Merge branch '14120-ports-related-fix' into 'main'

rjeberhard · rjeberhard · commit 710059fde93c · 2024-08-26T22:07:33.000Z
Add support for additional new topology level attributes to control... See merge request weblogic-cloud/weblogic-kubernetes-operator!4792 (cherry picked from commit 02c7a6d) b756bc6 Add support for additional new topology level attributes to control... eb71769 Fix internal-t3 for 14120 when global listen port is enabled e23d88c fix ssl global logic b0c409a Fix various default port logic for 14.1.2 global settings
diff --git a/operator/src/main/resources/scripts/introspectDomain.py b/operator/src/main/resources/scripts/introspectDomain.py
@@ -2075,8 +2075,8 @@ def isSecureModeEnabledForDomain(domain):
       if attributes['SecureModeEnabled']:
         secureModeEnabled = True
   else:
-    secureModeEnabled = domain.isProductionModeEnabled() and not LegalHelper.versionEarlierThan(domain.getDomainVersion(), "14.1.2.0")
-
+    secureModeEnabled = domain.isProductionModeEnabled() and not LegalHelper.versionEarlierThan(domain.getDomainVersion(), "14.1.2.0") \
+                    and domain.isAdministrationPortEnabled()
   return secureModeEnabled
 
 def isAdministrationPortEnabledForDomain(domain):
@@ -2133,7 +2133,9 @@ def isListenPortEnabledForServer(server, domain, is_server_template=False):
     cd('/Server')
   cd(server.getName())
   if not isSet('ListenPortEnabled') and isSecureModeEnabledForDomain(domain):
-    enabled = False
+      enabled = False
+      if not LegalHelper.versionEarlierThan(domain.getDomainVersion(), "14.1.2.0") and domain.isListenPortEnabled():
+          enabled = True
   return enabled
 
 def isSSLListenPortEnabled(ssl, domain):
@@ -2161,6 +2163,7 @@ def getSSLPortIfEnabled(server, domain, is_server_template=True):
   """
   ssl = None
   ssl_listen_port = None
+
   try:
     # this can throw if SSL mbean not there
     ssl = server.getSSL()
@@ -2178,6 +2181,14 @@ def getSSLPortIfEnabled(server, domain, is_server_template=True):
       ssl_listen_port = getRealSSLListenPort(server, ssl.getListenPort())
   elif ssl is None and isSecureModeEnabledForDomain(domain):
     ssl_listen_port = "7002"
+
+  # Check override for 14.1.2.x
+  if not LegalHelper.versionEarlierThan(domain.getDomainVersion(), "14.1.2.0"):
+    if ssl is None and domain.isSSLEnabled():
+        ssl_listen_port = 7002
+    elif ssl is None and not domain.isSSLEnabled():
+        ssl_listen_port = None
+
   return ssl_listen_port
 
 def get_server_template_listening_ports_from_configxml(config_xml):
diff --git a/operator/src/main/resources/scripts/model_wdt_mii_filter.py b/operator/src/main/resources/scripts/model_wdt_mii_filter.py
@@ -550,8 +550,33 @@ def _get_ssl_listen_port(server):
       ssl_listen_port = "7002"
   elif ssl is None and isSecureModeEnabledForDomain(model):
     ssl_listen_port = "7002"
+
+  # Check overrride for 14.1.2.x
+  if not env.wlsVersionEarlierThan("14.1.2.0") and not isGlobalSSLEnabled():
+          return None
   return ssl_listen_port
 
+def isGlobalSSLEnabled(model):
+    result=False
+    if 'topology' in model:
+        if 'SSLEnabled' in model['topology']:
+            val = model['topology']['SSLEnabled']
+            if isinstance(val, str) or isinstance(val, unicode):
+              result = Boolean.valueOf(val)
+            else:
+              result = val
+    return result
+
+def isGlobalListenPortEnabled(model):
+    result=False
+    if 'topology' in model:
+        if 'ListenPortEnabled' in model['topology']:
+            val = model['topology']['ListenPortEnabled']
+            if isinstance(val, str) or isinstance(val, unicode):
+              result = Boolean.valueOf(val)
+            else:
+              result = val
+    return result
 
 def addAdminChannelPortForwardNetworkAccessPoints(server):
   admin_channel_port_forwarding_enabled = env.getEnvOrDef("ADMIN_CHANNEL_PORT_FORWARDING_ENABLED", "true")
@@ -579,8 +604,14 @@ def addAdminChannelPortForwardNetworkAccessPoints(server):
     _writeAdminChannelPortForwardNAP(name='internal-admin', server=server,
                                      listen_port=getAdministrationPort(server, model['topology']), protocol='admin')
   elif index == 0:
-    if not secure_mode and is_listenport_enabled(server):
-      _writeAdminChannelPortForwardNAP(name='internal-t3', server=server, listen_port=admin_server_port, protocol='t3')
+    if not env.wlsVersionEarlierThan("14.1.2.0"):
+        if not secure_mode and is_listenport_enabled(server):
+          _writeAdminChannelPortForwardNAP(name='internal-t3', server=server, listen_port=admin_server_port, protocol='t3')
+        elif secure_mode and (is_listenport_enabled(server) or isGlobalListenPortEnabled(model)):
+          _writeAdminChannelPortForwardNAP(name='internal-t3', server=server, listen_port=admin_server_port, protocol='t3')
+    else:
+        if not secure_mode and is_listenport_enabled(server):
+          _writeAdminChannelPortForwardNAP(name='internal-t3', server=server, listen_port=admin_server_port, protocol='t3')
 
     ssl = getSSLOrNone(server)
     ssl_listen_port = None
@@ -590,20 +621,27 @@ def addAdminChannelPortForwardNetworkAccessPoints(server):
         ssl_listen_port = "7002"
     elif ssl is None and secure_mode:
       ssl_listen_port = "7002"
+    # Check override for 14.1.2.x
+
+    if not env.wlsVersionEarlierThan("14.1.2.0") and ssl is None:
+        if isGlobalSSLEnabled(model):
+            ssl_listen_port = 7002
+        else:
+            ssl_listen_port = None
 
     if ssl_listen_port is not None:
       _writeAdminChannelPortForwardNAP(name='internal-t3s', server=server, listen_port=ssl_listen_port, protocol='t3s')
 
 
 def is_listenport_enabled(server):
+  is_listen_port_enabled = True
   if 'ListenPortEnabled' in server:
     val = server['ListenPortEnabled']
     if isinstance(val, str) or isinstance(val, unicode):
       is_listen_port_enabled = Boolean.valueOf(val)
     else:
       is_listen_port_enabled = val
-  else:
-    is_listen_port_enabled = True
+
   return is_listen_port_enabled
 
 
