skip credentials under domain security if unused or default (#711)

CarolynRountree · web-flow · commit 6013c75a94fe · 2020-08-21T14:42:54.000-05:00
diff --git a/core/src/main/python/wlsdeploy/aliases/model_constants.py b/core/src/main/python/wlsdeploy/aliases/model_constants.py
@@ -253,6 +253,9 @@
 SCRIPT_ACTION = 'ScriptAction'
 SECURITY = 'Security'
 SECURITY_CONFIGURATION = 'SecurityConfiguration'
+SECURITY_CONFIGURATION_CD_ENABLED = 'CrossDomainSecurityEnabled'
+SECURITY_CONFIGURATION_PASSWORD = 'CredentialEncrypted'
+SECURITY_CONFIGURATION_NM_PASSWORD = 'NodeManagerPasswordEncrypted'
 SECURITY_PARAMS = 'SecurityParams'
 SELF_TUNING = 'SelfTuning'
 SERVER = 'Server'
diff --git a/core/src/main/python/wlsdeploy/tool/discover/topology_discoverer.py b/core/src/main/python/wlsdeploy/tool/discover/topology_discoverer.py
@@ -3,6 +3,7 @@
 Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 """
 from java.io import File
+from java.lang import Boolean
 from java.lang import IllegalArgumentException
 
 from oracle.weblogic.deploy.discover import DiscoverException
@@ -83,6 +84,7 @@ def discover(self):
         model_top_folder_name, machines = self.get_machines(unix_machines)
         discoverer.add_to_model_if_not_empty(self._dictionary, model_top_folder_name, machines)
 
+        # make sure this is after discovery of machines / node managers as we will do some massaging
         model_top_folder_name, security_configuration = self.discover_security_configuration()
         discoverer.add_to_model_if_not_empty(self._dictionary, model_top_folder_name, security_configuration)
 
@@ -318,6 +320,7 @@ def discover_security_configuration(self):
             _logger.info('WLSDPLY-06622', class_name=_class_name, method_name=_method_name)
             location.add_name_token(self._aliases.get_name_token(location), security_configuration)
             self._populate_model_parameters(result, location)
+            self._massage_security_credential(result)
             try:
                 self._discover_subfolders(result, location)
             except DiscoverException, de:
@@ -474,6 +477,25 @@ def _get_xml_registries(self):
         _logger.exiting(class_name=_class_name, method_name=_method_name, result=model_top_folder_name)
         return model_top_folder_name, result
 
+    def _massage_security_credential(self, result):
+        _method_name = 'massage_security_credential'
+        # Determine if the SecurityConfiguration/CredentialEncrypted can be removed
+        if model_constants.SECURITY_CONFIGURATION_PASSWORD in result:
+            # default is false
+            if model_constants.SECURITY_CONFIGURATION_CD_ENABLED in result and \
+                    Boolean.valueOf(result[model_constants.SECURITY_CONFIGURATION_CD_ENABLED]) == Boolean.TRUE:
+                _logger.finer('WLSDPLY-06615', class_name=_class_name, method_name=_method_name)
+            else:
+                del result[model_constants.SECURITY_CONFIGURATION_PASSWORD]
+                _logger.fine('WLSDPLY-06616', class_name=_class_name, method_name=_method_name)
+        # Determine if the SecurityConfiguration/NodeManagerEncryptedPassword can be removed
+        if model_constants.SECURITY_CONFIGURATION_NM_PASSWORD in result:
+            if model_constants.MACHINE in self._dictionary or model_constants.UNIX_MACHINE in self._dictionary:
+                _logger.finer('WLSDPLY-06645', class_name=_class_name, method_name=_method_name)
+            else:
+                del result[model_constants.SECURITY_CONFIGURATION_NM_PASSWORD]
+                _logger.finer('WLSDPLY-06646', class_name=_class_name, method_name=_method_name)
+
     def _has_machines_folder(self, base_folder):
         """
         This is a private method.
diff --git a/core/src/main/resources/oracle/weblogic/deploy/messages/wlsdeploy_rb.properties b/core/src/main/resources/oracle/weblogic/deploy/messages/wlsdeploy_rb.properties
@@ -718,9 +718,8 @@ WLSDPLY-06611=Discovering {0} machines
 WLSDPLY-06612=Adding Machine {0}
 WLSDPLY-06613=Dynamic Server {0} discovered in online mode will not be added to the model
 WLSDPLY-06614=Server {0} is a configured Server and will be added to the model
-
-
-
+WLSDPLY-06615=Cross Domain Security is enabled, do not remove SecurityConfiguration CredentialEncrypted
+WLSDPLY-06616=Removing SecurityConfiguration CredentialEncrypted from the model
 WLSDPLY-06617=Adding Server {0} Classpath {1}
 WLSDPLY-06618=Remove Classpath entry {0} for server {1}. This entry references an oracle home location
 WLSDPLY-06619=Add Classpath file or directory {0} for Server {1} to the archive file
@@ -751,6 +750,8 @@ WLSDPLY-06642=Custom Keystore file {0} at location {1} is a kss type which is no
   add the file to the target domain
 
 WLSDPLY-06644=Adding Domain {0}
+WLSDPLY-06645=Machine is not present in domain. Remove SecurityConfiguration NodeManagerPasswordEncrypted default
+WLSDPLY-06646=Machine is present in domain so will not remove SecurityConfiguration NodeManagerPasswordEncrypted default
 
 
 # multi_tenant_discoverer.py, multi_tenant_resources_dsi
