Merge branch 'main' of https://github.com/oracle/weblogic-kubernetes-operator

Author: rjeberhard

integration-tests/src/test/java/oracle/weblogic/kubernetes/ItMiiDomain.java

@@ -86,8 +86,11 @@
 import static oracle.weblogic.kubernetes.assertions.TestAssertions.domainResourceImagePatched;
 import static oracle.weblogic.kubernetes.assertions.TestAssertions.podImagePatched;
 import static oracle.weblogic.kubernetes.utils.ApplicationUtils.callWebAppAndWaitTillReady;
+import static oracle.weblogic.kubernetes.utils.ApplicationUtils.verifyAdminConsoleAccessible;
 import static oracle.weblogic.kubernetes.utils.CommonTestUtils.checkPodReadyAndServiceExists;
 import static oracle.weblogic.kubernetes.utils.CommonTestUtils.getHostAndPort;
+import static oracle.weblogic.kubernetes.utils.CommonTestUtils.startPortForwardProcess;
+import static oracle.weblogic.kubernetes.utils.CommonTestUtils.stopPortForwardProcess;
 import static oracle.weblogic.kubernetes.utils.CommonTestUtils.testUntil;
 import static oracle.weblogic.kubernetes.utils.CommonTestUtils.verifyCredentials;
 import static oracle.weblogic.kubernetes.utils.CommonTestUtils.withQuickRetryPolicy;
@@ -158,7 +161,11 @@ public static void initAll(@Namespaces(3) List<String> namespaces) {
    * the cluster and accessible from all the managed server pods 
    * Make sure two external NodePort services are created in domain namespace.
    * Make sure WebLogic console is accessible through both 
-   *   `default-secure` service and `default` service.  
+   *   `default-secure` service and `default` service.
+   *
+   * Negative test case for when domain resource attribute domain.spec.adminServer.adminChannelPortForwardingEnabled
+   * is set to false, the WLS admin console can not be accessed using the forwarded port, like
+   * http://localhost:localPort/console/login/LoginForm.jsp.
    */
   @Test
   @Order(1)
@@ -168,6 +175,9 @@ void testCreateMiiDomain() {
     final String adminServerPodName = domainUid + "-admin-server";
     final String managedServerPrefix = domainUid + "-managed-server";
     final int replicaCount = 2;
+    final String hostName = "localhost";
+    final int adminServerPort = 7001;
+    final int adminServerSecurePort = 7008;
 
     // Create the repo secret to pull the image
     // this secret is used only for non-kind cluster
@@ -191,7 +201,7 @@ void testCreateMiiDomain() {
         + "    'admin-server':\n"
         + "       SSL: \n"
         + "         Enabled: true \n"
-        + "         ListenPort: '7008' \n";
+        + "         ListenPort: '" + adminServerSecurePort + "' \n";
     createModelConfigMap(configMapName, yamlString, domainUid);
 
     // create the domain object
@@ -276,6 +286,17 @@ void testCreateMiiDomain() {
       verifyCredentials(adminServerPodName, domainNamespace,
             ADMIN_USERNAME_DEFAULT, ADMIN_PASSWORD_DEFAULT, true);
     }
+
+    // Test that `kubectl port-foward` is able to forward a local port to default channel port (7001 in this test)
+    // and default secure channel port (7002 in this test)
+    // Verify that the WLS admin console can not be accessed using http://localhost:localPort/console/login/LoginForm.jsp
+    String forwardedPortNo = startPortForwardProcess(hostName, domainNamespace, domainUid, adminServerPort);
+    verifyAdminConsoleAccessible(domainNamespace, hostName, forwardedPortNo, false, Boolean.FALSE);
+
+    forwardedPortNo = startPortForwardProcess(hostName, domainNamespace, domainUid, adminServerSecurePort);
+    verifyAdminConsoleAccessible(domainNamespace, hostName, forwardedPortNo, true, Boolean.FALSE);
+
+    stopPortForwardProcess(domainNamespace);
   }
 
   @Test
@@ -807,6 +828,7 @@ private Domain createDomainResourceWithConfigMap(String domainUid,
                     .value("-Djava.security.egd=file:/dev/./urandom ")))
             .adminServer(new AdminServer()
                 .serverStartState("RUNNING")
+                .adminChannelPortForwardingEnabled(false)
                 .serverService(new ServerService()
                     .annotations(keyValueMap)
                     .labels(keyValueMap))

integration-tests/src/test/java/oracle/weblogic/kubernetes/ItParameterizedDomain.java

@@ -396,32 +396,6 @@ void testScaleClustersByPatchingDomainResource(Domain domain) {
     }
   }
 
-  /**
-   * Negative test case for when domain resource attribute domain.spec.adminServer.adminChannelPortForwardingEnabled
-   * is set to false, the WLS admin console can not be accessed using the forwarded port, like
-   * http://localhost:localPort/console/login/LoginForm.jsp
-   */
-  @DisabledIfEnvironmentVariable(named = "OKD", matches = "true")
-  @Test
-  @DisplayName("Forward a local port to admin default and default secure channel port "
-      + "and verify WLS admin console is not accessible")
-  void testPortforwardDisabledInMiiDomain() {
-    Domain domain = createMiiDomainWithMultiClusters(miiDomainUid + "neg", miiDomainNamespace, "negativeTest");
-    assertDomainNotNull(domain);
-
-    String domainUid = domain.getSpec().getDomainUid();
-    String domainNamespace = domain.getMetadata().getNamespace();
-    final String hostName = "localhost";
-
-    String forwardedPortNo = startPortForwardProcess(hostName, domainNamespace, domainUid, ADMIN_SERVER_PORT);
-    verifyAdminConsoleAccessible(domainNamespace, hostName, forwardedPortNo, false, Boolean.FALSE);
-
-    forwardedPortNo = startPortForwardProcess(hostName, domainNamespace, domainUid, ADMIN_SERVER_SECURE_PORT);
-    verifyAdminConsoleAccessible(domainNamespace, hostName, forwardedPortNo, true, Boolean.FALSE);
-
-    stopPortForwardProcess(domainNamespace);
-  }
-
   /**
    * Scale cluster using REST API for three different type of domains.
    * i.e. domain-on-pv, domain-in-image and model-in-image
@@ -923,13 +897,7 @@ public void tearDownAll() {
    * @return oracle.weblogic.domain.Domain objects
    */
   private static Domain createMiiDomainWithMultiClusters(String domainUid,
-                                                         String domainNamespace,
-                                                         String... args) {
-
-    boolean adminChannelPortForwardingEnabled = (args.length == 0) ? true : false;
-    logger.info("Creating a Domain with adminChannelPortForwardingEnabled = {0}",
-        adminChannelPortForwardingEnabled);
-
+                                                         String domainNamespace) {
     // admin/managed server name here should match with WDT model yaml file
     String adminServerPodName = domainUid + "-" + ADMIN_SERVER_NAME_BASE;
 
@@ -939,17 +907,15 @@ private static Domain createMiiDomainWithMultiClusters(String domainUid,
     createOcirRepoSecret(domainNamespace);
 
     String adminSecretName = "weblogic-credentials";
-    if (adminChannelPortForwardingEnabled) {
-      // create secret for admin credentials
-      logger.info("Creating secret for admin credentials");
-      createSecretWithUsernamePassword(adminSecretName, domainNamespace,
-          ADMIN_USERNAME_DEFAULT, ADMIN_PASSWORD_DEFAULT);
-
-      // create encryption secret
-      logger.info("Creating encryption secret");
-      createSecretWithUsernamePassword(encryptionSecretName, domainNamespace,
-          "weblogicenc", "weblogicenc");
-    }
+    // create secret for admin credentials
+    logger.info("Creating secret for admin credentials");
+    createSecretWithUsernamePassword(adminSecretName, domainNamespace,
+        ADMIN_USERNAME_DEFAULT, ADMIN_PASSWORD_DEFAULT);
+
+    // create encryption secret
+    logger.info("Creating encryption secret");
+    createSecretWithUsernamePassword(encryptionSecretName, domainNamespace,
+        "weblogicenc", "weblogicenc");
 
     // construct the cluster list used for domain custom resource
     List<Cluster> clusterList = new ArrayList<>();
@@ -994,7 +960,7 @@ private static Domain createMiiDomainWithMultiClusters(String domainUid,
                     .limits(resourceLimit)))
             .adminServer(new AdminServer()
                 .serverStartState("RUNNING")
-                .adminChannelPortForwardingEnabled(adminChannelPortForwardingEnabled)
+                .adminChannelPortForwardingEnabled(true)
                 .adminService(new AdminService()
                     .addChannelsItem(new Channel()
                         .channelName("default-secure")