Skip to content

fix password and user in jdbc standalone xml #1213

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 15 commits into from
Closed

fix password and user in jdbc standalone xml #1213

wants to merge 15 commits into from

Conversation

CarolynRountree
Copy link
Contributor

First part of WDT-675. Looks for password and user in jdbc standalone xml app and tokenizes or replaces the values with the fix token.

@oracle-contributor-agreement oracle-contributor-agreement bot added the OCA Verified All contributors have signed the Oracle Contributor Agreement. label Oct 7, 2022
rakillen
rakillen reviewed Oct 24, 2022
View reviewed changes
@jshum2479
Copy link
Member

Can we change the name of the generated secret token not to use . -> change it to - ? It breaks wko eventually.

    "message" : "Failure invoking 'create' on job  in namespace sample-domain1-ns : Job.batch "sample-domain1-introspector" is invalid: [spec.template.spec.volumes[3].name: Invalid value: "sample-domain1-localpdb-jdbc.xml-user-volume": a lowercase RFC 1123 label must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character (e.g. 'my-name',  or '123-abc', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?'), spec.template.spec.volumes[4].name: Invalid value: "sample-domain1-localpdb-jdbc2.xml-user-volume": a lowercase RFC 1123 label must consist of lower case alphanumeric characters or '-', and must start and end with an alphanumeric character (e.g. 'my-name',  or '123-abc', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?'), spec.template.spec.containers[0].volumeMounts[3].name: Not found: "sample-domain1-localpdb-jdbc.xml-user-volume", spec.template.spec.containers[0].volumeMounts[4].name: Not found: "sample-domain1-localpdb-jdbc2.xml-user-volume"]: Kubernetes"

@robertpatrick
Copy link
Member

The secret name embedded in the generated secret token MUST be a legal Kubernetes name.

@jshum2479
Copy link
Member

Also, I believe we have some logic to limit the number of characters of the generated token so that it won't fail later, and the logic should apply here also. @rakillen ?

@rakillen
Copy link
Member

rakillen commented Oct 25, 2022
edited
Loading

@jshum2479 The character count check currently happens in the generated create_k8s_secrets.sh script, and warns the user to fix them.

Warning: These {0} secret names are too long to be mounted in a Kubernetes pod:
. . .
Secret names to be mounted in a Kubernetes pod should be limited to 63 characters.
To correct this, shorten the DOMAIN_UID or the secret key(s) in this generated script and re-execute.

We don't currently check before that point, because we don't have a good way of shortening any that are too long, and ensuring that they stay unique.

@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

0.0% 0.0% Coverage
0.0% 0.0% Duplication

@jshum2479 jshum2479 mentioned this pull request Oct 26, 2022
Merged
@robertpatrick
Copy link
Member

Handled in #1220

@robertpatrick robertpatrick deleted the WDT-675-tokenize-app-credentials branch October 26, 2022 16:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jshum2479 jshum2479 jshum2479 left review comments

@rakillen rakillen rakillen left review comments

@robertpatrick robertpatrick Awaiting requested review from robertpatrick

Assignees
No one assigned
Labels
OCA Verified All contributors have signed the Oracle Contributor Agreement.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@CarolynRountree @jshum2479 @robertpatrick @rakillen