Special characters in Admin credential and mii encryption credential (#2319)

* Add more special character in password

* changed the password format and test for config-map with db password

* Add  to encryption secret

* Add env variable with special character

* Added config check for custom env inside domain configuration

* Add test for sitconfig and add admin user name 'wlsadmin' instead of standard 'weblogic'

Co-authored-by: [email protected] <[email protected]>

Author: anpanigr

integration-tests/src/test/java/oracle/weblogic/kubernetes/ItMiiCustomSslStore.java

@@ -20,8 +20,6 @@
 
 import static java.util.concurrent.TimeUnit.MINUTES;
 import static java.util.concurrent.TimeUnit.SECONDS;
-import static oracle.weblogic.kubernetes.TestConstants.ADMIN_PASSWORD_DEFAULT;
-import static oracle.weblogic.kubernetes.TestConstants.ADMIN_USERNAME_DEFAULT;
 import static oracle.weblogic.kubernetes.TestConstants.DOMAIN_VERSION;
 import static oracle.weblogic.kubernetes.TestConstants.MII_BASIC_IMAGE_NAME;
 import static oracle.weblogic.kubernetes.TestConstants.MII_BASIC_IMAGE_TAG;
@@ -53,9 +51,10 @@
 
 /**
  * This test class verifies usage of CustomIdentityCustomTrust on PV.
- * Create a MII domain with an attached persistent volume.
+ * Create an MII domain with an attached persistent volume.
  * Configure custom identity and custom trust on server template
- * Donot set the SSL port on server template. The default will be set to 8100.
+ * Don't explicitly set the SSL port on the server template. 
+ * The default will be set to 8100.
  * Put the IdentityKeyStore.jks  and TrustKeyStore.jks on /shared directory 
  *  after administration server pod is started so that it can be accessible 
  *  from all managed server pods
@@ -111,18 +110,20 @@ public static void initAll(@Namespaces(2) List<String> namespaces) {
     // install and verify operator
     installAndVerifyOperator(opNamespace, domainNamespace);
 
-    // create secret for admin credentials
+    // create secret for admin credential with special characters
+    // the resultant password is ##W%*}!"'"`']\\\\//1$$~x 
+    // let the user name be something other than weblogic say wlsadmin
     logger.info("Create secret for admin credentials");
     String adminSecretName = "weblogic-credentials";
     assertDoesNotThrow(() -> createDomainSecret(adminSecretName, 
-            ADMIN_USERNAME_DEFAULT, ADMIN_PASSWORD_DEFAULT, domainNamespace),
+            "wlsadmin", "##W%*}!\"'\"`']\\\\//1$$~x", domainNamespace),
             String.format("createSecret failed for %s", adminSecretName));
 
-    // create encryption secret
+    // create encryption secret with special characters
     logger.info("Create encryption secret");
     String encryptionSecretName = "encryptionsecret";
     assertDoesNotThrow(() -> createDomainSecret(encryptionSecretName, "weblogicenc",
-            "weblogicenc", domainNamespace),
+            "#%*!`${ls}'${DOMAIN_UID}1~3x", domainNamespace),
              String.format("createSecret failed for %s", encryptionSecretName));
 
     String configMapName = "mii-ssl-configmap";
@@ -183,7 +184,7 @@ public static void initAll(@Namespaces(2) List<String> namespaces) {
 
   /**
    * Verify a standalone java client can access JNDI Context inside a pod.
-   * The client uses t3s cluster URL with custom SSL TrustStore on commandline  
+   * The client uses t3s cluster URL with custom SSL TrustStore on the command line
    */
   @Test
   @Order(1)

integration-tests/src/test/java/oracle/weblogic/kubernetes/ItMiiUpdateDomainConfig.java

@@ -74,6 +74,7 @@
 import static oracle.weblogic.kubernetes.actions.TestActions.createDomainCustomResource;
 import static oracle.weblogic.kubernetes.actions.TestActions.createSecret;
 import static oracle.weblogic.kubernetes.actions.TestActions.execCommand;
+import static oracle.weblogic.kubernetes.actions.TestActions.getDomainCustomResource;
 import static oracle.weblogic.kubernetes.actions.TestActions.getJob;
 import static oracle.weblogic.kubernetes.actions.TestActions.getPodLog;
 import static oracle.weblogic.kubernetes.actions.TestActions.getServiceNodePort;
@@ -191,7 +192,7 @@ public static void initAll(@Namespaces(2) List<String> namespaces) {
     logger.info("Create database secret");
     final String dbSecretName = domainUid  + "-db-secret";
     assertDoesNotThrow(() -> createDatabaseSecret(dbSecretName, "scott",
-            "tiger", "jdbc:oracle:thin:localhost:/ORCLCDB", domainNamespace),
+            "##W%*}!\"'\"`']\\\\//1$$~x", "jdbc:oracle:thin:localhost:/ORCLCDB", domainNamespace),
              String.format("createSecret failed for %s", dbSecretName));
     String configMapName = "jdbc-jms-wldf-configmap";
 
@@ -248,15 +249,62 @@ public void beforeEach() {
     }
   }
 
+  /**
+   * Check the environment variable with special characters.
+   */
+  @Test
+  @Order(0)
+  @DisplayName("Check environment variable with special characters")
+  public void testMiiCustomEnv() {
+    Domain domain1 = assertDoesNotThrow(() -> getDomainCustomResource(domainUid, domainNamespace),
+        String.format("getDomainCustomResource failed with ApiException when tried to get domain %s in namespace %s",
+            domainUid, domainNamespace));
+    List<V1EnvVar> envList = domain1.getSpec().getServerPod().getEnv();
+
+    boolean found = false;
+    for (int i = 0; i < envList.size(); i++) {
+      logger.info("The name is: {0}, value is: {1}", envList.get(i).getName(), envList.get(i).getValue());
+      if (envList.get(i).getName().equalsIgnoreCase("CUSTOM_ENV")) {
+        assertTrue(
+            envList.get(i).getValue().equalsIgnoreCase("${DOMAIN_UID}~##!'%*$(ls)"),
+            "Expected value for CUSTOM_ENV variable does not mtach");
+        found = true;
+      }
+    }
+    assertTrue(found, "Couldn't find CUSTOM_ENV variable in domain resource");
+
+    int adminServiceNodePort
+        = getServiceNodePort(domainNamespace, getExternalServicePodName(adminServerPodName), "default");
+    StringBuffer curlString = new StringBuffer("curl --user weblogic:welcome1 ");
+    curlString.append("\"http://" + K8S_NODEPORT_HOST + ":" + adminServiceNodePort)
+          .append("/management/weblogic/latest/domainConfig")
+          .append("/JMSServers/TestClusterJmsServer")
+          .append("?fields=notes&links=none\"")
+          .append(" --silent ");
+    logger.info("checkJmsServerConfig: curl command {0}", new String(curlString));
+    ExecResult result = null;
+    try {
+      result = exec(new String(curlString), true);
+      getLogger().info("The command returned exit value: "
+          + result.exitValue() + " command output: "
+          + result.stderr() + "\n" + result.stdout());
+      assertTrue((result.exitValue() == 0), 
+             "curl command returned non zero value");
+      assertTrue((result.stdout().contains("${DOMAIN_UID}~##!'%*$(ls)")), 
+             "Custom environment variable is not reflected in domin config");
+    } catch (Exception e) {
+      getLogger().info("Got exception, command failed with errors " + e.getMessage());
+    }
+  }
+
   /**
    * Check server logs are written on PersistentVolume(PV).
-   * The test looks for the string RUNNING in server log
+   * The test looks for the string RUNNING in the server log
    */
   @Test
   @Order(1)
   @DisplayName("Check the server logs are written to PersistentVolume")
   public void testMiiServerLogsAreOnPV() {
-
     // check server logs are written on PV and look for string RUNNING in log
     checkLogsOnPV("grep RUNNING /shared/logs/" + adminServerName + ".log", adminServerPodName);
   }
@@ -296,12 +344,12 @@ public void testMiiHttpServerLogsAreOnPV() {
   }
 
   /**
-   * Create a WebLogic domain with a defined configmap in configuration/model
-   * section of the domain resource.
+   * Create a WebLogic domain with a defined configmap in the 
+   * configuration/model section of the domain resource.
    * The configmap has multiple sparse WDT model files that define
    * a JDBCSystemResource, a JMSSystemResource and a WLDFSystemResource.
    * Verify all the SystemResource configurations using the rest API call
-   * using the public nodeport of the administration server.
+   * using the public node port of the administration server.
    */
   @Test
   @Order(3)
@@ -475,15 +523,15 @@ public void testMiiAddSystemResources() {
    * Update the restart version of the domain resource.
    * Verify rolling restart of the domain by comparing PodCreationTimestamp
    * before and after rolling restart.
-   * Verify servers from new cluster are not in running state, because
+   * Verify servers from the new cluster are not in running state, because
    * the spec level replica count to zero(default).
    */
   @Test
   @Order(6)
   @DisplayName("Add a dynamic cluster to the domain with default replica count")
   public void testMiiAddDynmicClusteriWithNoReplica() {
 
-    // This test uses the WebLogic domain created in BeforeAll method
+    // This test uses the WebLogic domain created in the BeforeAll method
     // BeforeEach method ensures that the server pods are running
 
     String configMapName = "noreplicaconfigmap";
@@ -518,8 +566,8 @@ public void testMiiAddDynmicClusteriWithNoReplica() {
     assertTrue(verifyRollingRestartOccurred(pods, 1, domainNamespace),
         "Rolling restart failed");
 
-    // The ServerNamePrefix for the new configured cluster is config-server
-    // Make sure the managed server from new cluster is not running
+    // The ServerNamePrefix for the newly configured cluster is config-server
+    // Make sure the managed server from the new cluster is not running
 
     String newServerPodName = domainUid + "-config-server1";
     checkPodNotCreated(newServerPodName, domainUid, domainNamespace);
@@ -536,14 +584,14 @@ public void testMiiAddDynmicClusteriWithNoReplica() {
    * Update the restart version of the domain resource.
    * Verify rolling restart of the domain by comparing PodCreationTimestamp
    * before and after rolling restart.
-   * Verify servers from new cluster are in running state.
+   * Verify servers from the new cluster are running.
    */
   @Test
   @Order(7)
   @DisplayName("Add a dynamic cluster to domain with non-zero replica count")
   public void testMiiAddDynamicCluster() {
 
-    // This test uses the WebLogic domain created in BeforeAll method
+    // This test uses the WebLogic domain created in the BeforeAll method
     // BeforeEach method ensures that the server pods are running
 
     String configMapName = "dynamicclusterconfigmap";
@@ -613,14 +661,14 @@ public void testMiiAddDynamicCluster() {
    * Update the restart version of the domain resource.
    * Verify rolling restart of the domain by comparing PodCreationTimestamp
    * before and after rolling restart.
-   * Verify servers from new cluster are in running state.
+   * Verify servers from the new cluster are running.
    */
   @Test
   @Order(8)
   @DisplayName("Add a configured cluster to the domain")
   public void testMiiAddConfiguredCluster() {
 
-    // This test uses the WebLogic domain created in BeforeAll method
+    // This test uses the WebLogic domain created in the BeforeAll method
     // BeforeEach method ensures that the server pods are running
 
     String configMapName = "configclusterconfigmap";
@@ -681,7 +729,7 @@ public void testMiiAddConfiguredCluster() {
   }
 
   /**
-   * Start a WebLogic domain with model-in-imge.
+   * Start a WebLogic domain with model-in-image.
    * Patch the domain CRD with a new credentials secret.
    * Update domainRestartVersion to trigger a rolling restart of server pods.
    * Make sure all the server pods are re-started in a rolling fashion.
@@ -749,10 +797,10 @@ public void testMiiUpdateWebLogicCredential() {
    * Set allowReplicasBelowMinDynClusterSize to false.
    * Make sure that the cluster can be scaled up to 5 servers and
    * scaled down to 1 server.
-   * Create a configmap with a sparse model file with following attributes for
+   * Create a configmap with a sparse model file with the following attributes 
    * Cluster/cluster-1/DynamicServers
    *   MaxDynamicClusterSize(4) and MinDynamicClusterSize(2)
-   * Patch the domain resource with the configmap and update restartVersion.
+   * Patch the domain resource with the configmap and update the restartVersion.
    * Make sure a rolling restart is triggered.
    * Now with the modified value
    * Make sure that the cluster can be scaled up to 4 servers.
@@ -970,6 +1018,8 @@ private static void createDomainSecret(String secretName, String username, Strin
     assertTrue(secretCreated, String.format("create secret failed for %s in namespace %s", secretName, domNamespace));
   }
 
+  // Add an environmental variable with special character
+  // Make sure the variable is available in domain resource with right value 
   private static void createDomainResource(
       String domainUid, String domNamespace, String adminSecretName,
       String repoSecretName, String encryptionSecretName,
@@ -1004,6 +1054,9 @@ private static void createDomainResource(
                             .addEnvItem(new V1EnvVar()
                                     .name("USER_MEM_ARGS")
                                     .value("-Djava.security.egd=file:/dev/./urandom "))
+                            .addEnvItem(new V1EnvVar()
+                                    .name("CUSTOM_ENV")
+                                    .value("${DOMAIN_UID}~##!'%*$(ls)"))
                             .addVolumesItem(new V1Volume()
                                     .name(pvName)
                                     .persistentVolumeClaim(new V1PersistentVolumeClaimVolumeSource()

integration-tests/src/test/java/oracle/weblogic/kubernetes/ItSystemResOverrides.java

@@ -241,6 +241,7 @@ private void verifyJMSResourceOverride() {
     assertEquals(200, response.statusCode(), "Status code not equals to 200");
     assertTrue(response.body().contains("ExpirationPolicy:Discard"), "Didn't get ExpirationPolicy:Discard");
     assertTrue(response.body().contains("RedeliveryLimit:20"), "Didn't get RedeliveryLimit:20");
+    assertTrue(response.body().contains("Notes:mysitconfigdomain"), "Didn't get Correct Notes description");
   }
 
   private void verifyWLDFResourceOverride() {
@@ -373,6 +374,9 @@ private void createDomain() {
                 .addEnvItem(new V1EnvVar()
                     .name("USER_MEM_ARGS")
                     .value("-Djava.security.egd=file:/dev/./urandom "))
+                .addEnvItem(new V1EnvVar()
+                    .name("CUSTOM_ENV")
+                    .value("##~`!^${ls}"))
                 .addVolumesItem(new V1Volume()
                     .name(pvName)
                     .persistentVolumeClaim(new V1PersistentVolumeClaimVolumeSource()

integration-tests/src/test/resources/apps/sitconfig/src/java/oracle/weblogic/kubernetes/applications/sitconfig/SitconfigServlet.java

@@ -110,6 +110,7 @@ public void testSystemResourcesJmsAttributeChange(PrintWriter out) {
 
     out.println("ExpirationPolicy:" + uniformDistributedTopic.getDeliveryFailureParams().getExpirationPolicy());
     out.println("RedeliveryLimit:" + uniformDistributedTopic.getDeliveryFailureParams().getRedeliveryLimit());
+    out.println("Notes:" + uniformDistributedTopic.getNotes());
   }
 
   /**

integration-tests/src/test/resources/configfiles/configoverridesset2/jms-ClusterJmsSystemResource.xml

@@ -4,7 +4,7 @@
     xmlns:fr="http://xmlns.oracle.com/weblogic/weblogic-jms-fragment"
     xmlns:s="http://xmlns.oracle.com/weblogic/situational-config" >
     <jms:uniform-distributed-topic name="UniformReplicatedTestTopic">
-        <jms:notes fr:combine-mode="add">JMS System Resource UniformReplicatedTestTopic testSystemResourcesJMSAttributeChange</jms:notes>
+        <jms:notes fr:combine-mode="add">${env:DOMAIN_UID}</jms:notes>
         <jms:delivery-failure-params>
             <jms:redelivery-limit fr:combine-mode="replace">20</jms:redelivery-limit>
             <jms:expiration-policy fr:combine-mode="replace">Discard</jms:expiration-policy>

integration-tests/src/test/resources/ssl/SslTestClient.java

@@ -36,8 +36,8 @@ private Context getInitialContext()
 
       props.put("java.naming.factory.initial",
           "weblogic.jndi.WLInitialContextFactory" );
-      props.put("java.naming.security.principal","weblogic");
-      props.put("java.naming.security.credentials","welcome1");
+      props.put("java.naming.security.principal","wlsadmin");
+      props.put("java.naming.security.credentials","##W%*}!\"'\"`']\\\\//1$$~x");
       try {
         jndiContext = new InitialContext(props);
       } catch (Exception e) {

integration-tests/src/test/resources/wdt-models/model.sysresources.yaml

@@ -12,6 +12,7 @@ resources:
             PersistentStore: 'TestClusterFileStore'
             InsertionPausedAtStartup: false
             MessageCompressionOptions: GZIP_DEFAULT_COMPRESSION
+            Notes: '@@ENV:CUSTOM_ENV@@'
 
     JMSSystemResource:
         TestClusterJmsModule: