cleaning up the security provider validation and provisioning code to not try to create a provider that is version invalid

Author: robertpatrick

core/src/main/python/wlsdeploy/tool/create/security_provider_creator.py

@@ -1,5 +1,5 @@
 """
-Copyright (c) 2017, 2023, Oracle and/or its affiliates.
+Copyright (c) 2017, 2024, Oracle and/or its affiliates.
 Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 """
 
@@ -8,6 +8,7 @@
 from wlsdeploy.aliases.location_context import LocationContext
 from wlsdeploy.aliases.model_constants import REALM
 from wlsdeploy.aliases.model_constants import SECURITY_CONFIGURATION
+from wlsdeploy.aliases.validation_codes import ValidationCodes
 from wlsdeploy.exception import exception_helper
 from wlsdeploy.tool.create.creator import Creator
 from wlsdeploy.tool.deploy import deployer_utils
@@ -139,6 +140,13 @@ def _create_named_subtype_mbeans(self, type_name, model_nodes, base_location, lo
 
             model_type_subfolder_name = list(model_node.keys())[0]
             child_nodes = dictionary_utils.get_dictionary_element(model_node, model_type_subfolder_name)
+            folder_validation_code, folder_validation_message = \
+                self.aliases.is_valid_model_folder_name(location, model_type_subfolder_name)
+            if folder_validation_code == ValidationCodes.CONTEXT_INVALID:
+                ex = exception_helper.create_exception(self._exception_type, 'WLSDPLY-12144', type_name,
+                                                       model_type_subfolder_name, folder_validation_message)
+                self.logger.throwing(ex, class_name=self.__class_name, method_name=_method_name)
+                raise ex
 
             # custom providers require special processing, they are not described in alias framework
             if allow_custom and (model_type_subfolder_name not in known_providers):

core/src/main/python/wlsdeploy/tool/validate/validator.py

@@ -548,6 +548,8 @@ def __validate_section_folder(self, model_node, validation_location):
 
     def __process_model_node(self, model_node, validation_location):
         _method_name = '__process_model_node'
+        self._logger.entering(str_helper.to_string(validation_location),
+                              class_name=_class_name, method_name=_method_name)
 
         model_folder_path = self._aliases.get_model_folder_path(validation_location)
 
@@ -574,7 +576,12 @@ def __process_model_node(self, model_node, validation_location):
             self._logger.finer('key={0}', key,
                                class_name=_class_name, method_name=_method_name)
 
-            if key in valid_folder_keys:
+            folder_validation_code, folder_validation_message = \
+                self._aliases.is_valid_model_folder_name(validation_location, key)
+            attribute_validation_code, attribute_validation_message = \
+                self._aliases.is_valid_model_attribute_name(validation_location, key)
+
+            if folder_validation_code == ValidationCodes.VALID:
                 new_location = LocationContext(validation_location).append_location(key)
                 self._logger.finer('new_location={0}', new_location,
                                    class_name=_class_name, method_name=_method_name)
@@ -588,8 +595,7 @@ def __process_model_node(self, model_node, validation_location):
                     self.__validate_attributes(value, valid_attr_infos, new_location)
                 else:
                     self.__validate_section_folder(value, new_location)
-
-            elif key in valid_attr_infos:
+            elif attribute_validation_code == ValidationCodes.VALID:
                 # aliases.get_model_attribute_names_and_types(location) filters out
                 # attributes that ARE NOT valid in the wlst_version being used, so if
                 # we're in this section of code we know key is a bonafide "valid" attribute
@@ -605,7 +611,10 @@ def __process_model_node(self, model_node, validation_location):
 
                     self.__validate_attribute(key, value, valid_attr_infos, path_tokens_attr_keys, model_folder_path,
                                               validation_location)
-
+            elif folder_validation_code == ValidationCodes.CONTEXT_INVALID:
+                self._log_context_invalid(folder_validation_message, _method_name)
+            elif attribute_validation_code == ValidationCodes.CONTEXT_INVALID:
+                self._log_context_invalid(attribute_validation_message, _method_name)
             elif self._aliases.is_custom_folder_allowed(validation_location):
                 # custom folders are not validated, just log this and continue
                 self._logger.info('WLSDPLY-05037', model_folder_path,
@@ -623,10 +632,7 @@ def __process_model_node(self, model_node, validation_location):
                     # method pulls those out, in the self.__validate_section_folder().
 
                     # See if it's a version invalid folder
-                    result, message = self._aliases.is_valid_model_folder_name(validation_location, key)
-                    if result == ValidationCodes.CONTEXT_INVALID:
-                        self._log_context_invalid(message, _method_name)
-                    elif result == ValidationCodes.INVALID:
+                    if folder_validation_code == ValidationCodes.INVALID:
                         # key is an INVALID folder
                         self._logger.severe('WLSDPLY-05026', key, 'folder', model_folder_path,
                                             '%s' % ', '.join(valid_folder_keys), class_name=_class_name,
@@ -637,10 +643,7 @@ def __process_model_node(self, model_node, validation_location):
                     # method pulls those out, in the self.__validate_section_folder().
 
                     # See if it's a version invalid attribute
-                    result, message = self._aliases.is_valid_model_attribute_name(validation_location, key)
-                    if result == ValidationCodes.CONTEXT_INVALID:
-                        self._log_context_invalid(message, _method_name)
-                    elif result == ValidationCodes.INVALID:
+                    if attribute_validation_code == ValidationCodes.INVALID:
                         # key is an INVALID attribute
                         self._logger.severe('WLSDPLY-05029', key, model_folder_path,
                                             '%s' % ', '.join(valid_attr_infos), class_name=_class_name,

core/src/main/resources/oracle/weblogic/deploy/messages/wlsdeploy_rb.properties

@@ -1580,6 +1580,7 @@ WLSDPLY-12140=Security configuration adjudicator has {0} subtypes
 WLSDPLY-12141=Security configuration adjudicator subtype is {0}
 WLSDPLY-12142=Security configuration adjudicator has {0} attributes
 WLSDPLY-12143=Setting subfolders, then attributes for model location path {0} from WLST path {1}
+WLSDPLY-12144=Unable to create {0} security provider type {1}: {2}
 
 # domain_creator.py
 WLSDPLY-12200={0} did not find the required {1} section in the model file {2}

documentation/4.0/content/release-notes/_index.md

@@ -54,7 +54,9 @@ pre = "<b> </b>"
 - #1579 - Fixed an issue that limited the number of secret keys that could be referenced by the model. 
 - #1584 - Fixed an issue where online updates that required restarts were using a 12.2.1+ API even with older versions.
 - #1603 - Fixed a bug related to online WLST error message formatting.
-
+- #1608 - Fixed a bug in creating Security groups that are members of another group.
+- #1610 - Fixed a bug where the Create Domain and Update Domain Tools were trying to create a security provider that
+          is not valid in the current WebLogic Server version.
 #### Known Issues
 None