Generate secret file with resolved property value if the original value is tokenized as property (#953)

* change method input parameters instead of using class attribute to store variable keys for removal

* rename method

* add check for none

* resolve property value in credential caches

* correct logic to remove replaced property variable

Author: jshum2479

core/src/main/python/prepare_model.py

@@ -25,6 +25,7 @@
 from oracle.weblogic.deploy.validate import ValidateException
 
 import oracle.weblogic.deploy.util.TranslateException as TranslateException
+import wlsdeploy.util.variables as variables
 from wlsdeploy.aliases.aliases import Aliases
 from wlsdeploy.aliases.location_context import LocationContext
 from wlsdeploy.aliases.model_constants import DOMAIN_INFO
@@ -313,6 +314,16 @@ def walk(self):
             full_model_dictionary = cla_helper.load_model(_program_name, self.model_context, self._aliases,
                                                           "discover", WlstModes.OFFLINE)
 
+            # Just in case the credential cache has @@PROP in the model's attribute value,
+            # we use the original variable file to resolve it,
+            # so that the generated json/script files have the resolved property value(s) instead of the @@PROP token
+
+            original_variables = variables.load_variables(self.model_context.get_variable_file())
+            credential_caches = self.credential_injector.get_variable_cache()
+            for key in credential_caches:
+                if credential_caches[key].find('@@PROP:') == 0:
+                    credential_caches[key] = variables._substitute(credential_caches[key],
+                                                                   original_variables, self.model_context)
 
             target_config = self.model_context.get_target_configuration()
             if target_config.generate_script_for_secrets():

core/src/main/python/wlsdeploy/tool/util/variable_injector.py

@@ -446,18 +446,21 @@ def _process_attribute(self, model, attribute, location, injector_values):
         variable_value = None
         attribute_value = model[attribute]
 
-        attribute_type = self.__aliases.get_model_attribute_type(location, attribute)
+        target_use_credentials = self.__model_context.get_target_configuration().uses_credential_secrets();
 
-        if _already_property(attribute_value) and attribute_type == CREDENTIAL:
-            self.add_key_for_variable_removal(attribute_value[7:len(attribute_value) - 2])
-
-        if not _already_property(attribute_value) or attribute_type == CREDENTIAL:
+        if not _already_property(attribute_value) or target_use_credentials:
 
             variable_name = self.get_variable_name(location, attribute)
             variable_value = _format_variable_value(attribute_value)
-
             model[attribute] = self.get_variable_token(attribute, variable_name)
 
+            # This is the case where the original value is @@PROP but replaced with @@SECRET because of the custom
+            # injector, we need to clean up the variable file, so add it for later removal.
+            #
+            if target_use_credentials and variable_value.find('@@PROP:') == 0 \
+                    and model[attribute].find('@@SECRET:') == 0:
+                self.add_key_for_variable_removal(attribute_value[7:len(attribute_value) - 2])
+
             _logger.fine('WLSDPLY-19525', variable_name, attribute_value, attribute, variable_value,
                          class_name=_class_name, method_name=_method_name)
         else: