def testSecretWithoutWlsCredName(self):
self.assertEqual(
'@@SECRET:@@ENV:DOMAIN_UID@@-weblogic-credentials:username@@',
HELPER.format_as_secret_token(
HELPER.WEBLOGIC_CREDENTIALS_SECRET_NAME + ':username',
self.target_without_cred_name))
self.assertEqual(
'@@SECRET:@@ENV:DOMAIN_UID@@-weblogic-credentials:password@@',
HELPER.format_as_secret_token(
HELPER.WEBLOGIC_CREDENTIALS_SECRET_NAME + ':password',
self.target_without_cred_name))
self.assertEqual(
'@@SECRET:@@ENV:DOMAIN_UID@@-something-else:password@@',
HELPER.format_as_secret_token('something-else:password',
self.target_without_cred_name))
def _process_attribute(self, model, attribute, location, injector_values):
_method_name = '_process_attribute'
_logger.entering(attribute,
location.get_folder_path(),
class_name=_class_name,
method_name=_method_name)
variable_dict = OrderedDict()
variable_name = None
variable_value = None
attribute_value = model[attribute]
if not _already_property(attribute_value):
variable_name = variable_injector_functions.format_variable_name(
location, attribute, self.__aliases)
variable_value = _format_variable_value(attribute_value)
credentials_method = self.__model_context.get_target_configuration(
).get_credentials_method()
# for credentials_method: secrets, assign a secret token to the attribute
if credentials_method == SECRETS_METHOD \
and variable_value == alias_constants.PASSWORD_TOKEN:
model[
attribute] = target_configuration_helper.format_as_secret_token(
variable_name)
# for config_override_secrets, assign a placeholder value to the attribute
elif credentials_method == CONFIG_OVERRIDES_SECRETS_METHOD \
and variable_value == alias_constants.PASSWORD_TOKEN:
if attribute == ADMIN_USERNAME:
model[
attribute] = target_configuration_helper.ADMINUSER_PLACEHOLDER
else:
model[
attribute] = target_configuration_helper.PASSWORD_PLACEHOLDER
else:
model[attribute] = _format_as_property(variable_name)
_logger.fine('WLSDPLY-19525',
variable_name,
attribute_value,
attribute,
variable_value,
class_name=_class_name,
method_name=_method_name)
else:
_logger.finer('WLSDPLY-19526',
attribute_value,
attribute,
str(location),
class_name=_class_name,
method_name=_method_name)
if variable_value is not None:
variable_dict[variable_name] = self._check_replace_variable_value(
location, attribute, variable_value, injector_values)
_logger.exiting(class_name=_class_name,
method_name=_method_name,
result=variable_value)
return variable_dict
def __substitute_password_with_token(self, model_path, attribute_name,
validation_location):
"""
Add the secret for the specified attribute to the cache.
If the target specifies credentials_method: secrets, substitute the secret token into the model.
:param model_path: text representation of the model path
:param attribute_name: the name of the attribute or (property)
:param validation_location: the model location
"""
model_path_tokens = model_path.split('/')
tokens_length = len(model_path_tokens)
variable_name = variable_injector_functions.format_variable_name(
validation_location, attribute_name, self._aliases)
if tokens_length > 1:
credentials_method = self.model_context.get_target_configuration(
).get_credentials_method()
# by default, don't do any assignment to attribute
model_value = None
# use attribute name for admin password
if model_path_tokens[0] == 'domainInfo:' and model_path_tokens[
1] == '':
cache_key = attribute_name
else:
cache_key = variable_name
# for normal secrets, assign the secret name to the attribute
if credentials_method == SECRETS_METHOD:
model_value = target_configuration_helper.format_as_secret_token(
cache_key, self.model_context.get_target_configuration())
self.cache[cache_key] = ''
# for config override secrets, assign a placeholder password to the attribute.
# config overrides will be used to override the value in the target domain.
if credentials_method == CONFIG_OVERRIDES_SECRETS_METHOD:
if attribute_name == ADMIN_USERNAME:
model_value = ADMINUSER_PLACEHOLDER
else:
model_value = PASSWORD_PLACEHOLDER
self.cache[cache_key] = ''
if model_value is not None:
p_dict = self.current_dict
for index in range(0, len(model_path_tokens)):
token = model_path_tokens[index]
if token == '':
break
if token[-1] == ':':
token = token[:-1]
p_dict = p_dict[token]
p_dict[attribute_name] = model_value
def get_variable_token(self, attribute, variable_name):
"""
Override method to possibly create secret tokens instead of property token.
:param attribute: the attribute to be examined
:param variable_name: the variable name, such as JDBC.Generic1.PasswordEncrypted
:return: the complete token name, such as @@SECRET:jdbc-generic1.password@@
"""
target_config = self._model_context.get_target_configuration()
credentials_method = target_config.get_credentials_method()
if credentials_method == SECRETS_METHOD:
return target_configuration_helper.format_as_secret_token(variable_name, target_config)
elif credentials_method == CONFIG_OVERRIDES_SECRETS_METHOD:
return target_configuration_helper.format_as_overrides_secret(variable_name)
else:
return VariableInjector.get_variable_token(self, attribute, variable_name)
