Merge branch 'JIRA-WDT-753-saml2-create-discover' into 'main'

robertpatrick · robertpatrick · commit ee0708adfdf5 · 2023-06-28T23:52:11.000Z
Discover and create/update SAML2 initialization files

See merge request weblogic-cloud/weblogic-deploy-tooling!1476
diff --git a/core/src/main/python/wlsdeploy/logging/platform_logger.py b/core/src/main/python/wlsdeploy/logging/platform_logger.py
@@ -1,8 +1,9 @@
 """
-Copyright (c) 2017, 2022, Oracle Corporation and/or its affiliates.  All rights reserved.
+Copyright (c) 2017, 2023, Oracle Corporation and/or its affiliates.  All rights reserved.
 Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 """
 import java.lang.Object as JObject
+import java.lang.String as JString
 import java.lang.System as JSystem
 import java.lang.Thread as JThread
 import java.lang.Throwable as Throwable
@@ -315,7 +316,8 @@ def _get_args_as_java_array(*args):
                 if isinstance(arg, unicode) or isinstance(arg, str):
                     result.add(arg)
                 elif isinstance(arg, JObject):
-                    result.add(arg.toString())
+                    # support Java objects with multiple toString signatures
+                    result.add(JString.valueOf(arg))
                 else:
                     result.add(str_helper.to_string(arg))
             else:
diff --git a/core/src/main/python/wlsdeploy/tool/create/domain_creator.py b/core/src/main/python/wlsdeploy/tool/create/domain_creator.py
@@ -92,6 +92,7 @@
 from wlsdeploy.tool.util.credential_map_helper import CredentialMapHelper
 from wlsdeploy.tool.util.default_authenticator_helper import DefaultAuthenticatorHelper
 from wlsdeploy.tool.util.library_helper import LibraryHelper
+from wlsdeploy.tool.util.saml2_security_helper import Saml2SecurityHelper
 from wlsdeploy.tool.util.target_helper import TargetHelper
 from wlsdeploy.tool.util.targeting_types import TargetingType
 from wlsdeploy.tool.util.topology_profiles import TopologyProfile
@@ -180,10 +181,11 @@ def create(self):
         self.__deploy_after_update()
         self.__create_boot_dot_properties()
         self.__create_credential_mappings()
+        self.__install_saml2_security_files()
 
         self.logger.exiting(class_name=self.__class_name, method_name=_method_name)
 
-    #Override
+    # Override
     def _set_attributes(self, location, model_nodes):
         model_type, model_name = self.aliases.get_model_type_and_name(location)
         if model_type == CLUSTER:
@@ -1514,6 +1516,13 @@ def __create_credential_mappings(self):
             credential_map_helper = CredentialMapHelper(self.model_context, ExceptionType.CREATE)
             credential_map_helper.create_default_init_file(default_nodes)
 
+    def __install_saml2_security_files(self):
+        """
+        Install SAML2 security files from model archive.
+        """
+        saml2_security_helper = Saml2SecurityHelper(self._domain_home, ExceptionType.CREATE)
+        saml2_security_helper.extract_initialization_files(self.archive_helper)
+
     def __configure_opss_secrets(self):
         _method_name = '__configure_opss_secrets'
 
diff --git a/core/src/main/python/wlsdeploy/tool/deploy/topology_updater.py b/core/src/main/python/wlsdeploy/tool/deploy/topology_updater.py
@@ -1,5 +1,5 @@
 """
-Copyright (c) 2017, 2022, Oracle and/or its affiliates.
+Copyright (c) 2017, 2023, Oracle and/or its affiliates.
 Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 """
 from wlsdeploy.aliases.location_context import LocationContext
@@ -21,6 +21,7 @@
 from wlsdeploy.tool.deploy import deployer_utils
 from wlsdeploy.tool.deploy.deployer import Deployer
 from wlsdeploy.tool.util.library_helper import LibraryHelper
+from wlsdeploy.tool.util.saml2_security_helper import Saml2SecurityHelper
 from wlsdeploy.tool.util.target_helper import TargetHelper
 from wlsdeploy.tool.util.topology_helper import TopologyHelper
 from wlsdeploy.util import dictionary_utils
@@ -49,7 +50,8 @@ def __init__(self, model, model_context, aliases, wlst_mode=WlstModes.OFFLINE):
 
         self.target_helper = TargetHelper(self.model, self.model_context, self.aliases, self._exception_type,
                                           self.logger)
-    #Override
+
+    # Override
     def set_attributes(self, location, model_nodes, excludes=None):
         model_type, model_name = self.aliases.get_model_type_and_name(location)
         if model_type == CLUSTER:
@@ -126,6 +128,10 @@ def update(self):
         self.library_helper.extract_custom_files()
         self.library_helper.install_domain_scripts()
 
+        domain_home = self.model_context.get_domain_home()
+        saml2_security_helper = Saml2SecurityHelper(domain_home, self._exception_type)
+        saml2_security_helper.extract_initialization_files(self.archive_helper)
+
     def update_machines_clusters_and_servers(self, delete_now=True):
         """
         Update the main topology components, the components that are used as targets
diff --git a/core/src/main/python/wlsdeploy/tool/discover/topology_discoverer.py b/core/src/main/python/wlsdeploy/tool/discover/topology_discoverer.py
@@ -24,6 +24,7 @@
 from wlsdeploy.logging.platform_logger import PlatformLogger
 from wlsdeploy.tool.discover import discoverer
 from wlsdeploy.tool.discover.discoverer import Discoverer
+from wlsdeploy.tool.util.saml2_security_helper import Saml2SecurityHelper
 from wlsdeploy.tool.util.variable_injector import VARIABLE_SEP
 from wlsdeploy.tool.util.wlst_helper import WlstHelper
 from wlsdeploy.util import dictionary_utils
@@ -132,6 +133,9 @@ def discover(self):
             if current_tree is not None:
                 current_tree()
 
+        saml2_security_helper = Saml2SecurityHelper(self._model_context.get_domain_home(), ExceptionType.DISCOVER)
+        saml2_security_helper.discover_initialization_files(self._model_context.get_archive_file(), self)
+
         _logger.exiting(class_name=_class_name, method_name=_method_name)
         return self._dictionary
 
diff --git a/core/src/main/python/wlsdeploy/tool/util/saml2_security_helper.py b/core/src/main/python/wlsdeploy/tool/util/saml2_security_helper.py
@@ -0,0 +1,177 @@
+"""
+Copyright (c) 2023, Oracle and/or its affiliates.
+Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+"""
+import os.path
+
+from oracle.weblogic.deploy.util import WLSDeployArchive
+
+from wlsdeploy.logging.platform_logger import PlatformLogger
+from wlsdeploy.util import dictionary_utils
+from wlsdeploy.util import string_utils
+
+DOMAIN_SECURITY_FOLDER = 'security'
+IDP_FILE_PREFIX = 'saml2idppartner'
+IDP_PARTNERS_KEY = 'saml2.idp.partners'
+SP_FILE_PREFIX = 'saml2sppartner'
+SP_PARTNERS_KEY = 'saml2.sp.partners'
+
+
+class Saml2SecurityHelper(object):
+    """
+    Supports discover and create/deploy/update of SAML2 security initialization data files
+    """
+    _class_name = 'Saml2SecurityHelper'
+
+    def __init__(self, domain_home, exception_type):
+        """
+        Initialize an instance of Saml2SecurityHelper.
+        :param domain_home: used locate security files
+        :param exception_type: the type of exception to be thrown
+        """
+        self._domain_home = domain_home
+        self._domain_security_directory = os.path.join(self._domain_home, DOMAIN_SECURITY_FOLDER)
+        self._exception_type = exception_type
+        self._logger = PlatformLogger('wlsdeploy.tool.util')
+
+    def extract_initialization_files(self, archive_helper):
+        """
+        Extract initialization files from the archive to the security directory.
+        :param archive_helper: used to find initialization files in archive
+        """
+        self._extract_initialization_files(IDP_FILE_PREFIX, IDP_PARTNERS_KEY, archive_helper)
+        self._extract_initialization_files(SP_FILE_PREFIX, SP_PARTNERS_KEY, archive_helper)
+
+    def _extract_initialization_files(self, prefix, partners_key, archive_helper):
+        """
+        Extract initialization files for a specific prefix.
+        Don't install any files if the <prefix>initialized file exists in the security directory
+        :param prefix: the prefix of the "initialized" and "properties" file names
+        :param partners_key: the key in the properties file that contains the partner IDs
+        :param archive_helper: used to find initialization files
+        """
+        _method_name = '_install_initialization_files'
+
+        properties_file_name = prefix + '.properties'
+        properties_path = WLSDeployArchive.getSaml2DataArchivePath(properties_file_name)
+        if archive_helper and archive_helper.contains_file(properties_path):
+            # if the "initialized" file is present, don't extract files
+            initialized_file = properties_file_name + '.initialized'
+            initialized_path = os.path.join(self._domain_security_directory, initialized_file)
+            if os.path.isfile(initialized_path):
+                self._logger.info('WLSDPLY-23000', properties_file_name, initialized_file,
+                                  class_name=self._class_name, method_name=_method_name)
+            else:
+                # extract the properties file, the read it to determine metadata files
+                self._logger.info('WLSDPLY-23001', properties_file_name, class_name=self._class_name,
+                                  method_name=_method_name)
+                archive_helper.extract_file(properties_path, self._domain_security_directory)
+                self._extract_metadata_files(properties_file_name, partners_key, archive_helper)
+
+    def _extract_metadata_files(self, properties_file_name, partners_key, archive_helper):
+        """
+        Extract metadata files specified in the properties file.
+        :param properties_file_name: the name of the properties file containing the metadata file names
+        :param partners_key: the key in the properties file that contains the partner IDs
+        :param archive_helper: used to find metadata files
+        """
+        _method_name = '_install_metadata_files'
+
+        properties_file = os.path.join(self._domain_security_directory, properties_file_name)
+        metadata_file_names = self._get_metadata_file_names(properties_file, partners_key)
+        for metadata_file_name in metadata_file_names:
+            metadata_file = WLSDeployArchive.getSaml2DataArchivePath(metadata_file_name)
+
+            if archive_helper.contains_file(metadata_file):
+                self._logger.info('WLSDPLY-23002', metadata_file_name, class_name=self._class_name,
+                                  method_name=_method_name)
+                archive_helper.extract_file(metadata_file, self._domain_security_directory)
+            else:
+                self._logger.severe('WLSDPLY-23003', metadata_file_name, properties_file,
+                                    class_name=self._class_name, method_name=_method_name)
+
+    def discover_initialization_files(self, archive, discoverer):
+        """
+        Add initialization files from the security directory to the archive.
+        :param archive: WLSDeployArchive instance used to add files
+        :param discoverer: used to collect remote files when no archive is specified
+        """
+        self._discover_initialization_files(IDP_FILE_PREFIX, IDP_PARTNERS_KEY, archive, discoverer)
+        self._discover_initialization_files(SP_FILE_PREFIX, SP_PARTNERS_KEY, archive, discoverer)
+
+    def _discover_initialization_files(self, prefix, partners_key, archive, discoverer):
+        """
+        Add initialization files for a specific prefix to the archive.
+        :param prefix: the prefix of the "properties" file name
+        :param partners_key: the key in the properties file that contains the partner IDs
+        :param archive: WLSDeployArchive instance used to add files
+        :param discoverer: used to collect remote files when no archive is specified
+        """
+        _method_name = '_discover_initialization_files'
+
+        properties_file_name = prefix + '.properties'
+        properties_file = os.path.join(self._domain_security_directory, properties_file_name)
+        if os.path.isfile(properties_file):
+            if archive:
+                self._logger.info('WLSDPLY-23005', properties_file_name, class_name=self._class_name,
+                                  method_name=_method_name)
+                archive.addSaml2DataFile(properties_file, True)
+            else:
+                # if -skip_archive or -remote, add to the remote map for manual addition
+                discoverer.add_to_remote_map(properties_file,
+                                             WLSDeployArchive.getSaml2DataArchivePath(properties_file_name),
+                                             WLSDeployArchive.ArchiveEntryType.SAML2_DATA.name())
+
+            # check for metadata files, even if archive not specified
+            self._discover_metadata_files(properties_file, partners_key, archive, discoverer)
+
+    def _discover_metadata_files(self, properties_file_name, partners_key, archive, discoverer):
+        """
+        Add metadata files specified in the properties file to the archive.
+        :param properties_file_name: the name of the "properties" file
+        :param partners_key: the key in the properties file that contains the partner IDs
+        :param archive: WLSDeployArchive instance used to add files
+        :param discoverer: used to collect remote files when no archive is specified
+        """
+        _method_name = '_discover_metadata_files'
+
+        properties_file = os.path.join(self._domain_security_directory, properties_file_name)
+        metadata_file_names = self._get_metadata_file_names(properties_file, partners_key)
+        for metadata_file_name in metadata_file_names:
+            metadata_file = os.path.join(self._domain_security_directory, metadata_file_name)
+            if not os.path.isfile(metadata_file):
+                self._logger.severe('WLSDPLY-23007', metadata_file_name, properties_file_name,
+                                    class_name=self._class_name, method_name=_method_name)
+            elif archive:
+                self._logger.info('WLSDPLY-23006', metadata_file_name, class_name=self._class_name,
+                                  method_name=_method_name)
+                archive.addSaml2DataFile(metadata_file, True)
+            else:
+                # if -skip_archive or -remote, add to the remote map for manual addition
+                discoverer.add_to_remote_map(metadata_file,
+                                             WLSDeployArchive.getSaml2DataArchivePath(metadata_file_name),
+                                             WLSDeployArchive.ArchiveEntryType.SAML2_DATA.name())
+
+    def _get_metadata_file_names(self, properties_file, partners_key):
+        """
+        Get the metadata files names from the specified properties file.
+        :param properties_file: the properties file to be examined
+        :param partners_key: the key in the properties file that contains the partner IDs
+        :return: a list of metadata file names
+        """
+        _method_name = '_get_metadata_file_names'
+
+        metadata_file_names = []
+        properties = string_utils.load_properties(properties_file, self._exception_type)
+        partners_text = dictionary_utils.get_element(properties, partners_key)
+        if partners_text:
+            partner_ids = partners_text.split(',')
+            for partner_id in partner_ids:
+                metadata_key = partner_id.strip() + '.metadata.file'
+                metadata_file_name = dictionary_utils.get_element(properties, metadata_key)
+                if metadata_file_name:
+                    metadata_file_names.append(metadata_file_name)
+                else:
+                    self._logger.severe('WLSDPLY-23004', metadata_key, properties_file, class_name=self._class_name,
+                                        method_name=_method_name)
+        return metadata_file_names
diff --git a/core/src/main/resources/oracle/weblogic/deploy/messages/wlsdeploy_rb.properties b/core/src/main/resources/oracle/weblogic/deploy/messages/wlsdeploy_rb.properties
@@ -1826,6 +1826,17 @@ WLSDPLY-21003=Issue Log for {0} version {1} running WebLogic version {2} {3} mod
 
 WLSDPLY-22000={0} has been deprecated and will be removed in a future release, please use {1} instead
 
+# wlsdeploy/tool/util/saml2_security_helper.py
+
+WLSDPLY-23000=Skipping deployment of SAML2 initialization file {0} because {1} is present in the domain
+WLSDPLY-23001=Extracting SAML2 initialization file {0}
+WLSDPLY-23002=Extracting SAML2 initialization metadata file {0}
+WLSDPLY-23003=Unable to extract SAML2 initialization metadata file {0} specified in properties file {1}
+WLSDPLY-23004=Metadata key {0} was not found in SAML2 initialization file {1}
+WLSDPLY-23005=Adding SAML2 initialization file {0} to archive
+WLSDPLY-23006=Adding SAML2 initialization metadata file {0} to archive
+WLSDPLY-23007=SAML2 initialization metadata file {0} specified in properties file {1} was not found
+
 ####################################################################
 #   Message number 30000 - 30999 Archive Helper                    #
 ####################################################################
