-
Notifications
You must be signed in to change notification settings - Fork 89
fix password and user in jdbc standalone xml #1213
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
core/src/main/python/wlsdeploy/tool/discover/deployments_discoverer.py
Outdated
Show resolved
Hide resolved
core/src/main/java/oracle/weblogic/deploy/util/WLSDeployArchive.java
Outdated
Show resolved
Hide resolved
core/src/main/python/wlsdeploy/tool/discover/deployments_discoverer.py
Outdated
Show resolved
Hide resolved
core/src/main/python/wlsdeploy/tool/util/credential_injector.py
Outdated
Show resolved
Hide resolved
Can we change the name of the generated secret token not to use . -> change it to - ? It breaks wko eventually.
"message" : "Failure invoking 'create' on job in namespace sample-domain1-ns : Job.batch "sample-domain1-introspector" is invalid: [spec.template.spec.volumes[3].name: Invalid value: "sample-domain1-localpdb-jdbc.xml-user-volume": a lowercase RFC 1123 label must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character (e.g. 'my-name', or '123-abc', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?'), spec.template.spec.volumes[4].name: Invalid value: "sample-domain1-localpdb-jdbc2.xml-user-volume": a lowercase RFC 1123 label must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character (e.g. 'my-name', or '123-abc', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?'), spec.template.spec.containers[0].volumeMounts[3].name: Not found: "sample-domain1-localpdb-jdbc.xml-user-volume", spec.template.spec.containers[0].volumeMounts[4].name: Not found: "sample-domain1-localpdb-jdbc2.xml-user-volume"]: Kubernetes"
The secret name embedded in the generated secret token MUST be a legal Kubernetes name.
Also, I believe we have some logic to limit the number of characters of the generated token so that it won't fail later, and the logic should apply here also. @rakillen ?
@jshum2479 The character count check currently happens in the generated create_k8s_secrets.sh script, and warns the user to fix them.
Warning: These {0} secret names are too long to be mounted in a Kubernetes pod:
. . .
Secret names to be mounted in a Kubernetes pod should be limited to 63 characters.
To correct this, shorten the DOMAIN_UID or the secret key(s) in this generated script and re-execute.
We don't currently check before that point, because we don't have a good way of shortening any that are too long, and ensuring that they stay unique.
Kudos, SonarCloud Quality Gate passed! Quality Gate passed
Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells
Handled in #1220
First part of WDT-675. Looks for password and user in jdbc standalone xml app and tokenizes or replaces the values with the fix token.