Merge remote-tracking branch 'origin/main' into release/4.0

Author: rjeberhard

ItOpenshiftIstioMiiDomain.java

@@ -0,0 +1,321 @@
+// Copyright (c) 2022, Oracle and/or its affiliates.
+// Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+package oracle.weblogic.kubernetes;
+
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import io.kubernetes.client.openapi.models.V1EnvVar;
+import io.kubernetes.client.openapi.models.V1LocalObjectReference;
+import io.kubernetes.client.openapi.models.V1ObjectMeta;
+import io.kubernetes.client.openapi.models.V1SecretReference;
+import io.kubernetes.client.util.Yaml;
+import oracle.weblogic.domain.Cluster;
+import oracle.weblogic.domain.Configuration;
+import oracle.weblogic.domain.Domain;
+import oracle.weblogic.domain.DomainSpec;
+import oracle.weblogic.domain.Istio;
+import oracle.weblogic.domain.Model;
+import oracle.weblogic.domain.OnlineUpdate;
+import oracle.weblogic.domain.ServerPod;
+import oracle.weblogic.kubernetes.actions.impl.primitive.Command;
+import oracle.weblogic.kubernetes.actions.impl.primitive.CommandParams;
+import oracle.weblogic.kubernetes.actions.impl.primitive.HelmParams;
+import oracle.weblogic.kubernetes.annotations.IntegrationTest;
+import oracle.weblogic.kubernetes.annotations.Namespaces;
+import oracle.weblogic.kubernetes.logging.LoggingFacade;
+import oracle.weblogic.kubernetes.utils.ExecResult;
+import oracle.weblogic.kubernetes.utils.FileUtils;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Tag;
+import org.junit.jupiter.api.Test;
+
+import static oracle.weblogic.kubernetes.TestConstants.ADMIN_PASSWORD_DEFAULT;
+import static oracle.weblogic.kubernetes.TestConstants.ADMIN_USERNAME_DEFAULT;
+import static oracle.weblogic.kubernetes.TestConstants.DOMAIN_API_VERSION;
+import static oracle.weblogic.kubernetes.TestConstants.MII_BASIC_IMAGE_NAME;
+import static oracle.weblogic.kubernetes.TestConstants.MII_BASIC_IMAGE_TAG;
+import static oracle.weblogic.kubernetes.TestConstants.OPERATOR_CHART_DIR;
+import static oracle.weblogic.kubernetes.TestConstants.OPERATOR_RELEASE_NAME;
+import static oracle.weblogic.kubernetes.TestConstants.TEST_IMAGES_REPO_SECRET_NAME;
+import static oracle.weblogic.kubernetes.TestConstants.WEBLOGIC_SLIM;
+import static oracle.weblogic.kubernetes.actions.ActionConstants.RESOURCE_DIR;
+import static oracle.weblogic.kubernetes.actions.ActionConstants.WORK_DIR;
+import static oracle.weblogic.kubernetes.utils.ApplicationUtils.checkAppUsingHostHeader;
+import static oracle.weblogic.kubernetes.utils.CommonTestUtils.checkPodReadyAndServiceExists;
+import static oracle.weblogic.kubernetes.utils.ConfigMapUtils.createConfigMapAndVerify;
+import static oracle.weblogic.kubernetes.utils.DomainUtils.createDomainAndVerify;
+import static oracle.weblogic.kubernetes.utils.FileUtils.generateFileFromTemplate;
+import static oracle.weblogic.kubernetes.utils.ImageUtils.createTestRepoSecret;
+import static oracle.weblogic.kubernetes.utils.IstioUtils.createAdminServer;
+import static oracle.weblogic.kubernetes.utils.IstioUtils.deployHttpIstioGatewayAndVirtualservice;
+import static oracle.weblogic.kubernetes.utils.IstioUtils.deployIstioDestinationRule;
+import static oracle.weblogic.kubernetes.utils.OperatorUtils.installAndVerifyOperator;
+import static oracle.weblogic.kubernetes.utils.PodUtils.setPodAntiAffinity;
+import static oracle.weblogic.kubernetes.utils.SecretUtils.createSecretWithUsernamePassword;
+import static oracle.weblogic.kubernetes.utils.ThreadSafeLogger.getLogger;
+import static org.apache.commons.io.FileUtils.deleteQuietly;
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+/**
+ *
+ * A sample mii domain tests running in Openshift service mesh. The test assumes that the service mesh istio operator is
+ * running in istio-system namespace. All the service mesh related operators are installed and running as per this
+ * documentation. https://docs.openshift.com/container-platform/4.10/service_mesh/v2x/installing-ossm.html
+ */
+@DisplayName("Test Openshift servce mesh istio enabled WebLogic Domain in mii model")
+@Tag("openshift")
+@IntegrationTest
+class ItOpenshiftIstioMiiDomain {
+
+  private static String opNamespace = null;
+  private static String domainNamespace = null;
+
+  private String domainUid = "openshift-istio-mii";
+  private String configMapName = "dynamicupdate-istio-configmap";
+  private final String clusterName = "cluster-1"; // do not modify
+  private final String adminServerPodName = domainUid + "-admin-server";
+  private final String managedServerPrefix = domainUid + "-managed-server";
+  private final String workManagerName = "newWM";
+  private final int replicaCount = 2;
+
+  private static LoggingFacade logger = null;
+
+  /**
+   * Install Operator.
+   * @param namespaces list of namespaces created by the IntegrationTestWatcher
+  */
+  @BeforeAll
+  public static void initAll(@Namespaces(2) List<String> namespaces) {
+    logger = getLogger();
+
+    // get a new unique opNamespace
+    logger.info("Assign unique namespace for Operator");
+    assertNotNull(namespaces.get(0), "Namespace list is null");
+    opNamespace = namespaces.get(0);
+
+    logger.info("Assign unique namespace for Domain");
+    assertNotNull(namespaces.get(1), "Namespace list is null");
+    domainNamespace = namespaces.get(1);
+    
+    // edit service member roll to include operator and domain namespace so that 
+    // Openshift service mesh can add istio side cars to the operator and WebLogic pods.
+    Path smrYaml = Paths.get(WORK_DIR, "openshift", "servicememberroll.yaml");
+    assertDoesNotThrow(() -> {
+      deleteQuietly(smrYaml.getParent().toFile());
+      Files.createDirectories(smrYaml.getParent());
+    });
+    assertDoesNotThrow(() -> {
+      FileUtils.copy(Paths.get(RESOURCE_DIR, "openshift", "servicememberroll.yaml"),
+          smrYaml);
+      FileUtils.replaceStringInFile(smrYaml.toString(), "OPERATOR_NAMESPACE", opNamespace);
+      FileUtils.replaceStringInFile(smrYaml.toString(), "DOMAIN_NAMESPACE", domainNamespace);
+    });
+    logger.info("Run kubectl to create the service member roll");
+    CommandParams params = new CommandParams().defaults();
+    params.command("kubectl apply -f " + smrYaml.toString());
+    boolean result = Command.withParams(params).execute();
+    assertTrue(result, "Failed to create service member roll");
+
+    // install and verify operator with istio side car injection set to true
+    String opSa = opNamespace + "-sa";
+    HelmParams opHelmParams
+        = new HelmParams().releaseName(OPERATOR_RELEASE_NAME)
+            .namespace(opNamespace)
+            .chartDir(OPERATOR_CHART_DIR);
+    
+    installAndVerifyOperator(opNamespace,
+        opSa, // operator service account
+        false, // with REST api enabled
+        0, // externalRestHttpPort
+        opHelmParams, // operator helm parameters
+        false, // ElkintegrationEnabled
+        null, // domainspaceSelectionStrategy
+        null, // domainspaceSelector
+        false, // enableClusterRolebinding
+        "INFO", // operator pod log level
+        -1, // domainPresenceFailureRetryMaxCount
+        -1, // domainPresenceFailureRetrySeconds
+        true, // openshift istio injection
+        domainNamespace // domainNamespace
+    );
+  }
+
+  /**
+   * Create a domain using model-in-image model.
+   * Inject sidecar.istio.io in domain resource under global serverPod object.
+   * Set localhostBindingsEnabled to true in istio configuration. 
+   * Add istio configuration with default readinessPort.
+   * Do not add any AdminService under AdminServer configuration.
+   * Deploy istio gateways and virtual service.
+   * Verify server pods are in ready state and services are created.
+   * Verify login to WebLogic console is successful thru istio ingress port.
+   * Deploy a web application thru istio http ingress port using REST api.  
+   * Access web application thru istio http ingress port using curl.
+   */
+  @Test
+  @DisplayName("Create WebLogic Domain with mii model with openshift service mesh")  
+  void testIstioModelInImageDomain() {
+
+    // Create the repo secret to pull the image
+    // this secret is used only for non-kind cluster
+    createTestRepoSecret(domainNamespace);
+
+    // create secret for admin credentials
+    logger.info("Create secret for admin credentials");
+    String adminSecretName = "weblogic-credentials";
+    assertDoesNotThrow(() -> createSecretWithUsernamePassword(
+                                    adminSecretName,
+                                    domainNamespace,
+                                    ADMIN_USERNAME_DEFAULT,
+                                    ADMIN_PASSWORD_DEFAULT),
+        String.format("createSecret failed for %s", adminSecretName));
+
+    // create encryption secret
+    logger.info("Create encryption secret");
+    String encryptionSecretName = "encryptionsecret";
+    assertDoesNotThrow(() -> createSecretWithUsernamePassword(
+                                      encryptionSecretName,
+                                      domainNamespace,
+                            "weblogicenc",
+                            "weblogicenc"),
+                    String.format("createSecret failed for %s", encryptionSecretName));
+
+    // create WDT config map without any files
+    createConfigMapAndVerify(configMapName, domainUid, domainNamespace, Collections.emptyList());
+    // create the domain object
+    Domain domain = createDomainResource(domainUid,
+                                      domainNamespace,
+                                      adminSecretName,
+                                      TEST_IMAGES_REPO_SECRET_NAME,
+                                      encryptionSecretName,
+                                      replicaCount,
+                              MII_BASIC_IMAGE_NAME + ":" + MII_BASIC_IMAGE_TAG,
+                              configMapName);
+    logger.info(Yaml.dump(domain));
+
+    // create model in image domain
+    createDomainAndVerify(domain, domainNamespace);
+
+    logger.info("Check admin service {0} is created in namespace {1}",
+        adminServerPodName, domainNamespace);
+    checkPodReadyAndServiceExists(adminServerPodName, domainUid, domainNamespace);
+    // check managed server services created
+    for (int i = 1; i <= replicaCount; i++) {
+      logger.info("Check managed service {0} is created in namespace {1}",
+          managedServerPrefix + i, domainNamespace);
+      checkPodReadyAndServiceExists(managedServerPrefix + i, domainUid, domainNamespace);
+    }
+
+    String clusterService = domainUid + "-cluster-" + clusterName + "." + domainNamespace + ".svc.cluster.local";
+
+    Map<String, String> templateMap  = new HashMap<>();
+    templateMap.put("NAMESPACE", domainNamespace);
+    templateMap.put("DUID", domainUid);
+    templateMap.put("ADMIN_SERVICE",adminServerPodName);
+    templateMap.put("CLUSTER_SERVICE", clusterService);
+    templateMap.put("testwebapp", "sample-war");
+
+    Path srcHttpFile = Paths.get(RESOURCE_DIR, "istio", "istio-http-template.yaml");
+    Path targetHttpFile = assertDoesNotThrow(
+        () -> generateFileFromTemplate(srcHttpFile.toString(), "openshift-istio-http.yaml", templateMap));
+    logger.info("Generated Http VS/Gateway file path is {0}", targetHttpFile);
+
+    boolean deployRes = assertDoesNotThrow(
+        () -> deployHttpIstioGatewayAndVirtualservice(targetHttpFile));
+    assertTrue(deployRes, "Failed to deploy Http Istio Gateway/VirtualService");
+
+    Path srcDrFile = Paths.get(RESOURCE_DIR, "istio", "istio-dr-template.yaml");
+    Path targetDrFile = assertDoesNotThrow(
+        () -> generateFileFromTemplate(srcDrFile.toString(), "openshift-istio-dr.yaml", templateMap));
+    logger.info("Generated DestinationRule file path is {0}", targetDrFile);
+
+    deployRes = assertDoesNotThrow(
+        () -> deployIstioDestinationRule(targetDrFile));
+    assertTrue(deployRes, "Failed to deploy Istio DestinationRule");
+    
+    // get gateway url
+    // oc -n istio-system get route istio-ingressgateway -o jsonpath='{.spec.host}'
+    logger.info("Run kubectl to get ingress gateway route");
+    CommandParams params = new CommandParams().defaults();
+    params.command("kubectl get route -n istio-system istio-ingressgateway -o jsonpath='{.spec.host}'");
+    ExecResult result = Command.withParams(params).executeAndReturnResult();
+    assertEquals(0, result.exitValue());
+    assertNotNull(result.stdout());
+    String gatewayUrl = result.stdout();
+    
+    if (!WEBLOGIC_SLIM) {
+      String consoleUrl = gatewayUrl + "/console/login/LoginForm.jsp";
+      boolean checkConsole = checkAppUsingHostHeader(consoleUrl, domainNamespace + ".org");
+      assertTrue(checkConsole, "Failed to access WebLogic console");
+      logger.info("WebLogic console is accessible");
+
+    } else {
+      logger.info("Skipping WebLogic console test for slim image");
+    }
+
+    String url = "http://" + gatewayUrl + "/sample-war/index.jsp";
+    logger.info("Application Access URL {0}", url);
+    boolean checkApp = checkAppUsingHostHeader(url, domainNamespace + ".org");
+    assertTrue(checkApp, "Failed to access WebLogic application");
+  }
+
+  private Domain createDomainResource(String domainUid, String domNamespace,
+           String adminSecretName, String repoSecretName,
+           String encryptionSecretName, int replicaCount,
+           String miiImage, String configmapName) {
+
+    // create the domain CR
+    Domain domain = new Domain()
+        .apiVersion(DOMAIN_API_VERSION)
+        .kind("Domain")
+        .metadata(new V1ObjectMeta()
+            .name(domainUid)
+            .namespace(domNamespace))
+        .spec(new DomainSpec()
+            .domainUid(domainUid)
+            .domainHomeSourceType("FromModel")
+            .image(miiImage)
+            .imagePullPolicy("IfNotPresent")
+            .addImagePullSecretsItem(new V1LocalObjectReference()
+                .name(repoSecretName))
+            .webLogicCredentialsSecret(new V1SecretReference()
+                .name(adminSecretName)
+                .namespace(domNamespace))
+            .includeServerOutInPodLog(true)
+            .serverStartPolicy("IF_NEEDED")
+            .serverPod(new ServerPod()
+                .putAnnotationsItem("sidecar.istio.io/inject", "true")
+                .addEnvItem(new V1EnvVar()
+                    .name("JAVA_OPTIONS")
+                    .value("-Dweblogic.StdoutDebugEnabled=false -Dweblogic.rjvm.enableprotocolswitch=true"))
+                .addEnvItem(new V1EnvVar()
+                    .name("USER_MEM_ARGS")
+                    .value("-Djava.security.egd=file:/dev/./urandom ")))
+            .adminServer(createAdminServer())
+            .addClustersItem(new Cluster()
+                .clusterName(clusterName)
+                .replicas(replicaCount))
+            .configuration(new Configuration()
+                .istio(new Istio()
+                    .localhostBindingsEnabled(Boolean.FALSE))
+                .model(new Model()
+                    .domainType("WLS")
+                    .configMap(configmapName)
+                    .onlineUpdate(new OnlineUpdate().enabled(true))
+                    .runtimeEncryptionSecret(encryptionSecretName))
+            .introspectorJobActiveDeadlineSeconds(300L)));
+    setPodAntiAffinity(domain);
+    return domain;
+  }
+}

integration-tests/src/test/java/oracle/weblogic/kubernetes/utils/CommonLBTestUtils.java

@@ -89,7 +89,6 @@
 import static oracle.weblogic.kubernetes.utils.ThreadSafeLogger.getLogger;
 import static org.apache.commons.io.FileUtils.deleteDirectory;
 import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
-import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertFalse;
 import static org.junit.jupiter.api.Assertions.assertNotEquals;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
@@ -525,11 +524,16 @@ public static void buildAndDeployClusterviewApp(String domainNamespace, List<Str
     for (String domainUid : domainUids) {
       // admin/managed server name here should match with model yaml in MII_BASIC_WDT_MODEL_FILE
       String adminServerPodName = domainUid + "-admin-server";
-      deployApplication(domainNamespace, domainUid, adminServerPodName, clusterViewAppPath);
+      testUntil(() -> deployApplication(domainNamespace, domainUid, adminServerPodName, clusterViewAppPath),
+          getLogger(),
+          "deploying application {0} to pod {1} in namespace {2} succeeds",
+          clusterViewAppPath,
+          adminServerPodName,
+          domainNamespace);
     }
   }
 
-  private static void deployApplication(String namespace, String domainUid, String adminServerPodName,
+  private static boolean deployApplication(String namespace, String domainUid, String adminServerPodName,
                                         Path clusterViewAppPath) {
     getLogger().info("Getting node port for admin server default channel");
     int serviceNodePort = assertDoesNotThrow(() ->
@@ -545,7 +549,7 @@ private static void deployApplication(String namespace, String domainUid, String
         targets, clusterViewAppPath, null, domainUid + "clusterview");
     assertNotNull(result, "Application deployment failed");
     getLogger().info("Application deployment returned {0}", result.toString());
-    assertEquals("202", result.stdout(), "Deployment didn't return HTTP status code 202");
+    return result.stdout().equals("202");
   }
 
   /**

integration-tests/src/test/resources/opnshift/servicememberroll.yaml

@@ -0,0 +1,9 @@
+apiVersion: maistra.io/v1
+kind: ServiceMeshMemberRoll
+metadata:
+  name: default
+  namespace: istio-system
+spec:
+  members:
+  - OPERATOR_NAMESPACE
+  - DOMAIN_NAMESPACE

operator/src/main/resources/scripts/model_wdt_mii_filter.py

@@ -144,6 +144,13 @@ def toDNS1123Legal(self, address):
   def getModel(self):
     return self.model
 
+  def wlsVersionEarlierThan(self, version):
+    # unconventional import within function definition for unit testing
+    from weblogic.management.configuration import LegalHelper
+    # WLS Domain versions supported by operator are 12.2.1.3 + patches, 12.2.1.4
+    # and 14.1.1.0 so current version will only be one of these that are listed.
+    return LegalHelper.versionEarlierThan("14.1.1.0", version)
+
 class SecretManager(object):
 
   def __init__(self, env):

operator/src/test/python/test_wdt_mii_filter.py

@@ -341,5 +341,8 @@ def readFile(self, path):
 
     return self.WLS_CRED_PASSWORD
 
+  def wlsVersionEarlierThan(self, version):
+    return False
+
 if __name__ == '__main__':
   unittest.main()

pom.xml

@@ -643,7 +643,7 @@
     <assertj.core.version>3.23.1</assertj.core.version>
     <commons.io.version>2.11.0</commons.io.version>
     <awaitility-version>4.2.0</awaitility-version>
-    <client-java-version>16.0.1</client-java-version>
+    <client-java-version>16.0.2</client-java-version>
     <kotlin-stdlib-version>1.7.20</kotlin-stdlib-version>
     <okhttp-version>4.10.0</okhttp-version>
     <junit.jupiter.version>5.9.1</junit.jupiter.version>