Merge branch 'rcudbinfo-store-paths' into 'develop-4.0'

Use absolute or domain-relative truststore and keystore paths in JPS configuration updates

See merge request weblogic-cloud/weblogic-deploy-tooling!1661

Author: robertpatrick

core/src/main/python/wlsdeploy/tool/create/jps_config_helper.py

@@ -46,11 +46,14 @@ def fix_jps_config(self):
 
         if self._use_ssl:
             tns_admin = self._rcu_db_info.get_tns_admin()
-            keystore = self._rcu_db_info.get_keystore()
+
+            # OPSS wants keystore path relative to domain home, or absolute
+            keystore = self._rcu_db_info.get_qualified_keystore_path()
             keystore_type = self._rcu_db_info.get_keystore_type()
             keystore_password = self._rcu_db_info.get_keystore_password()
 
-            truststore = self._rcu_db_info.get_truststore()
+            # OPSS wants truststore path relative to domain home, or absolute
+            truststore = self._rcu_db_info.get_qualified_truststore_path()
             truststore_type = self._rcu_db_info.get_truststore_type()
             truststore_password = self._rcu_db_info.get_truststore_password()
 

core/src/main/python/wlsdeploy/tool/create/rcudbinfo_helper.py

@@ -2,6 +2,8 @@
 Copyright (c) 2017, 2024, Oracle and/or its affiliates.
 Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 """
+import os
+
 from oracle.weblogic.deploy.create.RCURunner import DB2_DB_TYPE
 from oracle.weblogic.deploy.create.RCURunner import EBR_DB_TYPE
 from oracle.weblogic.deploy.create.RCURunner import MYSQL_DB_TYPE
@@ -44,7 +46,7 @@
 
 from wlsdeploy.logging.platform_logger import PlatformLogger
 from wlsdeploy.util import dictionary_utils
-
+from wlsdeploy.util import string_utils
 
 _class_name = 'rcudbinfo_helper'
 
@@ -138,6 +140,13 @@ def get_rcu_schema_password(self):
     def get_keystore(self):
         return self._get_dictionary_path_value(DRIVER_PARAMS_KEYSTORE_PROPERTY)
 
+    def get_qualified_keystore_path(self):
+        """
+        Prepend the TNS admin path to keystore if keystore is a relative path and not in archive.
+        :return: the derived keystore path
+        """
+        return self.__get_qualified_store_path(self.get_keystore())
+
     def get_keystore_type(self):
         return self._get_dictionary_element_value(DRIVER_PARAMS_KEYSTORETYPE_PROPERTY)
 
@@ -148,6 +157,13 @@ def get_keystore_password(self):
     def get_truststore(self):
         return self._get_dictionary_path_value(DRIVER_PARAMS_TRUSTSTORE_PROPERTY)
 
+    def get_qualified_truststore_path(self):
+        """
+        Prepend the TNS admin path to truststore if truststore is a relative path and not in archive.
+        :return: the derived truststore path
+        """
+        return self.__get_qualified_store_path(self.get_truststore())
+
     def get_truststore_type(self):
         return self._get_dictionary_element_value(DRIVER_PARAMS_TRUSTSTORETYPE_PROPERTY)
 
@@ -274,6 +290,17 @@ def is_use_ssl(self):
 
         return result
 
+    def __get_qualified_store_path(self, store_value):
+        return get_qualified_store_path(self.get_tns_admin(), store_value)
+
+
+# "static" method for validation, etc.
+def get_qualified_store_path(tns_admin, store_value):
+    if not string_utils.is_empty(store_value) and not string_utils.is_empty(tns_admin) and \
+            not os.path.isabs(store_value) and not WLSDeployArchive.isPathIntoArchive(store_value):
+        store_value = tns_admin + WLSDeployArchive.ZIP_SEP + store_value
+    return store_value
+
 
 def create(model_dictionary, model_context, aliases):
     """

core/src/main/python/wlsdeploy/tool/validate/create_content_validator.py

@@ -6,6 +6,7 @@
 from java.lang import Integer
 from java.util import HashMap
 from oracle.weblogic.deploy.create import RCURunner
+from oracle.weblogic.deploy.util import WLSDeployArchive
 from oracle.weblogic.deploy.validate import PasswordValidator
 from oracle.weblogic.deploy.validate import ValidateException
 
@@ -43,6 +44,8 @@
 from wlsdeploy.aliases.model_constants import USER
 from wlsdeploy.exception import exception_helper
 from wlsdeploy.logging.platform_logger import PlatformLogger
+from wlsdeploy.tool.create import rcudbinfo_helper
+from wlsdeploy.tool.util.archive_helper import ArchiveList
 from wlsdeploy.tool.validate.content_validator import ContentValidator
 from wlsdeploy.util import dictionary_utils
 
@@ -68,7 +71,7 @@ class CreateDomainContentValidator(ContentValidator):
 
     def __init__(self, model_context, archive_helper, aliases):
         ContentValidator.__init__(self, model_context, aliases)
-        self._archive_helper = archive_helper
+        self._archive_helper = archive_helper  # type: ArchiveList
 
     # Override
     def validate_model_content(self, model_dict):
@@ -190,6 +193,17 @@ def __validate_store_property(self, store_property, type_property, pwd_property,
                         'WLSDPLY-05309', RCU_DB_INFO, pwd_property, type_property, type_value,
                         class_name=self._class_name, method_name=_method_name)
 
+            # check if the qualified path should be in the archive
+            tns_admin = dictionary_utils.get_element(rcu_info_dict, DRIVER_PARAMS_NET_TNS_ADMIN)
+            qualified_path = rcudbinfo_helper.get_qualified_store_path(tns_admin, store_value)
+            if WLSDeployArchive.isPathIntoArchive(qualified_path):
+                if not self._archive_helper:
+                    self._logger.severe('WLSDPLY-05311', qualified_path, RCU_DB_INFO, store_property,
+                                        class_name=self._class_name, method_name=_method_name)
+                elif not self.__is_path_in_archive_wallet(qualified_path):
+                    self._logger.severe('WLSDPLY-05312', qualified_path, RCU_DB_INFO, store_property,
+                                        class_name=self._class_name, method_name=_method_name)
+
     def __has_tns_path(self, rcu_info_dict):
         """
         Determine if a path to the tnsnames.ora file can be found.
@@ -363,6 +377,24 @@ def _get_users_dictionary(self, model_dict):
         self._logger.exiting(class_name=self._class_name, method_name=_method_name)
         return users_folder
 
+    def __is_path_in_archive_wallet(self, path):
+        """
+        Check if path is in an archive, or in a zipped wallet in an archive.
+        :param path: the path to be checked.
+        :return: True if the path was found, false otherwise
+        """
+        if self._archive_helper.contains_file(path):
+            return True
+
+        last_slash = path.rfind('/')
+        wallet_path = ''
+        if last_slash != -1:
+            wallet_path = path[:last_slash]
+        file_name = path[last_slash + 1:]
+        archive, entries = self._archive_helper.get_wallet_entries(wallet_path)
+
+        return file_name in entries
+
 
 def _get_system_password_validator_location():
     location = LocationContext()

core/src/main/python/wlsdeploy/tool/validate/domain_info_validator.py

@@ -129,9 +129,11 @@ def _validate_single_path_in_archive(self, path, attribute_name, model_folder_pa
         """
         Extend this method to allow wallet paths to be in a wallet zip in the archive.
         """
+        # avoid INFO WLSDPLY-05031 - *Store paths may be relative to oracle.net.tns_admin,
+        # or in a zipped wallet in the archive.
+        # these cases are checked using the merged model in create_content_validator.
         if attribute_name in WALLET_PATH_ATTRIBUTES:
-            if self.__is_path_in_zipped_archive_wallet(path):
-                return
+            return
 
         ModelValidator._validate_single_path_in_archive(self, path, attribute_name, model_folder_path)
 
@@ -257,23 +259,6 @@ def _validate_single_server_group_target_limits_value(self, key, value, model_fo
                                 str_helper.to_string(type(value)),
                                 class_name=_class_name, method_name=_method_name)
 
-    def __is_path_in_zipped_archive_wallet(self, path):
-        if not WLSDeployArchive.isPathIntoArchive(path) or not self._archive_helper:
-            return False
-
-        if self._archive_helper.contains_file(path):
-            # the file is directly in the archive, return for regular validation
-            return False
-
-        last_slash = path.rfind('/')
-        wallet_path = ''
-        if last_slash != -1:
-            wallet_path = path[:last_slash]
-        file_name = path[last_slash + 1:]
-        archive, entries = self._archive_helper.get_wallet_entries(wallet_path)
-
-        return file_name in entries
-
     def _check_deprecated_field(self, field_name, info_dict, folder_name, new_field_name):
         _method_name = '_check_deprecated_field'
         if dictionary_utils.get_element(info_dict, field_name):

core/src/main/resources/oracle/weblogic/deploy/messages/wlsdeploy_rb.properties

@@ -660,6 +660,8 @@ WLSDPLY-05307=For database type {0}, {1} field {2} or {3} must be specified
 WLSDPLY-05308=For {0} {1}, {2} field {3} must be specified
 WLSDPLY-05309={0} field {1} must be specified for {2} value of {3}
 WLSDPLY-05310={0} field {1} must be specified if {2} is specified
+WLSDPLY-05311=Prepended path {0} for {1} field {2} is an archive path, and no archive file is specified
+WLSDPLY-05312=Prepended path {0} for {1} field {2} is an archive path, and not found in any archive file
 
 # oracle/weblogic/deploy/validate/PasswordValidator.java
 WLSDPLY-05400=Password validation failed because the username was not provided