Merge pull request #4 from oracle/main

merge changes from oracle/weblogic-azure repo to gnsuryan/weblogic-azure repo.

Author: gnsuryan

README.md

@@ -35,7 +35,7 @@ vulnerability disclosure process.
 
 ## License
 
-Copyright (c) 2021 Oracle and/or its affiliates.
+Copyright (c) 2021, Oracle and/or its affiliates.
 
 Released under the Universal Permissive License v1.0 as shown at
 <https://oss.oracle.com/licenses/upl/>.

weblogic-azure-aks/src/main/arm/scripts/buildWLSDockerImage.sh

@@ -6,9 +6,13 @@ function echo_stderr() {
     echo "$@" >&2
 }
 
+# PENDING(edburns): load <azureACRPassword> and <ocrSSOPSW> from filesystem, from a file that is guaranteed to be secured as required
+function load_parameters_from_file() {
+}
+
 #Function to display usage message
 function usage() {
-    echo_stdout "./buildWLSDockerImage.sh <wlsImagePath> <azureACRServer> <azureACRUserName> <azureACRPassword> <imageTag> <appPackageUrls> <ocrSSOUser> <ocrSSOPSW> <wlsClusterSize>"
+    echo_stdout "./buildWLSDockerImage.sh <wlsImagePath> <azureACRServer> <azureACRUserName> <imageTag> <appPackageUrls> <ocrSSOUser> <wlsClusterSize>"
     if [ $1 -eq 1 ]; then
         exit 1
     fi
@@ -34,13 +38,13 @@ function validate_inputs() {
         usage 1
     fi
 
-    if [ -z "$azureACRUserName" ]; then
-        echo_stderr "azureACRUserName is required. "
+    if [ -z "$azureACRPassword" ]; then
+        echo_stderr "azureACRPassword is required. "
         usage 1
     fi
 
-    if [ -z "$azureACRPassword" ]; then
-        echo_stderr "azureACRPassword is required. "
+    if [ -z "$azureACRUserName" ]; then
+        echo_stderr "azureACRUserName is required. "
         usage 1
     fi
 
@@ -229,18 +233,18 @@ export scriptDir="$(cd "$(dirname "${script}")" && pwd)"
 export wlsImagePath=$1
 export azureACRServer=$2
 export azureACRUserName=$3
-export azureACRPassword=$4
-export imageTag=$5
-export appPackageUrls=$6
-export ocrSSOUser=$7
-export ocrSSOPSW=$8
-export wlsClusterSize=$9
+export imageTag=$4
+export appPackageUrls=$5
+export ocrSSOUser=$6
+export wlsClusterSize=$7
 
 export acrImagePath="$azureACRServer/aks-wls-images:${imageTag}"
 export ocrLoginServer="container-registry.oracle.com"
 export wdtDownloadURL="https://github.com/oracle/weblogic-deploy-tooling/releases/download/release-1.9.7/weblogic-deploy.zip"
 export witDownloadURL="https://github.com/oracle/weblogic-image-tool/releases/download/release-1.9.11/imagetool.zip"
 
+load_parameters_from_file
+
 validate_inputs
 
 initialize

weblogic-azure-aks/src/main/arm/scripts/invokeSetupWLSDomain.sh

@@ -0,0 +1,39 @@
+# Copyright (c) 2021, Oracle Corporation and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+echo "Script starts"
+
+#Function to output message to stdout
+function echo_stderr() {
+    echo "$@" >&2
+    echo "$@" >>stdout
+}
+
+function echo_stdout() {
+    echo "$@" >&2
+    echo "$@" >>stdout
+}
+
+# PENDING(edburns): write some of the parameters to file.  Others are passed directly to the script.
+function write_parameters_to_file() {
+}
+
+
+#Function to display usage message
+function usage() {
+    echo_stdout "./invokeSetupWLSDomain.sh ..."
+    if [ $1 -eq 1 ]; then
+        exit 1
+    fi
+}
+
+#Function to validate input
+function validate_input() {
+
+}
+
+validate_input
+
+# invoke the setupWLSDomain passing the parameters and the file
+
+exit $exitCode

weblogic-azure-aks/src/main/arm/scripts/setupWLSDomain.sh

@@ -14,9 +14,14 @@ function echo_stdout() {
     echo "$@" >>stdout
 }
 
+# PENDING(edburns): load <wlsPassword> <wdtRuntimePassword> from filesystem, from a file that is guaranteed to be secured as required
+function load_parameters_from_file() {
+}
+
+
 #Function to display usage message
 function usage() {
-    echo_stdout "./setupWLSDomain.sh <ocrSSOUser> <ocrSSOPSW> <aksClusterRGName> <aksClusterName> <wlsImageTag> <acrName> <wlsDomainName> <wlsDomainUID> <wlsUserName> <wlsPassword> <wdtRuntimePassword> <wlsCPU> <wlsMemory> <managedServerPrefix> <appReplicas> <appPackageUrls> <currentResourceGroup> <scriptURL> <storageAccountName> <wlsClusterSize>"
+    echo_stdout "./setupWLSDomain.sh <ocrSSOUser> <ocrSSOPSW> <aksClusterRGName> <aksClusterName> <wlsImageTag> <acrName> <wlsDomainName> <wlsDomainUID> <wlsUserName> <wlsCPU> <wlsMemory> <managedServerPrefix> <appReplicas> <appPackageUrls> <currentResourceGroup> <scriptURL> <storageAccountName> <wlsClusterSize>"
     if [ $1 -eq 1 ]; then
         exit 1
     fi
@@ -245,7 +250,7 @@ function build_docker_image() {
     --publisher Microsoft.Azure.Extensions \
     --version 2.0 \
     --settings "{ \"fileUris\": [\"${scriptURL}model.yaml\",\"${scriptURL}model.properties\",\"${scriptURL}buildWLSDockerImage.sh\"]}" \
-    --protected-settings "{\"commandToExecute\":\"bash buildWLSDockerImage.sh ${wlsImagePath} ${azureACRServer} ${azureACRUserName} ${azureACRPassword} ${newImageTag} \\\"${appPackageUrls}\\\" ${ocrSSOUser} ${ocrSSOPSW} ${wlsClusterSize}\"}"
+    --protected-settings "{\"commandToExecute\":\"bash buildWLSDockerImage.sh ${wlsImagePath} ${azureACRServer} ${azureACRUserName} ${newImageTag} \\\"${appPackageUrls}\\\" ${ocrSSOUser} ${wlsClusterSize}\"}"
 
     # If error fires, keep vm resource and exit.
     validate_status "Check status of buiding WLS domain image."
@@ -450,17 +455,15 @@ export acrName=$6
 export wlsDomainName=$7
 export wlsDomainUID=$8
 export wlsUserName=$9
-export wlsPassword=${10}
-export wdtRuntimePassword=${11}
-export wlsCPU=${12}
-export wlsMemory=${13}
-export managedServerPrefix=${14}
-export appReplicas=${15}
-export appPackageUrls=${16}
-export currentResourceGroup=${17}
-export scriptURL=${18}
-export storageAccountName=${19}
-export wlsClusterSize=${20}
+export wlsCPU=${10}
+export wlsMemory=${11}
+export managedServerPrefix=${12}
+export appReplicas=${13}
+export appPackageUrls=${14}
+export currentResourceGroup=${15}
+export scriptURL=${16}
+export storageAccountName=${17}
+export wlsClusterSize=${18}
 
 export adminServerName="admin-server"
 export exitCode=0
@@ -475,6 +478,8 @@ export wlsOptNameSpace="weblogic-operator-ns"
 export wlsOptRelease="weblogic-operator"
 export wlsOptSA="weblogic-operator-sa"
 
+load_parameters_from_file
+
 validate_input
 
 install_utilities

weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-create-wls-cluster.bicep

@@ -18,8 +18,7 @@ param ocrSSOPSW string
 param ocrSSOUser string
 param storageAccountName string = 'null'
 param utcValue string = utcNow()
-@secure()
-param wdtRuntimePassword string
+param wdtRuntimePassword string = 'welcome1'
 param wlsClusterSize int = 5
 param wlsCPU string = '200m'
 param wlsDomainName string = 'domain1'
@@ -35,6 +34,7 @@ var const_domainTemplate = 'domain.yaml.template'
 var const_pvTempalte = 'pv.yaml.template'
 var const_pvcTempalte = 'pvc.yaml.template'
 var const_scriptLocation = uri(_artifactsLocation, 'scripts/')
+var const_invokeSetUpDomainScript = 'invokeSetupWLSDomain.sh'
 var const_setUpDomainScript = 'setupWLSDomain.sh'
 
 resource deploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
@@ -45,8 +45,9 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
   properties: {
     azCliVersion: '2.15.0'
     arguments: const_arguments
-    primaryScriptUri: uri(const_scriptLocation, '${const_setUpDomainScript}${_artifactsLocationSasToken}')
+    primaryScriptUri: uri(const_scriptLocation, '${const_invokeSetUpDomainScript}${_artifactsLocationSasToken}')
     supportingScriptUris: [
+      uri(const_scriptLocation, '${const_setUpDomainScript}${_artifactsLocationSasToken}')
       uri(const_scriptLocation, '${const_domainTemplate}${_artifactsLocationSasToken}')
       uri(const_scriptLocation, '${const_pvTempalte}${_artifactsLocationSasToken}')
       uri(const_scriptLocation, '${const_pvcTempalte}${_artifactsLocationSasToken}')

weblogic-azure-vm/arm-oraclelinux-wls-admin/admin-ssl-post-deploy/src/main/scripts/configureCustomAdminSSL.sh

@@ -154,7 +154,7 @@ function wait_for_admin()
 {
  #wait for admin to start
 count=1
-export CHECK_URL="http://$wlsAdminURL/weblogic/ready"
+CHECK_URL="http://$wlsAdminURL/weblogic/ready"
 status=`curl --insecure -ILs $CHECK_URL | tac | grep -m1 HTTP/1.1 | awk {'print $2'}`
 echo "Waiting for admin server to start"
 while [[ "$status" != "200" ]]
@@ -193,7 +193,7 @@ function parseLDAPCertificate()
     done
 
     openssl base64 -d -in ${SCRIPT_PWD}/security/AzureADLDAPCerBase64String.txt -out ${SCRIPT_PWD}/security/AzureADTrust.cer
-    export addsCertificate=${SCRIPT_PWD}/security/AzureADTrust.cer
+    addsCertificate=${SCRIPT_PWD}/security/AzureADTrust.cer
 }
 
 function importAADCertificateIntoWLSCustomTrustKeyStore()
@@ -254,7 +254,7 @@ function parseAndSaveCustomSSLKeyStoreData()
 
     echo "$customIdentityKeyStoreBase64String" > ${KEYSTORE_PATH}/identityKeyStoreCerBase64String.txt
     cat ${KEYSTORE_PATH}/identityKeyStoreCerBase64String.txt | base64 -d > ${KEYSTORE_PATH}/identity.keystore
-    export customSSLIdentityKeyStoreFile=${KEYSTORE_PATH}/identity.keystore
+    customSSLIdentityKeyStoreFile=${KEYSTORE_PATH}/identity.keystore
 
     rm -rf ${KEYSTORE_PATH}/identityKeyStoreCerBase64String.txt
 
@@ -263,7 +263,7 @@ function parseAndSaveCustomSSLKeyStoreData()
 
     echo "$customTrustKeyStoreBase64String" > ${KEYSTORE_PATH}/trustKeyStoreCerBase64String.txt
     cat ${KEYSTORE_PATH}/trustKeyStoreCerBase64String.txt | base64 -d > ${KEYSTORE_PATH}/trust.keystore
-    export customSSLTrustKeyStoreFile=${KEYSTORE_PATH}/trust.keystore
+    customSSLTrustKeyStoreFile=${KEYSTORE_PATH}/trust.keystore
 
     rm -rf ${KEYSTORE_PATH}/trustKeyStoreCerBase64String.txt
 
@@ -279,7 +279,7 @@ function restartAdminServerService()
 
 #main script starts here
 
-export SCRIPT_PWD=`pwd`
+SCRIPT_PWD=`pwd`
 
 # store arguments in a special array 
 args=("$@") 
@@ -288,51 +288,51 @@ ELEMENTS=${#args[@]}
 
 # echo each element in array  
 # for loop 
-for (( i=0;i<$ELEMENTS;i++)); do 
-    echo "ARG[${args[${i}]}]"
-done
+#for (( i=0;i<$ELEMENTS;i++)); do 
+#    echo "ARG[${args[${i}]}]"
+#done
 
 if [ $# -lt 9 ]
 then
     usage
     exit 1
 fi
 
-export adminVMName=$1
-export wlsDomainName=$2
-export wlsUserName=$3
-export wlsPassword=$4
-export oracleHome=$5
-export wlsDomainPath=$6
+adminVMName=$1
+wlsDomainName=$2
+wlsUserName=$3
+wlsPassword=$4
+oracleHome=$5
+wlsDomainPath=$6
 
-export enableAAD="${7}"
+enableAAD="${7}"
 enableAAD="${enableAAD,,}"
 
-export wlsADSSLCer="${8}"
+wlsADSSLCer="${8}"
 
-export isCustomSSLEnabled="${9}"
+isCustomSSLEnabled="${9}"
 isCustomSSLEnabled="${isCustomSSLEnabled,,}"
 
 if [ "${isCustomSSLEnabled,,}" == "true" ];
 then
-    export customIdentityKeyStoreBase64String="${10}"
-    export customIdentityKeyStorePassPhrase="${11}"
-    export customIdentityKeyStoreType="${12}"
-    export customTrustKeyStoreBase64String="${13}"
-    export customTrustKeyStorePassPhrase="${14}"
-    export customTrustKeyStoreType="${15}"
-    export privateKeyAlias="${16}"
-    export privateKeyPassPhrase="${17}"
+    customIdentityKeyStoreBase64String="${10}"
+    customIdentityKeyStorePassPhrase="${11}"
+    customIdentityKeyStoreType="${12}"
+    customTrustKeyStoreBase64String="${13}"
+    customTrustKeyStorePassPhrase="${14}"
+    customTrustKeyStoreType="${15}"
+    privateKeyAlias="${16}"
+    privateKeyPassPhrase="${17}"
 fi
 
-export wlsAdminPort=7001
-export wlsAdminChannelPort=7005
-export wlsAdminURL="$adminVMName:$wlsAdminChannelPort"
-export wlsServerName="admin"
-export username="oracle"
-export groupname="oracle"
+wlsAdminPort=7001
+wlsAdminChannelPort=7005
+wlsAdminURL="$adminVMName:$wlsAdminChannelPort"
+wlsServerName="admin"
+username="oracle"
+groupname="oracle"
 
-export KEYSTORE_PATH="$wlsDomainPath/$wlsDomainName/keystores"
+KEYSTORE_PATH="$wlsDomainPath/$wlsDomainName/keystores"
 
 validateInput
 cleanup

weblogic-azure-vm/arm-oraclelinux-wls-admin/cli-scripts/custom-dns-alias-cli.sh

@@ -107,7 +107,7 @@ function queryAdminIPId() {
     exit 1
   fi
 
-  export adminIPId=$(az graph query -q "Resources 
+  adminIPId=$(az graph query -q "Resources 
     | where type =~ 'microsoft.network/networkinterfaces' 
     | where id=~ '${nicId}' 
     | extend ipConfigsCount=array_length(properties.ipConfigurations) 
@@ -122,7 +122,7 @@ function queryAdminIPId() {
 }
 
 function generateParameterFile() {
-  export parametersPath=parameters.json
+  parametersPath=parameters.json
   cat <<EOF >${scriptDir}/${parametersPath}
 {
     "\$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
@@ -230,8 +230,8 @@ Custom DNS alias:
 
 # main script start from here
 # default value
-export hasDNSZone=false
-export identity=/subscriptions/subscriptionId/resourceGroups/TestResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/TestUserIdentity1
+hasDNSZone=false
+identity=/subscriptions/subscriptionId/resourceGroups/TestResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/TestUserIdentity1
 
 # Transform long options to short ones
 for arg in "$@"; do

weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/mainTemplate.json

@@ -303,11 +303,11 @@
          "defaultValue": "ServerPrivateKeyPassPhraseSecret"
       },
       "uploadedCustomIdentityKeyStoreData": {
-         "type": "string",
+         "type": "securestring",
          "metadata": {
             "description": "Custom Identity KeyStore Data"
          },
-         "defaultValue": "customIdentityKeyStoreData"
+         "defaultValue": ""
       },
       "uploadedCustomIdentityKeyStorePassphrase": {
          "type": "securestring",
@@ -324,11 +324,11 @@
          "defaultValue": "JKS"
       },
       "uploadedCustomTrustKeyStoreData": {
-         "type": "string",
+         "type": "securestring",
          "metadata": {
             "description": "Custom Trust KeyStore Data"
          },
-         "defaultValue": "customTrustKeyStoreData"
+         "defaultValue": ""
       },
       "uploadedCustomTrustKeyStorePassPhrase": {
          "type": "securestring",