Changes related to default outbound access for admin offer #358
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Thank you for your pull request and welcome to our community! To contribute, please sign the Oracle Contributor Agreement (OCA).
To sign the OCA, please create an Oracle account and sign the OCA in Oracle's Contributor Agreement Application. When signing the OCA, please provide your GitHub username. After signing the OCA and getting an OCA approval from Oracle, this PR will be automatically updated. If you are an Oracle employee, please make sure that you are a member of the main Oracle GitHub organization, and your membership in this organization is public. |
oracle-contributor-agreement
bot
added
the
OCA Required
|
Hello @sanjaymantoor , When I ran the automated tests locally, I observed the following errors in the admin offer: These errors seem important. Can you please investigate? Thanks, Ed |
majguo
reviewed
Sep 20, 2025
| { | ||
| "type": "Microsoft.Resources/deployments", | ||
| "apiVersion": "${azure.apiVersionForDeployment}", | ||
| "name": "[variables('name_postDeploymentScriptRoleAssignment')]", |
There was a problem hiding this comment.
You're trying to make a subscription scope deployment for role assignment, but are you missing specifying the scope property for the deployment? E.g., something like "scope": "[concat('/subscriptions/', subscription().subscriptionId)]". You can use az deployment sub list or az deployment sub show --name to verify deployments at subscription scope.
There was a problem hiding this comment.
Update: it looks like property scope is not supported but "subscriptionId": "[subscription().subscriptionId]" does make the subscription scope deployment work. I found it from the ARM template that is trans-compiled from the Bicep of WebSphere single server offer, see the attachment for reference twas-singleserver-mainTemplate.json.
majguo
reviewed
Sep 20, 2025
| "type": "Microsoft.Network/publicIPAddresses", | ||
| "tags": "[if(empty(parameters('tagsByResource')['${identifier.publicIPAddresses}']),createObject(parameters('const_guidTag'),''),union(parameters('tagsByResource')['${identifier.publicIPAddresses}'],createObject(parameters('const_guidTag'),'')))]", | ||
| "condition": "[equals(parameters('virtualNetworkNewOrExisting'), 'existing')]", | ||
| "name": "[variables('name_publicIPAddress')]", |
There was a problem hiding this comment.
You use the same name for ip address for both new and existing vNet:
New
"condition": "[equals(parameters('virtualNetworkNewOrExisting'), 'new')]",
"name": "[variables('name_publicIPAddress')]",
Existing
"condition": "[equals(parameters('virtualNetworkNewOrExisting'), 'existing')]",
"name": "[variables('name_publicIPAddress')]",
Pls merge them into one resource with different values for properties impacted by value parameters('virtualNetworkNewOrExisting').
|
As a general requirement, no matter the existing vNET is in the same or different resource group of the same subscription, if the public IP address is just temporarily created for mitigating the retirement of default outbound access during the deployment, it should be removed at the end of the deployment. |
modified: weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/scripts/datasourceConfig-mysql.sh modified: weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/scripts/datasourceConfig-oracle.sh modified: weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/scripts/datasourceConfig-postgresql.sh modified: weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/scripts/datasourceConfig-sqlserver.sh Partner center seems to be incorrectly flagging a security violation on these lines: ```diff diff --git a/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/scripts/datasourceConfig-mysql.sh b/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/scripts/datasourceConfig-mysql.sh index 7c5369c..9a1c237 100644 --- a/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/scripts/datasourceConfig-mysql.sh +++ b/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/scripts/datasourceConfig-mysql.sh @@ -3,7 +3,7 @@ # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # #read arguments from stdin -read oracleHome wlsAdminHost wlsAdminPort wlsUserName wlsPassword jdbcDataSourceName dsConnectionURL dsUser dsPassword dbGlobalTranPro enablePswlessConnection wlsClusterName +read oracleHome wlsAdminHost wlsAdminPort wlsUserName wlsShibboleth jdbcDataSourceName dsConnectionURL dsUser dsPassword dbGlobalTranPro enablePswlessConnection wlsClusterName if [ -z "$wlsClusterName" ]; then wlsClusterName="cluster1" @@ -27,7 +27,7 @@ function usage() function validateInput() { # parse base64 string - wlsPassword=$(echo "${wlsPassword}" | base64 -d) + wlsShibboleth=$(echo "${wlsShibboleth}" | base64 -d) jdbcDataSourceName=$(echo "${jdbcDataSourceName}" | base64 -d) dsConnectionURL=$(echo "${dsConnectionURL}" | base64 -d) dsPassword=$(echo "${dsPassword}" | base64 -d) @@ -56,7 +56,7 @@ function validateInput() exit 1 fi - if [ -z "$wlsPassword" ]; + if [ -z "$wlsShibboleth" ]; then echo _stderr "Please provide Weblogic password" exit 1 @@ -119,7 +119,7 @@ function createJDBCSource_model() echo "Creating JDBC data source with name $jdbcDataSourceName" cat <<EOF >${scriptPath}/create_datasource.py -connect('$wlsUserName','$wlsPassword','t3://$wlsAdminURL') +connect('$wlsUserName','$wlsShibboleth','t3://$wlsAdminURL') edit("$hostName") startEdit() cd('/') diff --git a/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/scripts/datasourceConfig-oracle.sh b/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/scripts/datasourceConfig-oracle.sh index 4549073..6e42ae9 100644 --- a/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/scripts/datasourceConfig-oracle.sh +++ b/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/scripts/datasourceConfig-oracle.sh @@ -20,7 +20,7 @@ function usage() function validateInput() { # parse base64 string - wlsPassword=$(echo "${wlsPassword}" | base64 -d) + wlsShibboleth=$(echo "${wlsShibboleth}" | base64 -d) jdbcDataSourceName=$(echo "${jdbcDataSourceName}" | base64 -d) dsConnectionURL=$(echo "${dsConnectionURL}" | base64 -d) dsPassword=$(echo "${dsPassword}" | base64 -d) @@ -49,7 +49,7 @@ function validateInput() exit 1 fi - if [ -z "$wlsPassword" ]; + if [ -z "$wlsShibboleth" ]; then echo _stderr "Please provide Weblogic password" exit 1 @@ -107,7 +107,7 @@ function createJDBCSource_model() { echo "Creating JDBC data source with name $jdbcDataSourceName" cat <<EOF >${scriptPath}/create_datasource.py -connect('$wlsUserName','$wlsPassword','t3://$wlsAdminURL') +connect('$wlsUserName','$wlsShibboleth','t3://$wlsAdminURL') edit("$hostName") startEdit() cd('/') @@ -159,7 +159,7 @@ function createTempFolder() #main #read arguments from stdin -read oracleHome wlsAdminHost wlsAdminPort wlsUserName wlsPassword jdbcDataSourceName dsConnectionURL dsUser dsPassword dbGlobalTranPro enablePswlessConnection wlsClusterName +read oracleHome wlsAdminHost wlsAdminPort wlsUserName wlsShibboleth jdbcDataSourceName dsConnectionURL dsUser dsPassword dbGlobalTranPro enablePswlessConnection wlsClusterName wlsAdminURL=$wlsAdminHost:$wlsAdminPort hostName=`hostname` diff --git a/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/scripts/datasourceConfig-postgresql.sh b/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/scripts/datasourceConfig-postgresql.sh index 7c387d5..03140c6 100644 --- a/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/scripts/datasourceConfig-postgresql.sh +++ b/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/scripts/datasourceConfig-postgresql.sh @@ -20,7 +20,7 @@ function usage() function validateInput() { # parse base64 string - wlsPassword=$(echo "${wlsPassword}" | base64 -d) + wlsShibboleth=$(echo "${wlsShibboleth}" | base64 -d) jdbcDataSourceName=$(echo "${jdbcDataSourceName}" | base64 -d) dsConnectionURL=$(echo "${dsConnectionURL}" | base64 -d) dsPassword=$(echo "${dsPassword}" | base64 -d) @@ -49,7 +49,7 @@ function validateInput() exit 1 fi - if [ -z "$wlsPassword" ]; + if [ -z "$wlsShibboleth" ]; then echo _stderr "Please provide Weblogic password" exit 1 @@ -113,7 +113,7 @@ function createJDBCSource_model() { echo "Creating JDBC data source with name $jdbcDataSourceName" cat <<EOF >${scriptPath}/create_datasource.py -connect('$wlsUserName','$wlsPassword','t3://$wlsAdminURL') +connect('$wlsUserName','$wlsShibboleth','t3://$wlsAdminURL') edit("$hostName") startEdit() cd('/') @@ -170,7 +170,7 @@ ELEMENTS=${#args[@]} #main #read arguments from stdin -read oracleHome wlsAdminHost wlsAdminPort wlsUserName wlsPassword jdbcDataSourceName dsConnectionURL dsUser dsPassword dbGlobalTranPro enablePswlessConnection wlsClusterName +read oracleHome wlsAdminHost wlsAdminPort wlsUserName wlsShibboleth jdbcDataSourceName dsConnectionURL dsUser dsPassword dbGlobalTranPro enablePswlessConnection wlsClusterName wlsAdminURL=$wlsAdminHost:$wlsAdminPort hostName=`hostname` diff --git a/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/scripts/datasourceConfig-sqlserver.sh b/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/scripts/datasourceConfig-sqlserver.sh index 0a606f1..c754bf4 100644 --- a/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/scripts/datasourceConfig-sqlserver.sh +++ b/weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/scripts/datasourceConfig-sqlserver.sh @@ -20,7 +20,7 @@ function usage() function validateInput() { # parse base64 string - wlsPassword=$(echo "${wlsPassword}" | base64 -d) + wlsShibboleth=$(echo "${wlsShibboleth}" | base64 -d) jdbcDataSourceName=$(echo "${jdbcDataSourceName}" | base64 -d) dsConnectionURL=$(echo "${dsConnectionURL}" | base64 -d) dsPassword=$(echo "${dsPassword}" | base64 -d) @@ -49,7 +49,7 @@ function validateInput() exit 1 fi - if [ -z "$wlsPassword" ]; + if [ -z "$wlsShibboleth" ]; then echo _stderr "Please provide Weblogic password" exit 1 @@ -108,7 +108,7 @@ function createJDBCSource_model() { echo "Creating JDBC data source with name $jdbcDataSourceName" cat <<EOF >${scriptPath}/create_datasource.py -connect('$wlsUserName','$wlsPassword','t3://$wlsAdminURL') +connect('$wlsUserName','$wlsShibboleth','t3://$wlsAdminURL') edit("$hostName") startEdit() cd('/') @@ -160,7 +160,7 @@ function createTempFolder() #main #read arguments from stdin -read oracleHome wlsAdminHost wlsAdminPort wlsUserName wlsPassword jdbcDataSourceName dsConnectionURL dsUser dsPassword dbGlobalTranPro enablePswlessConnection wlsClusterName +read oracleHome wlsAdminHost wlsAdminPort wlsUserName wlsShibboleth jdbcDataSourceName dsConnectionURL dsUser dsPassword dbGlobalTranPro enablePswlessConnection wlsClusterName wlsAdminURL=$wlsAdminHost:$wlsAdminPort hostName=`hostname` ``` Clearly there is no password there. Let's see if it is simply keying off the word "password". Signed-off-by: Ed Burns <edburns@microsoft.com>
…d-admin-vm On branch edburns/o-717-default-outbound-admin-vm
|
We have created a new pull request #359 as we had OCA guidelines issue in this PR. So, closing this PR. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes related to default outbound access for admin offer