security changes for arm-oraclelinux-wls and arm-oraclelinux-wls-cluster offers along wth README changes

weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-create-wls-cluster.bicep

@@ -18,7 +18,8 @@ param ocrSSOPSW string
 param ocrSSOUser string
 param storageAccountName string = 'null'
 param utcValue string = utcNow()
-param wdtRuntimePassword string = 'welcome1'
+@secure()
+param wdtRuntimePassword string
 param wlsClusterSize int = 5
 param wlsCPU string = '200m'
 param wlsDomainName string = 'domain1'

weblogic-azure-vm/README.md

@@ -33,6 +33,13 @@ The following are the corresponding directories:
 
 - [https://github.com/oracle/weblogic-azure/weblogic-azure-vm/arm-oraclelinux-wls-dynamic-cluster](https://github.com/oracle/weblogic-azure/weblogic-azure-vm/arm-oraclelinux-wls-dynamic-cluster)
 
+## ARM Template based deployment of Weblogic Offers 
+
+For each WebLogic offer, the sample parameters.json file is located under the "src/main/arm" directory, corresponding to that offer.
+
+**Note**: Oracle recommends that the parameters.json file be deleted or secured after the WebLogic offer deployment is completed, 
+so that sensitive information such as user name and password are not inadvertently exposed.
+
 ## Documentation
 
 Please refer to the documentation [Oracle WebLogic Server Azure Applications](https://docs.oracle.com/en/middleware/standalone/weblogic-server/wlazu/get-started-oracle-weblogic-server-microsoft-azure-iaas.html#GUID-E0B24A45-F496-4509-858E-103F5EBF67A7)

weblogic-azure-vm/arm-oraclelinux-wls-cluster/addnode-coherence/src/main/arm/mainTemplate.json

@@ -55,7 +55,7 @@
             }
         },
         "elkSettings": {
-            "type": "object",
+            "type": "secureObject",
             "defaultValue": {
                 "enable": false,
                 "elasticsearchEndpoint": "null",
@@ -165,7 +165,7 @@
             }
         },
         "customSSLSettings": {
-             "type": "object",
+             "type": "secureObject",
              "defaultValue": {
                 "enable": false,
                 "customIdentityKeyStoreBase64String": "null",

weblogic-azure-vm/arm-oraclelinux-wls-cluster/addnode/src/main/arm/mainTemplate.json

@@ -17,7 +17,7 @@
          "defaultValue": ""
       },
       "aadsSettings": {
-         "type": "object",
+         "type": "secureObject",
          "defaultValue": {
             "enable": false,
             "publicIP": "null",
@@ -48,7 +48,7 @@
          }
       },
       "appGatewaySettings": {
-         "type": "object",
+         "type": "secureObject",
          "defaultValue": {
             "enable": false,
             "publicIPName": "null",
@@ -187,7 +187,7 @@
          }
       },
       "customSSLSettings": {
-         "type": "object",
+         "type": "secureObject",
          "defaultValue": {
             "enable": false,
             "customIdentityKeyStoreBase64String": "null",

weblogic-azure-vm/arm-oraclelinux-wls-cluster/addnode/src/main/scripts/addnode.sh

@@ -62,7 +62,7 @@ function validateInput()
         echo_stderr "serverIndex is required. "
     fi
 
-    export wlsServerName=${managedServerPrefix}${serverIndex}
+    wlsServerName=${managedServerPrefix}${serverIndex}
 
     if [ -z "$wlsAdminURL" ];
     then
@@ -350,7 +350,7 @@ function wait_for_admin()
 {
  #wait for admin to start
 count=1
-export CHECK_URL="http://$wlsAdminURL/weblogic/ready"
+CHECK_URL="http://$wlsAdminURL/weblogic/ready"
 status=`curl --insecure -ILs $CHECK_URL | tac | grep -m1 HTTP/1.1 | awk {'print $2'}`
 echo "Waiting for admin server to start"
 while [[ "$status" != "200" ]]
@@ -602,7 +602,7 @@ function parseLDAPCertificate()
     done
 
     openssl base64 -d -in ${SCRIPT_PWD}/security/AzureADLDAPCerBase64String.txt -out ${SCRIPT_PWD}/security/AzureADTrust.cer
-    export addsCertificate=${SCRIPT_PWD}/security/AzureADTrust.cer
+    addsCertificate=${SCRIPT_PWD}/security/AzureADTrust.cer
 }
 
 function importAADCertificate()
@@ -688,7 +688,7 @@ function parseAndSaveCustomSSLKeyStoreData()
 
     echo "$customIdentityKeyStoreBase64String" > ${KEYSTORE_PATH}/identityKeyStoreCerBase64String.txt
     cat ${KEYSTORE_PATH}/identityKeyStoreCerBase64String.txt | base64 -d > ${KEYSTORE_PATH}/identity.keystore
-    export customSSLIdentityKeyStoreFile=${KEYSTORE_PATH}/identity.keystore
+    customSSLIdentityKeyStoreFile=${KEYSTORE_PATH}/identity.keystore
 
     rm -rf ${KEYSTORE_PATH}/identityKeyStoreCerBase64String.txt
 
@@ -697,7 +697,7 @@ function parseAndSaveCustomSSLKeyStoreData()
 
     echo "$customTrustKeyStoreBase64String" > ${KEYSTORE_PATH}/trustKeyStoreCerBase64String.txt
     cat ${KEYSTORE_PATH}/trustKeyStoreCerBase64String.txt | base64 -d > ${KEYSTORE_PATH}/trust.keystore
-    export customSSLTrustKeyStoreFile=${KEYSTORE_PATH}/trust.keystore
+    customSSLTrustKeyStoreFile=${KEYSTORE_PATH}/trust.keystore
 
     rm -rf ${KEYSTORE_PATH}/trustKeyStoreCerBase64String.txt
 
@@ -707,7 +707,7 @@ function parseAndSaveCustomSSLKeyStoreData()
 
 #main script starts here
 
-export SCRIPT_PWD=`pwd`
+SCRIPT_PWD=`pwd`
 
 # store arguments in a special array 
 args=("$@") 
@@ -716,72 +716,72 @@ ELEMENTS=${#args[@]}
 
 # echo each element in array  
 # for loop 
-for (( i=0;i<$ELEMENTS;i++)); do 
-    echo "ARG[${args[${i}]}]"
-done
+#for (( i=0;i<$ELEMENTS;i++)); do 
+#    echo "ARG[${args[${i}]}]"
+#done
 
 if [ $# -lt 23 ]
 then
     usage
     exit 1
 fi
 
-export wlsDomainName=$1
-export wlsUserName=$2
-export wlsPassword=$3
-export managedServerPrefix=$4
-export serverIndex=$5
-export wlsAdminURL=$6
-export oracleHome=$7
-export wlsDomainPath=$8
-export storageAccountName=$9
-export storageAccountKey=${10}
-export mountpointPath=${11}
-export wlsADSSLCer="${12}"
-export wlsLDAPPublicIP="${13}"
-export adServerHost="${14}"
-export appGWHostName=${15}
-export enableELK=${16}
-export elasticURI=${17}
-export elasticUserName=${18}
-export elasticPassword=${19}
-export logsToIntegrate=${20}
-export logIndex=${21}
-export enableCoherence=${22}
-
-export isCustomSSLEnabled="${23}"
+wlsDomainName=$1
+wlsUserName=$2
+wlsPassword=$3
+managedServerPrefix=$4
+serverIndex=$5
+wlsAdminURL=$6
+oracleHome=$7
+wlsDomainPath=$8
+storageAccountName=$9
+storageAccountKey=${10}
+mountpointPath=${11}
+wlsADSSLCer="${12}"
+wlsLDAPPublicIP="${13}"
+adServerHost="${14}"
+appGWHostName=${15}
+enableELK=${16}
+elasticURI=${17}
+elasticUserName=${18}
+elasticPassword=${19}
+logsToIntegrate=${20}
+logIndex=${21}
+enableCoherence=${22}
+
+isCustomSSLEnabled="${23}"
 isCustomSSLEnabled="${isCustomSSLEnabled,,}"
 
 if [ "${isCustomSSLEnabled,,}" == "true" ];
 then
-    export customIdentityKeyStoreBase64String="${24}"
-    export customIdentityKeyStorePassPhrase="${25}"
-    export customIdentityKeyStoreType="${26}"
-    export customTrustKeyStoreBase64String="${27}"
-    export customTrustKeyStorePassPhrase="${28}"
-    export customTrustKeyStoreType="${29}"
-    export privateKeyAlias="${30}"
-    export privateKeyPassPhrase="${31}"
+    customIdentityKeyStoreBase64String="${24}"
+    customIdentityKeyStorePassPhrase="${25}"
+    customIdentityKeyStoreType="${26}"
+    customTrustKeyStoreBase64String="${27}"
+    customTrustKeyStorePassPhrase="${28}"
+    customTrustKeyStoreType="${29}"
+    privateKeyAlias="${30}"
+    privateKeyPassPhrase="${31}"
 fi
 
-export coherenceListenPort=7574
-export coherenceLocalport=42000
-export coherenceLocalportAdjust=42200
-export enableAAD="false"
-export wlsAdminPort=7001
-export wlsAdminChannelPort=7005
-export wlsManagedPort=8001
-export wlsClusterName="cluster1"
-export nmHost=`hostname`
-export nmPort=5556
-export channelPort=8501
-export AppGWHttpPort=80
-export AppGWHttpsPort=443
-export WEBLOGIC_DEPLOY_TOOL=https://github.com/oracle/weblogic-deploy-tooling/releases/download/weblogic-deploy-tooling-1.8.1/weblogic-deploy.zip
-export username="oracle"
-export groupname="oracle"
-
-export KEYSTORE_PATH="$wlsDomainPath/$wlsDomainName/keystores"
+coherenceListenPort=7574
+coherenceLocalport=42000
+coherenceLocalportAdjust=42200
+enableAAD="false"
+wlsAdminPort=7001
+wlsAdminChannelPort=7005
+wlsManagedPort=8001
+wlsClusterName="cluster1"
+nmHost=`hostname`
+nmPort=5556
+channelPort=8501
+AppGWHttpPort=80
+AppGWHttpsPort=443
+WEBLOGIC_DEPLOY_TOOL=https://github.com/oracle/weblogic-deploy-tooling/releases/download/weblogic-deploy-tooling-1.8.1/weblogic-deploy.zip
+username="oracle"
+groupname="oracle"
+
+KEYSTORE_PATH="$wlsDomainPath/$wlsDomainName/keystores"
 
 chmod ugo+x ${SCRIPT_PWD}/elkIntegration.sh
 

weblogic-azure-vm/arm-oraclelinux-wls-cluster/arm-oraclelinux-wls-cluster/src/main/arm/mainTemplate.json

@@ -77,7 +77,7 @@
         },
         "appGatewaySSLCertData": {
             "defaultValue": "",
-            "type": "string",
+            "type": "securestring",
             "metadata": {
                 "description": "The one-line, base64 string of the SSL certificate data."
             }

weblogic-azure-vm/arm-oraclelinux-wls-cluster/arm-oraclelinux-wls-cluster/src/main/arm/nestedtemplates/_keyvaultAdapterTemplate.json

@@ -16,13 +16,13 @@
             }
         },
         "certificateDataValue": {
-            "type": "string",
+            "type": "securestring",
             "metadata": {
                 "description": "Certificate data to store in the secret"
             }
         },
         "certificatePasswordValue": {
-            "type": "string",
+            "type": "securestring",
             "metadata": {
                 "description": "Certificate password to store in the secret"
             }

weblogic-azure-vm/arm-oraclelinux-wls-cluster/arm-oraclelinux-wls-cluster/src/main/arm/nestedtemplates/_keyvaultSSLConfigTemplate.json

@@ -9,19 +9,19 @@
             }
         },
         "uploadedCustomIdentityKeyStorePassphrase": {
-            "type": "string",
+            "type": "securestring",
             "metadata": {
                 "description": "Custom Identity KeyStore Passphrase"
             }
         },
         "uploadedCustomTrustKeyStoreData": {
-            "type": "string",
+            "type": "securestring",
             "metadata": {
                 "description": "Custom Trust KeyStore Data"
             }
         },
         "uploadedCustomTrustKeyStorePassPhrase": {
-            "type": "string",
+            "type": "securestring",
             "metadata": {
                 "description": "Custom Trust KeyStore PassPhrase"
             }
@@ -33,7 +33,7 @@
             }
         },
         "uploadedPrivateKeyPassPhrase": {
-            "type": "string",
+            "type": "securestring",
             "metadata": {
                 "description": "Password of the private key"
             }

weblogic-azure-vm/arm-oraclelinux-wls-cluster/arm-oraclelinux-wls-cluster/src/main/arm/nestedtemplates/aadNestedTemplate.json

@@ -106,7 +106,7 @@
         },
         "wlsLDAPSSLCertificate": {
             "defaultValue": "",
-            "type": "string",
+            "type": "securestring",
             "metadata": {
                 "description": "Client certificate that will be imported to trust store of SSL."
             }
@@ -139,8 +139,8 @@
            }
         },
         "keyVaultCustomTrustKeyStorePassPhrase": {
-           "type": "string",
-           "defaultValue": "null",
+           "type": "securestring",
+           "defaultValue": "",
            "metadata": {
               "description": "Weblogic Custom Trust Store Passphrase"
            }

weblogic-azure-vm/arm-oraclelinux-wls-cluster/arm-oraclelinux-wls-cluster/src/main/arm/nestedtemplates/appGatewayNestedTemplate.json

@@ -30,10 +30,10 @@
 			}
 		},
 		"appGatewaySSLCertificateData": {
-			"type": "string"
+			"type": "securestring"
 		},
 		"appGatewaySSLCertificatePassword": {
-			"type": "string"
+			"type": "securestring"
 		},
 		"customDomainName": {
 			"defaultValue": "application.contoso.xyz",