Merge pull request #2 from sanjaymantoor/main

Updated admin and dynamic cluster as per security review comments

Author: rjeberhard

weblogic-azure-vm/arm-oraclelinux-wls-admin/admin-ssl-post-deploy/src/main/scripts/configureCustomAdminSSL.sh

@@ -154,7 +154,7 @@ function wait_for_admin()
 {
  #wait for admin to start
 count=1
-export CHECK_URL="http://$wlsAdminURL/weblogic/ready"
+CHECK_URL="http://$wlsAdminURL/weblogic/ready"
 status=`curl --insecure -ILs $CHECK_URL | tac | grep -m1 HTTP/1.1 | awk {'print $2'}`
 echo "Waiting for admin server to start"
 while [[ "$status" != "200" ]]
@@ -193,7 +193,7 @@ function parseLDAPCertificate()
     done
 
     openssl base64 -d -in ${SCRIPT_PWD}/security/AzureADLDAPCerBase64String.txt -out ${SCRIPT_PWD}/security/AzureADTrust.cer
-    export addsCertificate=${SCRIPT_PWD}/security/AzureADTrust.cer
+    addsCertificate=${SCRIPT_PWD}/security/AzureADTrust.cer
 }
 
 function importAADCertificateIntoWLSCustomTrustKeyStore()
@@ -254,7 +254,7 @@ function parseAndSaveCustomSSLKeyStoreData()
 
     echo "$customIdentityKeyStoreBase64String" > ${KEYSTORE_PATH}/identityKeyStoreCerBase64String.txt
     cat ${KEYSTORE_PATH}/identityKeyStoreCerBase64String.txt | base64 -d > ${KEYSTORE_PATH}/identity.keystore
-    export customSSLIdentityKeyStoreFile=${KEYSTORE_PATH}/identity.keystore
+    customSSLIdentityKeyStoreFile=${KEYSTORE_PATH}/identity.keystore
 
     rm -rf ${KEYSTORE_PATH}/identityKeyStoreCerBase64String.txt
 
@@ -263,7 +263,7 @@ function parseAndSaveCustomSSLKeyStoreData()
 
     echo "$customTrustKeyStoreBase64String" > ${KEYSTORE_PATH}/trustKeyStoreCerBase64String.txt
     cat ${KEYSTORE_PATH}/trustKeyStoreCerBase64String.txt | base64 -d > ${KEYSTORE_PATH}/trust.keystore
-    export customSSLTrustKeyStoreFile=${KEYSTORE_PATH}/trust.keystore
+    customSSLTrustKeyStoreFile=${KEYSTORE_PATH}/trust.keystore
 
     rm -rf ${KEYSTORE_PATH}/trustKeyStoreCerBase64String.txt
 
@@ -279,7 +279,7 @@ function restartAdminServerService()
 
 #main script starts here
 
-export SCRIPT_PWD=`pwd`
+SCRIPT_PWD=`pwd`
 
 # store arguments in a special array 
 args=("$@") 
@@ -288,51 +288,51 @@ ELEMENTS=${#args[@]}
 
 # echo each element in array  
 # for loop 
-for (( i=0;i<$ELEMENTS;i++)); do 
-    echo "ARG[${args[${i}]}]"
-done
+#for (( i=0;i<$ELEMENTS;i++)); do 
+#    echo "ARG[${args[${i}]}]"
+#done
 
 if [ $# -lt 9 ]
 then
     usage
     exit 1
 fi
 
-export adminVMName=$1
-export wlsDomainName=$2
-export wlsUserName=$3
-export wlsPassword=$4
-export oracleHome=$5
-export wlsDomainPath=$6
+adminVMName=$1
+wlsDomainName=$2
+wlsUserName=$3
+wlsPassword=$4
+oracleHome=$5
+wlsDomainPath=$6
 
-export enableAAD="${7}"
+enableAAD="${7}"
 enableAAD="${enableAAD,,}"
 
-export wlsADSSLCer="${8}"
+wlsADSSLCer="${8}"
 
-export isCustomSSLEnabled="${9}"
+isCustomSSLEnabled="${9}"
 isCustomSSLEnabled="${isCustomSSLEnabled,,}"
 
 if [ "${isCustomSSLEnabled,,}" == "true" ];
 then
-    export customIdentityKeyStoreBase64String="${10}"
-    export customIdentityKeyStorePassPhrase="${11}"
-    export customIdentityKeyStoreType="${12}"
-    export customTrustKeyStoreBase64String="${13}"
-    export customTrustKeyStorePassPhrase="${14}"
-    export customTrustKeyStoreType="${15}"
-    export privateKeyAlias="${16}"
-    export privateKeyPassPhrase="${17}"
+    customIdentityKeyStoreBase64String="${10}"
+    customIdentityKeyStorePassPhrase="${11}"
+    customIdentityKeyStoreType="${12}"
+    customTrustKeyStoreBase64String="${13}"
+    customTrustKeyStorePassPhrase="${14}"
+    customTrustKeyStoreType="${15}"
+    privateKeyAlias="${16}"
+    privateKeyPassPhrase="${17}"
 fi
 
-export wlsAdminPort=7001
-export wlsAdminChannelPort=7005
-export wlsAdminURL="$adminVMName:$wlsAdminChannelPort"
-export wlsServerName="admin"
-export username="oracle"
-export groupname="oracle"
+wlsAdminPort=7001
+wlsAdminChannelPort=7005
+wlsAdminURL="$adminVMName:$wlsAdminChannelPort"
+wlsServerName="admin"
+username="oracle"
+groupname="oracle"
 
-export KEYSTORE_PATH="$wlsDomainPath/$wlsDomainName/keystores"
+KEYSTORE_PATH="$wlsDomainPath/$wlsDomainName/keystores"
 
 validateInput
 cleanup

weblogic-azure-vm/arm-oraclelinux-wls-admin/cli-scripts/custom-dns-alias-cli.sh

@@ -107,7 +107,7 @@ function queryAdminIPId() {
     exit 1
   fi
 
-  export adminIPId=$(az graph query -q "Resources 
+  adminIPId=$(az graph query -q "Resources 
     | where type =~ 'microsoft.network/networkinterfaces' 
     | where id=~ '${nicId}' 
     | extend ipConfigsCount=array_length(properties.ipConfigurations) 
@@ -122,7 +122,7 @@ function queryAdminIPId() {
 }
 
 function generateParameterFile() {
-  export parametersPath=parameters.json
+  parametersPath=parameters.json
   cat <<EOF >${scriptDir}/${parametersPath}
 {
     "\$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
@@ -230,8 +230,8 @@ Custom DNS alias:
 
 # main script start from here
 # default value
-export hasDNSZone=false
-export identity=/subscriptions/subscriptionId/resourceGroups/TestResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/TestUserIdentity1
+hasDNSZone=false
+identity=/subscriptions/subscriptionId/resourceGroups/TestResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/TestUserIdentity1
 
 # Transform long options to short ones
 for arg in "$@"; do

weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/mainTemplate.json

@@ -303,11 +303,11 @@
          "defaultValue": "ServerPrivateKeyPassPhraseSecret"
       },
       "uploadedCustomIdentityKeyStoreData": {
-         "type": "string",
+         "type": "securestring",
          "metadata": {
             "description": "Custom Identity KeyStore Data"
          },
-         "defaultValue": "customIdentityKeyStoreData"
+         "defaultValue": ""
       },
       "uploadedCustomIdentityKeyStorePassphrase": {
          "type": "securestring",
@@ -324,11 +324,11 @@
          "defaultValue": "JKS"
       },
       "uploadedCustomTrustKeyStoreData": {
-         "type": "string",
+         "type": "securestring",
          "metadata": {
             "description": "Custom Trust KeyStore Data"
          },
-         "defaultValue": "customTrustKeyStoreData"
+         "defaultValue": ""
       },
       "uploadedCustomTrustKeyStorePassPhrase": {
          "type": "securestring",

weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/_keyVaultNestedTemplate.json

@@ -3,25 +3,25 @@
     "contentVersion": "1.0.0.0",
     "parameters": {
         "uploadedCustomIdentityKeyStoreData": {
-            "type": "string",
+            "type": "securestring",
             "metadata": {
                 "description": "Custom Identity KeyStore Data"
             }
         },
         "uploadedCustomIdentityKeyStorePassphrase": {
-            "type": "string",
+            "type": "securestring",
             "metadata": {
                 "description": "Custom Identity KeyStore Passphrase"
             }
         },
         "uploadedCustomTrustKeyStoreData": {
-            "type": "string",
+            "type": "securestring",
             "metadata": {
                 "description": "Custom Trust KeyStore Data"
             }
         },
         "uploadedCustomTrustKeyStorePassPhrase": {
-            "type": "string",
+            "type": "securestring",
             "metadata": {
                 "description": "Custom Trust KeyStore PassPhrase"
             }
@@ -33,7 +33,7 @@
             }
         },
         "uploadedPrivateKeyPassPhrase": {
-            "type": "string",
+            "type": "securestring",
             "metadata": {
                 "description": "Password of the private key"
             }

weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/aadNestedTemplate.json

@@ -67,7 +67,7 @@
             }
         },
         "wlsLDAPPrincipal": {
-            "type": "string",
+            "type": "securestring",
             "defaultValue": "",
             "metadata": {
                 "description": "The Distinguished Name (DN) of the LDAP user that WebLogic Server should use to connect to the LDAP server."
@@ -88,14 +88,14 @@
             }
         },
         "wlsLDAPSSLCertificate": {
-            "type": "string",
+            "type": "securestring",
             "defaultValue": "",
             "metadata": {
                 "description": "Client certificate that will be imported to trust store of SSL."
             }
         },
         "wlsLDAPUserBaseDN": {
-            "type": "string",
+            "type": "securestring",
             "defaultValue": "",
             "metadata": {
                 "description": "The base distinguished name (DN) of the tree in the LDAP directory that contains users."
@@ -121,8 +121,8 @@
            }
         },
         "keyVaultCustomTrustKeyStorePassPhrase": {
-           "type": "string",
-           "defaultValue": "null",
+           "type": "securestring",
+           "defaultValue": "",
            "metadata": {
               "description": "Weblogic Custom Trust Store Passphrase"
            }

weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/adminTemplateForCustomSSL.json

@@ -90,13 +90,13 @@
          "defaultValue": "[newGuid()]"
       },
       "keyVaultCustomIdentityKeyStoreData": {
-         "type": "string",
+         "type": "securestring",
          "metadata": {
             "description": "Weblogic Custom Identity Keystore Data"
          }
       },
       "keyVaultCustomIdentityKeyStorePassPhrase": {
-         "type": "string",
+         "type": "securestring",
          "metadata": {
             "description": "Weblogic Custom Identity Keystore Passphrase"
          }
@@ -109,13 +109,13 @@
          "defaultValue": "JKS"
       },
       "keyVaultCustomTrustKeyStoreData": {
-         "type": "string",
+         "type": "securestring",
          "metadata": {
             "description": "Weblogic Custom Trust Store Data"
          }
       },
       "keyVaultCustomTrustKeyStorePassPhrase": {
-         "type": "string",
+         "type": "securestring",
          "metadata": {
             "description": "Weblogic Custom Trust Store Passphrase"
          }
@@ -134,7 +134,7 @@
          }
       },
       "keyVaultPrivateKeyPassPhrase": {
-         "type": "string",
+         "type": "securestring",
          "metadata": {
             "description": "Weblogic Server Private Key Pass Phrase"
          }

weblogic-azure-vm/arm-oraclelinux-wls-admin/test/data/parameters-test.json

@@ -24,7 +24,7 @@
       "value": "#adminvmname#"
     },
     "vmSizeSelect": {
-      "value": "Standard_A3"
+      "value": "Standard_D2as_v4"
     },
     "location": {
       "value": "#location#"

weblogic-azure-vm/arm-oraclelinux-wls-admin/test/scripts/gen-parameters-aad.sh

@@ -38,6 +38,9 @@ cat <<EOF > ${parametersPath}
         "enableDB": {
             "value": false
         },
+        "vmSizeSelect": {
+            "value": "Standard_D2as_v4"
+        },        
         "wlsLDAPGroupBaseDN": {
             "value": "GEN-UNIQUE"
         },

weblogic-azure-vm/arm-oraclelinux-wls-admin/test/scripts/gen-parameters-db-aad.sh

@@ -53,6 +53,9 @@ cat <<EOF > ${parametersPath}
         "jdbcDataSourceName": {
             "value": "jdbc/postgresql"
         },
+        "vmSizeSelect": {
+            "value": "Standard_D2as_v4"
+        },        
         "wlsLDAPGroupBaseDN": {
             "value": "GEN-UNIQUE"
         },

weblogic-azure-vm/arm-oraclelinux-wls-admin/test/scripts/gen-parameters-db.sh

@@ -44,6 +44,9 @@ cat <<EOF > ${parametersPath}
         "jdbcDataSourceName": {
             "value": "jdbc/postgresql"
         },
+        "vmSizeSelect": {
+            "value": "Standard_D2as_v4"
+        },        
         "wlsPassword": {
             "value": "GEN-UNIQUE"
         },