def _build_secret_hash(secret_name, user, password):
"""
Build a hash for a single secret, for use with the create secrets script template.
:param secret_name: the name of the secret
:param user: the associated user name, or None
:param password: the associated password
:return: a secret hash
"""
if user:
message = exception_helper.get_message("WLSDPLY-01664", USER_TAG,
PASSWORD_TAG, secret_name)
return {
'secretName': secret_name,
'user': user,
'password': password,
'comments': [{
'comment': message
}]
}
else:
message = exception_helper.get_message("WLSDPLY-01663", PASSWORD_TAG,
secret_name)
return {
'secretName': secret_name,
'password': password,
'comments': [{
'comment': message
}]
}
def write_variables(program_name, variable_map, file_path, append=False):
"""
Write the dictionary of variables to the specified file.
:param program_name: name of tool that invoked the method which will be written to the variable properties file
:param variable_map: the dictionary of variables
:param file_path: the file to which to write the properties
:param append: defaults to False. Append properties to the end of file
:raises VariableException if an error occurs while storing the variables in the file
"""
_method_name = 'write_variables'
_logger.entering(program_name, file_path, append, class_name=_class_name, method_name=_method_name)
props = Properties()
for key in variable_map:
value = variable_map[key]
props.setProperty(key, value)
comment = exception_helper.get_message('WLSDPLY-01731', program_name)
output_stream = None
try:
output_stream = FileOutputStream(File(file_path), Boolean(append))
props.store(output_stream, comment)
output_stream.close()
except IOException, ioe:
ex = exception_helper.create_variable_exception('WLSDPLY-20007', file_path,
ioe.getLocalizedMessage(), error=ioe)
_logger.throwing(ex, class_name=_class_name, method_name=_method_name)
if output_stream is not None:
output_stream.close()
raise ex
def _finalize_folder(self, current_folder, past_folder, change_folder,
location):
"""
Perform any adjustments after a folder has been evaluated.
:param current_folder: folder in the current model
:param past_folder: corresponding folder in the past model
:param change_folder: the folder with the changed attributes and sub-folders
:param location: the location for the specified folders
"""
_method_name = '_finalize_folder'
folder_path = []
if location is not None:
folder_path = location.get_model_folders()
# Application and Library should include SourcePath if they have any other elements
if (len(folder_path) == 1) and (folder_path[0]
in self.SOURCE_PATH_FOLDERS):
if change_folder and (SOURCE_PATH not in change_folder):
# if SourcePath not present, past and current folder had matching values
source_path = dictionary_utils.get_element(
current_folder, SOURCE_PATH)
if source_path is not None:
comment = exception_helper.get_message(
'WLSDPLY-05714', SOURCE_PATH)
_add_comment(comment, change_folder)
change_folder[SOURCE_PATH] = source_path
def generate_k8s_script(model_context, token_dictionary, model_dictionary):
"""
Generate a shell script for creating k8s secrets.
:param model_context: used to determine output directory
:param token_dictionary: contains every token
:param model_dictionary: used to determine domain UID
"""
target_config = model_context.get_target_configuration()
if not target_config.requires_secrets_script():
return
# determine the domain name and UID
topology = dictionary_utils.get_dictionary_element(model_dictionary,
TOPOLOGY)
domain_name = dictionary_utils.get_element(topology, NAME)
if domain_name is None:
domain_name = DEFAULT_WLS_DOMAIN_NAME
domain_uid = k8s_helper.get_domain_uid(domain_name)
nl = '\n'
file_location = model_context.get_kubernetes_output_dir()
k8s_file = os.path.join(file_location, "create_k8s_secrets.sh")
k8s_script = open(k8s_file, 'w')
k8s_script.write('#!/bin/bash' + nl)
k8s_script.write(nl)
k8s_script.write('set -eu' + nl)
k8s_script.write(nl)
message = exception_helper.get_message("WLSDPLY-01665", ADMIN_USER_TAG,
ADMIN_PASSWORD_TAG)
k8s_script.write("# " + message + nl)
k8s_script.write('NAMESPACE=default' + nl)
k8s_script.write('DOMAIN_UID=' + domain_uid + nl)
k8s_script.write(nl)
k8s_script.write('function create_k8s_secret {' + nl)
k8s_script.write(
' kubectl -n $NAMESPACE delete secret ${DOMAIN_UID}-$1 --ignore-not-found'
+ nl)
k8s_script.write(
' kubectl -n $NAMESPACE create secret generic ${DOMAIN_UID}-$1 --from-literal=password=$2'
+ nl)
k8s_script.write(
' kubectl -n $NAMESPACE label secret ${DOMAIN_UID}-$1 weblogic.domainUID=${DOMAIN_UID}'
+ nl)
k8s_script.write('}' + nl)
k8s_script.write(nl)
k8s_script.write('function create_paired_k8s_secret {' + nl)
k8s_script.write(
' kubectl -n $NAMESPACE delete secret ${DOMAIN_UID}-$1 --ignore-not-found'
+ nl)
k8s_script.write(
' kubectl -n $NAMESPACE create secret generic ${DOMAIN_UID}-$1' +
' --from-literal=username=$2 --from-literal=password=$3' + nl)
k8s_script.write(
' kubectl -n $NAMESPACE label secret ${DOMAIN_UID}-$1 weblogic.domainUID=${DOMAIN_UID}'
+ nl)
k8s_script.write('}' + nl)
command_string = "create_paired_k8s_secret %s %s %s" \
% (WEBLOGIC_CREDENTIALS_SECRET_NAME, ADMIN_USER_TAG, ADMIN_PASSWORD_TAG)
k8s_script.write(nl)
message = exception_helper.get_message("WLSDPLY-01664", ADMIN_USER_TAG,
ADMIN_PASSWORD_TAG,
WEBLOGIC_CREDENTIALS_SECRET_NAME)
k8s_script.write("# " + message + nl)
k8s_script.write(command_string + nl)
for property_name in token_dictionary:
# AdminPassword, AdminUser are created separately,
# and SecurityConfig.NodeManagerPasswordEncrypted is the short name which filters out
if property_name in [
'AdminPassword', 'AdminUserName',
'SecurityConfig.NodeManagerPasswordEncrypted'
]:
continue
user_name = find_user_name(property_name, model_dictionary)
secret_name = _create_secret_name(property_name)
if user_name is None:
message = exception_helper.get_message("WLSDPLY-01663",
PASSWORD_TAG, secret_name)
command_string = "create_k8s_secret %s %s " \
% (secret_name, PASSWORD_TAG)
else:
message = exception_helper.get_message("WLSDPLY-01664", USER_TAG,
PASSWORD_TAG, secret_name)
command_string = "create_paired_k8s_secret %s %s %s " \
% (secret_name, user_name, PASSWORD_TAG)
k8s_script.write(nl)
k8s_script.write("# " + message + nl)
k8s_script.write(command_string + nl)
k8s_script.close()
FileUtils.chmod(k8s_file, 0750)
def generate_k8s_script(model_context, token_dictionary, model_dictionary, exception_type):
"""
Generate a shell script for creating k8s secrets.
:param model_context: used to determine output directory
:param token_dictionary: contains every token
:param model_dictionary: used to determine domain UID
:param exception_type: type of exception to throw
"""
# determine the domain name and UID
topology = dictionary_utils.get_dictionary_element(model_dictionary, TOPOLOGY)
domain_name = dictionary_utils.get_element(topology, NAME)
if domain_name is None:
domain_name = DEFAULT_WLS_DOMAIN_NAME
domain_uid = k8s_helper.get_domain_uid(domain_name)
comment = exception_helper.get_message("WLSDPLY-01665")
script_hash = {'domainUid': domain_uid, 'topComment': comment}
# build a map of secret names (jdbc-generic1) to keys (username, password)
secret_map = {}
for property_name in token_dictionary:
halves = property_name.split(':', 1)
value = token_dictionary[property_name]
if len(halves) == 2:
secret_name = halves[0]
# admin credentials are inserted later, at the top of the list
if secret_name == WEBLOGIC_CREDENTIALS_SECRET_NAME:
continue
secret_key = halves[1]
if secret_name not in secret_map:
secret_map[secret_name] = {}
secret_keys = secret_map[secret_name]
secret_keys[secret_key] = value
# update the hash with secrets and paired secrets
secrets = []
paired_secrets = [_build_secret_hash(WEBLOGIC_CREDENTIALS_SECRET_NAME, USER_TAG, PASSWORD_TAG)]
secret_names = secret_map.keys()
secret_names.sort()
for secret_name in secret_names:
secret_keys = secret_map[secret_name]
user_name = dictionary_utils.get_element(secret_keys, SECRET_USERNAME_KEY)
if user_name is None:
secrets.append(_build_secret_hash(secret_name, None, PASSWORD_TAG))
else:
paired_secrets.append(_build_secret_hash(secret_name, user_name, PASSWORD_TAG))
script_hash['secrets'] = secrets
script_hash['pairedSecrets'] = paired_secrets
script_hash['longMessage'] = exception_helper.get_message('WLSDPLY-01667', '${LONG_SECRETS_COUNT}')
long_messages = [
{'text': exception_helper.get_message('WLSDPLY-01668')},
{'text': exception_helper.get_message('WLSDPLY-01669')},
{'text': exception_helper.get_message('WLSDPLY-01670')}
]
script_hash['longMessageDetails'] = long_messages
file_location = model_context.get_output_dir()
k8s_file = File(file_location, K8S_SCRIPT_NAME)
file_template_helper.create_file_from_resource(K8S_SCRIPT_RESOURCE_PATH, script_hash, k8s_file, exception_type)
FileUtils.chmod(k8s_file.getPath(), 0750)
def generate_k8s_script(model_context, token_dictionary, model_dictionary):
"""
Generate a shell script for creating k8s secrets.
:param model_context: used to determine output directory
:param token_dictionary: contains every token
:param model_dictionary: used to determine domain UID
"""
# determine the domain name and UID
topology = dictionary_utils.get_dictionary_element(model_dictionary,
TOPOLOGY)
domain_name = dictionary_utils.get_element(topology, NAME)
if domain_name is None:
domain_name = DEFAULT_WLS_DOMAIN_NAME
domain_uid = k8s_helper.get_domain_uid(domain_name)
nl = '\n'
file_location = model_context.get_kubernetes_output_dir()
k8s_file = os.path.join(file_location, "create_k8s_secrets.sh")
k8s_script = open(k8s_file, 'w')
k8s_script.write('#!/bin/bash' + nl)
k8s_script.write(nl)
k8s_script.write('set -eu' + nl)
k8s_script.write(nl)
message = exception_helper.get_message("WLSDPLY-01665", ADMIN_USER_TAG,
ADMIN_PASSWORD_TAG)
k8s_script.write("# " + message + nl)
k8s_script.write('NAMESPACE=default' + nl)
k8s_script.write('DOMAIN_UID=' + domain_uid + nl)
k8s_script.write(nl)
k8s_script.write('function create_k8s_secret {' + nl)
k8s_script.write(
' kubectl -n $NAMESPACE delete secret ${DOMAIN_UID}-$1 --ignore-not-found'
+ nl)
k8s_script.write(
' kubectl -n $NAMESPACE create secret generic ${DOMAIN_UID}-$1 --from-literal=password=$2'
+ nl)
k8s_script.write(
' kubectl -n $NAMESPACE label secret ${DOMAIN_UID}-$1 weblogic.domainUID=${DOMAIN_UID}'
+ nl)
k8s_script.write('}' + nl)
k8s_script.write(nl)
k8s_script.write('function create_paired_k8s_secret {' + nl)
k8s_script.write(
' kubectl -n $NAMESPACE delete secret ${DOMAIN_UID}-$1 --ignore-not-found'
+ nl)
k8s_script.write(
' kubectl -n $NAMESPACE create secret generic ${DOMAIN_UID}-$1' +
' --from-literal=username=$2 --from-literal=password=$3' + nl)
k8s_script.write(
' kubectl -n $NAMESPACE label secret ${DOMAIN_UID}-$1 weblogic.domainUID=${DOMAIN_UID}'
+ nl)
k8s_script.write('}' + nl)
command_string = "create_paired_k8s_secret %s %s %s" \
% (WEBLOGIC_CREDENTIALS_SECRET_NAME, ADMIN_USER_TAG, ADMIN_PASSWORD_TAG)
k8s_script.write(nl)
message = exception_helper.get_message("WLSDPLY-01664", ADMIN_USER_TAG,
ADMIN_PASSWORD_TAG,
WEBLOGIC_CREDENTIALS_SECRET_NAME)
k8s_script.write("# " + message + nl)
k8s_script.write(command_string + nl)
# build a map of secret names (jdbc-generic1) to keys (username, password)
secret_map = {}
for property_name in token_dictionary:
halves = property_name.split(':', 1)
value = token_dictionary[property_name]
if len(halves) == 2:
secret_name = halves[0]
# admin credentials are hard-coded in the script, to be first in the list
if secret_name == WEBLOGIC_CREDENTIALS_SECRET_NAME:
continue
secret_key = halves[1]
if secret_name not in secret_map:
secret_map[secret_name] = {}
secret_keys = secret_map[secret_name]
secret_keys[secret_key] = value
secret_names = secret_map.keys()
secret_names.sort()
for secret_name in secret_names:
secret_keys = secret_map[secret_name]
user_name = dictionary_utils.get_element(secret_keys,
SECRET_USERNAME_KEY)
if user_name is None:
message = exception_helper.get_message("WLSDPLY-01663",
PASSWORD_TAG, secret_name)
command_string = "create_k8s_secret %s %s " \
% (secret_name, PASSWORD_TAG)
else:
message = exception_helper.get_message("WLSDPLY-01664", USER_TAG,
PASSWORD_TAG, secret_name)
command_string = "create_paired_k8s_secret %s %s %s " \
% (secret_name, user_name, PASSWORD_TAG)
k8s_script.write(nl)
k8s_script.write("# " + message + nl)
k8s_script.write(command_string + nl)
k8s_script.close()
FileUtils.chmod(k8s_file, 0750)
