Owls88611 make sure REST calls are made using the expected port and protocol (#2301)

* choose correct port and protocol

* add validation for no port to use cases

Author: doxiao

operator/src/main/java/oracle/kubernetes/operator/helpers/PodHelper.java

@@ -9,7 +9,6 @@
 import java.util.Map;
 import java.util.Objects;
 import java.util.Optional;
-import java.util.stream.Stream;
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
 
@@ -568,21 +567,7 @@ List<V1EnvVar> getConfiguredEnvVars(TuningParameters tuningParameters) {
 
     abstract class ExporterContext {
       int getWebLogicRestPort() {
-        return selectPortByProtocolName().orElse(selectPortFromList());
-      }
-
-      private Optional<Integer> selectPortByProtocolName() {
-        return getContainerPorts().stream()
-              .filter(p -> Objects.equals(scan.getAdminProtocolChannelName(), p.getName()))
-              .findFirst()
-              .map(V1ContainerPort::getContainerPort);
-      }
-
-      private int selectPortFromList() {
-        return Stream.of(getAdminPort(), getListenPort(), getSslListenPort())
-              .filter(Objects::nonNull)
-              .findFirst()
-              .orElseThrow(() -> new RuntimeException("No ports defined for this server"));
+        return scan.getLocalAdminProtocolChannelPort();
       }
 
       boolean isWebLogicSecure() {

operator/src/main/java/oracle/kubernetes/operator/logging/MessageKeys.java

@@ -162,6 +162,7 @@ public class MessageKeys {
   public static final String ILLEGAL_SERVER_SERVICE_NAME_LENGTH = "WLSDO-0018";
   public static final String ILLEGAL_EXTERNAL_SERVICE_NAME_LENGTH = "WLSDO-0019";
   public static final String MII_DOMAIN_UPDATED_POD_RESTART_REQUIRED = "WLSDO-0020";
+  public static final String NO_AVAILABLE_PORT_TO_USE_FOR_REST = "WLSDO-0021";
 
   private MessageKeys() {
   }

operator/src/main/java/oracle/kubernetes/operator/steps/ReadHealthStep.java

@@ -10,7 +10,6 @@
 import java.time.OffsetDateTime;
 import java.time.ZoneId;
 import java.util.ArrayList;
-import java.util.Collection;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
@@ -21,10 +20,9 @@
 
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import io.kubernetes.client.openapi.models.V1ObjectMeta;
 import io.kubernetes.client.openapi.models.V1Pod;
 import io.kubernetes.client.openapi.models.V1Service;
-import io.kubernetes.client.openapi.models.V1ServicePort;
-import io.kubernetes.client.openapi.models.V1ServiceSpec;
 import oracle.kubernetes.operator.Pair;
 import oracle.kubernetes.operator.ProcessingConstants;
 import oracle.kubernetes.operator.WebLogicConstants;
@@ -108,6 +106,7 @@ static final class ReadHealthProcessing extends HttpRequestProcessing {
     }
 
     private HttpRequest createRequest() {
+      LOGGER.finer("Create REST request to service URL: " + getRequestUrl());
       return createRequestBuilder(getRequestUrl())
             .POST(HttpRequest.BodyPublishers.ofString(getRetrieveHealthSearchPayload()))
             .build();
@@ -118,55 +117,35 @@ private String getRequestUrl() {
     }
 
     protected PortDetails getPortDetails() {
-      Integer port = getPort();
+      Integer port = getWlsServerAdminProtocolPort();
       return new PortDetails(port, !port.equals(getWlsServerConfig().getListenPort()));
     }
 
-    private Integer getPort() {
-      return Optional.ofNullable(getService().getSpec())
-            .map(this::getServicePort)
-            .map(V1ServicePort::getPort)
-            .orElse(-1);
+    private Integer getWlsServerAdminProtocolPort() {
+      return getWlsServerConfig().getLocalAdminProtocolChannelPort();
     }
 
-    private V1ServicePort getServicePort(V1ServiceSpec spec) {
-      return getAdminProtocolPort(spec).orElse(getFirstPort(spec));
-    }
-
-    private Optional<V1ServicePort> getAdminProtocolPort(V1ServiceSpec spec) {
-      return Optional.ofNullable(spec.getPorts())
-            .stream()
-            .flatMap(Collection::stream)
-            .filter(this::isAdminProtocolPort)
-            .findFirst();
-    }
-
-    private boolean isAdminProtocolPort(V1ServicePort port) {
-      return Optional.ofNullable(getAdminProtocolChannelName()).map(n -> n.equals(port.getName())).orElse(false);
-    }
-
-    private V1ServicePort getFirstPort(V1ServiceSpec spec) {
-      return Optional.ofNullable(spec).map(V1ServiceSpec::getPorts).map(l -> l.get(0)).orElse(null);
-    }
-
-    private String getAdminProtocolChannelName() {
-      return getWlsServerConfig().getAdminProtocolChannelName();
-    }
-
-
     private WlsServerConfig getWlsServerConfig() {
       // standalone server that does not belong to any cluster
       WlsServerConfig serverConfig = getWlsDomainConfig().getServerConfig(getServerName());
 
       if (serverConfig == null) {
         // dynamic or configured server in a cluster
-        String clusterName = getService().getMetadata().getLabels().get(CLUSTERNAME_LABEL);
+        String clusterName = getClusterNameFromServiceLabel();
         WlsClusterConfig cluster = getWlsDomainConfig().getClusterConfig(clusterName);
         serverConfig = findServerConfig(cluster);
       }
       return serverConfig;
     }
 
+    private String getClusterNameFromServiceLabel() {
+      return Optional.of(getService())
+          .map(V1Service::getMetadata)
+          .map(V1ObjectMeta::getLabels)
+          .map(m -> m.get(CLUSTERNAME_LABEL))
+          .orElse(null);
+    }
+
     private WlsServerConfig findServerConfig(WlsClusterConfig wlsClusterConfig) {
       for (WlsServerConfig serverConfig : wlsClusterConfig.getServerConfigs()) {
         if (Objects.equals(getServerName(), serverConfig.getName())) {

operator/src/main/java/oracle/kubernetes/operator/wlsconfig/PortDetails.java

@@ -5,22 +5,14 @@
 
 public class PortDetails {
 
-  final int portNum;
-  final boolean portSecure;
+  private final int portNum;
+  private final boolean portSecure;
 
   public PortDetails(int portNum, boolean portSecure) {
     this.portNum = portNum;
     this.portSecure = portSecure;
   }
 
-  public int getPortNum() {
-    return portNum;
-  }
-
-  public boolean isPortSecure() {
-    return portSecure;
-  }
-
   public String toHttpUrl(String host) {
     return String.format("http%s://%s:%d", (portSecure ? "s" : ""), host, portNum);
   }

operator/src/main/java/oracle/kubernetes/operator/wlsconfig/WlsServerConfig.java

@@ -15,14 +15,14 @@
 
 /** Contains configuration of a WebLogic server. */
 public class WlsServerConfig {
-  String name;
-  Integer listenPort;
-  String listenAddress;
-  String clusterName;
-  Integer sslListenPort;
-  String machineName;
-  Integer adminPort;
-  List<NetworkAccessPoint> networkAccessPoints;
+  private String name;
+  private Integer listenPort;
+  private String listenAddress;
+  private String clusterName;
+  private Integer sslListenPort;
+  private String machineName;
+  private Integer adminPort;
+  private List<NetworkAccessPoint> networkAccessPoints;
 
   public WlsServerConfig() {
   }
@@ -140,7 +140,7 @@ static String getClusterNameFromJsonMap(Map<String, Object> serverMap) {
    * @param serverMap Map containing parsed Json "servers" or "serverTemplates" element
    * @return Machine name contained in the Json element
    */
-  static String getMachineNameFromJsonMap(Map<String, Object> serverMap) {
+  private static String getMachineNameFromJsonMap(Map<String, Object> serverMap) {
     // serverMap contains a "machine" entry from the REST call which is in the form: "machine":
     // ["machines", "domain1-machine1"]
     @SuppressWarnings({"unchecked", "rawtypes"})
@@ -317,7 +317,7 @@ public WlsServerConfig setAdminPort(int adminPort) {
   }
 
   public String getClusterName() {
-    return this.clusterName;
+    return clusterName;
   }
 
   public boolean isAdminPortEnabled() {
@@ -405,7 +405,6 @@ public boolean isLocalAdminProtocolChannelSecure() {
         adminProtocolPortSecure = false;
       }
     }
-
     return adminProtocolPortSecure;
   }
 

operator/src/main/java/oracle/kubernetes/weblogic/domain/model/Domain.java

@@ -803,6 +803,32 @@ private void verifyIntrospectorJobName() {
       }
     }
 
+
+    private void verifyServerPorts(WlsDomainConfig wlsDomainConfig) {
+      // domain level serverConfigs do not contain servers in dynamic clusters
+      wlsDomainConfig.getServerConfigs()
+          .values()
+          .stream()
+          .forEach(server -> checkServerPorts(server));
+      wlsDomainConfig.getClusterConfigs()
+          .values()
+          .iterator()
+          .forEachRemaining(wlsClusterConfig
+              // serverConfigs contains configured and dynamic servers in the cluster
+              -> wlsClusterConfig.getServerConfigs().forEach(wlsServerConfig
+                  -> this.checkServerPorts(wlsServerConfig)));
+    }
+
+    private void checkServerPorts(WlsServerConfig wlsServerConfig) {
+      if (noAvailablePort(wlsServerConfig)) {
+        failures.add(DomainValidationMessages.noAvailablePortToUse(getDomainUid(), wlsServerConfig.getName()));
+      }
+    }
+
+    private boolean noAvailablePort(WlsServerConfig wlsServerConfig) {
+      return wlsServerConfig.getAdminProtocolChannelName() == null;
+    }
+
     private void verifyGeneratedResourceNames(WlsDomainConfig wlsDomainConfig) {
       checkGeneratedServerServiceName(wlsDomainConfig.getAdminServerName(), -1);
       if (isExternalServiceConfigured(getSpec())) {
@@ -1033,7 +1059,9 @@ private void addReservedEnvironmentVariables() {
     }
 
     List<String> getAfterIntrospectValidationFailures(Packet packet) {
-      verifyGeneratedResourceNames((WlsDomainConfig) packet.get(ProcessingConstants.DOMAIN_TOPOLOGY));
+      WlsDomainConfig wlsDomainConfig = (WlsDomainConfig) packet.get(ProcessingConstants.DOMAIN_TOPOLOGY);
+      verifyGeneratedResourceNames(wlsDomainConfig);
+      verifyServerPorts(wlsDomainConfig);
       return failures;
     }
 

operator/src/main/java/oracle/kubernetes/weblogic/domain/model/DomainValidationMessages.java

@@ -131,4 +131,8 @@ public static String exceedMaxExternalServiceName(
       String domainUid, String adminServerName, String result, int limit) {
     return getMessage(MessageKeys.ILLEGAL_EXTERNAL_SERVICE_NAME_LENGTH, domainUid, adminServerName, result, limit);
   }
+
+  public static String noAvailablePortToUse(String domainUid, String serverName) {
+    return getMessage(MessageKeys.NO_AVAILABLE_PORT_TO_USE_FOR_REST, domainUid, serverName);
+  }
 }

operator/src/main/resources/Operator.properties

@@ -167,9 +167,11 @@ WLSDO-0019=DomainUID ''{0}'' and admin server name ''{1}'' combination ''{2}'' e
 WLSDO-0020=Online WebLogic configuration updates complete \
   but there are pending non-dynamic changes that require \
   pod restarts to take effect. The changes are:
-
+WLSDO-0021=DomainUID ''{0}'' server ''{1}'' does not have a port available for the operator to send REST calls. \
+  The default listen port and SSL port are disabled, the admin port is not configured and there is no channel with admin privileges.\
 
 oneEnvVar=variable
 multipleEnvVars=variables
 singularToBe=is
 pluralToBe=are
+