Apply OPSS credential values from the model during domain creation

core/src/main/python/wlsdeploy/aliases/alias_entries.py

@@ -59,6 +59,7 @@
 from wlsdeploy.aliases.model_constants import JPA
 from wlsdeploy.aliases.model_constants import ODL_CONFIGURATION
 from wlsdeploy.aliases.model_constants import OHS
+from wlsdeploy.aliases.model_constants import OPSS_INITIALIZATION
 from wlsdeploy.aliases.model_constants import RCU_DB_INFO
 from wlsdeploy.aliases.model_constants import RESOURCE_MANAGER
 from wlsdeploy.aliases.model_constants import RESOURCES
@@ -157,6 +158,7 @@ class AliasEntries(object):
     ]
 
     __domain_info_top_level_folders = [
+        OPSS_INITIALIZATION,
         RCU_DB_INFO,
         WLS_ROLES,
         WLS_USER_PASSWORD_CREDENTIAL_MAPPINGS

core/src/main/python/wlsdeploy/aliases/model_constants.py

@@ -208,6 +208,7 @@
 ODL_CONFIGURATION = 'ODLConfiguration'
 OHS = 'OHS'
 OPEN_LDAP_AUTHENTICATOR = 'OpenLDAPAuthenticator'
+OPSS_INITIALIZATION = 'OPSSInitialization'
 ORACLE_OID_AUTHENTICATOR = 'OracleInternetDirectoryAuthenticator'
 ORACLE_OUD_AUTHENTICATOR = 'OracleUnifiedDirectoryAuthenticator'
 ORACLE_OVD_AUTHENTICATOR = 'OracleVirtualDirectoryAuthenticator'
@@ -296,6 +297,7 @@
 SYSTEM_PASSWORD_VALIDATOR = 'SystemPasswordValidator'
 TARGET = 'Target'
 TARGET_DESTINATION = 'TargetDestination'
+TARGET_KEY = 'TargetKey'
 TEMPLATE = 'Template'
 THREAD_DUMP_ACTION = 'ThreadDumpAction'
 THRESHOLDS = 'Thresholds'

core/src/main/python/wlsdeploy/tool/create/domain_creator.py

@@ -80,6 +80,7 @@
 from wlsdeploy.exception import exception_helper
 from wlsdeploy.exception.expection_types import ExceptionType
 from wlsdeploy.tool.create import atp_helper
+from wlsdeploy.tool.create import opss_helper
 from wlsdeploy.tool.create import ssl_helper
 from wlsdeploy.tool.create import rcudbinfo_helper
 from wlsdeploy.tool.create.creator import Creator
@@ -334,7 +335,7 @@ def __run_rcu(self):
                                               truststore_type)
 
             ssl_conn_properties["oracle.net.ssl_server_dn_match"] = 'false'
-            
+
             fmw_database = self.wls_helper.get_jdbc_url_from_rcu_connect_string(rcu_database)
             runner = RCURunner.createSslRunner(domain_type, oracle_home, java_home, fmw_database, rcu_prefix, rcu_schemas,
                                                rcu_db_info.get_rcu_variables(), rcu_runner_map, ssl_conn_properties)
@@ -641,6 +642,9 @@ def __extend_domain_with_select_template(self, domain_home):
 
         self.__apply_base_domain_config(topology_folder_list, delete=True)
 
+        # apply OPSS configuration before the first domain write
+        opss_helper.create_credentials(self.model.get_model(), self.model_context, self.aliases, self.wlst_helper)
+
         self.logger.info('WLSDPLY-12205', self._domain_name, domain_home,
                          class_name=self.__class_name, method_name=_method_name)
         self.wlst_helper.write_domain(domain_home)
@@ -1137,7 +1141,7 @@ def __validate_and_get_ssl_rcudbinfo(self, rcu_db_info, check_admin_pwd=False):
                                                               "'rcu_admin_password']")
                 raise ex
 
-        return tns_admin, rcu_database, truststore_pwd, truststore_type, truststore, keystore_pwd, keystore_type, keystore   
+        return tns_admin, rcu_database, truststore_pwd, truststore_type, truststore, keystore_pwd, keystore_type, keystore
 
     def __configure_fmw_infra_database(self):
         """

core/src/main/python/wlsdeploy/tool/create/domain_typedef.py

@@ -335,16 +335,17 @@ def __resolve_paths(self):
 
         if not self._paths_resolved:
             if self._model_context is None:
-                ex = exception_helper.create_create_exception('WLSDPLY-12302')
+                ex = exception_helper.create_cla_exception(ExitCode.ARG_VALIDATION_ERROR, 'WLSDPLY-12302')
                 self._logger.throwing(ex, class_name=self.__class_name, method_name=_method_name)
                 raise ex
 
             if 'baseTemplate' in self._domain_typedef:
                 self._domain_typedef['baseTemplate'] = \
                     self._model_context.replace_token_string(self._domain_typedef['baseTemplate'])
             else:
-                ex = exception_helper.create_create_exception('WLSDPLY-12303', self._domain_type,
-                                                              self._domain_typedef_filename, self._version_typedef_name)
+                ex = exception_helper.create_cla_exception(ExitCode.ARG_VALIDATION_ERROR, 'WLSDPLY-12303',
+                                                           self._domain_type, self._domain_typedef_filename,
+                                                           self._version_typedef_name)
                 self._logger.throwing(ex, class_name=self.__class_name, method_name=_method_name)
                 raise ex
 
@@ -386,13 +387,13 @@ def __get_version_typedef(self):
         _method_name = '__get_version_typedef'
 
         if 'versions' not in self._domain_typedefs_dict:
-            ex = exception_helper.create_create_exception('WLSDPLY-12304', self._domain_type,
-                                                          self._domain_typedef_filename)
+            ex = exception_helper.create_cla_exception(ExitCode.ARG_VALIDATION_ERROR, 'WLSDPLY-12304',
+                                                       self._domain_type, self._domain_typedef_filename)
             self._logger.throwing(ex, class_name=self.__class_name, method_name=_method_name)
             raise ex
         elif 'definitions' not in self._domain_typedefs_dict:
-            ex = exception_helper.create_create_exception('WLSDPLY-12305', self._domain_type,
-                                                          self._domain_typedef_filename)
+            ex = exception_helper.create_cla_exception(ExitCode.ARG_VALIDATION_ERROR, 'WLSDPLY-12305',
+                                                       self._domain_type, self._domain_typedef_filename)
             self._logger.throwing(ex, class_name=self.__class_name, method_name=_method_name)
             raise ex
 
@@ -401,8 +402,9 @@ def __get_version_typedef(self):
         if self._version_typedef_name in self._domain_typedefs_dict['definitions']:
             result = self._domain_typedefs_dict['definitions'][self._version_typedef_name]
         else:
-            ex = exception_helper.create_create_exception('WLSDPLY-12306', self._domain_type,
-                                                          self._domain_typedef_filename, self._version_typedef_name)
+            ex = exception_helper.create_cla_exception(ExitCode.ARG_VALIDATION_ERROR, 'WLSDPLY-12306',
+                                                       self._domain_type, self._domain_typedef_filename,
+                                                       self._version_typedef_name)
             self._logger.throwing(ex, class_name=self.__class_name, method_name=_method_name)
             raise ex
         return result
@@ -418,8 +420,8 @@ def __match_version_typedef(self, versions_dict):
 
         self._logger.entering(versions_dict, class_name=self.__class_name, method_name=_method_name)
         if len(versions_dict) == 0:
-            ex = exception_helper.create_create_exception('WLSDPLY-12307', self._domain_type,
-                                                          self._domain_typedef_filename)
+            ex = exception_helper.create_cla_exception(ExitCode.ARG_VALIDATION_ERROR, 'WLSDPLY-12307',
+                                                       self._domain_type, self._domain_typedef_filename)
             self._logger.throwing(ex, class_name=self.__class_name, method_name=_method_name)
             raise ex
 
@@ -441,12 +443,14 @@ def __match_version_typedef(self, versions_dict):
                     new_version = self.wls_helper.get_next_higher_order_version_number(new_version)
 
             if result is None:
-                ex = exception_helper.create_create_exception('WLSDPLY-12309', self._domain_type,
-                                                              self._domain_typedef_filename, wls_version)
+                ex = exception_helper.create_cla_exception(ExitCode.ARG_VALIDATION_ERROR, 'WLSDPLY-12309',
+                                                           self._domain_type, self._domain_typedef_filename,
+                                                           wls_version)
                 self._logger.throwing(ex, class_name=self.__class_name, method_name=_method_name)
                 raise ex
         if result == NOT_SUPPORTED:
-            ex = exception_helper.create_create_exception('WLSDPLY-12313', self._domain_type, wls_version)
+            ex = exception_helper.create_cla_exception(ExitCode.ARG_VALIDATION_ERROR, 'WLSDPLY-12313',
+                                                       self._domain_type, wls_version)
             self._logger.throwing(ex, class_name=self.__class_name, method_name=_method_name)
             raise ex
         self._logger.exiting(self.__class_name, _method_name, result)
@@ -494,7 +498,7 @@ def _resolve_topology_profile(self):
 
         if 'topologyProfile' not in self._domain_typedefs_dict:
             return None
-        topology_profile = self._domain_typedefs_dict['topologyProfile'];
+        topology_profile = self._domain_typedefs_dict['topologyProfile']
 
         # there are no valid topology profiles for versions 12.1.x and below
         if not self.wls_helper.is_topology_profile_supported():
@@ -504,7 +508,7 @@ def _resolve_topology_profile(self):
             self._logger.throwing(ex, class_name=self.__class_name, method_name=_method_name)
             raise ex
 
-        # if specified, toppology profile must be one of the known types
+        # if specified, topology profile must be one of the known types
         if topology_profile not in TopologyProfile:
             ex = exception_helper.create_cla_exception(ExitCode.ARG_VALIDATION_ERROR,
                                                        'WLSDPLY-12315', topology_profile, self._domain_typedef_filename)

core/src/main/python/wlsdeploy/tool/create/opss_helper.py

@@ -0,0 +1,61 @@
+"""
+Copyright (c) 2023, Oracle and/or its affiliates.
+Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+"""
+from wlsdeploy.aliases.model_constants import CREDENTIAL
+from wlsdeploy.aliases.model_constants import DOMAIN_INFO
+from wlsdeploy.aliases.model_constants import OPSS_INITIALIZATION
+from wlsdeploy.aliases.model_constants import TARGET_KEY
+from wlsdeploy.logging.platform_logger import PlatformLogger
+from wlsdeploy.util import dictionary_utils
+
+_class_name = 'opss_helper'
+
+
+class OPSSHelper(object):
+    """
+    Helper for OPSS credentials in the model dictionary.
+    """
+    _class_name = 'OPSSHelper'
+
+    def __init__(self, model_dictionary, model_context, aliases, wlst_helper):
+        """
+        :param model_dictionary: the model dictionary to be used
+        :param model_context: used to check CLI arguments
+        :param aliases: used for folder lookup
+        :param wlst_helper: used for WLST commands
+        """
+        self._model_dictionary = model_dictionary
+        self._model_context = model_context
+        self._aliases = aliases
+        self._wlst_helper = wlst_helper
+        self._logger = PlatformLogger('wlsdeploy.create')
+
+    def create_credentials(self):
+        _method_name = 'create_credentials'
+
+        domain_info = dictionary_utils.get_dictionary_element(self._model_dictionary, DOMAIN_INFO)
+        opss_initialization = dictionary_utils.get_dictionary_element(domain_info, OPSS_INITIALIZATION)
+        credentials = dictionary_utils.get_dictionary_element(opss_initialization, CREDENTIAL)
+        for store_key, store_folder in credentials.iteritems():
+            self._logger.info('WLSDPLY-12350', store_key, class_name=self._class_name, method_name=_method_name)
+            keys = dictionary_utils.get_dictionary_element(store_folder, TARGET_KEY)
+            for key, key_folder in keys.iteritems():
+                wlst_path = '/Credential/TargetStore/' + store_key + '/TargetKey/' + key
+                self._wlst_helper.cd(wlst_path)
+                self._wlst_helper.create('c', 'Credential')
+                self._wlst_helper.cd('Credential')
+                for field, field_value in key_folder.iteritems():
+                    self._wlst_helper.set(field, field_value)
+
+
+def create_credentials(model_dictionary, model_context, aliases, wlst_helper):
+    """
+    Static method for initializing OPSSHelper and creating credentials.
+    :param model_dictionary: the model dictionary to be used
+    :param model_context: used to check CLI arguments
+    :param aliases: used for folder lookup
+    :param wlst_helper: used for WLST commands
+    """
+    opss_helper = OPSSHelper(model_dictionary, model_context, aliases, wlst_helper)
+    opss_helper.create_credentials()

core/src/main/resources/oracle/weblogic/deploy/aliases/category_modules/OPSSInitialization.json

@@ -0,0 +1,38 @@
+{
+    "copyright": "Copyright (c) 2023, Oracle and/or its affiliates.",
+    "license": "Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl",
+    "wlst_type": "OPSSInitialization",
+    "short_name": "OPSS",
+    "folders": {
+        "Credential": {
+            "wlst_type": "Credential",
+            "child_folders_type": "multiple",
+            "folders": {
+                "TargetKey": {
+                    "wlst_type": "TargetKey",
+                    "child_folders_type": "multiple",
+                    "short_name": "Key",
+                    "folders": {},
+                    "attributes": {
+                        "Username": [ {"version": "[10,)", "wlst_mode": "both", "wlst_name": "Username", "wlst_path": "WP001", "default_value": null, "wlst_type": "credential" } ],
+                        "Password": [ {"version": "[10,)", "wlst_mode": "both", "wlst_name": "Password", "wlst_path": "WP001", "default_value": null, "wlst_type": "password" } ]
+                    },
+                    "wlst_attributes_path": "WP001",
+                    "wlst_paths": {
+                        "WP001": "/NO_FOLDER/%OPSSINITIALIZATION%/NO_FOLDER/%CREDENTIAL%/NO_FOLDER/%TARGETKEY%"
+                    }
+                }
+            },
+            "attributes": {},
+            "wlst_attributes_path": "WP001",
+            "wlst_paths": {
+                "WP001": "/NO_FOLDER/%OPSSINITIALIZATION%/NO_FOLDER/%CREDENTIAL%"
+            }
+        }
+    },
+    "attributes": {},
+    "wlst_attributes_path": "WP001",
+    "wlst_paths": {
+        "WP001": "/NO_FOLDER"
+    }
+}

core/src/main/resources/oracle/weblogic/deploy/messages/wlsdeploy_rb.properties

@@ -1475,6 +1475,9 @@ WLSDPLY-12313=Domain type {0} is not supported for WebLogic version {1}
 WLSDDPL-12314=Topology profile "{0}" is typedef file {1} is not allowed for WebLogic version {2}
 WLSDPLY-12315=Topology profile "{0}" in type definition file {1} is not a known topology profile value
 
+# opss_helper.py
+WLSDPLY-12350=Initializing OPSS credentials for target store "{0}"
+
 # create.py
 WLSDPLY-12400={0} got the JAVA_HOME {1} from the environment variable but it was not a valid location: {2}
 # number gap to fill