Commit 987141b

committed

Adding discovery support for new WDT discover security features

1 parent 7e5e445 commit 987141bCopy full SHA for 987141b

File tree

13 files changed

+516

-89

lines changed

electron/app
- js
  - wdtDiscovery.js
- locales/en
  - webui.json
webui
- package-lock.json
- package.json
- src/js

13 files changed

+516

-89

lines changed

`‎electron/app/js/wdtDiscovery.js‎`

Lines changed: 43 additions & 20 deletions

Original file line number	Diff line number	Diff line change
`@@ -49,6 +49,7 @@ async function _runDiscover(targetWindow, discoverConfig, online) {`
`49`	`49`	`const discoverType = online ? 'online' : 'offline';`
`50`	`50`	logger.info(`start ${discoverType} discover: ${discoverConfig['oracleHome']}`);
`51`	`51`
	`52`	`+ let isRemote = false;`
`52`	`53`	`let projectFile = discoverConfig['projectFile'];`
`53`	`54`	`let projectDir = path.dirname(projectFile);`
`54`	`55`
`@@ -66,46 +67,68 @@ async function _runDiscover(targetWindow, discoverConfig, online) {`
`66`	`67`	`argList.push('-java_home');`
`67`	`68`	`argList.push(discoverConfig['javaHome']);`
`68`	`69`
`69`		`- addArgumentIfPresent(discoverConfig['domainHome'], '-domain_home', argList);`
`70`		`-`
`71`	`70`	`argList.push('-domain_type');`
`72`	`71`	`argList.push(discoverConfig['domainType']);`
`73`	`72`
	`73`	`+ argList.push('-model_file');`
	`74`	`+ argList.push(modelFile);`
	`75`	`+ argList.push('-variable_file');`
	`76`	`+ argList.push(propertiesFile);`
	`77`	`+`
`74`	`78`	`if (online) {`
`75`	`79`	`argList.push('-admin_url');`
`76`	`80`	`argList.push(discoverConfig['adminUrl']);`
`77`	`81`	`argList.push('-admin_user');`
`78`	`82`	`argList.push(discoverConfig['adminUser']);`
`79`	`83`	`argList.push('-admin_pass');`
`80`	`84`	`argList.push(discoverConfig['adminPass']);`
`81`		`- }`
`82`	`85`
`83`		`- addArgumentIfPresent(discoverConfig['sshHost'], '-ssh_host', argList);`
`84`		`- addArgumentIfPresent(discoverConfig['sshPort'], '-ssh_port', argList);`
`85`		`- addArgumentIfPresent(discoverConfig['sshUser'], '-ssh_user', argList);`
`86`		`- addArgumentIfPresent(discoverConfig['sshPassword'], '-ssh_pass', argList);`
`87`		`- addArgumentIfPresent(discoverConfig['sshPrivateKey'], '-ssh_private_key', argList);`
`88`		`- addArgumentIfPresent(discoverConfig['sshPrivateKeyPassphrase'], '-ssh_private_key_pass', argList);`
	`86`	`+ addArgumentIfPresent(discoverConfig['sshHost'], '-ssh_host', argList);`
	`87`	`+ addArgumentIfPresent(discoverConfig['sshPort'], '-ssh_port', argList);`
	`88`	`+ addArgumentIfPresent(discoverConfig['sshUser'], '-ssh_user', argList);`
	`89`	`+ addArgumentIfPresent(discoverConfig['sshPassword'], '-ssh_pass', argList);`
	`90`	`+ addArgumentIfPresent(discoverConfig['sshPrivateKey'], '-ssh_private_key', argList);`
	`91`	`+ addArgumentIfPresent(discoverConfig['sshPrivateKeyPassphrase'], '-ssh_private_key_pass', argList);`
	`92`	`+`
	`93`	`+ const useRemote = discoverConfig['isRemote'];`
	`94`	`+ if (!useRemote) {`
	`95`	`+ argList.push('-archive_file');`
	`96`	`+ argList.push(archiveFile);`
	`97`	`+ } else {`
	`98`	`+ isRemote = true;`
	`99`	`+ argList.push('-remote');`
	`100`	`+ }`
	`101`	`+`
	`102`	`+ if (discoverConfig['discoverPasswords']) {`
	`103`	`+ argList.push('-discover_passwords');`
	`104`	`+ }`
	`105`	`+ if (discoverConfig['discoverSecurityProviderData'] && discoverConfig['discoverSecurityProviderDataArgument']) {`
	`106`	`+ argList.push('-discover_security_provider_data');`
	`107`	`+ argList.push(discoverConfig['discoverSecurityProviderDataArgument']);`
	`108`	`+ }`
	`109`	`+ if (discoverConfig['discoverOPSSWallet'] && discoverConfig['discoverOPSSWalletPassphrase']) {`
	`110`	`+ argList.push('-discover_opss_wallet');`
	`111`	`+ argList.push('-opss_wallet_passphrase');`
	`112`	`+ argList.push(discoverConfig['discoverOPSSWalletPassphrase']);`
	`113`	`+ }`
	`114`	`+ addArgumentIfPresent(discoverConfig['discoverWdtPassphrase'], '-passphrase', argList);`
	`115`	`+ } else {`
	`116`	`+ // offline`
	`117`	`+ addArgumentIfPresent(discoverConfig['domainHome'], '-domain_home', argList);`
`89`	`118`
`90`		`- const isRemote = discoverConfig['isRemote'];`
`91`		`- if (!isRemote) {`
`92`	`119`	`argList.push('-archive_file');`
`93`	`120`	`argList.push(archiveFile);`
`94`	`121`	`}`
`95`	`122`
`96`		`- argList.push('-model_file');`
`97`		`- argList.push(modelFile);`
`98`		`- argList.push('-variable_file');`
`99`		`- argList.push(propertiesFile);`
`100`		`-`
`101`		`- if (isRemote) {`
`102`		`- argList.push('-remote');`
`103`		`- }`
`104`		`-`
`105`	`123`	`const env = {`
`106`	`124`	`JAVA_HOME: process.env.JAVA_HOME \|\| discoverConfig['javaHome']`
`107`	`125`	`};`
`108`	`126`
	`127`	`+ const additionalProperties = discoverConfig['additionalProperties'];`
	`128`	`+ if (additionalProperties && additionalProperties.length > 0) {`
	`129`	`+ env['WLSDEPLOY_PROPERTIES'] = additionalProperties;`
	`130`	`+ }`
	`131`	`+`
`109`	`132`	`let resultsDirectory = null;`
`110`	`133`	`let resultsFile = null;`
`111`	`134`	`if (isRemote) {`

`‎electron/app/locales/en/webui.json‎`

Lines changed: 26 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1097,8 +1097,12 @@`
`1097`	`1097`	`"discover-dialog-domain-type-label": "Domain Type",`
`1098`	`1098`	`"discover-dialog-wls-domain-type-label": "WebLogic Server",`
`1099`	`1099`	`"discover-dialog-restricted-jrf-domain-type-label": "Restricted JRF",`
`1100`		`- "discover-dialog-jrf-domain-type-label": "Fusion Middleware (JRF)",`
	`1100`	`+ "discover-dialog-jrf-domain-type-label": "Fusion Middleware Infrastructure (JRF)",`
	`1101`	`+ "discover-dialog-oam-domain-type-label": "Oracle Access Manager (OAM)",`
	`1102`	`+ "discover-dialog-oig-domain-type-label": "Oracle Identity Governance (OIG)",`
`1101`	`1103`	`"discover-dialog-domain-type-help": "Specifies the type of Oracle Fusion Middleware domain to be discovered.",`
	`1104`	`+ "discover-dialog-additional-properties-label": "Additional Properties",`
	`1105`	`+ "discover-dialog-additional-properties-help": "Additional Properties to pass to the WebLogic Deploy Tooling's Discover Domain Tool.",`
`1102`	`1106`	`"discover-dialog-admin-url-label": "Administration Server URL",`
`1103`	`1107`	`"discover-dialog-admin-url-help": "The URL of the Administration Server of the domain. Format should be similar to t3://wls.host:7001",`
`1104`	`1108`	`"discover-dialog-admin-user-label": "Administration Server User",`
`@@ -1133,6 +1137,23 @@`
`1133`	`1137`	`"discover-dialog-ssh-credential-type-password-label": "Use password",`
`1134`	`1138`	`"discover-dialog-ssh-credential-type-label": "SSH Credential Type",`
`1135`	`1139`	`"discover-dialog-ssh-credential-type-help": "Choose an option for specifying SSH credentials",`
	`1140`	`+ "discover-dialog-discover-security-features-title": "Security-Related Discovery Features",`
	`1141`	`+ "discover-dialog-discover-passwords-label": "Discover Passwords",`
	`1142`	`+ "discover-dialog-discover-passwords-help": "Discover passwords from the source domain and encrypt them using WDT encryption.",`
	`1143`	`+ "discover-dialog-discover-security-provider-data-label": "Discover Security Provider Data",`
	`1144`	`+ "discover-dialog-discover-security-provider-data-help": "Discover security provider data from the source domain and encrypt any passwords found using WDT encryption.",`
	`1145`	`+ "discover-dialog-discover-opss-wallet-label": "Discover OPSS Wallet",`
	`1146`	`+ "discover-dialog-discover-opss-wallet-help": "Discover OPSS encryption key from the source domain and encrypt it with the OPSS Wallet Passphrase.",`
	`1147`	`+ "discover-dialog-discover-opss-wallet-passphrase-label": "OPSS Wallet Passphrase",`
	`1148`	`+ "discover-dialog-discover-opss-wallet-passphrase-help": "The wallet passphrase to use when exporting the OPSS encryption key into a wallet.",`
	`1149`	`+ "discover-dialog-security-provider-type-all-label": "All Supported Providers",`
	`1150`	`+ "discover-dialog-security-provider-type-default-authenticator-label": "Default Authenticator",`
	`1151`	`+ "discover-dialog-security-provider-type-xacml-authorizer-label": "XACML Authorizer",`
	`1152`	`+ "discover-dialog-security-provider-type-xacml-role-mapper-label": "XACML Role Mapper",`
	`1153`	`+ "discover-dialog-security-provider-type-default-credential-mapper-label": "Default Credential Mapper",`
	`1154`	`+ "discover-dialog-security-provider-scope-label": "Providers to Discover",`
	`1155`	`+ "discover-dialog-discover-wdt-encryption-passphrase-label": "WDT Model Encryption Passphrase",`
	`1156`	`+ "discover-dialog-discover-wdt-encryption-passphrase-help": "The WDT model encryption passphrase that will be used to encrypt any discovered credentials.",`
`1136`	`1157`
`1137`	`1158`	`"discover-result-dialog-title": "Discover Domain Result",`
`1138`	`1159`	`"discover-result-dialog-archive-message": "The following files need to be collected from the remote system and placed in the archive file at the specified paths",`
`@@ -1494,6 +1515,8 @@`
`1494`	`1515`	`"wko-uninstaller-uninstall-failed-error-message":"Unable to uninstall WebLogic Kubernetes Operator {{operatorName}} from Kubernetes namespace {{operatorNamespace}}: {{error}}.",`
`1495`	`1516`	`"wko-uninstaller-uninstall-catch-all-error-message": "WebLogic Kubernetes Operator uninstall failed with an unexpected error: {{error}}",`
`1496`	`1517`
	`1518`	`+ "k8s-domain-definition-encrypted-credential-message": "Found secret {{secretName}} with WDT encrypted key {{secretKey}}",`
	`1519`	`+ "k8s-domain-deployer-update-admin-user-password-in-progress": "Updating Password for User {{adminUserName}}",`
`1497`	`1520`	`"k8s-domain-deployer-aborted-error-title": "Deploying WebLogic Domain to Kubernetes Aborted",`
`1498`	`1521`	`"k8s-domain-deployer-kubectl-exe-invalid-error-message": "Unable to deploy WebLogic Domain to Kubernetes because the Kubernetes client executable is invalid: {{error}}.",`
`1499`	`1522`	`"k8s-domain-deployer-helm-exe-invalid-error-message": "Unable to deploy WebLogic domain to Kubernetes because the Helm executable is invalid: {{error}}.",`
`@@ -1514,6 +1537,8 @@`
`1514`	`1537`	`"k8s-domain-deployer-create-wallet-password-secret-error-message": "Unable to deploy WebLogic domain to Kubernetes due to an error creating the OPSS wallet password secret {{secretName}} in the Kubernetes namespace {{namespace}}: {{error}}",`
`1515`	`1538`	`"k8s-domain-deployer-create-wl-secret-in-progress": "Creating secret {{secretName}} for WebLogic domain {{domainName}} in Kubernetes namespace {{namespace}}",`
`1516`	`1539`	`"k8s-domain-deployer-create-wl-secret-failed-error-message": "Failed to create WebLogic credentials secret {{secretName}} in Kubernetes namespace {{namespace}}: {{error}}",`
	`1540`	`+ "k8s-domain-deployer-create-wdt-secret-in-progress": "Creating secret {{secretName}} for WebLogic domain {{domainName}} in Kubernetes namespace {{namespace}}",`
	`1541`	`+ "k8s-domain-deployer-create-wdt-secret-failed-error-message": "Failed to create WebLogic credentials secret {{secretName}} in Kubernetes namespace {{namespace}}: {{error}}",`
`1517`	`1542`	`"k8s-domain-deployer-create-secrets-in-progress": "Creating secrets for WebLogic domain {{domainName}} in Kubernetes namespace {{namespace}}",`
`1518`	`1543`	`"k8s-domain-deployer-create-secret-failed-error-message": "Failed to create secret {{secretName}} in Kubernetes namespace {{namespace}}: {{error}}",`
`1519`	`1544`	`"k8s-domain-deployer-create-config-map-in-progress": "Creating Kubernetes config map for WebLogic domain {{domainName}} in Kubernetes namespace {{domainNamespace}}",`

`‎webui/package-lock.json‎`

Lines changed: 7 additions & 7 deletions

Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

`‎webui/package.json‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,7 @@`
`12`	`12`	`"dependencies": {`
`13`	`13`	`"@oracle/oraclejet": "~16.0.2",`
`14`	`14`	`"@oracle/oraclejet-core-pack": "~16.0.2",`
`15`		`- "@oracle/wrc-jet-pack": "~2.4.8",`
	`15`	`+ "@oracle/wrc-jet-pack": "~2.4.10",`
`16`	`16`	`"ace-builds": "^1.33.0",`
`17`	`17`	`"i18next": "^23.11.2",`
`18`	`18`	`"jquery": "^3.7.1",`

`‎webui/src/js/models/k8s-domain-definition.js‎`

Lines changed: 22 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -123,6 +123,28 @@ define(['knockout', 'utils/observable-properties', 'utils/common-utilities', 'ut`
`123`	`123`	`}`
`124`	`124`	`};`
`125`	`125`
	`126`	`+ this.requiresWDTEncryptionPassphrase = ko.computed(() => {`
	`127`	`+ for (const secret of this.secrets.observable()) {`
	`128`	`+ for (const key of secret.keys) {`
	`129`	`+ if (key.value.toUpperCase().startsWith('{AES}')) {`
	`130`	`+ wktLogger.debug('k8s-domain-definition-encrypted-credential-message', { secretName: secret.name, secretKey: key.key });`
	`131`	`+ return true;`
	`132`	`+ }`
	`133`	`+ }`
	`134`	`+ }`
	`135`	`+ return false;`
	`136`	`+ }, this);`
	`137`	`+`
	`138`	`+ /** The name of the WDT encryption secret, if needed. */`
	`139`	`+ this.wdtEncryptionSecretName = ko.computed(() => {`
	`140`	`+ let wdtEncryptionSecret;`
	`141`	`+`
	`142`	`+ if (this.requiresWDTEncryptionPassphrase() && wdtModel.wdtPassphrase.observable()) {`
	`143`	+ wdtEncryptionSecret = `${wdtModel.domainName()}-wdt-encryption-secret`;
	`144`	`+ }`
	`145`	`+ return wdtEncryptionSecret;`
	`146`	`+ }, this);`
	`147`	`+`
`126`	`148`	`this.replicas = props.createProperty(2);`
`127`	`149`	`// TODO - can a WebLogic server really run with 64MB? If not, raise minimum limit...`
`128`	`150`	`this.minimumHeapSize = props.createProperty('64m');`

`‎webui/src/js/models/wdt-model-definition.js‎`

Lines changed: 33 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -32,6 +32,9 @@ define(['knockout', 'utils/observable-properties', 'js-yaml', 'utils/validation-`
`32`	`32`	`/** The locations of the archive files. */`
`33`	`33`	`this.archiveFiles = props.createArrayProperty();`
`34`	`34`
	`35`	`+ /** Model encryption passphrase. */`
	`36`	`+ this.wdtPassphrase = props.createProperty();`
	`37`	`+`
`35`	`38`	`/** The contents of the first model file. */`
`36`	`39`	`this.modelContent = ko.observable('');`
`37`	`40`
`@@ -163,10 +166,7 @@ define(['knockout', 'utils/observable-properties', 'js-yaml', 'utils/validation-`
`163`	`166`	`// user:`
`164`	`167`	`// Value: '@@SECRET:mydomain-jdbc-myds:username@@'`
`165`	`168`	`//`
`166`		`- let secretKey = secretName;`
`167`		`- if (secretEnvVar) {`
`168`		- secretKey = secretName.startsWith('-') ? `${secretEnvVar}${secretName}` : `${secretEnvVar}-${secretName}`;
`169`		`- }`
	`169`	`+ const secretKey = this.getModelSecretKey(secretEnvVar, secretName);`
`170`	`170`
`171`	`171`	`let secretData;`
`172`	`172`	`if (secretsMap.has(secretKey)) {`
`@@ -186,6 +186,35 @@ define(['knockout', 'utils/observable-properties', 'js-yaml', 'utils/validation-`
`186`	`186`	`return [...secretsMap.values()];`
`187`	`187`	`};`
`188`	`188`
	`189`	`+ this.getModelSecretKey = (secretEnvVar, secretName) => {`
	`190`	`+ let secretKey = secretName;`
	`191`	`+ if (secretEnvVar) {`
	`192`	+ secretKey = secretName.startsWith('-') ? `${secretEnvVar}${secretName}` : `${secretEnvVar}-${secretName}`;
	`193`	`+ }`
	`194`	`+ return secretKey;`
	`195`	`+ };`
	`196`	`+`
	`197`	`+ this.getAdminUserTopologySecurityUserSecretKey = (userName) => {`
	`198`	`+ let result;`
	`199`	`+ try {`
	`200`	`+ const yaml = jsYaml.load(this.modelContent());`
	`201`	`+`
	`202`	+ const modelValue = getElement(yaml, `topology.Security.User.${userName}.Password`);
	`203`	`+ if (modelValue) {`
	`204`	`+ matches = modelValue.match(SECRET_PATTERN);`
	`205`	`+ if (matches) {`
	`206`	`+ const secretName = matches.groups.name;`
	`207`	`+ const secretEnvVar = matches.groups.envvar;`
	`208`	`+`
	`209`	`+ result = this.getModelSecretKey(secretEnvVar, secretName);`
	`210`	`+ }`
	`211`	`+ }`
	`212`	`+ } catch (e) {`
	`213`	`+ // unable to parse model, just return undefined`
	`214`	`+ }`
	`215`	`+ return result;`
	`216`	`+ };`
	`217`	`+`
`189`	`218`	`/** Returns a property for editing the model properties */`
`190`	`219`	`this.getModelPropertiesObject = function() {`
`191`	`220`	`return this.internal.propertiesContent;`

0 commit comments

Comments

(0)

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit 987141b

File tree

13 files changed

13 files changed

`‎electron/app/js/wdtDiscovery.js‎`

`‎electron/app/locales/en/webui.json‎`

`‎webui/package-lock.json‎`

`‎webui/package.json‎`

`‎webui/src/js/models/k8s-domain-definition.js‎`

`‎webui/src/js/models/wdt-model-definition.js‎`

0 commit comments