fix directory permissions for domain parent (#281)

* fix directory permissions for domain parent and add directory permissions to integration test

* SELinux host infects running container creating a . at the end of the permissions string

Author: ddsharpe

imagetool/src/main/java/com/oracle/weblogic/imagetool/util/DockerfileOptions.java

@@ -4,6 +4,8 @@
 package com.oracle.weblogic.imagetool.util;
 
 import java.io.File;
+import java.nio.file.Path;
+import java.nio.file.Paths;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
@@ -345,6 +347,17 @@ public String domain_home() {
         }
     }
 
+    /**
+     * Utility function to get the parent directory of the domain home directory.
+     * @return the parent path, or the domain home if the domain home does not have a parent.
+     */
+    @SuppressWarnings("unused")
+    public String domain_parent() {
+        Path dir = Paths.get(domain_home());
+        String parent = dir.getParent().toString();
+        return parent != null ? parent : domain_home();
+    }
+
     @SuppressWarnings("unused")
     public String wdt_home() {
         return wdtHome;
@@ -564,11 +577,7 @@ public boolean isWdtEnabled() {
      * @return true if the WDT installer file is a tar.gz file; false otherwise.
      */
     public boolean usingWdtTarGzInstaller() {
-        boolean result = false;
-        if (wdtInstallerFilename != null && wdtInstallerFilename.toLowerCase().endsWith(".tar.gz")) {
-            result = true;
-        }
-        return result;
+        return wdtInstallerFilename != null && wdtInstallerFilename.toLowerCase().endsWith(".tar.gz");
     }
 
     /**

imagetool/src/main/resources/docker-files/final-wdt-copy.mustache

@@ -4,14 +4,13 @@
 # Copy WDT files or domain into the final image
 
 {{#modelOnly}}
-    RUN DOMAIN_PARENT=$(dirname {{{domain_home}}}) \
-    && mkdir -p $DOMAIN_PARENT {{{wdt_home}}} {{{wdt_model_home}}} \
-    && chown {{userid}}:{{groupid}} $DOMAIN_PARENT {{{wdt_home}}} {{{wdt_model_home}}}
+    RUN mkdir -p {{{domain_parent}}} {{{wdt_home}}} {{{wdt_model_home}}} \
+    && chown {{userid}}:{{groupid}} {{{domain_parent}}} {{{wdt_home}}} {{{wdt_model_home}}}
     COPY --from=wdt_build --chown={{userid}}:{{groupid}} {{wdt_home}} {{wdt_home}}/
     {{#isWdtModelHomeOutsideWdtHome}}
         COPY --from=wdt_build --chown={{userid}}:{{groupid}} {{wdt_model_home}} {{wdt_model_home}}/
     {{/isWdtModelHomeOutsideWdtHome}}
-    RUN chmod g+w $DOMAIN_PARENT {{{wdt_home}}} {{{wdt_model_home}}}
+    RUN chmod g+w {{{domain_parent}}} {{{wdt_home}}} {{{wdt_model_home}}}
 {{/modelOnly}}
 {{^modelOnly}}
     COPY --from=wdt_build --chown={{userid}}:{{groupid}} {{{domain_home}}} {{{domain_home}}}/

tests/src/test/java/com/oracle/weblogic/imagetool/tests/ITImagetool.java

@@ -217,6 +217,15 @@ static void staticPrepare() throws Exception {
             throw new Exception("Please set environment variables ORACLE_SUPPORT_USERNAME and ORACLE_SUPPORT_PASSWORD"
                 + " for Oracle Support credentials to download the patches.");
         }
+
+        logger.info("Building WDT archive ...");
+        Path scriptPath = Paths.get("src", "test", "resources", "wdt", "build-archive.sh");
+        String command = "sh " + scriptPath;
+        CommandResult result = executeAndVerify(command);
+        if (result.exitValue() != 0) {
+            logger.severe(result.stdout());
+            throw new IOException("Failed to build WDT Archive");
+        }
     }
 
     @AfterAll
@@ -266,17 +275,6 @@ private void verifyFileInImage(String imagename, String filename, String expecte
         }
     }
 
-    private void buildWdtArchive() throws Exception {
-        logger.info("Building WDT archive ...");
-        Path scriptPath = Paths.get("src", "test", "resources", "wdt", "build-archive.sh");
-        String command = "sh " + scriptPath;
-        CommandResult result = executeAndVerify(command);
-        if (result.exitValue() != 0) {
-            logger.severe(result.stdout());
-            throw new IOException("Failed to build WDT Archive");
-        }
-    }
-
     private void createDBContainer() throws Exception {
         logger.info("Creating an Oracle db docker container ...");
         String command = "docker rm -f " + dbContainerName;
@@ -291,7 +289,7 @@ private void createDBContainer() throws Exception {
         checkCmdInLoop(command);
     }
 
-    private CommandResult executeAndVerify(String command) throws Exception {
+    private static CommandResult executeAndVerify(String command) throws Exception {
         logger.info("Executing command: " + command);
         CommandResult result = Runner.run(command);
         assertEquals(0, result.exitValue(), "for command: " + command);
@@ -495,6 +493,33 @@ void cacheOpatch(TestInfo testInfo) throws Exception {
         }
     }
 
+    /**
+     * Add WDT installer to the cache.
+     * @throws IOException if getting a file to write the command output fails
+     * @throws InterruptedException if running the Java command fails
+     */
+    @Test
+    @Order(7)
+    @Tag("gate")
+    @Tag("cache")
+    @DisplayName("Add WDT installer to cache")
+    void cacheAddInstallerWdt(TestInfo testInfo) throws IOException, InterruptedException {
+        // add WDT installer to the cache
+        Path wdtPath = Paths.get(STAGING_DIR, WDT_INSTALLER);
+        String addCommand = new CacheCommand()
+            .addInstaller(true)
+            .type("wdt")
+            .version(WDT_VERSION)
+            .path(wdtPath)
+            .build();
+
+        try (PrintWriter out = getTestMethodWriter(testInfo)) {
+            CommandResult addResult = Runner.run(addCommand, out, logger);
+            // the process return code for addInstaller should be 0
+            assertEquals(0, addResult.exitValue(), "for command: " + addCommand);
+        }
+    }
+
     /**
      * create a WLS image with default WLS version.
      *
@@ -559,22 +584,8 @@ void updateWlsImg(TestInfo testInfo) throws Exception {
     @Tag("gate")
     @DisplayName("Create WLS image with WDT domain")
     void createWlsImgUsingWdt(TestInfo testInfo) throws Exception {
-        // add WDT installer to the cache
-        Path wdtPath = Paths.get(STAGING_DIR, WDT_INSTALLER);
-        String addCommand = new CacheCommand()
-            .addInstaller(true)
-            .type("wdt")
-            .version(WDT_VERSION)
-            .path(wdtPath)
-            .build();
 
         try (PrintWriter out = getTestMethodWriter(testInfo)) {
-            CommandResult addResult = Runner.run(addCommand, out, logger);
-            // the process return code for addInstaller should be 0
-            assertEquals(0, addResult.exitValue(), "for command: " + addCommand);
-
-            // build the wdt archive
-            buildWdtArchive();
 
             String tagName = build_tag + ":" + getMethodName(testInfo);
             // create a WLS image with a domain
@@ -702,9 +713,6 @@ void createJrfDomainImgUsingWdt(TestInfo testInfo) throws Exception {
 
         // test assumes that the default JDK version 8u202 is already in the cache
 
-        // build the wdt archive
-        buildWdtArchive();
-
         Path tmpWdtModel = Paths.get(wlsImgBldDir, WDT_MODEL1);
 
         // update wdt model file
@@ -755,9 +763,6 @@ void createRestrictedJrfDomainImgUsingWdt(TestInfo testInfo) throws Exception {
 
         // test assumes that the default JDK version 8u202 is already in the cache
 
-        // build the wdt archive
-        buildWdtArchive();
-
         String tagName = build_tag + ":" + getMethodName(testInfo);
         String command = new CreateCommand()
             .tag(tagName)
@@ -800,9 +805,6 @@ void createWlsImgUsingMultiModels(TestInfo testInfo) throws Exception {
 
         // test assumes that the WDT installer is already in the cache
 
-        // build the wdt archive
-        buildWdtArchive();
-
         String tagName = build_tag + ":" + getMethodName(testInfo);
         String command = new CreateCommand()
             .tag(tagName)
@@ -923,13 +925,13 @@ void updateImageWithServerJRE(TestInfo testInfo) throws Exception {
     }
 
     /**
-     * Create an image with WDT Model only on OL 8-slim
+     * Create an image with WDT Model on OL 8-slim
      *
      * @throws Exception - if any error occurs
      */
     @Test
-    @Order(28)
-    @Tag("nightly")
+    @Order(14)
+    @Tag("gate")
     @DisplayName("Create Model in Image with OL 8-slim")
     void createMiiOl8slim(TestInfo testInfo) throws Exception {
         // test assumes that WDT installer is already in the cache from previous test
@@ -938,8 +940,6 @@ void createMiiOl8slim(TestInfo testInfo) throws Exception {
 
         // test assumes that the default JDK version 8u202 is already in the cache
 
-        // test assumes that the WDT archive was already constructed
-
         Path tmpWdtModel = Paths.get(wlsImgBldDir, WDT_MODEL1);
 
         // update wdt model file
@@ -964,6 +964,31 @@ void createMiiOl8slim(TestInfo testInfo) throws Exception {
             // verify the docker image is created
             String imageId = Runner.run("docker images -q " + tagName, out, logger).stdout().trim();
             assertFalse(imageId.isEmpty(), "Image was not created: " + tagName);
+
+            validateDirectoryPermissions("/u01/domains", "drwxrwxr-x", tagName, out);
+            validateDirectoryPermissions("/u01/wdt", "drwxrwxr-x", tagName, out);
+            validateDirectoryPermissions("/u01/wdt/models", "drwxrwxr-x", tagName, out);
+            validateDirectoryPermissions("/u01/wdt/weblogic-deploy", "drwxr-x---", tagName, out);
+            validateDirectoryPermissions("/u01/oracle", "drwxr-xr-x", tagName, out);
         }
     }
+
+    /**
+     * Verify file permissions for a specified path on the given image.
+     * @param directory Directory name to check for permissions value.
+     * @param expected  Expected permission string, such as "drwxrwxr-x"
+     * @param tagName   Tag name or image ID of the image to inspect
+     * @param out       The printwriter where the docker run command will send stdout/stderr
+     * @throws IOException if process start fails
+     * @throws InterruptedException if the wait is interrupted before the process completes
+     */
+    private void validateDirectoryPermissions(String directory, String expected, String tagName, PrintWriter out)
+        throws IOException, InterruptedException {
+        String command = String.format(" docker run -t %s ls -ld %s", tagName, directory);
+        String actual = Runner.run(command, out, logger).stdout().trim();
+        String[] tokens = actual.split(" ", 2);
+        assertEquals(2, tokens.length, "Unable to get directory permissions for " + directory);
+        // When running on an SELinux host, the permissions shown by ls will end with a "."
+        assertTrue(tokens[0].startsWith(expected), "Incorrect directory permissions for " + directory);
+    }
 }