T14:51:48.000-05:00
* change method input parameters instead of using class attribute to store variable keys for removal

* rename method

* add check for none
diff --git a/core/src/main/python/prepare_model.py b/core/src/main/python/prepare_model.py
@@ -313,6 +313,7 @@ def walk(self):
             full_model_dictionary = cla_helper.load_model(_program_name, self.model_context, self._aliases,
                                                           "discover", WlstModes.OFFLINE)
 
+
             target_config = self.model_context.get_target_configuration()
             if target_config.generate_script_for_secrets():
                 target_configuration_helper.generate_k8s_script(self.model_context,
@@ -374,8 +375,10 @@ def _apply_filter_and_inject_variable(self, model, model_context):
                                              credential_properties)
 
         # update the variable file with any new values
+        unused_variable_keys_to_remove = self.credential_injector.get_variable_keys_for_removal();
         inserted, variable_model, variable_file_name = \
-            variable_injector.inject_variables_keyword_file(VARIABLE_FILE_UPDATE)
+            variable_injector.inject_variables_keyword_file(append_option=VARIABLE_FILE_UPDATE,
+                                                            variable_keys_to_remove=unused_variable_keys_to_remove)
 
         # return variable_model - if writing the variables file failed, this will be the original model.
         # a warning is issued in inject_variables_keyword_file() if that was the case.
diff --git a/core/src/main/python/wlsdeploy/tool/util/credential_injector.py b/core/src/main/python/wlsdeploy/tool/util/credential_injector.py
@@ -170,6 +170,9 @@ def get_variable_name(self, attribute_location, attribute, suffix=None):
 
         return VariableInjector.get_variable_name(self, model_location, attribute, suffix=suffix)
 
+    def get_variable_keys_for_removal(self):
+        return VariableInjector.get_variable_removal_keys(self)
+
     def get_variable_token(self, attribute, variable_name):
         """
         Override method to possibly create secret tokens instead of property token.
diff --git a/core/src/main/python/wlsdeploy/tool/util/variable_injector.py b/core/src/main/python/wlsdeploy/tool/util/variable_injector.py
@@ -26,6 +26,7 @@
 from wlsdeploy.json.json_translator import JsonToPython
 from wlsdeploy.logging.platform_logger import PlatformLogger
 from wlsdeploy.util import path_utils
+from wlsdeploy.aliases.alias_constants import CREDENTIAL
 
 WEBLOGIC_DEPLOY_HOME_TOKEN = '@@WLSDEPLOY@@'
 
@@ -103,6 +104,13 @@ def __init__(self, program_name, model, model_context, version=None, variable_di
         else:
             self.__aliases = Aliases(model_context)
         self.__variable_dictionary = variable_dictionary
+        self.__keys_for_variable_removal = []
+
+    def get_variable_removal_keys(self):
+        return self.__keys_for_variable_removal
+
+    def add_key_for_variable_removal(self, key):
+        self.__keys_for_variable_removal.append(key)
 
     def get_variable_cache(self):
         """
@@ -174,7 +182,7 @@ def custom_injection(self, model, attribute, location, injector_values=OrderedDi
             variable_dictionary = self._add_variable_info(model, attribute, location, injector_values)
             self.add_to_cache(dictionary=variable_dictionary)
 
-    def inject_variables_keyword_file(self, append_option=None):
+    def inject_variables_keyword_file(self, append_option=None, variable_keys_to_remove=None):
         """
         Replace attribute values with variables and generate a variable dictionary.
         The variable replacement is driven from the values in the model variable helper file.
@@ -255,8 +263,8 @@ def inject_variables_keyword_file(self, append_option=None):
                         append = True
                         if variable_file_location != new_variable_file_location:
                             shutil.copyfile(variable_file_location, new_variable_file_location)
-                        self._filter_duplicate_properties(new_variable_file_location, variable_dictionary)
-
+                        self._filter_duplicate_and_unused_properties(new_variable_file_location, variable_dictionary,
+                                                                     variable_keys_to_remove)
                     variable_file_location = new_variable_file_location
 
                 variables_inserted = self._write_variables_file(variable_dictionary, variable_file_location, append)
@@ -272,17 +280,28 @@ def inject_variables_keyword_file(self, append_option=None):
         return variables_inserted, return_model, variable_file_location
 
 
-    def _filter_duplicate_properties(self, variable_file_location, variable_dictionary):
+    def _filter_duplicate_and_unused_properties(self, variable_file_location, variable_dictionary, variable_keys_to_remove):
         _method_name = '_filter_duplicate_property'
         _logger.entering(class_name=_class_name, method_name=_method_name)
         try:
             fis = FileInputStream(variable_file_location)
             prop = Properties()
             prop.load(fis)
             fis.close()
+
+            # remove from the original properties file and then remove from the variable dictionary
+            # so that it won't be added back later
+            if variable_keys_to_remove is not None:
+                for key in variable_keys_to_remove:
+                    if variable_dictionary.has_key(key):
+                        variable_dictionary.pop(key)
+                    if prop.containsKey(key):
+                        prop.remove(key)
+
             for key in variable_dictionary:
                 if prop.get(key) is not None:
                     prop.remove(key)
+
             fos = FileOutputStream(variable_file_location)
             prop.store(fos, None)
             fos.close()
@@ -426,7 +445,14 @@ def _process_attribute(self, model, attribute, location, injector_values):
         variable_name = None
         variable_value = None
         attribute_value = model[attribute]
-        if not _already_property(attribute_value):
+
+        attribute_type = self.__aliases.get_model_attribute_type(location, attribute)
+
+        if _already_property(attribute_value) and attribute_type == CREDENTIAL:
+            self.add_key_for_variable_removal(attribute_value[7:len(attribute_value) - 2])
+
+        if not _already_property(attribute_value) or attribute_type == CREDENTIAL:
+
             variable_name = self.get_variable_name(location, attribute)
             variable_value = _format_variable_value(attribute_value)
 
