added support for WDT use_encryption flag (#138)

* added support for WDT -use_encryption

* protect the password field to prevent logging

Author: ddsharpe

imagetool/src/main/java/com/oracle/weblogic/imagetool/cli/menu/CommonOptions.java

@@ -14,8 +14,6 @@
 import java.util.List;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
-import java.util.stream.Collectors;
-import java.util.stream.Stream;
 
 import com.oracle.weblogic.imagetool.api.model.CachedFile;
 import com.oracle.weblogic.imagetool.cachestore.CacheStore;
@@ -27,6 +25,7 @@
 import com.oracle.weblogic.imagetool.util.ARUUtil;
 import com.oracle.weblogic.imagetool.util.AdditionalBuildCommands;
 import com.oracle.weblogic.imagetool.util.Constants;
+import com.oracle.weblogic.imagetool.util.DockerBuildCommand;
 import com.oracle.weblogic.imagetool.util.DockerfileOptions;
 import com.oracle.weblogic.imagetool.util.Utils;
 import com.oracle.weblogic.imagetool.util.ValidationResult;
@@ -90,15 +89,15 @@ private void handleAdditionalBuildCommands() throws IOException {
         }
     }
 
-    void runDockerCommand(String dockerfile, List<String> command) throws IOException, InterruptedException {
-        logger.info("docker cmd = " + String.join(" ", command));
+    void runDockerCommand(String dockerfile, DockerBuildCommand command) throws IOException, InterruptedException {
+        logger.info("docker cmd = " + command.toString());
 
         if (dryRun) {
             System.out.println("########## BEGIN DOCKERFILE ##########");
             System.out.println(dockerfile);
             System.out.println("########## END DOCKERFILE ##########");
         } else {
-            Utils.runDockerCommand(command, dockerLog);
+            command.run(dockerLog);
         }
     }
 
@@ -108,32 +107,27 @@ void runDockerCommand(String dockerfile, List<String> command) throws IOExceptio
      *
      * @return list of options
      */
-    List<String> getInitialBuildCmd() {
+    DockerBuildCommand getInitialBuildCmd(String contextFolder) {
 
         logger.entering();
-        List<String> cmdBuilder = Stream.of("docker", "build",
-            "--force-rm=true", "--no-cache").collect(Collectors.toList());
+        DockerBuildCommand cmdBuilder = new DockerBuildCommand(contextFolder);
 
-        cmdBuilder.add("--tag");
-        cmdBuilder.add(imageTag);
+        cmdBuilder.setTag(imageTag);
 
         if (!Utils.isEmptyString(httpProxyUrl)) {
-            cmdBuilder.add(Constants.BUILD_ARG);
-            cmdBuilder.add("http_proxy=" + httpProxyUrl);
+            cmdBuilder.addBuildArg("http_proxy", httpProxyUrl);
         }
 
         if (!Utils.isEmptyString(httpsProxyUrl)) {
-            cmdBuilder.add(Constants.BUILD_ARG);
-            cmdBuilder.add("https_proxy=" + httpsProxyUrl);
+            cmdBuilder.addBuildArg("https_proxy", httpsProxyUrl);
         }
 
         if (!Utils.isEmptyString(nonProxyHosts)) {
-            cmdBuilder.add(Constants.BUILD_ARG);
-            cmdBuilder.add("no_proxy=" + nonProxyHosts);
+            cmdBuilder.addBuildArg("no_proxy", nonProxyHosts);
         }
 
         if (dockerPath != null && Files.isExecutable(dockerPath)) {
-            cmdBuilder.set(0, dockerPath.toAbsolutePath().toString());
+            cmdBuilder.setDockerPath(dockerPath.toAbsolutePath().toString());
         }
         logger.exiting();
         return cmdBuilder;
@@ -189,15 +183,13 @@ boolean applyingPatches() {
      * Builds a list of build args to pass on to docker with the required patches.
      * Also, creates links to patches directory under build context instead of copying over.
      *
-     * @return list of strings
+     * @param previousInventory existing inventory found in the "from" image
      * @throws Exception in case of error
      */
-    List<String> handlePatchFiles(String previousInventory) throws Exception {
+    void handlePatchFiles(String previousInventory) throws Exception {
         logger.entering();
-        List<String> retVal = new LinkedList<>();
-
         if (!applyingPatches()) {
-            return retVal;
+            return;
         }
 
         String toPatchesPath = createPatchesTempDirectory().toAbsolutePath().toString();
@@ -254,8 +246,7 @@ List<String> handlePatchFiles(String previousInventory) throws Exception {
         if (!patchLocations.isEmpty()) {
             dockerfileOptions.setPatchingEnabled();
         }
-        logger.exiting(retVal.size());
-        return retVal;
+        logger.exiting();
     }
 
     private Path createPatchesTempDirectory() throws IOException {
@@ -266,11 +257,6 @@ private Path createPatchesTempDirectory() throws IOException {
 
 
     void installOpatchInstaller(String tmpDir, String opatchBugNumber) throws Exception {
-        // opatch patch now is in the format #####_opatch in the cache store
-        // So the version passing to the constructor of CachedPatchFile is also "opatch".
-        // since opatch releases is on it's own and there is not really a patch to opatch
-        // and the version is embedded in the zip file version.txt
-
         String filePath =
             new CachedPatchFile(Constants.OPATCH_PATCH_TYPE, opatchBugNumber, userId, password).resolve(cacheStore);
         String filename = new File(filePath).getName();

imagetool/src/main/java/com/oracle/weblogic/imagetool/cli/menu/CreateImage.java

@@ -20,6 +20,7 @@
 import com.oracle.weblogic.imagetool.logging.LoggingFacade;
 import com.oracle.weblogic.imagetool.logging.LoggingFactory;
 import com.oracle.weblogic.imagetool.util.Constants;
+import com.oracle.weblogic.imagetool.util.DockerBuildCommand;
 import com.oracle.weblogic.imagetool.util.Utils;
 import picocli.CommandLine.ArgGroup;
 import picocli.CommandLine.Command;
@@ -63,12 +64,12 @@ public CommandResponse call() throws Exception {
             install.copyFiles(cacheStore, tmpDir);
             dockerfileOptions.setMiddlewareInstall(install);
 
-            List<String> cmdBuilder = getInitialBuildCmd();
+            DockerBuildCommand cmdBuilder = getInitialBuildCmd(tmpDir);
             // build wdt args if user passes --wdtModelPath
-            wdtOptions.handleWdtArgsIfRequired(dockerfileOptions, tmpDir, installerType);
+            wdtOptions.handleWdtArgs(dockerfileOptions, cmdBuilder, tmpDir);
 
             // resolve required patches
-            cmdBuilder.addAll(handlePatchFiles(null));
+            handlePatchFiles(null);
 
             // If patching, patch OPatch first
             if (applyingPatches()) {
@@ -92,8 +93,6 @@ public CommandResponse call() throws Exception {
             String dockerfile = Utils.writeDockerfile(tmpDir + File.separator + "Dockerfile",
                 "Create_Image.mustache", dockerfileOptions, dryRun);
 
-            // add directory to pass the context
-            cmdBuilder.add(tmpDir);
             runDockerCommand(dockerfile, cmdBuilder);
         } catch (Exception ex) {
             logger.fine("**ERROR**", ex);

imagetool/src/main/java/com/oracle/weblogic/imagetool/cli/menu/RebaseImage.java

@@ -19,6 +19,7 @@
 import com.oracle.weblogic.imagetool.logging.LoggingFacade;
 import com.oracle.weblogic.imagetool.logging.LoggingFactory;
 import com.oracle.weblogic.imagetool.util.Constants;
+import com.oracle.weblogic.imagetool.util.DockerBuildCommand;
 import com.oracle.weblogic.imagetool.util.DockerfileOptions;
 import com.oracle.weblogic.imagetool.util.Utils;
 import picocli.CommandLine.Command;
@@ -109,16 +110,14 @@ public CommandResponse call() throws Exception {
                 return new CommandResponse(-1, Utils.getMessage("IMG-0025"));
             }
 
-            List<String> cmdBuilder = getInitialBuildCmd();
+            DockerBuildCommand cmdBuilder = getInitialBuildCmd(tmpDir);
 
             if (adminPort != null) {
-                cmdBuilder.add(Constants.BUILD_ARG);
-                cmdBuilder.add("ADMIN_PORT=" + adminPort);
+                cmdBuilder.addBuildArg("ADMIN_PORT", adminPort);
             }
 
             if (managedServerPort != null) {
-                cmdBuilder.add(Constants.BUILD_ARG);
-                cmdBuilder.add("MANAGED_SERVER_PORT=" + managedServerPort);
+                cmdBuilder.addBuildArg("MANAGED_SERVER_PORT", managedServerPort);
             }
 
             if (dockerfileOptions.isRebaseToNew()) {
@@ -131,7 +130,7 @@ public CommandResponse call() throws Exception {
                 dockerfileOptions.setMiddlewareInstall(install);
 
                 // resolve required patches
-                cmdBuilder.addAll(handlePatchFiles(null));
+                handlePatchFiles(null);
 
                 // If patching, patch OPatch first
                 if (applyingPatches()) {
@@ -157,7 +156,6 @@ public CommandResponse call() throws Exception {
                 "Rebase_Image.mustache", dockerfileOptions, dryRun);
 
             // add directory to pass the context
-            cmdBuilder.add(tmpDir);
             runDockerCommand(dockerfile, cmdBuilder);
         } catch (Exception ex) {
             return new CommandResponse(-1, ex.getMessage());

imagetool/src/main/java/com/oracle/weblogic/imagetool/cli/menu/UpdateImage.java

@@ -8,7 +8,6 @@
 import java.time.Duration;
 import java.time.Instant;
 import java.util.Base64;
-import java.util.List;
 import java.util.Properties;
 import java.util.UUID;
 import java.util.concurrent.Callable;
@@ -19,6 +18,7 @@
 import com.oracle.weblogic.imagetool.logging.LoggingFactory;
 import com.oracle.weblogic.imagetool.util.ARUUtil;
 import com.oracle.weblogic.imagetool.util.Constants;
+import com.oracle.weblogic.imagetool.util.DockerBuildCommand;
 import com.oracle.weblogic.imagetool.util.Utils;
 import com.oracle.weblogic.imagetool.wdt.WdtOperation;
 import picocli.CommandLine.ArgGroup;
@@ -134,21 +134,19 @@ public CommandResponse call() throws Exception {
                 }
             }
 
-            List<String> cmdBuilder = getInitialBuildCmd();
+            DockerBuildCommand cmdBuilder = getInitialBuildCmd(tmpDir);
 
             // build wdt args if user passes --wdtModelPath
-            wdtOptions.handleWdtArgsIfRequired(dockerfileOptions, tmpDir, installerType);
+            wdtOptions.handleWdtArgs(dockerfileOptions, cmdBuilder, tmpDir);
             dockerfileOptions.setWdtCommand(wdtOperation);
 
             // resolve required patches
-            cmdBuilder.addAll(handlePatchFiles(lsinventoryText));
+            handlePatchFiles(lsinventoryText);
 
             // create dockerfile
             String dockerfile = Utils.writeDockerfile(tmpDir + File.separator + "Dockerfile",
                 "Update_Image.mustache", dockerfileOptions, dryRun);
 
-            // add directory to pass the context
-            cmdBuilder.add(tmpDir);
             runDockerCommand(dockerfile, cmdBuilder);
         } catch (Exception ex) {
             return new CommandResponse(-1, ex.getMessage());

imagetool/src/main/java/com/oracle/weblogic/imagetool/cli/menu/WdtOptions.java

@@ -14,11 +14,12 @@
 import com.oracle.weblogic.imagetool.api.model.CachedFile;
 import com.oracle.weblogic.imagetool.cachestore.CacheStore;
 import com.oracle.weblogic.imagetool.cachestore.CacheStoreFactory;
-import com.oracle.weblogic.imagetool.installer.FmwInstallerType;
 import com.oracle.weblogic.imagetool.installer.InstallerType;
 import com.oracle.weblogic.imagetool.logging.LoggingFacade;
 import com.oracle.weblogic.imagetool.logging.LoggingFactory;
+import com.oracle.weblogic.imagetool.util.DockerBuildCommand;
 import com.oracle.weblogic.imagetool.util.DockerfileOptions;
+import com.oracle.weblogic.imagetool.util.Utils;
 import picocli.CommandLine.Option;
 
 public class WdtOptions {
@@ -33,44 +34,53 @@ public class WdtOptions {
      * @param tmpDir the tmp directory which is passed to docker as the build context directory
      * @throws IOException in case of error
      */
-    void handleWdtArgsIfRequired(DockerfileOptions dockerfileOptions, String tmpDir,
-                                         FmwInstallerType installerType) throws IOException {
-        logger.entering(tmpDir);
+    void handleWdtArgs(DockerfileOptions dockerfileOptions, DockerBuildCommand cmdBuilder, String tmpDir)
+        throws IOException {
 
-        if (wdtModelPath != null) {
-            dockerfileOptions.setWdtEnabled();
-            dockerfileOptions.setWdtModelOnly(wdtModelOnly);
+        if (wdtModelPath == null) {
+            return;
+        }
 
-            List<String> modelList = addWdtFilesAsList(wdtModelPath, "model", tmpDir);
+        logger.entering(tmpDir);
+        String encryptionKey = Utils.getPasswordFromInputs(encryptionKeyStr, encryptionKeyFile, encryptionKeyEnv);
+        if (encryptionKey != null) {
+            dockerfileOptions.setWdtUseEncryption(true);
+            cmdBuilder.addBuildArg("WDT_ENCRYPTION_KEY", encryptionKey, true);
+        }
 
-            dockerfileOptions.setWdtModels(modelList);
+        dockerfileOptions.setWdtEnabled();
+        dockerfileOptions.setWdtModelOnly(wdtModelOnly);
 
-            dockerfileOptions.setWdtDomainType(wdtDomainType);
-            dockerfileOptions.setRunRcu(runRcu);
+        List<String> modelList = addWdtFilesAsList(wdtModelPath, "model", tmpDir);
 
-            if (wdtArchivePath != null) {
+        dockerfileOptions.setWdtModels(modelList);
 
-                List<String> archiveList = addWdtFilesAsList(wdtArchivePath, "archive", tmpDir);
+        dockerfileOptions.setWdtDomainType(wdtDomainType);
+        dockerfileOptions.setRunRcu(runRcu);
 
-                dockerfileOptions.setWdtArchives(archiveList);
-            }
-            dockerfileOptions.setDomainHome(wdtDomainHome);
+        if (wdtArchivePath != null) {
 
-            dockerfileOptions.setJavaOptions(wdtJavaOptions);
+            List<String> archiveList = addWdtFilesAsList(wdtArchivePath, "archive", tmpDir);
 
-            if (wdtVariablesPath != null && Files.isRegularFile(wdtVariablesPath)) {
-                String wdtVariableFilename = wdtVariablesPath.getFileName().toString();
-                Files.copy(wdtVariablesPath, Paths.get(tmpDir, wdtVariableFilename));
-                //Until WDT supports multiple variable files, take single file argument from CLI and convert to list
-                dockerfileOptions.setWdtVariables(Collections.singletonList(wdtVariableFilename));
-            }
+            dockerfileOptions.setWdtArchives(archiveList);
+        }
+        dockerfileOptions.setDomainHome(wdtDomainHome);
 
-            dockerfileOptions.setWdtStrictValidation(wdtStrictValidation);
+        dockerfileOptions.setJavaOptions(wdtJavaOptions);
 
-            CachedFile wdtInstaller = new CachedFile(InstallerType.WDT, wdtVersion);
-            Path wdtfile = wdtInstaller.copyFile(cacheStore, tmpDir);
-            dockerfileOptions.setWdtInstallerFilename(wdtfile.getFileName().toString());
+        if (wdtVariablesPath != null && Files.isRegularFile(wdtVariablesPath)) {
+            String wdtVariableFilename = wdtVariablesPath.getFileName().toString();
+            Files.copy(wdtVariablesPath, Paths.get(tmpDir, wdtVariableFilename));
+            //Until WDT supports multiple variable files, take single file argument from CLI and convert to list
+            dockerfileOptions.setWdtVariables(Collections.singletonList(wdtVariableFilename));
         }
+
+        dockerfileOptions.setWdtStrictValidation(wdtStrictValidation);
+
+        CachedFile wdtInstaller = new CachedFile(InstallerType.WDT, wdtVersion);
+        Path wdtfile = wdtInstaller.copyFile(cacheStore, tmpDir);
+        dockerfileOptions.setWdtInstallerFilename(wdtfile.getFileName().toString());
+
         logger.exiting();
     }
 
@@ -161,4 +171,26 @@ private List<String> addWdtFilesAsList(Path fileArg, String type, String tmpDir)
     @SuppressWarnings("FieldCanBeLocal")
     private boolean wdtStrictValidation = false;
 
+    @Option(
+        names = {"--wdtEncryptionKey"},
+        interactive = true,
+        arity = "0..1",
+        paramLabel = "<passphrase>",
+        description = "Enter the passphrase to decrypt the WDT model"
+    )
+    private String encryptionKeyStr;
+
+    @Option(
+        names = {"--wdtEncryptionKeyEnv"},
+        paramLabel = "<environment variable name>",
+        description = "environment variable containing the passphrase to decrypt the WDT model"
+    )
+    private String encryptionKeyEnv;
+
+    @Option(
+        names = {"--wdtEncryptionKeyFile"},
+        paramLabel = "<passphrase file>",
+        description = "path to file the passphrase to decrypt the WDT model"
+    )
+    private Path encryptionKeyFile;
 }

imagetool/src/main/java/com/oracle/weblogic/imagetool/util/Constants.java

@@ -27,7 +27,6 @@ public final class Constants {
     public static final String DEFAULT_JDK_VERSION = "8u202";
     public static final String DEFAULT_META_FILE = ".metadata";
     public static final String DELETE_ALL_FOR_SURE = "deleteAll4Sure";
-    public static final String BUILD_ARG = "--build-arg";
     public static final String FILE_CACHE = "FILE";
     public static final String HTTP = "http";
     public static final String HTTPS = "https";