Merge branch 'jira-wdt-939-cert-mgmt' into 'main'

Add plugin deployments and certificate management

See merge request weblogic-cloud/weblogic-deploy-tooling!1819

Author: robertpatrick

core/src/main/java/oracle/weblogic/deploy/util/WLSDeployArchive.java

@@ -125,6 +125,12 @@ public class WLSDeployArchive {
      */
     public static final String ARCHIVE_SHLIBS_TARGET_DIR = WLSDPLY_ARCHIVE_BINARY_DIR + ZIP_SEP + "sharedLibraries";
 
+    /**
+     * Top-level archive subdirectory where the plugins are stored and the subdirectory to
+     * which they will be extracted.
+     */
+    public static final String ARCHIVE_PLUGINS_TARGET_DIR = WLSDPLY_ARCHIVE_BINARY_DIR + ZIP_SEP + "pluginDeployments";
+
     /**
      * Top-level archive subdirectory where the $DOMAIN_HOME/lib are stored.
      */
@@ -212,6 +218,7 @@ public enum ArchiveEntryType {
         MIME_MAPPING,
         NODE_MANAGER_KEY_STORE,
         OPSS_WALLET,
+        PLUGIN_DEPLOYMENT,
         RCU_WALLET,
         SAML2_DATA,
         SCRIPT,
@@ -340,6 +347,10 @@ public static String getPathForType(ArchiveEntryType type) {
                 pathPrefix = ARCHIVE_SHLIBS_TARGET_DIR + ZIP_SEP;
                 break;
 
+            case PLUGIN_DEPLOYMENT:
+                pathPrefix = ARCHIVE_PLUGINS_TARGET_DIR + ZIP_SEP;
+                break;
+
             case STRUCTURED_APPLICATION:
                 pathPrefix = ARCHIVE_STRUCT_APPS_TARGET_DIR + ZIP_SEP;
                 break;
@@ -1052,6 +1063,152 @@ public void close() {
     //                                methods using archiveType                                  //
     ///////////////////////////////////////////////////////////////////////////////////////////////
 
+    /**
+     * Get the path of the archive entry as if it is in the archive file.
+     * This does not reconcile duplicate names and other items that require the archive file
+     * and is only used with discoverDomain -remote to give the user an archive path.
+     * @param archiveType the type of the entry
+     * @param path the original path of the entry
+     * @return name for model archive file name
+     */
+    public static String getArchivePath(ArchiveEntryType archiveType, String path) {
+        String pathPrefix = getPathForType(archiveType);
+        return getArchiveName(pathPrefix, path);
+    }
+
+    public String addItem(ArchiveEntryType archiveType, String sourcePath) throws WLSDeployArchiveIOException {
+        final String METHOD = "addItem";
+        LOGGER.entering(CLASS, METHOD, archiveType, sourcePath);
+
+        File filePath = FileUtils.getCanonicalFile(sourcePath);
+        validateExistingFile(filePath, "path", getArchiveFileName(), METHOD, true);
+
+        String pathPrefix = getPathForType(archiveType);
+        String newName = addItemToZip(pathPrefix, filePath);
+
+        LOGGER.exiting(CLASS, METHOD, newName);
+        return newName;
+    }
+
+    public String replaceItem(ArchiveEntryType archiveType, String archiveName, String sourcePath)
+            throws WLSDeployArchiveIOException {
+
+        final String METHOD = "replaceItem";
+        LOGGER.entering(CLASS, METHOD, archiveType, archiveName, sourcePath);
+
+        String pathPrefix = getPathForType(archiveType);
+        String archivePath;
+        if (archiveName.startsWith(pathPrefix)) {
+            archivePath = archiveName;
+        } else {
+            archivePath = pathPrefix + archiveName;
+        }
+
+        getZipFile().removeZipEntries(archivePath);
+        String newName = addItem(archiveType, sourcePath);
+
+        LOGGER.exiting(CLASS, METHOD, newName);
+        return newName;
+    }
+
+    /**
+     * Extracts the named file or directory from the archive into the specified directory,
+     * preserving any archive directory structure.
+     *
+     * @param archiveType the type of the entry
+     * @param path     the path of the file or directory in the archive
+     * @param directory  the existing target directory (usually domain home)
+     * @throws WLSDeployArchiveIOException if an IOException occurred while reading the archive or writing the file
+     * @throws IllegalArgumentException    if the directory does not exist or the path is empty
+     */
+    public void extractItem(ArchiveEntryType archiveType, String path, File directory)
+            throws WLSDeployArchiveIOException {
+
+        final String METHOD = "extractItem";
+        LOGGER.entering(CLASS, METHOD, archiveType, path);
+
+        validateNonEmptyString(path, "path", METHOD);
+        validateExistingDirectory(directory, "directory", getArchiveFileName(), METHOD);
+
+        String pathPrefix = getPathForType(archiveType);
+        String archivePath = path;
+        if (!path.startsWith(pathPrefix)) {
+            archivePath = pathPrefix + path;
+        }
+
+        archivePath = fixupPathForDirectories(archivePath);
+        if (archivePath.endsWith(ZIP_SEP)) {
+            extractDirectoryFromZip(archivePath, directory);
+        } else {
+            extractFileFromZip(archivePath, directory);
+        }
+
+        LOGGER.exiting(CLASS, METHOD);
+    }
+
+    /**
+     * Remove the named item from the archive file.  If this is the only entry
+     * in the archive file directory, the directory entry will also be removed, if present.
+     *
+     * @param path The item name (e.g., foo.jar) or the archive path
+     *             to it (e.g., wlsdeploy/domainLibraries/foo.jar)
+     * @return the number of zip entries removed from the archive
+     * @throws WLSDeployArchiveIOException  if the item is not present or an IOException occurred while
+     *                                      reading the archive or writing the file
+     * @throws IllegalArgumentException     if the path is null or empty
+     */
+    public int removeItem(ArchiveEntryType archiveType, String path) throws WLSDeployArchiveIOException {
+        return removeItem(archiveType, path, false);
+    }
+
+    /**
+     * Remove the named item from the archive file.  If this is the only entry
+     * in the archive file directory, the directory entry will also be removed, if present.
+     *
+     * @param path The item name (e.g., foo.jar) or the archive path
+     *             to it (e.g., wlsdeploy/domainLibraries/foo.jar)
+     * @param silent  If false, a WLSDeployArchiveIOException is thrown if the named item does not exist
+     * @return the number of zip entries removed from the archive
+     * @throws WLSDeployArchiveIOException  if the item is not present (and silent = false) or an IOException
+     *                                      occurred while reading the archive or writing the file
+     * @throws IllegalArgumentException     if the path is null or empty
+     */
+    public int removeItem(ArchiveEntryType archiveType, String path, boolean silent) throws WLSDeployArchiveIOException {
+        final String METHOD = "removeItem";
+        LOGGER.entering(CLASS, METHOD, path, silent);
+
+        validateNonEmptyString(path, "path", METHOD);
+
+        String pathPrefix = getPathForType(archiveType);
+        String archivePath;
+        String itemName;
+        if (path.startsWith(pathPrefix)) {
+            archivePath = path;
+            itemName = getNameFromPath(archivePath, pathPrefix.length() + 1);
+        } else {
+            archivePath = pathPrefix + path;
+            itemName = path;
+        }
+
+        List<String> zipEntries = getArchiveEntries(archiveType, itemName);
+
+        if (!silent && zipEntries.isEmpty()) {
+            WLSDeployArchiveIOException ex =
+                    new WLSDeployArchiveIOException("WLSDPLY-01480", archiveType, itemName, getArchiveFileName(), archivePath);
+            LOGGER.throwing(CLASS, METHOD, ex);
+            throw ex;
+        }
+
+        int result = zipEntries.size();
+        for (String zipEntry : zipEntries) {
+            getZipFile().removeZipEntry(zipEntry);
+        }
+        result += removeEmptyTypeDir(archiveType, pathPrefix);
+
+        LOGGER.exiting(CLASS, METHOD, result);
+        return result;
+    }
+
     /**
      * Add a source file for the specified archive type, including an entry name.
      * Example: config/wlsdeploy/servers/myServer/identity.jks

core/src/main/python/deploy.py

@@ -1,5 +1,5 @@
 """
-Copyright (c) 2017, 2024, Oracle and/or its affiliates.
+Copyright (c) 2017, 2025, Oracle and/or its affiliates.
 Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 
 The entry point for the deployApps tool.
@@ -165,6 +165,7 @@ def __deploy_online(model_deployer, model_context):
     __logger.info("WLSDPLY-09007", admin_url, method_name=_method_name, class_name=_class_name)
 
     try:
+        model_deployer.deploy_plugins()
         model_deployer.deploy_resources()
         model_deployer.distribute_database_wallets_online()
         model_deployer.deploy_app_attributes_online()
@@ -202,6 +203,7 @@ def __deploy_offline(model_deployer, model_context):
 
     __wlst_helper.read_domain(domain_home)
 
+    model_deployer.deploy_plugins()
     model_deployer.deploy_model_offline()
 
     try:

core/src/main/python/update.py

@@ -1,5 +1,5 @@
 """
-Copyright (c) 2017, 2024, Oracle and/or its affiliates.
+Copyright (c) 2017, 2025, Oracle and/or its affiliates.
 Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 
 The entry point for the updateDomain tool.
@@ -192,6 +192,7 @@ def __update_online(model_deployer, model, model_context, aliases):
 
         topology_updater.clear_placeholder_targeting(jdbc_names)
         topology_updater.update_nm_properties()  # alias will skip for online, but log the omission
+        model_deployer.deploy_plugins()  # may be referenced in SecurityConfiguration/CertificateManagement
         topology_updater.update()
         model_deployer.deploy_resources()
         model_deployer.distribute_database_wallets_online()
@@ -251,6 +252,8 @@ def __update_offline(model_deployer, model, model_context, aliases):
 
     topology_updater.set_server_groups()
     topology_updater.clear_placeholder_targeting(jdbc_names)
+
+    model_deployer.deploy_plugins()  # may be referenced in SecurityConfiguration/CertificateManagement
     topology_updater.update()
 
     # Add resources after server groups are established to prevent auto-renaming

core/src/main/python/wlsdeploy/aliases/alias_entries.py

@@ -61,12 +61,14 @@
 from wlsdeploy.aliases.model_constants import HEALTH_SCORE
 from wlsdeploy.aliases.model_constants import JOLT_CONNECTION_POOL
 from wlsdeploy.aliases.model_constants import JPA
+from wlsdeploy.aliases.model_constants import LIBRARY
 from wlsdeploy.aliases.model_constants import MANAGED_EXECUTOR_SERVICE_TEMPLATE
 from wlsdeploy.aliases.model_constants import MANAGED_SCHEDULED_EXECUTOR_SERVICE_TEMPLATE
 from wlsdeploy.aliases.model_constants import MANAGED_THREAD_FACTORY_TEMPLATE
 from wlsdeploy.aliases.model_constants import ODL_CONFIGURATION
 from wlsdeploy.aliases.model_constants import OHS
 from wlsdeploy.aliases.model_constants import OPSS_INITIALIZATION
+from wlsdeploy.aliases.model_constants import PLUGIN_DEPLOYMENT
 from wlsdeploy.aliases.model_constants import RCU_DB_INFO
 from wlsdeploy.aliases.model_constants import REMOTE_CONSOLE_HELPER
 from wlsdeploy.aliases.model_constants import RESOURCE_MANAGER
@@ -176,8 +178,9 @@ class AliasEntries(object):
     ]
 
     __app_deployments_top_level_folders = [
-        'Application',
-        'Library'
+        APPLICATION,
+        LIBRARY,
+        PLUGIN_DEPLOYMENT
     ]
 
     __domain_info_top_level_folders = [

core/src/main/python/wlsdeploy/aliases/model_constants.py

@@ -37,6 +37,8 @@
 CAPACITY = 'Capacity'
 CDI_CONTAINER = 'CdiContainer'
 CERT_PATH_PROVIDER = 'CertPathProvider'
+CERT_REVOC = 'CertRevoc'
+CERTIFICATE_MANAGEMENT = 'CertificateManagement'
 CERTIFICATE_REGISTRY = 'CertificateRegistry'
 CLASSPATH = 'ClassPath'
 CLIENT_PARAMS = 'ClientParams'
@@ -75,6 +77,7 @@
 CREDENTIAL = 'Credential'
 CREDENTIAL_ENCRYPTED = 'CredentialEncrypted'
 CREDENTIAL_MAPPER = 'CredentialMapper'
+CREDENTIAL_SET = 'CredentialSet'
 CROSS_DOMAIN = 'CrossDomain'
 CUSTOM_DBMS_AUTHENTICATOR = 'CustomDBMSAuthenticator'
 CUSTOM_RESOURCE = "CustomResource"
@@ -234,6 +237,7 @@
 PLAN_DIR = 'PlanDir'
 PLAN_PATH = 'PlanPath'
 POLICY = 'Policy'
+PLUGIN_DEPLOYMENT = 'PluginDeployment'
 PREPEND = 'prepend'
 PROPERTIES = 'Properties'
 PRODUCTION_MODE_ENABLED = 'ProductionModeEnabled'
@@ -433,6 +437,7 @@
 PASSWORD = 'Password'
 PATH_TO_SCRIPT = 'PathToScript'
 PLAN_STAGING_MODE = 'PlanStagingMode'
+PLUGIN_TYPE = 'PluginType'
 RESOURCE_CLASS = 'ResourceClass'
 SECURITY_DD_MODEL = 'SecurityDDModel'
 SET_OPTION_APP_DIR = 'AppDir'

core/src/main/python/wlsdeploy/tool/create/domain_creator.py

@@ -275,6 +275,7 @@ def __deploy(self):
         """
         self.model_context.set_domain_home(self._domain_home)
         self.__set_domain_attributes()
+        self.model_deployer.deploy_plugins()
         self.__configure_security_configuration()
         self.__deploy_resources_and_apps()
         self.wlst_helper.update_domain()

core/src/main/python/wlsdeploy/tool/create/security_provider_creator.py

@@ -4,9 +4,11 @@
 """
 
 from oracle.weblogic.deploy.exception import BundleAwareException
+from oracle.weblogic.deploy.util import PyOrderedDict as OrderedDict
 
 from wlsdeploy.aliases.location_context import LocationContext
 from wlsdeploy.aliases.model_constants import AUTHENTICATION_PROVIDER
+from wlsdeploy.aliases.model_constants import CERTIFICATE_MANAGEMENT
 from wlsdeploy.aliases.model_constants import DEFAULT_AUTHENTICATOR
 from wlsdeploy.aliases.model_constants import DEFAULT_REALM
 from wlsdeploy.aliases.model_constants import PASSWORD_DIGEST_ENABLED
@@ -221,6 +223,28 @@ def _process_child_nodes(self, location, model_nodes):
 
         Creator._process_child_nodes(self, location, model_nodes)
 
+    # Override
+    def _create_subfolders(self, location, model_nodes):
+        """
+        Create the child MBean folders at the specified location.
+        In the SecurityConfiguration folder, be sure CertificateManagement subfolder is after CredentialSet. 
+        :param location: the location
+        :param model_nodes: the model dictionary
+        :raises: CreateException: if an error occurs
+        """
+        _method_name = '_create_subfolders'
+        
+        new_model_nodes = model_nodes
+        model_type, model_name = self.aliases.get_model_type_and_name(location)
+        if model_type == SECURITY_CONFIGURATION:
+            certificate_nodes = dictionary_utils.get_dictionary_element(model_nodes, CERTIFICATE_MANAGEMENT)
+            if certificate_nodes:
+                new_model_nodes = OrderedDict(model_nodes)
+                del new_model_nodes[CERTIFICATE_MANAGEMENT]
+                new_model_nodes[CERTIFICATE_MANAGEMENT] = certificate_nodes
+
+        Creator._create_subfolders(self, location, new_model_nodes)
+    
     def _delete_existing_providers(self, location):
         """
         The security realms providers in the model are processed as merge to the model. Each realm provider