Security Review Changes to aks files #7
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mriccell
reviewed
Aug 10, 2021
| #Function to display usage message | ||
| function usage() { | ||
| echo_stdout "./setupWLSDomain.sh <ocrSSOUser> <ocrSSOPSW> <aksClusterRGName> <aksClusterName> <wlsImageTag> <acrName> <wlsDomainName> <wlsDomainUID> <wlsUserName> <wlsCPU> <wlsMemory> <managedServerPrefix> <appReplicas> <appPackageUrls> <currentResourceGroup> <scriptURL> <storageAccountName> <wlsClusterSize>" | ||
| echo_stdout "<ocrSSOPSW> <wlsPassword> <wdtRuntimePassword> ./setupWLSDomain.sh <ocrSSOUser> <aksClusterRGName> <aksClusterName> <wlsImageTag> <acrName> <wlsDomainName> <wlsDomainUID> <wlsUserName> <wlsCPU> <wlsMemory> <managedServerPrefix> <appReplicas> <appPackageUrls> <currentResourceGroup> <scriptURL> <storageAccountName> <wlsClusterSize>" |
There was a problem hiding this comment.
Are we displaying the wls password and wdt password to standard out?
There was a problem hiding this comment.
Here is the response I received from Ed Burns ....
"No, we are not. That is just the usage string, which includes literals like “” and “” for parameters named foo and bar."
There was a problem hiding this comment.
I do not think this will be approved
There was a problem hiding this comment.
@mriccell I have updated it
| --version 2.0 \ | ||
| --settings "{ \"fileUris\": [\"${scriptURL}model.yaml\",\"${scriptURL}model.properties\",\"${scriptURL}buildWLSDockerImage.sh\"]}" \ | ||
| --protected-settings "{\"commandToExecute\":\"bash buildWLSDockerImage.sh ${wlsImagePath} ${azureACRServer} ${azureACRUserName} ${newImageTag} \\\"${appPackageUrls}\\\" ${ocrSSOUser} ${wlsClusterSize}\"}" | ||
| --protected-settings "{\"commandToExecute\":\"echo ${azureACRPassword} ${ocrSSOPSW} | bash ./buildWLSDockerImage.sh ${wlsImagePath} ${azureACRServer} ${azureACRUserName} ${newImageTag} \\\"${appPackageUrls}\\\" ${ocrSSOUser} ${ocrSSOPSW} \"}" |
There was a problem hiding this comment.
Passing ocr password on the command line?
There was a problem hiding this comment.
Here is the response I received from Ed Burns ....
No, we are not. We are passing that information in the --protected-settings option to the Azure Resource Manager (ARM). This means the values will not be echoed. The “echo” that you see is for the command that runs inside ARM, and in that case we are using the “allow the script to read sensitive parameters from stdin.
mriccell
approved these changes
Aug 12, 2021
gnsuryan
added a commit
that referenced
this pull request
Mar 3, 2022
merge latest changes from oracle/weblogic-azure to gnsuryan/weblogic-azure
edburns
pushed a commit
to azure-javaee/weblogic-azure
that referenced
this pull request
Aug 13, 2025
# This is the 1st commit message: single node: modify UI and template increase pom upgrade Microsoft.Resources/deployments API version add toolTip for tag control. fix artifact version # This is the commit message #2: admin offer: modify UI and templates # This is the commit message #3: guidance for tagging resource # This is the commit message oracle#4: fix function error in admin/mainTemplate.json # This is the commit message oracle#5: use aka link for maven download url # This is the commit message oracle#6: fix mavn installation path # This is the commit message oracle#7: use actions/upload-artifact: v4 # This is the commit message oracle#8: modify UI and templates in cluster offer # This is the commit message oracle#9: fix tag issue in _pswlessDbTemplate.json # This is the commit message oracle#10: use download-artifact@v4 # This is the commit message oracle#11: format mainTemplate.json in cluster offer # This is the commit message oracle#12: fix variable reference issue # This is the commit message oracle#13: fix template error in cluster offer # This is the commit message oracle#14: On branch tags-for-resources Include a little text about Tags. modified: resources/doc/guidance-for-tagging-resource.md Signed-off-by: Ed Burns <edburns@microsoft.com> # This is the commit message oracle#15: On branch tags-for-resources Reference the PR. modified: resources/doc/guidance-for-tagging-resource.md Signed-off-by: Ed Burns <edburns@microsoft.com> # This is the commit message oracle#16: On branch tags-for-resources Explain why only some occurrences of the resource type identifiers are filtered. modified: resources/azure-common.properties Signed-off-by: Ed Burns <edburns@microsoft.com> # This is the commit message oracle#17: On branch tags-for-resources Comment copy/pasted behavior. modified: weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/mainTemplate.json modified: weblogic-azure-vm/arm-oraclelinux-wls-cluster/arm-oraclelinux-wls-cluster/src/main/arm/mainTemplate.json modified: weblogic-azure-vm/arm-oraclelinux-wls/src/main/arm/mainTemplate.json Signed-off-by: Ed Burns <edburns@microsoft.com> # This is the commit message oracle#18: On branch tags-for-resources Fix DRY violation: define label in one place. modified: resources/azure-common.properties modified: weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/mainTemplate.json modified: weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/_dbTemplate.json modified: weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/_dnszones/_createDNSZonesTemplate.json modified: weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/_dnszones/_uamiAndRoleAssignment.json modified: weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/_dnszones/_updateDNSZonesTemplate.json modified: weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/_installJdbcLibsTemplate.json modified: weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/_keyVaultNestedTemplate.json modified: weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/_pswlessDbTemplate.json modified: weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/aadNestedTemplate.json modified: weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/adminTemplate.json modified: weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/adminTemplateForCustomSSL.json modified: weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/dbTemplate.json modified: weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/dnszonesTemplate.json modified: weblogic-azure-vm/arm-oraclelinux-wls-admin/src/main/arm/nestedtemplates/elkNestedTemplate.json modified: weblogic-azure-vm/arm-oraclelinux-wls-cluster/arm-oraclelinux-wls-cluster/src/main/arm/mainTemplate.json modified: weblogic-azure-vm/arm-oraclelinux-wls-cluster/arm-oraclelinux-wls-cluster/src/main/arm/nestedtemplates/_dbTemplate.json modified: weblogic-azure-vm/arm-oraclelinux-wls-cluster/arm-oraclelinux-wls-cluster/src/main/arm/nestedtemplates/_dnszones/_createDNSZonesTemplate.json modified: weblogic-azure-vm/arm-oraclelinux-wls-cluster/arm-oraclelinux-wls-cluster/src/main/arm/nestedtemplates/_dnszones/_uamiAndRoleAssignment.json modified: weblogic-azure-vm/arm-oraclelinux-wls-cluster/arm-oraclelinux-wls-cluster/src/main/arm/nestedtemplates/_dnszones/_updateDNSZonesTemplate.json modified: weblogic-azure-vm/arm-oraclelinux-wls-cluster/arm-oraclelinux-wls-cluster/src/main/arm/nestedtemplates/_installJdbcLibsTemplate.json modified: weblogic-azure-vm/arm-oraclelinux-wls-cluster/arm-oraclelinux-wls-cluster/src/main/arm/nestedtemplates/_keyvault/_keyvaultWithExistingCertTemplate.json modified: weblogic-azure-vm/arm-oraclelinux-wls-cluster/arm-oraclelinux-wls-cluster/src/main/arm/nestedtemplates/_keyvault/_keyvaultWithNewCertTemplate.json modified: weblogic-azure-vm/arm-oraclelinux-wls-cluster/arm-oraclelinux-wls-cluster/src/main/arm/nestedtemplates/_keyvaultAdapterTemplate.json modified: weblogic-azure-vm/arm-oraclelinux-wls-cluster/arm-oraclelinux-wls-cluster/src/main/arm/nestedtemplates/_keyvaultAppGatewayConnectorTemplate.json modified: weblogic-azure-vm/arm-oraclelinux-wls-cluster/arm-oraclelinux-wls-cluster/src/main/arm/nestedtemplates/_keyvaultSSLConfigTemplate.json modified: weblogic-azure-vm/arm-oraclelinux-wls-cluster/arm-oraclelinux-wls-cluster/src/main/arm/nestedtemplates/_pswlessDbTemplate.json modified: weblogic-azure-vm/arm-oraclelinux-wls-cluster/arm-oraclelinux-wls-cluster/src/main/arm/nestedtemplates/aadNestedTemplate.json modified: weblogic-azure-vm/arm-oraclelinux-wls-cluster/arm-oraclelinux-wls-cluster/src/main/arm/nestedtemplates/appGatewayNestedTemplate.json modified: weblogic-azure-vm/arm-oraclelinux-wls-cluster/arm-oraclelinux-wls-cluster/src/main/arm/nestedtemplates/clusterCustomSSLTemplate.json modified: weblogic-azure-vm/arm-oraclelinux-wls-cluster/arm-oraclelinux-wls-cluster/src/main/arm/nestedtemplates/clusterTemplate.json modified: weblogic-azure-vm/arm-oraclelinux-wls-cluster/arm-oraclelinux-wls-cluster/src/main/arm/nestedtemplates/coherenceTemplate.json modified: weblogic-azure-vm/arm-oraclelinux-wls-cluster/arm-oraclelinux-wls-cluster/src/main/arm/nestedtemplates/dbTemplate.json modified: weblogic-azure-vm/arm-oraclelinux-wls-cluster/arm-oraclelinux-wls-cluster/src/main/arm/nestedtemplates/dnszonesTemplate.json modified: weblogic-azure-vm/arm-oraclelinux-wls-cluster/arm-oraclelinux-wls-cluster/src/main/arm/nestedtemplates/elkNestedTemplate.json modified: weblogic-azure-vm/arm-oraclelinux-wls/src/main/arm/mainTemplate.json Signed-off-by: Ed Burns <edburns@microsoft.com> # This is the commit message oracle#19: Support tagging resource in WLS AKS offer (oracle#328) * modify aks offer to support tag * debug template * specify download path * add identifier.workspaces * tag vm and vm extension that are created with cli * test bicep 0.26.54 * fix empty vm tags * fix file share name * apply tags to agent pool * Tag for Microsoft.Monitor/accounts * doc for aks tag * clean up source code for tagging resources in aks offer. * increase pom version * add comment for bicep user defined function. # This is the commit message oracle#20: modify ui definition to show the java option element (oracle#332) increase pom # This is the commit message oracle#21: On branch edburns-msft-dd-2321245-empty-resource-group apply the "allowExisting" property. modified: pom.xml modified: weblogic-azure-aks/src/main/arm/createUiDefinition.json Signed-off-by: Ed Burns <edburns@microsoft.com> # This is the commit message oracle#22: use the properties Zhihao provided. # This is the commit message oracle#23: On branch edburns-msft-dd-2321245-empty-resource-group @backwind1233 pointed out the property was in the incorrect place. modified: pom.xml modified: weblogic-azure-aks/src/main/arm/createUiDefinition.json Signed-off-by: Ed Burns <edburns@microsoft.com> # This is the commit message oracle#24: enable deployment to non-empty resource groups
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.