def testSecretWithoutWlsCredName(self): self.assertEqual( '@@SECRET:@@ENV:DOMAIN_UID@@-weblogic-credentials:username@@', HELPER.format_as_secret_token( HELPER.WEBLOGIC_CREDENTIALS_SECRET_NAME + ':username', self.target_without_cred_name)) self.assertEqual( '@@SECRET:@@ENV:DOMAIN_UID@@-weblogic-credentials:password@@', HELPER.format_as_secret_token( HELPER.WEBLOGIC_CREDENTIALS_SECRET_NAME + ':password', self.target_without_cred_name)) self.assertEqual( '@@SECRET:@@ENV:DOMAIN_UID@@-something-else:password@@', HELPER.format_as_secret_token('something-else:password', self.target_without_cred_name))
def _process_attribute(self, model, attribute, location, injector_values): _method_name = '_process_attribute' _logger.entering(attribute, location.get_folder_path(), class_name=_class_name, method_name=_method_name) variable_dict = OrderedDict() variable_name = None variable_value = None attribute_value = model[attribute] if not _already_property(attribute_value): variable_name = variable_injector_functions.format_variable_name( location, attribute, self.__aliases) variable_value = _format_variable_value(attribute_value) credentials_method = self.__model_context.get_target_configuration( ).get_credentials_method() # for credentials_method: secrets, assign a secret token to the attribute if credentials_method == SECRETS_METHOD \ and variable_value == alias_constants.PASSWORD_TOKEN: model[ attribute] = target_configuration_helper.format_as_secret_token( variable_name) # for config_override_secrets, assign a placeholder value to the attribute elif credentials_method == CONFIG_OVERRIDES_SECRETS_METHOD \ and variable_value == alias_constants.PASSWORD_TOKEN: if attribute == ADMIN_USERNAME: model[ attribute] = target_configuration_helper.ADMINUSER_PLACEHOLDER else: model[ attribute] = target_configuration_helper.PASSWORD_PLACEHOLDER else: model[attribute] = _format_as_property(variable_name) _logger.fine('WLSDPLY-19525', variable_name, attribute_value, attribute, variable_value, class_name=_class_name, method_name=_method_name) else: _logger.finer('WLSDPLY-19526', attribute_value, attribute, str(location), class_name=_class_name, method_name=_method_name) if variable_value is not None: variable_dict[variable_name] = self._check_replace_variable_value( location, attribute, variable_value, injector_values) _logger.exiting(class_name=_class_name, method_name=_method_name, result=variable_value) return variable_dict
def __substitute_password_with_token(self, model_path, attribute_name, validation_location): """ Add the secret for the specified attribute to the cache. If the target specifies credentials_method: secrets, substitute the secret token into the model. :param model_path: text representation of the model path :param attribute_name: the name of the attribute or (property) :param validation_location: the model location """ model_path_tokens = model_path.split('/') tokens_length = len(model_path_tokens) variable_name = variable_injector_functions.format_variable_name( validation_location, attribute_name, self._aliases) if tokens_length > 1: credentials_method = self.model_context.get_target_configuration( ).get_credentials_method() # by default, don't do any assignment to attribute model_value = None # use attribute name for admin password if model_path_tokens[0] == 'domainInfo:' and model_path_tokens[ 1] == '': cache_key = attribute_name else: cache_key = variable_name # for normal secrets, assign the secret name to the attribute if credentials_method == SECRETS_METHOD: model_value = target_configuration_helper.format_as_secret_token( cache_key, self.model_context.get_target_configuration()) self.cache[cache_key] = '' # for config override secrets, assign a placeholder password to the attribute. # config overrides will be used to override the value in the target domain. if credentials_method == CONFIG_OVERRIDES_SECRETS_METHOD: if attribute_name == ADMIN_USERNAME: model_value = ADMINUSER_PLACEHOLDER else: model_value = PASSWORD_PLACEHOLDER self.cache[cache_key] = '' if model_value is not None: p_dict = self.current_dict for index in range(0, len(model_path_tokens)): token = model_path_tokens[index] if token == '': break if token[-1] == ':': token = token[:-1] p_dict = p_dict[token] p_dict[attribute_name] = model_value
def get_variable_token(self, attribute, variable_name): """ Override method to possibly create secret tokens instead of property token. :param attribute: the attribute to be examined :param variable_name: the variable name, such as JDBC.Generic1.PasswordEncrypted :return: the complete token name, such as @@SECRET:jdbc-generic1.password@@ """ target_config = self._model_context.get_target_configuration() credentials_method = target_config.get_credentials_method() if credentials_method == SECRETS_METHOD: return target_configuration_helper.format_as_secret_token(variable_name, target_config) elif credentials_method == CONFIG_OVERRIDES_SECRETS_METHOD: return target_configuration_helper.format_as_overrides_secret(variable_name) else: return VariableInjector.get_variable_token(self, attribute, variable_name)