From f455f0f42ad72e9774dd62a6efed612c6c113f56 Mon Sep 17 00:00:00 2001
From: Sanjay Mantoor <sanjay.mantoor@oracle.com>
Date: Thu, 29 Jul 2021 07:21:11 +0000
Subject: [PATCH 1/2] Updated scripts as per security review

---
 .../main/arm/scripts/buildWLSDockerImage.sh   | 28 +++++++------
 .../main/arm/scripts/invokeSetupWLSDomain.sh  | 39 +++++++++++++++++++
 .../src/main/arm/scripts/setupWLSDomain.sh    | 33 +++++++++-------
 .../_ds-create-wls-cluster.bicep              |  7 ++--
 4 files changed, 78 insertions(+), 29 deletions(-)
 create mode 100644 weblogic-azure-aks/src/main/arm/scripts/invokeSetupWLSDomain.sh

diff --git a/weblogic-azure-aks/src/main/arm/scripts/buildWLSDockerImage.sh b/weblogic-azure-aks/src/main/arm/scripts/buildWLSDockerImage.sh
index f713cbf59..c64080682 100644
--- a/weblogic-azure-aks/src/main/arm/scripts/buildWLSDockerImage.sh
+++ b/weblogic-azure-aks/src/main/arm/scripts/buildWLSDockerImage.sh
@@ -1,4 +1,4 @@
-# Copyright (c) 2021, Oracle Corporation and/or its affiliates.
+# Copyright (c) 2019, 2020, Oracle Corporation and/or its affiliates.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 
 #Function to output message to StdErr
@@ -6,9 +6,13 @@ function echo_stderr() {
     echo "$@" >&2
 }
 
+# PENDING(edburns): load <azureACRPassword> and <ocrSSOPSW> from filesystem, from a file that is guaranteed to be secured as required
+function load_parameters_from_file() {
+}
+
 #Function to display usage message
 function usage() {
-    echo_stdout "./buildWLSDockerImage.sh <wlsImagePath> <azureACRServer> <azureACRUserName> <azureACRPassword> <imageTag> <appPackageUrls> <ocrSSOUser> <ocrSSOPSW> <wlsClusterSize>"
+    echo_stdout "./buildWLSDockerImage.sh <wlsImagePath> <azureACRServer> <azureACRUserName> <imageTag> <appPackageUrls> <ocrSSOUser> <wlsClusterSize>"
     if [ $1 -eq 1 ]; then
         exit 1
     fi
@@ -34,13 +38,13 @@ function validate_inputs() {
         usage 1
     fi
 
-    if [ -z "$azureACRUserName" ]; then
-        echo_stderr "azureACRUserName is required. "
+    if [ -z "$azureACRPassword" ]; then
+        echo_stderr "azureACRPassword is required. "
         usage 1
     fi
 
-    if [ -z "$azureACRPassword" ]; then
-        echo_stderr "azureACRPassword is required. "
+    if [ -z "$azureACRUserName" ]; then
+        echo_stderr "azureACRUserName is required. "
         usage 1
     fi
 
@@ -229,18 +233,18 @@ export scriptDir="$(cd "$(dirname "${script}")" && pwd)"
 export wlsImagePath=$1
 export azureACRServer=$2
 export azureACRUserName=$3
-export azureACRPassword=$4
-export imageTag=$5
-export appPackageUrls=$6
-export ocrSSOUser=$7
-export ocrSSOPSW=$8
-export wlsClusterSize=$9
+export imageTag=$4
+export appPackageUrls=$5
+export ocrSSOUser=$6
+export wlsClusterSize=$7
 
 export acrImagePath="$azureACRServer/aks-wls-images:${imageTag}"
 export ocrLoginServer="container-registry.oracle.com"
 export wdtDownloadURL="https://github.com/oracle/weblogic-deploy-tooling/releases/download/release-1.9.7/weblogic-deploy.zip"
 export witDownloadURL="https://github.com/oracle/weblogic-image-tool/releases/download/release-1.9.11/imagetool.zip"
 
+load_parameters_from_file
+
 validate_inputs
 
 initialize
diff --git a/weblogic-azure-aks/src/main/arm/scripts/invokeSetupWLSDomain.sh b/weblogic-azure-aks/src/main/arm/scripts/invokeSetupWLSDomain.sh
new file mode 100644
index 000000000..809fe66e4
--- /dev/null
+++ b/weblogic-azure-aks/src/main/arm/scripts/invokeSetupWLSDomain.sh
@@ -0,0 +1,39 @@
+# Copyright (c) 2019, 2020, Oracle Corporation and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+echo "Script starts"
+
+#Function to output message to stdout
+function echo_stderr() {
+    echo "$@" >&2
+    echo "$@" >>stdout
+}
+
+function echo_stdout() {
+    echo "$@" >&2
+    echo "$@" >>stdout
+}
+
+# PENDING(edburns): write some of the parameters to file.  Others are passed directly to the script.
+function write_parameters_to_file() {
+}
+
+
+#Function to display usage message
+function usage() {
+    echo_stdout "./invokeSetupWLSDomain.sh ..."
+    if [ $1 -eq 1 ]; then
+        exit 1
+    fi
+}
+
+#Function to validate input
+function validate_input() {
+
+}
+
+validate_input
+
+# invoke the setupWLSDomain passing the parameters and the file
+
+exit $exitCode
diff --git a/weblogic-azure-aks/src/main/arm/scripts/setupWLSDomain.sh b/weblogic-azure-aks/src/main/arm/scripts/setupWLSDomain.sh
index 4c15e5aaf..e2c3205d7 100644
--- a/weblogic-azure-aks/src/main/arm/scripts/setupWLSDomain.sh
+++ b/weblogic-azure-aks/src/main/arm/scripts/setupWLSDomain.sh
@@ -1,4 +1,4 @@
-# Copyright (c) 2021, Oracle Corporation and/or its affiliates.
+# Copyright (c) 2019, 2020, Oracle Corporation and/or its affiliates.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 
 echo "Script starts"
@@ -14,9 +14,14 @@ function echo_stdout() {
     echo "$@" >>stdout
 }
 
+# PENDING(edburns): load <wlsPassword> <wdtRuntimePassword> from filesystem, from a file that is guaranteed to be secured as required
+function load_parameters_from_file() {
+}
+
+
 #Function to display usage message
 function usage() {
-    echo_stdout "./setupWLSDomain.sh <ocrSSOUser> <ocrSSOPSW> <aksClusterRGName> <aksClusterName> <wlsImageTag> <acrName> <wlsDomainName> <wlsDomainUID> <wlsUserName> <wlsPassword> <wdtRuntimePassword> <wlsCPU> <wlsMemory> <managedServerPrefix> <appReplicas> <appPackageUrls> <currentResourceGroup> <scriptURL> <storageAccountName> <wlsClusterSize>"
+    echo_stdout "./setupWLSDomain.sh <ocrSSOUser> <ocrSSOPSW> <aksClusterRGName> <aksClusterName> <wlsImageTag> <acrName> <wlsDomainName> <wlsDomainUID> <wlsUserName> <wlsCPU> <wlsMemory> <managedServerPrefix> <appReplicas> <appPackageUrls> <currentResourceGroup> <scriptURL> <storageAccountName> <wlsClusterSize>"
     if [ $1 -eq 1 ]; then
         exit 1
     fi
@@ -245,7 +250,7 @@ function build_docker_image() {
     --publisher Microsoft.Azure.Extensions \
     --version 2.0 \
     --settings "{ \"fileUris\": [\"${scriptURL}model.yaml\",\"${scriptURL}model.properties\",\"${scriptURL}buildWLSDockerImage.sh\"]}" \
-    --protected-settings "{\"commandToExecute\":\"bash buildWLSDockerImage.sh ${wlsImagePath} ${azureACRServer} ${azureACRUserName} ${azureACRPassword} ${newImageTag} \\\"${appPackageUrls}\\\" ${ocrSSOUser} ${ocrSSOPSW} ${wlsClusterSize}\"}"
+    --protected-settings "{\"commandToExecute\":\"bash buildWLSDockerImage.sh ${wlsImagePath} ${azureACRServer} ${azureACRUserName} ${newImageTag} \\\"${appPackageUrls}\\\" ${ocrSSOUser} ${wlsClusterSize}\"}"
 
     # If error fires, keep vm resource and exit.
     validate_status "Check status of buiding WLS domain image."
@@ -450,17 +455,15 @@ export acrName=$6
 export wlsDomainName=$7
 export wlsDomainUID=$8
 export wlsUserName=$9
-export wlsPassword=${10}
-export wdtRuntimePassword=${11}
-export wlsCPU=${12}
-export wlsMemory=${13}
-export managedServerPrefix=${14}
-export appReplicas=${15}
-export appPackageUrls=${16}
-export currentResourceGroup=${17}
-export scriptURL=${18}
-export storageAccountName=${19}
-export wlsClusterSize=${20}
+export wlsCPU=${10}
+export wlsMemory=${11}
+export managedServerPrefix=${12}
+export appReplicas=${13}
+export appPackageUrls=${14}
+export currentResourceGroup=${15}
+export scriptURL=${16}
+export storageAccountName=${17}
+export wlsClusterSize=${18}
 
 export adminServerName="admin-server"
 export exitCode=0
@@ -475,6 +478,8 @@ export wlsOptNameSpace="weblogic-operator-ns"
 export wlsOptRelease="weblogic-operator"
 export wlsOptSA="weblogic-operator-sa"
 
+load_parameters_from_file
+
 validate_input
 
 install_utilities
diff --git a/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-create-wls-cluster.bicep b/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-create-wls-cluster.bicep
index 4609aff49..1121e13e7 100644
--- a/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-create-wls-cluster.bicep
+++ b/weblogic-azure-aks/src/main/bicep/modules/_deployment-scripts/_ds-create-wls-cluster.bicep
@@ -18,8 +18,7 @@ param ocrSSOPSW string
 param ocrSSOUser string
 param storageAccountName string = 'null'
 param utcValue string = utcNow()
-@secure()
-param wdtRuntimePassword string
+param wdtRuntimePassword string = 'welcome1'
 param wlsClusterSize int = 5
 param wlsCPU string = '200m'
 param wlsDomainName string = 'domain1'
@@ -35,6 +34,7 @@ var const_domainTemplate = 'domain.yaml.template'
 var const_pvTempalte = 'pv.yaml.template'
 var const_pvcTempalte = 'pvc.yaml.template'
 var const_scriptLocation = uri(_artifactsLocation, 'scripts/')
+var const_invokeSetUpDomainScript = 'invokeSetupWLSDomain.sh'
 var const_setUpDomainScript = 'setupWLSDomain.sh'
 
 resource deploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
@@ -45,8 +45,9 @@ resource deploymentScript 'Microsoft.Resources/deploymentScripts@2020-10-01' = {
   properties: {
     azCliVersion: '2.15.0'
     arguments: const_arguments
-    primaryScriptUri: uri(const_scriptLocation, '${const_setUpDomainScript}${_artifactsLocationSasToken}')
+    primaryScriptUri: uri(const_scriptLocation, '${const_invokeSetUpDomainScript}${_artifactsLocationSasToken}')
     supportingScriptUris: [
+      uri(const_scriptLocation, '${const_setUpDomainScript}${_artifactsLocationSasToken}')
       uri(const_scriptLocation, '${const_domainTemplate}${_artifactsLocationSasToken}')
       uri(const_scriptLocation, '${const_pvTempalte}${_artifactsLocationSasToken}')
       uri(const_scriptLocation, '${const_pvcTempalte}${_artifactsLocationSasToken}')

From dc62311bad8b5e761dc3adca6cc75cadc581f69c Mon Sep 17 00:00:00 2001
From: Sanjay Mantoor <sanjay.mantoor@oracle.com>
Date: Thu, 29 Jul 2021 17:06:58 +0000
Subject: [PATCH 2/2] Updated Copyright details

---
 weblogic-azure-aks/src/main/arm/scripts/buildWLSDockerImage.sh  | 2 +-
 weblogic-azure-aks/src/main/arm/scripts/invokeSetupWLSDomain.sh | 2 +-
 weblogic-azure-aks/src/main/arm/scripts/setupWLSDomain.sh       | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/weblogic-azure-aks/src/main/arm/scripts/buildWLSDockerImage.sh b/weblogic-azure-aks/src/main/arm/scripts/buildWLSDockerImage.sh
index c64080682..ffaafdcdf 100644
--- a/weblogic-azure-aks/src/main/arm/scripts/buildWLSDockerImage.sh
+++ b/weblogic-azure-aks/src/main/arm/scripts/buildWLSDockerImage.sh
@@ -1,4 +1,4 @@
-# Copyright (c) 2019, 2020, Oracle Corporation and/or its affiliates.
+# Copyright (c) 2021, Oracle Corporation and/or its affiliates.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 
 #Function to output message to StdErr
diff --git a/weblogic-azure-aks/src/main/arm/scripts/invokeSetupWLSDomain.sh b/weblogic-azure-aks/src/main/arm/scripts/invokeSetupWLSDomain.sh
index 809fe66e4..efa265a48 100644
--- a/weblogic-azure-aks/src/main/arm/scripts/invokeSetupWLSDomain.sh
+++ b/weblogic-azure-aks/src/main/arm/scripts/invokeSetupWLSDomain.sh
@@ -1,4 +1,4 @@
-# Copyright (c) 2019, 2020, Oracle Corporation and/or its affiliates.
+# Copyright (c) 2021, Oracle Corporation and/or its affiliates.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 
 echo "Script starts"
diff --git a/weblogic-azure-aks/src/main/arm/scripts/setupWLSDomain.sh b/weblogic-azure-aks/src/main/arm/scripts/setupWLSDomain.sh
index e2c3205d7..0406b46b7 100644
--- a/weblogic-azure-aks/src/main/arm/scripts/setupWLSDomain.sh
+++ b/weblogic-azure-aks/src/main/arm/scripts/setupWLSDomain.sh
@@ -1,4 +1,4 @@
-# Copyright (c) 2019, 2020, Oracle Corporation and/or its affiliates.
+# Copyright (c) 2021, Oracle Corporation and/or its affiliates.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 
 echo "Script starts"