Merge branch 'jira-wdt-898-validate-credential-mapping' into 'main'

robertpatrick · robertpatrick · commit 9d76e0bfd040 · 2024-06-06T00:03:21.000Z
Add simple and content validation for WLS credential mappings

See merge request weblogic-cloud/weblogic-deploy-tooling!1705
diff --git a/core/src/main/python/wlsdeploy/tool/validate/content_validator.py b/core/src/main/python/wlsdeploy/tool/validate/content_validator.py
@@ -7,9 +7,17 @@
 from oracle.weblogic.deploy.logging import WLSDeployLogEndHandler
 
 from wlsdeploy.aliases.model_constants import CLUSTER
+from wlsdeploy.aliases.model_constants import CROSS_DOMAIN
+from wlsdeploy.aliases.model_constants import DOMAIN_INFO
 from wlsdeploy.aliases.model_constants import DYNAMIC_SERVERS
+from wlsdeploy.aliases.model_constants import REMOTE_DOMAIN
+from wlsdeploy.aliases.model_constants import REMOTE_HOST
+from wlsdeploy.aliases.model_constants import REMOTE_PASSWORD
+from wlsdeploy.aliases.model_constants import REMOTE_RESOURCE
+from wlsdeploy.aliases.model_constants import REMOTE_USER
 from wlsdeploy.aliases.model_constants import SERVER_TEMPLATE
 from wlsdeploy.aliases.model_constants import TOPOLOGY
+from wlsdeploy.aliases.model_constants import WLS_USER_PASSWORD_CREDENTIAL_MAPPINGS
 from wlsdeploy.exception import exception_helper
 from wlsdeploy.logging.platform_logger import PlatformLogger
 from wlsdeploy.util import dictionary_utils
@@ -21,8 +29,6 @@ class ContentValidator(object):
     These checks are done after alias folder and attribute checks.
     These checks should be performed against a detokenized, merged model.
     Tho model may be a sparse model. For example, it could referencce targets from another model.
-
-    Dynamic clusters is currently the only validation.
     """
     _class_name = 'ContentValidator'
     _logger = PlatformLogger('wlsdeploy.validate')
@@ -60,6 +66,7 @@ def validate_model_content(self, model_dict):
         # be tokenized in Prepare Model, do not call validate_user_passwords() from here.
         #
         self.validate_dynamic_clusters(model_dict)
+        self.validate_credential_mappings(model_dict)
 
     def validate_dynamic_clusters(self, model_dict):
         """
@@ -87,3 +94,34 @@ def validate_dynamic_clusters(self, model_dict):
 
                 else:
                     server_templates.append(server_template)
+
+    def validate_credential_mappings(self, model_dict):
+        """
+        Validate the content of the WLSUserPasswordCredentialMappings section of the model.
+        This does not include simple single-attribute validation such as value ranges,
+        those are handled in domain_info_validator.__validate_wls_credential_mappings_section
+        :param model_dict: the model to be validated
+        """
+        domain_info_folder = dictionary_utils.get_dictionary_element(model_dict, DOMAIN_INFO)
+        mappings_folder = dictionary_utils.get_dictionary_element(domain_info_folder,
+                                                                  WLS_USER_PASSWORD_CREDENTIAL_MAPPINGS)
+
+        cross_domain_dict = dictionary_utils.get_dictionary_element(mappings_folder, CROSS_DOMAIN)
+        for mapping_name, mapping_dict in cross_domain_dict.iteritems():
+            self.__validate_required_field(mapping_dict, REMOTE_USER, CROSS_DOMAIN, mapping_name)
+            self.__validate_required_field(mapping_dict, REMOTE_PASSWORD, CROSS_DOMAIN, mapping_name)
+            self.__validate_required_field(mapping_dict, REMOTE_DOMAIN, CROSS_DOMAIN, mapping_name)
+
+        remote_resources_dict = dictionary_utils.get_dictionary_element(mappings_folder, REMOTE_RESOURCE)
+        for mapping_name, mapping_dict in remote_resources_dict.iteritems():
+            self.__validate_required_field(mapping_dict, REMOTE_USER, REMOTE_RESOURCE, mapping_name)
+            self.__validate_required_field(mapping_dict, REMOTE_PASSWORD, REMOTE_RESOURCE, mapping_name)
+            self.__validate_required_field(mapping_dict, REMOTE_HOST, REMOTE_RESOURCE, mapping_name)
+
+    def __validate_required_field(self, dictionary, field_name, parent_folder_name, folder_name):
+        _method_name = '__validate_required_field'
+
+        if field_name not in dictionary:
+            self._logger.severe('WLSDPLY-05210', field_name, parent_folder_name, folder_name,
+                                class_name=self._class_name, method_name=_method_name)
+
diff --git a/core/src/main/python/wlsdeploy/tool/validate/domain_info_validator.py b/core/src/main/python/wlsdeploy/tool/validate/domain_info_validator.py
@@ -3,7 +3,6 @@
 Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 """
 from oracle.weblogic.deploy.create import RCURunner
-from oracle.weblogic.deploy.util import WLSDeployArchive
 
 from wlsdeploy.aliases.model_constants import ATP_DEFAULT_TABLESPACE
 from wlsdeploy.aliases.model_constants import ATP_TEMPORARY_TABLESPACE
@@ -14,16 +13,20 @@
 from wlsdeploy.aliases.model_constants import DRIVER_PARAMS_TRUSTSTORETYPE_PROPERTY
 from wlsdeploy.aliases.model_constants import DRIVER_PARAMS_TRUSTSTORE_PROPERTY
 from wlsdeploy.aliases.model_constants import DYNAMIC_CLUSTER_SERVER_GROUP_TARGETING_LIMITS
+from wlsdeploy.aliases.model_constants import METHOD
 from wlsdeploy.aliases.model_constants import MODEL_LIST_DELIMITER
 from wlsdeploy.aliases.model_constants import ORACLE_DATABASE_CONNECTION_TYPE
+from wlsdeploy.aliases.model_constants import PROTOCOL
 from wlsdeploy.aliases.model_constants import RCU_DATABASE_TYPE
 from wlsdeploy.aliases.model_constants import RCU_DB_INFO
 from wlsdeploy.aliases.model_constants import RCU_DEFAULT_TABLESPACE
 from wlsdeploy.aliases.model_constants import RCU_TEMP_TBLSPACE
+from wlsdeploy.aliases.model_constants import REMOTE_RESOURCE
 from wlsdeploy.aliases.model_constants import SERVER_GROUP_TARGETING_LIMITS
 from wlsdeploy.aliases.model_constants import STORE_TYPE_SSO
 from wlsdeploy.aliases.model_constants import WLS_POLICIES
 from wlsdeploy.aliases.model_constants import WLS_ROLES
+from wlsdeploy.aliases.model_constants import WLS_USER_PASSWORD_CREDENTIAL_MAPPINGS
 from wlsdeploy.logging.platform_logger import PlatformLogger
 from wlsdeploy.tool.create import wlspolicies_helper
 from wlsdeploy.tool.create import wlsroles_helper
@@ -59,6 +62,18 @@
     'JKS'
 ]
 
+RESOURCE_METHODS = [
+    'GET',
+    'POST'
+]
+
+RESOURCE_PROTOCOLS = [
+    'http',
+    'https',
+    't3',
+    't3s'
+]
+
 DEPRECATED_DB_TYPES = [
     RCURunner.ORACLE_DB_TYPE,
     RCURunner.ORACLE_ATP_DB_TYPE,
@@ -109,6 +124,8 @@ def _validate_folder(self, model_node, location):
             self.__validate_wlsroles_section(model_node)
         elif folder_name == WLS_POLICIES:
             self.__validate_wlspolicies_section(model_node)
+        elif folder_name == WLS_USER_PASSWORD_CREDENTIAL_MAPPINGS:
+            self.__validate_wls_credential_mappings_section(model_node)
         elif folder_name == RCU_DB_INFO:
             self.__validate_rcu_db_info_section(model_node)
 
@@ -163,6 +180,25 @@ def __validate_wlsroles_section(self, roles_dict):
 
         self._logger.exiting(class_name=_class_name, method_name=__method_name)
 
+    def __validate_wls_credential_mappings_section(self, mappings_dict):
+        # This method validates fields that can be checked in an unmerged model, such as value ranges.
+        # Checks for merged model (such as required/missing fields) are done in create_content_validator.py .
+        _method_name = '__validate_wls_credential_mappings_section'
+
+        # no field checks for cross-domain mappings
+
+        remote_resources_dict = dictionary_utils.get_dictionary_element(mappings_dict, REMOTE_RESOURCE)
+        for mapping_name, mapping_dict in remote_resources_dict.iteritems():
+            method = dictionary_utils.get_element(mapping_dict, METHOD)
+            if method and method not in RESOURCE_METHODS:
+                self._logger.severe('WLSDPLY-05313', method, REMOTE_RESOURCE, mapping_name, METHOD,
+                                    ', '.join(RESOURCE_METHODS), class_name=_class_name, method_name=_method_name)
+
+            protocol = dictionary_utils.get_element(mapping_dict, PROTOCOL)
+            if protocol and protocol not in RESOURCE_PROTOCOLS:
+                self._logger.severe('WLSDPLY-05313', protocol, REMOTE_RESOURCE, mapping_name, PROTOCOL,
+                                    ', '.join(RESOURCE_PROTOCOLS), class_name=_class_name, method_name=_method_name)
+
     def __validate_rcu_db_info_section(self, info_dict):
         _method_name = '__validate_rcu_db_info_section'
 
diff --git a/core/src/main/resources/oracle/weblogic/deploy/messages/wlsdeploy_rb.properties b/core/src/main/resources/oracle/weblogic/deploy/messages/wlsdeploy_rb.properties
@@ -663,6 +663,7 @@ WLSDPLY-05206=Found model attribute {0} of type {1} with value {2}
 WLSDPLY-05207=Found alias attribute {0} of type {1} with default value {2}
 WLSDPLY-05208=Skipping password validation for user {0} because the password appears to be tokenized
 WLSDPLY-05209=Model content validation failed
+WLSDPLY-05210=Attribute "{0}" is required for {1} credential mapping {2}
 
 # wlsdeploy/tool/validate/deployments_validator.py
 WLSDPLY-05240=Archive {0} {1} at location {2} was expected to start with {3}
@@ -682,6 +683,7 @@ WLSDPLY-05309={0} field {1} must be specified for {2} value of {3}
 WLSDPLY-05310={0} field {1} must be specified if {2} is specified
 WLSDPLY-05311=Prepended path {0} for {1} field {2} is an archive path, and no archive file is specified
 WLSDPLY-05312=Prepended path {0} for {1} field {2} is an archive path, and not found in any archive file
+WLSDPLY-05313=Value {0} is invalid for {1} {2} field {3}, must be one of {4}
 
 # oracle/weblogic/deploy/validate/PasswordValidator.java
 WLSDPLY-05400=Password validation failed because the username was not provided
diff --git a/core/src/test/python/wlsdeploy/tool/validate/content_validator_test.py b/core/src/test/python/wlsdeploy/tool/validate/content_validator_test.py
@@ -10,9 +10,13 @@
 from base_test import BaseTestCase
 from wlsdeploy.aliases.aliases import Aliases
 from wlsdeploy.aliases.model_constants import CLUSTER
+from wlsdeploy.aliases.model_constants import CROSS_DOMAIN
+from wlsdeploy.aliases.model_constants import DOMAIN_INFO
 from wlsdeploy.aliases.model_constants import DYNAMIC_SERVERS
+from wlsdeploy.aliases.model_constants import REMOTE_RESOURCE
 from wlsdeploy.aliases.model_constants import SERVER_TEMPLATE
 from wlsdeploy.aliases.model_constants import TOPOLOGY
+from wlsdeploy.aliases.model_constants import WLS_USER_PASSWORD_CREDENTIAL_MAPPINGS
 from wlsdeploy.logging.platform_logger import PlatformLogger
 from wlsdeploy.tool.validate.content_validator import ContentValidator
 from wlsdeploy.util.cla_utils import CommandLineArgUtil
@@ -81,6 +85,43 @@ def test_dynamic_dynamic_cluster_server_templates(self):
         # clusterOne and clusterTwo have the same server template
         self._validate_message_key(handler, Level.WARNING, 'WLSDPLY-05201', 1)
 
+    def test_wls_credential_mappings(self):
+        model_dict = {
+            DOMAIN_INFO: {
+                WLS_USER_PASSWORD_CREDENTIAL_MAPPINGS: {
+                    CROSS_DOMAIN: {
+                        'map1': {
+                            # these 3 are required
+                            # 'RemoteDomain': 'otherDomain',
+                            # 'RemoteUser': 'otherUser',
+                            # 'RemotePassword': 'welcome1',
+                        }
+                    },
+                    REMOTE_RESOURCE: {
+                        'map2': {
+                            # these 3 are required
+                            # 'RemoteHost': 'otherHost',
+                            # 'RemoteUser': 'otherUser',
+                            # 'RemotePassword': 'welcome1',
+                        }
+                    }
+                }
+            }
+        }
+
+        validator = self.create_validator()
+        validator.validate_model_content(model_dict)
+
+        handler = self._summary_handler
+        self.assertNotEqual(handler, None, "Summary handler is not present")
+
+        # Verify 2 errors, no warnings
+        self.assertEqual(handler.getMessageCount(Level.SEVERE), 6)
+        self.assertEqual(handler.getMessageCount(Level.WARNING), 0)
+
+        # 6 missing attributes for mappings
+        self._validate_message_key(handler, Level.SEVERE, 'WLSDPLY-05210', 6)
+
     def create_validator(self):
         args_map = {
             CommandLineArgUtil.ORACLE_HOME_SWITCH: '/oracle'
diff --git a/core/src/test/python/wlsdeploy/tool/validate/domain_info_validator_test.py b/core/src/test/python/wlsdeploy/tool/validate/domain_info_validator_test.py
@@ -12,11 +12,15 @@
 from wlsdeploy.aliases.aliases import Aliases
 from wlsdeploy.aliases.model_constants import DATABASE_TYPE
 from wlsdeploy.aliases.model_constants import DOMAIN_INFO
+from wlsdeploy.aliases.model_constants import METHOD
 from wlsdeploy.aliases.model_constants import ORACLE_DATABASE_CONNECTION_TYPE
+from wlsdeploy.aliases.model_constants import PROTOCOL
 from wlsdeploy.aliases.model_constants import RCU_DATABASE_TYPE
 from wlsdeploy.aliases.model_constants import RCU_DB_INFO
+from wlsdeploy.aliases.model_constants import REMOTE_RESOURCE
 from wlsdeploy.aliases.model_constants import WLS_POLICIES
 from wlsdeploy.aliases.model_constants import WLS_ROLES
+from wlsdeploy.aliases.model_constants import WLS_USER_PASSWORD_CREDENTIAL_MAPPINGS
 from wlsdeploy.logging.platform_logger import PlatformLogger
 from wlsdeploy.tool.validate.validator import Validator
 from wlsdeploy.util.model_context import ModelContext
@@ -133,6 +137,36 @@ def test_wls_roles_validation(self):
         # MyTester3 has invalid update mode
         self._validate_message_key(handler, Level.SEVERE, 'WLSDPLY-12505', 1)
 
+    def test_wls_credential_mappings_section(self):
+        _method_name = 'test_wls_credential_mappings_section'
+
+        mappings_dict = {
+            REMOTE_RESOURCE: {
+                'map1': {
+                    # these 2 values are bad
+                    PROTOCOL: 'httpx',
+                    METHOD: 'SEND',
+                }
+            }
+        }
+
+        model_dict = {
+            DOMAIN_INFO: {
+                WLS_USER_PASSWORD_CREDENTIAL_MAPPINGS: mappings_dict
+            }
+        }
+
+        self.validator.validate_in_standalone_mode(model_dict, {})
+
+        handler = self._summary_handler
+        self.assertNotEqual(handler, None, "Summary handler is not present")
+
+        self.assertEqual(handler.getMessageCount(Level.SEVERE), 2)
+        self.assertEqual(handler.getMessageCount(Level.WARNING), 0)
+
+        # PROTOCOL and METHOD have invalid values
+        self._validate_message_key(handler, Level.SEVERE, 'WLSDPLY-05313', 2)
+
     def test_rcu_db_info_validation(self):
         model_dict = {
             DOMAIN_INFO: {
