Add option to update the rcu schema password after the population by … (#557)

* Add option to update the rcu schema password after the population by getDatabaseDefaults or in update case when the -updateRCUSchemaPassword flag is specified.

* Fix create problem and remove commented out code

* remove duplicate code line

Author: jshum2479

core/src/main/python/create.py

@@ -81,7 +81,8 @@
     CommandLineArgUtil.USE_ENCRYPTION_SWITCH,
     CommandLineArgUtil.PASSPHRASE_SWITCH,
     CommandLineArgUtil.OPSS_WALLET_SWITCH,
-    CommandLineArgUtil.OPSS_WALLET_PASSPHRASE
+    CommandLineArgUtil.OPSS_WALLET_PASSPHRASE,
+    CommandLineArgUtil.UPDATE_RCU_SCHEMA_PASS_SWITCH
 ]
 
 

core/src/main/python/update.py

@@ -22,6 +22,7 @@
 
 # imports from local packages start here
 from wlsdeploy.aliases.aliases import Aliases
+from wlsdeploy.tool.util.alias_helper import AliasHelper
 from wlsdeploy.aliases.wlst_modes import WlstModes
 from wlsdeploy.exception import exception_helper
 from wlsdeploy.exception.expection_types import ExceptionType
@@ -35,6 +36,7 @@
 from wlsdeploy.tool.util import model_context_helper
 from wlsdeploy.tool.util import wlst_helper
 from wlsdeploy.tool.util.wlst_helper import WlstHelper
+from wlsdeploy.tool.util.rcu_helper import RCUHelper
 from wlsdeploy.tool.util.string_output_stream import StringOutputStream
 from wlsdeploy.util import cla_helper
 from wlsdeploy.util import getcreds
@@ -45,6 +47,7 @@
 from wlsdeploy.util.weblogic_helper import WebLogicHelper
 from wlsdeploy.util import model as model_helper
 
+
 wlst_helper.wlst_functions = globals()
 
 _program_name = UPDATE_DOMAIN
@@ -71,7 +74,8 @@
     CommandLineArgUtil.ADMIN_PASS_SWITCH,
     CommandLineArgUtil.USE_ENCRYPTION_SWITCH,
     CommandLineArgUtil.PASSPHRASE_SWITCH,
-    CommandLineArgUtil.ROLLBACK_IF_RESTART_REQ_SWITCH
+    CommandLineArgUtil.ROLLBACK_IF_RESTART_REQ_SWITCH,
+    CommandLineArgUtil.UPDATE_RCU_SCHEMA_PASS_SWITCH
 ]
 
 
@@ -184,7 +188,6 @@ def __process_encryption_args(optional_arg_map):
         optional_arg_map[CommandLineArgUtil.PASSPHRASE_SWITCH] = String(passphrase)
     return
 
-
 def __update(model, model_context, aliases):
     """
     The method that does the heavy lifting for update.
@@ -291,6 +294,9 @@ def __update_offline(model, model_context, aliases):
     topology_updater.update()
 
     model_deployer.deploy_model_offline(model, model_context, aliases, wlst_mode=__wlst_mode)
+    if model_context.get_update_rcu_schema_pass() is True:
+        rcu_helper = RCUHelper(model, model_context, aliases)
+        rcu_helper.update_rcu_password()
 
     try:
         __wlst_helper.update_domain()

core/src/main/python/wlsdeploy/tool/create/domain_creator.py

@@ -84,6 +84,7 @@
 from wlsdeploy.tool.deploy import model_deployer
 from wlsdeploy.tool.util.archive_helper import ArchiveHelper
 from wlsdeploy.tool.util.library_helper import LibraryHelper
+from wlsdeploy.tool.util.rcu_helper import RCUHelper
 from wlsdeploy.tool.util.target_helper import TargetHelper
 from wlsdeploy.tool.util.targeting_types import TargetingType
 from wlsdeploy.tool.util.topology_helper import TopologyHelper
@@ -966,6 +967,10 @@ def __configure_fmw_infra_database(self):
             if self.wls_helper.is_database_defaults_supported():
                 self.wlst_helper.get_database_defaults()
 
+            if self.model_context.get_update_rcu_schema_pass() is True:
+                rcu_helper = RCUHelper(self.model, self.model_context, self.aliases, modifyBootStrapCredential=False)
+                rcu_helper.update_rcu_password()
+
         self.logger.exiting(class_name=self.__class_name, method_name=_method_name)
         return
 

core/src/main/python/wlsdeploy/tool/util/rcu_helper.py

@@ -0,0 +1,92 @@
+"""
+Copyright (c) 2010, Oracle Corporation and/or its affiliates.  All rights reserved.
+Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+"""
+
+from wlsdeploy.aliases.model_constants import RCU_DB_INFO
+from wlsdeploy.aliases.model_constants import RCU_PREFIX
+from wlsdeploy.aliases.model_constants import RCU_SCHEMA_PASSWORD
+from wlsdeploy.aliases.model_constants import DRIVER_PARAMS_USER_PROPERTY
+from wlsdeploy.aliases.model_constants import JDBC_DRIVER_PARAMS
+from wlsdeploy.aliases.model_constants import JDBC_DRIVER_PARAMS_PROPERTIES
+from wlsdeploy.aliases.model_constants import JDBC_RESOURCE
+from wlsdeploy.aliases.model_constants import JDBC_SYSTEM_RESOURCE
+from wlsdeploy.aliases.model_constants import PASSWORD_ENCRYPTED
+from wlsdeploy.tool.create.rcudbinfo_helper import RcuDbInfo
+from wlsdeploy.aliases.location_context import LocationContext
+from wlsdeploy.tool.deploy.deployer import Deployer
+from wlsdeploy.exception.expection_types import ExceptionType
+
+from wlsdeploy.aliases.wlst_modes import WlstModes
+
+class RCUHelper(Deployer):
+
+    def __init__(self, model, model_context, aliases, modifyBootStrapCredential=True):
+        Deployer.__init__(self, model, model_context, aliases, wlst_mode=WlstModes.OFFLINE)
+        self._exception_type = ExceptionType.DEPLOY
+        self._modifyBootStrapCredential = modifyBootStrapCredential
+
+    def update_rcu_password(self):
+        """
+        Update the password of each rcu schema and then update the bootstrap password
+        """
+
+        _method_name = 'update_rcu_password'
+
+        domain_info = self.model.get_model_domain_info()
+        if RCU_DB_INFO in domain_info:
+            rcu_db_info = RcuDbInfo(self.alias_helper, domain_info[RCU_DB_INFO])
+            rcu_schema_pass = rcu_db_info.get_rcu_schema_password()
+            rcu_prefix = rcu_db_info.get_rcu_prefix()
+
+            location = LocationContext()
+            location.append_location(JDBC_SYSTEM_RESOURCE)
+
+            folder_path = self.alias_helper.get_wlst_list_path(location)
+            self.wlst_helper.cd(folder_path)
+            ds_names = self.wlst_helper.lsc()
+            domain_typedef = self.model_context.get_domain_typedef()
+            rcu_schemas = domain_typedef.get_rcu_schemas()
+            if len(rcu_schemas) == 0:
+                return
+            schemas_len = len(rcu_schemas)
+
+            for i in range(0,schemas_len):
+                rcu_schemas[i] = rcu_prefix + '_' + rcu_schemas[i]
+
+            for ds_name in ds_names:
+                location = LocationContext()
+                location.append_location(JDBC_SYSTEM_RESOURCE)
+                token_name = self.alias_helper.get_name_token(location)
+                location.add_name_token(token_name, ds_name)
+
+                location.append_location(JDBC_RESOURCE)
+                location.append_location(JDBC_DRIVER_PARAMS)
+                password_location = LocationContext(location)
+
+                wlst_path = self.alias_helper.get_wlst_attributes_path(location)
+                self.wlst_helper.cd(wlst_path)
+
+                location.append_location(JDBC_DRIVER_PARAMS_PROPERTIES)
+                token_name = self.alias_helper.get_name_token(location)
+                if token_name is not None:
+                    location.add_name_token(token_name, DRIVER_PARAMS_USER_PROPERTY)
+                wlst_path = self.alias_helper.get_wlst_attributes_path(location)
+                self.wlst_helper.cd(wlst_path)
+                ds_user = self.wlst_helper.get('Value')
+
+                if ds_user in rcu_schemas:
+                    wlst_path = self.alias_helper.get_wlst_attributes_path(password_location)
+                    self.wlst_helper.cd(wlst_path)
+                    wlst_name, wlst_value = \
+                        self.alias_helper.get_wlst_attribute_name_and_value(password_location, PASSWORD_ENCRYPTED,
+                                                                            rcu_schema_pass, masked=True)
+                    self.wlst_helper.set(wlst_name, wlst_value, masked=True)
+
+                domain_home = self.model_context.get_domain_home()
+                config_file = domain_home + '/config/fmwconfig/jps-config-jse.xml'
+                opss_user = rcu_prefix + '_OPSS'
+                if self._modifyBootStrapCredential:
+                    self.wlst_helper.modify_bootstrap_credentials(jps_configfile=config_file, username=opss_user, password=rcu_schema_pass)
+
+

core/src/main/python/wlsdeploy/tool/util/wlst_helper.py

@@ -322,6 +322,23 @@ def get_database_defaults(self):
             raise pwe
         self.__logger.exiting(class_name=self.__class_name, method_name=_method_name)
 
+    def modify_bootstrap_credentials(self, jps_configfile, username, password):
+        """
+        modify the boot strap credentials in a JRF domain
+        :raises: Exception for the specified tool type: if a WLST error occurs
+        """
+        _method_name = 'modifyBootStrapCredentials'
+        self.__logger.entering(class_name=self.__class_name, method_name=_method_name)
+
+        try:
+            self.__load_global('modifyBootStrapCredential')(jps_configfile, username, password)
+        except offlineWLSTException, e:
+            pwe = exception_helper.create_exception(self.__exception_type, 'WLSDPLY-00101',
+                                                    e.getLocalizedMessage(), error=e)
+            self.__logger.throwing(pwe, class_name=self.__class_name, method_name=_method_name)
+            raise pwe
+        self.__logger.exiting(class_name=self.__class_name, method_name=_method_name)
+
     def set_server_groups(self, server, server_groups):
         """
         Sets the database defaults indicated by RCU.

core/src/main/python/wlsdeploy/util/cla_utils.py

@@ -70,6 +70,7 @@ class CommandLineArgUtil(object):
     ATTRIBUTES_ONLY_SWITCH     = '-attributes_only'
     FOLDERS_ONLY_SWITCH        = '-folders_only'
     RECURSIVE_SWITCH           = '-recursive'
+    UPDATE_RCU_SCHEMA_PASS_SWITCH = '-updateRCUSchemaPassword'
     VALIDATION_METHOD          = '-method'
     # overrides for the variable injector
     VARIABLE_INJECTOR_FILE_SWITCH   = '-variable_injector_file'
@@ -395,6 +396,8 @@ def process_args(self, args, tool_type=TOOL_TYPE_DEFAULT):
                 self._add_arg(key, True)
             elif self.is_recursive_switch(key):
                 self._add_arg(key, True)
+            elif self.is_update_rcu_schema_pass_switch(key):
+                self._add_arg(key, True)
             elif self.is_variable_injector_file_key(key):
                 idx += 1
                 if idx < args_len:
@@ -1040,6 +1043,12 @@ def get_recursive_switch(self):
     def is_recursive_switch(self, key):
         return self.RECURSIVE_SWITCH == key
 
+    def is_update_rcu_schema_pass_switch(self, key):
+        return self.UPDATE_RCU_SCHEMA_PASS_SWITCH == key
+
+    def get_is_update_rcu_schema_pass_switch(self):
+        return self.UPDATE_RCU_SCHEMA_PASS_SWITCH
+
     def _validate_target_mode_arg(self, value):
         method_name = '_validate_target_mode_arg'
 

core/src/main/python/wlsdeploy/util/model_context.py

@@ -72,6 +72,7 @@ def __init__(self, program_name, arg_map):
         self._folders_only = False
         self._opss_wallet_passphrase = None
         self._opss_wallet = None
+        self._update_rcu_schema_pass = False
         self._validation_method = None
         self._rollback_if_restart_required = None
         self._domain_resource_file = None
@@ -168,6 +169,9 @@ def __init__(self, program_name, arg_map):
         if CommandLineArgUtil.OPSS_WALLET_SWITCH in arg_map:
             self._opss_wallet = arg_map[CommandLineArgUtil.OPSS_WALLET_SWITCH]
 
+        if CommandLineArgUtil.UPDATE_RCU_SCHEMA_PASS_SWITCH in arg_map:
+            self._update_rcu_schema_pass = True
+
         if CommandLineArgUtil.VALIDATION_METHOD in arg_map:
             self._validation_method = arg_map[CommandLineArgUtil.VALIDATION_METHOD]
 
@@ -322,6 +326,12 @@ def get_opss_wallet_passphrase(self):
         """
         return self._opss_wallet_passphrase
 
+    def get_update_rcu_schema_pass(self):
+        """
+        Get the update rcu schema password flag
+        """
+        return self._update_rcu_schema_pass
+
     def get_validation_method(self):
         """
         Get the validation method.

core/src/main/resources/oracle/weblogic/deploy/messages/wlsdeploy_rb.properties

@@ -104,6 +104,8 @@ WLSDPLY-00096=Unable to obtain the cmo or MBean proxy for the current location {
 WLSDPLY-0097=Look for MBean instance for location {0}.
 WLSDPLY-0098=Quoted WebLogic String
 WLSDPLY-0100=Failed to set attribute {0} in path {1} to value {2}: {3}
+WLSDPLY-00101=Failed to modify the bootstrap credentials : {0}
+
 
 ###############################################################################
 #                      Util messages (1000 - 3999)                            #