def encrypt_model_dictionary(self, model_dict): """ Encrypt the model dictionary (and referenced variables, if provided) using the specified passphrase. :param model_dict: the model dictionary :return: the number of model elements encrypted, and the number of variables encrypted :raises EncryptionException if an error occurs """ if model.get_model_domain_info_key() in model_dict: domain_info_dict = model_dict[model.get_model_domain_info_key()] self._encrypt_info_nodes(domain_info_dict) if model.get_model_topology_key() in model_dict: top_folder_names = self.alias_helper.get_model_topology_top_level_folder_names() topology_nodes = model_dict[model.get_model_topology_key()] location = LocationContext() self._encrypt_nodes(location, topology_nodes, top_folder_names) if model.get_model_resources_key() in model_dict: top_folder_names = self.alias_helper.get_model_resources_top_level_folder_names() resources_nodes = model_dict[model.get_model_resources_key()] location = LocationContext() self._encrypt_nodes(location, resources_nodes, top_folder_names) if model.get_model_deployments_key() in model_dict: top_folder_names = self.alias_helper.get_model_app_deployments_top_level_folder_names() deployments_nodes = model_dict[model.get_model_deployments_key()] location = LocationContext() self._encrypt_nodes(location, deployments_nodes, top_folder_names) return self.model_changes, self.variable_changes
def __init__(self): self._validation_result_dict = { '%s Section' % model.get_model_domain_info_key(): None, '%s Section' % model.get_model_topology_key(): None, '%s Section' % model.get_model_deployments_key(): None, '%s Section' % model.get_model_resources_key(): None }
def __init__(self, program_name, model, model_context, version=None, variable_dictionary=None): """ Construct an instance of the injector with the model and information used by the injector. :param program_name: name of the calling tool :param model: to be updated with variables :param model_context: context with command line information :param version: of model if model context is not provided """ self.__program_name = program_name self.__original = copy.deepcopy(model) self.__model = model self.__model_context = model_context if self.__model_context: self.__wlst_mode = self.__model_context.get_target_wlst_mode() else: self.__wlst_mode = WlstModes.OFFLINE self.__section_keys = model_sections.get_model_top_level_keys() self.__section_keys.remove(model_sections.get_model_domain_info_key()) if version: self.__aliases = Aliases(model_context, wlst_mode=self.__wlst_mode, wls_version=version) else: self.__aliases = Aliases(model_context) self.__variable_dictionary = variable_dictionary
def __init__(self): self._validation_result_dict = { '%s Section' % model.get_model_domain_info_key(): None, '%s Section' % model.get_model_topology_key(): None, '%s Section' % model.get_model_deployments_key(): None, '%s Section' % model.get_model_resources_key(): None, '%s Section' % model_constants.GLOBAL_VARIABLE_SUBSTITUTION: None }
def encrypt_model_dictionary(passphrase, model_dict, variables=None): """ Encrypt the model dictionary (and referenced variables, if provided) using the specified passphrase. :param passphrase: the passphrase used to encrypt/decrypt the passwords :param model_dict: the model dictionary :param variables: the variables property object :raises EncryptionException if an error occurs """ _initialize_password_field_names() model_changes = 0 variable_changes = 0 if model.get_model_domain_info_key() in model_dict: domain_info_dict = model_dict[model.get_model_domain_info_key()] _model_changes, _variable_changes = \ _search_and_replace_passwords(passphrase, model.get_model_domain_info_key(), domain_info_dict, variables) model_changes += _model_changes variable_changes += _variable_changes if model.get_model_topology_key() in model_dict: topology_dict = model_dict[model.get_model_topology_key()] _model_changes, _variable_changes = \ _search_and_replace_passwords(passphrase, model.get_model_topology_key(), topology_dict, variables) model_changes += _model_changes variable_changes += _variable_changes if model.get_model_resources_key() in model_dict: resources_dict = model_dict[model.get_model_resources_key()] _model_changes, _variable_changes = \ _search_and_replace_passwords(passphrase, model.get_model_resources_key(), resources_dict, variables) model_changes += _model_changes variable_changes += _variable_changes if model.get_model_deployments_key() in model_dict: deployments_dict = model_dict[model.get_model_deployments_key()] _model_changes, _variable_changes = \ _search_and_replace_passwords(passphrase, model.get_model_deployments_key(), deployments_dict, variables) model_changes += _model_changes variable_changes += _variable_changes return model_changes, variable_changes
def __set_app_dir(self): """ Set the AppDir domain option. :raises: CreateException: if an error occurs """ _method_name = '__set_app_dir' self.logger.entering(class_name=self.__class_name, method_name=_method_name) if APP_DIR in self._domain_info: app_dir = self._domain_info[APP_DIR] self.logger.fine('WLSDPLY-12225', model_helper.get_model_domain_info_key(), APP_DIR, app_dir, class_name=self.__class_name, method_name=_method_name) else: app_dir = os.path.join(self.model_context.get_domain_parent_dir(), 'applications') self.logger.fine('WLSDPLY-12226', model_helper.get_model_domain_info_key(), APP_DIR, app_dir, class_name=self.__class_name, method_name=_method_name) self.wlst_helper.set_option_if_needed(SET_OPTION_APP_DIR, app_dir) self.logger.exiting(class_name=self.__class_name, method_name=_method_name) return
def __set_admin_password(self): """ Set the administrative user's password. :raises: CreateException: if an error occurs """ _method_name = '__set_admin_password' if ADMIN_PASSWORD in self._domain_info: admin_password = self._domain_info[ADMIN_PASSWORD] admin_username = self.wls_helper.get_default_admin_username() if ADMIN_USERNAME in self._domain_info: admin_username = self._domain_info[ADMIN_USERNAME] location = LocationContext().append_location(SECURITY) token_name = self.alias_helper.get_name_token(location) if token_name is not None: location.add_name_token(token_name, self._domain_name) location.append_location(USER) token_name = self.alias_helper.get_name_token(location) if token_name is not None: location.add_name_token( token_name, self.wls_helper.get_default_admin_username()) admin_user_path = self.alias_helper.get_wlst_attributes_path( location) self.wlst_helper.cd(admin_user_path) wlst_name, wlst_value = \ self.alias_helper.get_wlst_attribute_name_and_value(location, NAME, admin_username) self.wlst_helper.set_if_needed(wlst_name, wlst_value, NAME, admin_username) wlst_name, wlst_value = \ self.alias_helper.get_wlst_attribute_name_and_value(location, PASSWORD, admin_password, masked=True) self.wlst_helper.set_if_needed(wlst_name, wlst_value, PASSWORD, '<masked>', masked=True) else: ex = exception_helper.create_create_exception( 'WLSDPLY-12228', 'AdminPassword', model_helper.get_model_domain_info_key()) self.logger.throwing(ex, class_name=self.__class_name, method_name=_method_name) raise ex return
def __init__(self, model_dictionary, model_context, aliases): _method_name = '__init__' Creator.__init__(self, model_dictionary, model_context, aliases) # domainInfo section is required to get the admin password, everything else # is optional and will use the template defaults if model_helper.get_model_domain_info_key() not in model_dictionary: ex = exception_helper.create_create_exception('WLSDPLY-12200', self.__program_name, model_helper.get_model_domain_info_key(), self.model_context.get_model_file()) self.logger.throwing(ex, class_name=self.__class_name, method_name=_method_name) raise ex self.topology_helper = TopologyHelper(self.aliases, ExceptionType.CREATE, self.logger) self.security_provider_creator = SecurityProviderCreator(model_dictionary, model_context, aliases, ExceptionType.CREATE, self.logger) self._domain_typedef = self.model_context.get_domain_typedef() self._topology = self.model.get_model_topology() self._domain_info = self.model.get_model_domain_info() if DOMAIN_NAME in self._topology: self._domain_name = self._topology[DOMAIN_NAME] else: self._domain_name = DEFAULT_WLS_DOMAIN_NAME self._domain_home = os.path.join(self.model_context.get_domain_parent_dir(), self._domain_name) if ADMIN_SERVER_NAME in self._topology: self._admin_server_name = self._topology[ADMIN_SERVER_NAME] else: self._admin_server_name = DEFAULT_ADMIN_SERVER_NAME self.__default_domain_name = None self.__default_admin_server_name = None self.__default_security_realm_name = None archive_file_name = self.model_context.get_archive_file_name() if archive_file_name is not None: self.archive_helper = ArchiveHelper(archive_file_name, self._domain_home, self.logger, exception_helper.ExceptionType.CREATE) self.library_helper = LibraryHelper(self.model, self.model_context, self.aliases, self._domain_home, ExceptionType.CREATE, self.logger) self.target_helper = TargetHelper(self.model, self.model_context, self.aliases, ExceptionType.CREATE, self.logger) # # Creating domains with the wls.jar template is busted for pre-12.1.2 domains with regards to the # names of the default authentication providers (both the DefaultAuthenticator and the # DefaultIdentityAsserter names are 'Provider', making it impossible to work with in WLST. If # the WLS version is earlier than fix this as part of domain creation... # self.__fix_default_authentication_provider_names = \ self.wls_helper.do_default_authentication_provider_names_need_fixing() # # This list gets modified as the domain is being created so do use this list for anything else... # self.__topology_folder_list = self.alias_helper.get_model_topology_top_level_folder_names() return
def walk(self): """ Replace password attributes in each model file with secret tokens, and write each model. Generate a script to create the required secrets. Create any additional output specified for the target environment. """ _method_name = "walk" model_file_name = None try: model_file_list = self.model_files.split(',') for model_file in model_file_list: self.cache.clear() if os.path.splitext(model_file)[1].lower() == ".yaml": model_file_name = model_file FileToPython(model_file_name, True).parse() aliases = Aliases(model_context=self.model_context, wlst_mode=WlstModes.OFFLINE) validator = Validator(self.model_context, aliases, wlst_mode=WlstModes.OFFLINE) # Just merge and validate but without substitution model_dictionary = cla_helper.merge_model_files( model_file_name, None) variable_file = self.model_context.get_variable_file() if not os.path.exists(variable_file): variable_file = None return_code = validator.validate_in_tool_mode( model_dictionary, variables_file_name=variable_file, archive_file_name=None) if return_code == Validator.ReturnCode.STOP: self._logger.severe('WLSDPLY-05705', model_file_name) return VALIDATION_FAIL self.current_dict = model_dictionary self.__walk_model_section( model.get_model_domain_info_key(), self.current_dict, aliases.get_model_section_top_level_folder_names( DOMAIN_INFO)) self.__walk_model_section( model.get_model_topology_key(), self.current_dict, aliases.get_model_topology_top_level_folder_names()) self.__walk_model_section( model.get_model_resources_key(), self.current_dict, aliases.get_model_resources_top_level_folder_names()) self.current_dict = self._apply_filter_and_inject_variable( self.current_dict, self.model_context, validator) file_name = os.path.join(self.output_dir, os.path.basename(model_file_name)) fos = JFileOutputStream(file_name, False) writer = JPrintWriter(fos, True) pty = PythonToYaml(self.current_dict) pty._write_dictionary_to_yaml_file(self.current_dict, writer) writer.close() self.cache.clear() for key in self.secrets_to_generate: self.cache[key] = '' # use a merged, substituted, filtered model to get domain name and create additional target output. full_model_dictionary = cla_helper.load_model( _program_name, self.model_context, self._aliases, "discover", WlstModes.OFFLINE) target_configuration_helper.generate_k8s_script( self.model_context, self.cache, full_model_dictionary) # create any additional outputs from full model dictionary target_configuration_helper.create_additional_output( Model(full_model_dictionary), self.model_context, self._aliases, ExceptionType.VALIDATE) except ValidateException, te: self._logger.severe('WLSDPLY-20009', _program_name, model_file_name, te.getLocalizedMessage(), error=te, class_name=_class_name, method_name=_method_name) ex = exception_helper.create_compare_exception( te.getLocalizedMessage(), error=te) self._logger.throwing(ex, class_name=_class_name, method_name=_method_name) return VALIDATION_FAIL
def walk(self): _method_name = "walk" model_file_name = None try: model_file_list = self.model_files.split(',') for model_file in model_file_list: self.cache.clear() if os.path.splitext(model_file)[1].lower() == ".yaml": model_file_name = model_file FileToPython(model_file_name, True).parse() aliases = Aliases(model_context=self.model_context, wlst_mode=WlstModes.OFFLINE) validator = Validator(self.model_context, aliases, wlst_mode=WlstModes.OFFLINE) # Just merge and validate but without substitution model_dictionary = cla_helper.merge_model_files(model_file_name, None) variable_file = self.model_context.get_variable_file() if not os.path.exists(variable_file): variable_file=None return_code = validator.validate_in_tool_mode(model_dictionary, variables_file_name=variable_file, archive_file_name=None) if return_code == Validator.ReturnCode.STOP: __logger.severe('WLSDPLY-05705', model_file_name) return VALIDATION_FAIL self.current_dict = model_dictionary self.__walk_model_section(model.get_model_domain_info_key(), self.current_dict, aliases.get_model_section_top_level_folder_names(DOMAIN_INFO)) self.__walk_model_section(model.get_model_topology_key(), self.current_dict, aliases.get_model_topology_top_level_folder_names()) self.__walk_model_section(model.get_model_resources_key(), self.current_dict, aliases.get_model_resources_top_level_folder_names()) self.current_dict = self._apply_filter_and_inject_variable(self.current_dict, self.model_context, validator) file_name = os.path.join(self.output_dir, os.path.basename(model_file_name)) fos = JFileOutputStream(file_name, False) writer = JPrintWriter(fos, True) pty = PythonToYaml(self.current_dict) pty._write_dictionary_to_yaml_file(self.current_dict, writer) writer.close() self.cache.clear() for key in self.secrets_to_generate: self.cache[key] = '' target_configuration_helper.generate_k8s_script(self.model_context.get_kubernetes_variable_file(), self.cache) except ValidateException, te: __logger.severe('WLSDPLY-20009', _program_name, model_file_name, te.getLocalizedMessage(), error=te, class_name=_class_name, method_name=_method_name) ex = exception_helper.create_compare_exception(te.getLocalizedMessage(), error=te) __logger.throwing(ex, class_name=_class_name, method_name=_method_name) return VALIDATION_FAIL
def __init__(self, model_dictionary, model_context, aliases): _method_name = '__init__' Creator.__init__(self, model_dictionary, model_context, aliases) # domainInfo section is required to get the admin password, everything else # is optional and will use the template defaults if model_helper.get_model_domain_info_key() not in model_dictionary: ex = exception_helper.create_create_exception( 'WLSDPLY-12200', self.__program_name, model_helper.get_model_domain_info_key(), self.model_context.get_model_file()) self.logger.throwing(ex, class_name=self.__class_name, method_name=_method_name) raise ex self.topology_helper = TopologyHelper(self.aliases, ExceptionType.CREATE, self.logger) self.security_provider_creator = SecurityProviderCreator( model_dictionary, model_context, aliases, ExceptionType.CREATE, self.logger) self._domain_typedef = self.model_context.get_domain_typedef() self._topology = self.model.get_model_topology() self._domain_info = self.model.get_model_domain_info() if DOMAIN_NAME in self._topology: self._domain_name = self._topology[DOMAIN_NAME] else: self._domain_name = DEFAULT_WLS_DOMAIN_NAME # if domain home specified on command line, set it here, otherwise append domain name to domain parent model_domain_home = self.model_context.get_domain_home() if model_domain_home: self._domain_home = model_domain_home else: self._domain_home = os.path.join( self.model_context.get_domain_parent_dir(), self._domain_name) if ADMIN_SERVER_NAME in self._topology: self._admin_server_name = self._topology[ADMIN_SERVER_NAME] else: self._admin_server_name = DEFAULT_ADMIN_SERVER_NAME self.__default_domain_name = None self.__default_admin_server_name = None self.__default_security_realm_name = None archive_file_name = self.model_context.get_archive_file_name() if archive_file_name is not None: self.archive_helper = ArchiveHelper( archive_file_name, self._domain_home, self.logger, exception_helper.ExceptionType.CREATE) self.library_helper = LibraryHelper(self.model, self.model_context, self.aliases, self._domain_home, ExceptionType.CREATE, self.logger) self.target_helper = TargetHelper(self.model, self.model_context, self.aliases, ExceptionType.CREATE, self.logger) # # This list gets modified as the domain is being created so do use this list for anything else... # self.__topology_folder_list = self.alias_helper.get_model_topology_top_level_folder_names( ) return