def _build_secret_hash(secret_name, user, password): """ Build a hash for a single secret, for use with the create secrets script template. :param secret_name: the name of the secret :param user: the associated user name, or None :param password: the associated password :return: a secret hash """ if user: message = exception_helper.get_message("WLSDPLY-01664", USER_TAG, PASSWORD_TAG, secret_name) return { 'secretName': secret_name, 'user': user, 'password': password, 'comments': [{ 'comment': message }] } else: message = exception_helper.get_message("WLSDPLY-01663", PASSWORD_TAG, secret_name) return { 'secretName': secret_name, 'password': password, 'comments': [{ 'comment': message }] }
def write_variables(program_name, variable_map, file_path, append=False): """ Write the dictionary of variables to the specified file. :param program_name: name of tool that invoked the method which will be written to the variable properties file :param variable_map: the dictionary of variables :param file_path: the file to which to write the properties :param append: defaults to False. Append properties to the end of file :raises VariableException if an error occurs while storing the variables in the file """ _method_name = 'write_variables' _logger.entering(program_name, file_path, append, class_name=_class_name, method_name=_method_name) props = Properties() for key in variable_map: value = variable_map[key] props.setProperty(key, value) comment = exception_helper.get_message('WLSDPLY-01731', program_name) output_stream = None try: output_stream = FileOutputStream(File(file_path), Boolean(append)) props.store(output_stream, comment) output_stream.close() except IOException, ioe: ex = exception_helper.create_variable_exception('WLSDPLY-20007', file_path, ioe.getLocalizedMessage(), error=ioe) _logger.throwing(ex, class_name=_class_name, method_name=_method_name) if output_stream is not None: output_stream.close() raise ex
def _finalize_folder(self, current_folder, past_folder, change_folder, location): """ Perform any adjustments after a folder has been evaluated. :param current_folder: folder in the current model :param past_folder: corresponding folder in the past model :param change_folder: the folder with the changed attributes and sub-folders :param location: the location for the specified folders """ _method_name = '_finalize_folder' folder_path = [] if location is not None: folder_path = location.get_model_folders() # Application and Library should include SourcePath if they have any other elements if (len(folder_path) == 1) and (folder_path[0] in self.SOURCE_PATH_FOLDERS): if change_folder and (SOURCE_PATH not in change_folder): # if SourcePath not present, past and current folder had matching values source_path = dictionary_utils.get_element( current_folder, SOURCE_PATH) if source_path is not None: comment = exception_helper.get_message( 'WLSDPLY-05714', SOURCE_PATH) _add_comment(comment, change_folder) change_folder[SOURCE_PATH] = source_path
def generate_k8s_script(model_context, token_dictionary, model_dictionary): """ Generate a shell script for creating k8s secrets. :param model_context: used to determine output directory :param token_dictionary: contains every token :param model_dictionary: used to determine domain UID """ target_config = model_context.get_target_configuration() if not target_config.requires_secrets_script(): return # determine the domain name and UID topology = dictionary_utils.get_dictionary_element(model_dictionary, TOPOLOGY) domain_name = dictionary_utils.get_element(topology, NAME) if domain_name is None: domain_name = DEFAULT_WLS_DOMAIN_NAME domain_uid = k8s_helper.get_domain_uid(domain_name) nl = '\n' file_location = model_context.get_kubernetes_output_dir() k8s_file = os.path.join(file_location, "create_k8s_secrets.sh") k8s_script = open(k8s_file, 'w') k8s_script.write('#!/bin/bash' + nl) k8s_script.write(nl) k8s_script.write('set -eu' + nl) k8s_script.write(nl) message = exception_helper.get_message("WLSDPLY-01665", ADMIN_USER_TAG, ADMIN_PASSWORD_TAG) k8s_script.write("# " + message + nl) k8s_script.write('NAMESPACE=default' + nl) k8s_script.write('DOMAIN_UID=' + domain_uid + nl) k8s_script.write(nl) k8s_script.write('function create_k8s_secret {' + nl) k8s_script.write( ' kubectl -n $NAMESPACE delete secret ${DOMAIN_UID}-$1 --ignore-not-found' + nl) k8s_script.write( ' kubectl -n $NAMESPACE create secret generic ${DOMAIN_UID}-$1 --from-literal=password=$2' + nl) k8s_script.write( ' kubectl -n $NAMESPACE label secret ${DOMAIN_UID}-$1 weblogic.domainUID=${DOMAIN_UID}' + nl) k8s_script.write('}' + nl) k8s_script.write(nl) k8s_script.write('function create_paired_k8s_secret {' + nl) k8s_script.write( ' kubectl -n $NAMESPACE delete secret ${DOMAIN_UID}-$1 --ignore-not-found' + nl) k8s_script.write( ' kubectl -n $NAMESPACE create secret generic ${DOMAIN_UID}-$1' + ' --from-literal=username=$2 --from-literal=password=$3' + nl) k8s_script.write( ' kubectl -n $NAMESPACE label secret ${DOMAIN_UID}-$1 weblogic.domainUID=${DOMAIN_UID}' + nl) k8s_script.write('}' + nl) command_string = "create_paired_k8s_secret %s %s %s" \ % (WEBLOGIC_CREDENTIALS_SECRET_NAME, ADMIN_USER_TAG, ADMIN_PASSWORD_TAG) k8s_script.write(nl) message = exception_helper.get_message("WLSDPLY-01664", ADMIN_USER_TAG, ADMIN_PASSWORD_TAG, WEBLOGIC_CREDENTIALS_SECRET_NAME) k8s_script.write("# " + message + nl) k8s_script.write(command_string + nl) for property_name in token_dictionary: # AdminPassword, AdminUser are created separately, # and SecurityConfig.NodeManagerPasswordEncrypted is the short name which filters out if property_name in [ 'AdminPassword', 'AdminUserName', 'SecurityConfig.NodeManagerPasswordEncrypted' ]: continue user_name = find_user_name(property_name, model_dictionary) secret_name = _create_secret_name(property_name) if user_name is None: message = exception_helper.get_message("WLSDPLY-01663", PASSWORD_TAG, secret_name) command_string = "create_k8s_secret %s %s " \ % (secret_name, PASSWORD_TAG) else: message = exception_helper.get_message("WLSDPLY-01664", USER_TAG, PASSWORD_TAG, secret_name) command_string = "create_paired_k8s_secret %s %s %s " \ % (secret_name, user_name, PASSWORD_TAG) k8s_script.write(nl) k8s_script.write("# " + message + nl) k8s_script.write(command_string + nl) k8s_script.close() FileUtils.chmod(k8s_file, 0750)
def generate_k8s_script(model_context, token_dictionary, model_dictionary, exception_type): """ Generate a shell script for creating k8s secrets. :param model_context: used to determine output directory :param token_dictionary: contains every token :param model_dictionary: used to determine domain UID :param exception_type: type of exception to throw """ # determine the domain name and UID topology = dictionary_utils.get_dictionary_element(model_dictionary, TOPOLOGY) domain_name = dictionary_utils.get_element(topology, NAME) if domain_name is None: domain_name = DEFAULT_WLS_DOMAIN_NAME domain_uid = k8s_helper.get_domain_uid(domain_name) comment = exception_helper.get_message("WLSDPLY-01665") script_hash = {'domainUid': domain_uid, 'topComment': comment} # build a map of secret names (jdbc-generic1) to keys (username, password) secret_map = {} for property_name in token_dictionary: halves = property_name.split(':', 1) value = token_dictionary[property_name] if len(halves) == 2: secret_name = halves[0] # admin credentials are inserted later, at the top of the list if secret_name == WEBLOGIC_CREDENTIALS_SECRET_NAME: continue secret_key = halves[1] if secret_name not in secret_map: secret_map[secret_name] = {} secret_keys = secret_map[secret_name] secret_keys[secret_key] = value # update the hash with secrets and paired secrets secrets = [] paired_secrets = [_build_secret_hash(WEBLOGIC_CREDENTIALS_SECRET_NAME, USER_TAG, PASSWORD_TAG)] secret_names = secret_map.keys() secret_names.sort() for secret_name in secret_names: secret_keys = secret_map[secret_name] user_name = dictionary_utils.get_element(secret_keys, SECRET_USERNAME_KEY) if user_name is None: secrets.append(_build_secret_hash(secret_name, None, PASSWORD_TAG)) else: paired_secrets.append(_build_secret_hash(secret_name, user_name, PASSWORD_TAG)) script_hash['secrets'] = secrets script_hash['pairedSecrets'] = paired_secrets script_hash['longMessage'] = exception_helper.get_message('WLSDPLY-01667', '${LONG_SECRETS_COUNT}') long_messages = [ {'text': exception_helper.get_message('WLSDPLY-01668')}, {'text': exception_helper.get_message('WLSDPLY-01669')}, {'text': exception_helper.get_message('WLSDPLY-01670')} ] script_hash['longMessageDetails'] = long_messages file_location = model_context.get_output_dir() k8s_file = File(file_location, K8S_SCRIPT_NAME) file_template_helper.create_file_from_resource(K8S_SCRIPT_RESOURCE_PATH, script_hash, k8s_file, exception_type) FileUtils.chmod(k8s_file.getPath(), 0750)
def generate_k8s_script(model_context, token_dictionary, model_dictionary): """ Generate a shell script for creating k8s secrets. :param model_context: used to determine output directory :param token_dictionary: contains every token :param model_dictionary: used to determine domain UID """ # determine the domain name and UID topology = dictionary_utils.get_dictionary_element(model_dictionary, TOPOLOGY) domain_name = dictionary_utils.get_element(topology, NAME) if domain_name is None: domain_name = DEFAULT_WLS_DOMAIN_NAME domain_uid = k8s_helper.get_domain_uid(domain_name) nl = '\n' file_location = model_context.get_kubernetes_output_dir() k8s_file = os.path.join(file_location, "create_k8s_secrets.sh") k8s_script = open(k8s_file, 'w') k8s_script.write('#!/bin/bash' + nl) k8s_script.write(nl) k8s_script.write('set -eu' + nl) k8s_script.write(nl) message = exception_helper.get_message("WLSDPLY-01665", ADMIN_USER_TAG, ADMIN_PASSWORD_TAG) k8s_script.write("# " + message + nl) k8s_script.write('NAMESPACE=default' + nl) k8s_script.write('DOMAIN_UID=' + domain_uid + nl) k8s_script.write(nl) k8s_script.write('function create_k8s_secret {' + nl) k8s_script.write( ' kubectl -n $NAMESPACE delete secret ${DOMAIN_UID}-$1 --ignore-not-found' + nl) k8s_script.write( ' kubectl -n $NAMESPACE create secret generic ${DOMAIN_UID}-$1 --from-literal=password=$2' + nl) k8s_script.write( ' kubectl -n $NAMESPACE label secret ${DOMAIN_UID}-$1 weblogic.domainUID=${DOMAIN_UID}' + nl) k8s_script.write('}' + nl) k8s_script.write(nl) k8s_script.write('function create_paired_k8s_secret {' + nl) k8s_script.write( ' kubectl -n $NAMESPACE delete secret ${DOMAIN_UID}-$1 --ignore-not-found' + nl) k8s_script.write( ' kubectl -n $NAMESPACE create secret generic ${DOMAIN_UID}-$1' + ' --from-literal=username=$2 --from-literal=password=$3' + nl) k8s_script.write( ' kubectl -n $NAMESPACE label secret ${DOMAIN_UID}-$1 weblogic.domainUID=${DOMAIN_UID}' + nl) k8s_script.write('}' + nl) command_string = "create_paired_k8s_secret %s %s %s" \ % (WEBLOGIC_CREDENTIALS_SECRET_NAME, ADMIN_USER_TAG, ADMIN_PASSWORD_TAG) k8s_script.write(nl) message = exception_helper.get_message("WLSDPLY-01664", ADMIN_USER_TAG, ADMIN_PASSWORD_TAG, WEBLOGIC_CREDENTIALS_SECRET_NAME) k8s_script.write("# " + message + nl) k8s_script.write(command_string + nl) # build a map of secret names (jdbc-generic1) to keys (username, password) secret_map = {} for property_name in token_dictionary: halves = property_name.split(':', 1) value = token_dictionary[property_name] if len(halves) == 2: secret_name = halves[0] # admin credentials are hard-coded in the script, to be first in the list if secret_name == WEBLOGIC_CREDENTIALS_SECRET_NAME: continue secret_key = halves[1] if secret_name not in secret_map: secret_map[secret_name] = {} secret_keys = secret_map[secret_name] secret_keys[secret_key] = value secret_names = secret_map.keys() secret_names.sort() for secret_name in secret_names: secret_keys = secret_map[secret_name] user_name = dictionary_utils.get_element(secret_keys, SECRET_USERNAME_KEY) if user_name is None: message = exception_helper.get_message("WLSDPLY-01663", PASSWORD_TAG, secret_name) command_string = "create_k8s_secret %s %s " \ % (secret_name, PASSWORD_TAG) else: message = exception_helper.get_message("WLSDPLY-01664", USER_TAG, PASSWORD_TAG, secret_name) command_string = "create_paired_k8s_secret %s %s %s " \ % (secret_name, user_name, PASSWORD_TAG) k8s_script.write(nl) k8s_script.write("# " + message + nl) k8s_script.write(command_string + nl) k8s_script.close() FileUtils.chmod(k8s_file, 0750)