Add test to verify RCU Schema Password change as well as WebLogic Credential update after that (#2368)

* first cut for jrf rcu password change

Author: maggiehe00

integration-tests/src/test/java/oracle/weblogic/kubernetes/ItFmwMiiDomain.java

@@ -35,6 +35,7 @@
 import static oracle.weblogic.kubernetes.actions.ActionConstants.RESOURCE_DIR;
 import static oracle.weblogic.kubernetes.actions.TestActions.patchDomainCustomResource;
 import static oracle.weblogic.kubernetes.actions.impl.primitive.Command.defaultCommandParams;
+import static oracle.weblogic.kubernetes.utils.CommonMiiTestUtils.verifyUpdateWebLogicCredential;
 import static oracle.weblogic.kubernetes.utils.CommonTestUtils.checkPodDeleted;
 import static oracle.weblogic.kubernetes.utils.CommonTestUtils.createDomainAndVerify;
 import static oracle.weblogic.kubernetes.utils.CommonTestUtils.createMiiImageAndVerify;
@@ -45,7 +46,9 @@
 import static oracle.weblogic.kubernetes.utils.CommonTestUtils.dockerLoginAndPushImageToRegistry;
 import static oracle.weblogic.kubernetes.utils.CommonTestUtils.installAndVerifyOperator;
 import static oracle.weblogic.kubernetes.utils.CommonTestUtils.patchServerStartPolicy;
+import static oracle.weblogic.kubernetes.utils.CommonTestUtils.updateRcuAccessSecret;
 import static oracle.weblogic.kubernetes.utils.DbUtils.setupDBandRCUschema;
+import static oracle.weblogic.kubernetes.utils.DbUtils.updateRcuPassword;
 import static oracle.weblogic.kubernetes.utils.FmwUtils.verifyDomainReady;
 import static oracle.weblogic.kubernetes.utils.ThreadSafeLogger.getLogger;
 import static org.awaitility.Awaitility.with;
@@ -54,28 +57,29 @@
 import static org.junit.jupiter.api.Assertions.assertTrue;
 
 @TestMethodOrder(MethodOrderer.OrderAnnotation.class)
-@DisplayName("Test to a create JRF model in image domain and start the domain")
+@DisplayName("Test to a create FMW model in image domain and start the domain")
 @IntegrationTest
 public class ItFmwMiiDomain {
 
   private static String dbNamespace = null;
   private static String opNamespace = null;
-  private static String jrfDomainNamespace = null;
-  private static String jrfMiiImage = null;
+  private static String fmwDomainNamespace = null;
+  private static String fmwMiiImage = null;
 
-  private static final String RCUSCHEMAPREFIX = "jrfdomainmii";
+  private static final String RCUSCHEMAPREFIX = "FMWDOMAINMII";
   private static final String ORACLEDBURLPREFIX = "oracledb.";
   private static final String ORACLEDBSUFFIX = ".svc.cluster.local:1521/devpdb.k8s";
   private static final String RCUSYSUSERNAME = "sys";
   private static final String RCUSYSPASSWORD = "Oradoc_db1";
   private static final String RCUSCHEMAUSERNAME = "myrcuuser";
   private static final String RCUSCHEMAPASSWORD = "Oradoc_db1";
+  private static final String RCUSCHEMAPASSWORDNEW = "Oradoc_db2";
   private static final String modelFile = "model-singleclusterdomain-sampleapp-jrf.yaml";
 
   private static String dbUrl = null;
   private static LoggingFacade logger = null;
 
-  private String domainUid = "jrfdomain-mii";
+  private String domainUid = "fmwdomain-mii";
   private String adminServerPodName = domainUid + "-admin-server";
   private String managedServerPrefix = domainUid + "-managed-server";
   private int replicaCount = 2;
@@ -113,9 +117,9 @@ public static void initAll(@Namespaces(3) List<String> namespaces) {
     assertNotNull(namespaces.get(1), "Namespace is null");
     opNamespace = namespaces.get(1);
 
-    logger.info("Assign a unique namespace for JRF domain");
+    logger.info("Assign a unique namespace for FMW domain");
     assertNotNull(namespaces.get(2), "Namespace is null");
-    jrfDomainNamespace = namespaces.get(2);
+    fmwDomainNamespace = namespaces.get(2);
 
     logger.info("Start DB and create RCU schema for namespace: {0}, RCU prefix: {1}, "
          + "dbUrl: {2}, dbImage: {3},  fmwImage: {4} ", dbNamespace, RCUSCHEMAPREFIX, dbUrl,
@@ -126,15 +130,15 @@ public static void initAll(@Namespaces(3) List<String> namespaces) {
         + "dbUrl %s", RCUSCHEMAPREFIX, dbNamespace, dbUrl));
 
     // install operator and verify its running in ready state
-    installAndVerifyOperator(opNamespace, jrfDomainNamespace);
+    installAndVerifyOperator(opNamespace, fmwDomainNamespace);
 
     logger.info("For ItFmwMiiDomain using DB image: {0}, FMW image {1}",
         DB_IMAGE_TO_USE_IN_SPEC, FMWINFRA_IMAGE_TO_USE_IN_SPEC);
 
   }
 
   /**
-   * Create a basic JRF model in image domain.
+   * Create a basic FMW model in image domain.
    * Verify Pod is ready and service exists for both admin server and managed servers.
    * Verify EM console is accessible.
    */
@@ -144,13 +148,13 @@ public static void initAll(@Namespaces(3) List<String> namespaces) {
   public void testFmwModelInImage() {
     // Create the repo secret to pull the image
     // this secret is used only for non-kind cluster
-    createOcirRepoSecret(jrfDomainNamespace);
+    createOcirRepoSecret(fmwDomainNamespace);
 
     // create secret for admin credentials
     logger.info("Create secret for admin credentials");
     assertDoesNotThrow(() -> createSecretWithUsernamePassword(
         adminSecretName,
-        jrfDomainNamespace,
+        fmwDomainNamespace,
         "weblogic",
         "welcome1"),
         String.format("createSecret failed for %s", adminSecretName));
@@ -159,7 +163,7 @@ public void testFmwModelInImage() {
     logger.info("Create encryption secret");
     assertDoesNotThrow(() -> createSecretWithUsernamePassword(
         encryptionSecretName,
-        jrfDomainNamespace,
+        fmwDomainNamespace,
         "weblogicenc",
         "weblogicenc"),
         String.format("createSecret failed for %s", encryptionSecretName));
@@ -169,7 +173,7 @@ public void testFmwModelInImage() {
         rcuaccessSecretName, RCUSCHEMAPREFIX, RCUSCHEMAPASSWORD, dbUrl);
     assertDoesNotThrow(() -> createRcuAccessSecret(
         rcuaccessSecretName,
-        jrfDomainNamespace,
+        fmwDomainNamespace,
         RCUSCHEMAPREFIX,
         RCUSCHEMAPASSWORD,
         dbUrl),
@@ -178,13 +182,13 @@ public void testFmwModelInImage() {
     logger.info("Create OPSS wallet password secret");
     assertDoesNotThrow(() -> createOpsswalletpasswordSecret(
         opsswalletpassSecretName,
-        jrfDomainNamespace,
+        fmwDomainNamespace,
         "welcome1"),
         String.format("createSecret failed for %s", opsswalletpassSecretName));
 
     logger.info("Create an image with jrf model file");
     final List<String> modelList = Collections.singletonList(MODEL_DIR + "/" + modelFile);
-    jrfMiiImage = createMiiImageAndVerify(
+    fmwMiiImage = createMiiImageAndVerify(
         "jrf-mii-image",
         modelList,
         Collections.singletonList(MII_BASIC_APP_NAME),
@@ -194,21 +198,21 @@ public void testFmwModelInImage() {
         false);
 
     // push the image to a registry to make it accessible in multi-node cluster
-    dockerLoginAndPushImageToRegistry(jrfMiiImage);
+    dockerLoginAndPushImageToRegistry(fmwMiiImage);
 
     // create the domain object
     Domain domain = FmwUtils.createDomainResource(domainUid,
-        jrfDomainNamespace,
+        fmwDomainNamespace,
         adminSecretName,
         OCIR_SECRET_NAME,
         encryptionSecretName,
         rcuaccessSecretName,
         opsswalletpassSecretName,
         replicaCount,
-        jrfMiiImage);
+        fmwMiiImage);
 
-    createDomainAndVerify(domain, jrfDomainNamespace);
-    verifyDomainReady(jrfDomainNamespace, domainUid, replicaCount);
+    createDomainAndVerify(domain, fmwDomainNamespace);
+    verifyDomainReady(fmwDomainNamespace, domainUid, replicaCount);
   }
 
   /**
@@ -223,11 +227,53 @@ public void testFmwModelInImage() {
   @Test
   @DisplayName("Reuse the same RCU schema to restart JRF domain")
   public void testReuseRCUschemalToRestartDomain() {
-    saveAndRestoreOpssWalletfileSecret(jrfDomainNamespace, domainUid, opsswalletfileSecretName);
+    saveAndRestoreOpssWalletfileSecret(fmwDomainNamespace, domainUid, opsswalletfileSecretName);
     shutdownDomain();
     patchDomainWithWalletFileSecret(opsswalletfileSecretName);
     startupDomain();
-    verifyDomainReady(jrfDomainNamespace, domainUid, replicaCount);
+    verifyDomainReady(fmwDomainNamespace, domainUid, replicaCount);
+  }
+
+  /**
+   * Shutdown the FMW domain completely.
+   * Update all the passwords for the RCU schema.
+   * Update the RCU access secret with new RCU schema password.
+   * Start the domain and verify domain is up and running.
+   */
+  @Order(3)
+  @Test
+  @DisplayName("Update RCU schema password")
+  public void testUpdateRcuSchemaPassword() {
+    shutdownDomain();
+    logger.info("Updating RCU schema password with dbNamespace: {0}, RCU prefix: {1}, new schemapassword: {2}",
+        dbNamespace, RCUSCHEMAPREFIX, RCUSCHEMAPASSWORDNEW);
+    updateRcuPassword(dbNamespace, RCUSCHEMAPREFIX, RCUSCHEMAPASSWORDNEW);
+    logger.info("Updating RCU access secret: {0}, with prefix: {1}, new schemapassword: {2}, dbUrl: {3})",
+        rcuaccessSecretName, RCUSCHEMAPREFIX, RCUSCHEMAPASSWORDNEW, dbUrl);
+    assertDoesNotThrow(() -> updateRcuAccessSecret(
+        rcuaccessSecretName,
+        fmwDomainNamespace,
+        RCUSCHEMAPREFIX,
+        RCUSCHEMAPASSWORDNEW,
+        dbUrl),
+        String.format("update Secret failed for %s with new schema password %s", rcuaccessSecretName,
+            RCUSCHEMAPASSWORDNEW));
+    startupDomain();
+    verifyDomainReady(fmwDomainNamespace, domainUid, replicaCount);
+  }
+
+  /**
+   * After updating RCU schema password change the WebLogic Admin credential of the domain.
+   * Update domainRestartVersion to trigger a rolling restart of server pods.
+   * Verify all the server pods are re-started in a rolling fashion.
+   * Check the validity of new credentials by accessing WebLogic RESTful Service.
+   */
+  @Order(4)
+  @Test
+  @DisplayName("Update WebLogic Credentials after updating RCU schema password")
+  public void testUpdateWebLogicCredentialAfterUpdateRcuSchemaPassword() {
+    verifyUpdateWebLogicCredential(fmwDomainNamespace, domainUid, adminServerPodName,
+        managedServerPrefix, replicaCount, "-c1");
   }
 
   /**
@@ -269,13 +315,13 @@ private void saveAndRestoreOpssWalletfileSecret(String namespace, String domainU
    * Shutdown the domain by setting serverStartPolicy as "NEVER".
    */
   private void shutdownDomain() {
-    patchServerStartPolicy("/spec/serverStartPolicy", "NEVER", jrfDomainNamespace, domainUid);
+    patchServerStartPolicy("/spec/serverStartPolicy", "NEVER", fmwDomainNamespace, domainUid);
     logger.info("Domain is patched to stop entire WebLogic domain");
 
     // make sure all the server pods are removed after patch
-    checkPodDeleted(adminServerPodName, domainUid, jrfDomainNamespace);
+    checkPodDeleted(adminServerPodName, domainUid, fmwDomainNamespace);
     for (int i = 1; i <= replicaCount; i++) {
-      checkPodDeleted(managedServerPrefix + i, domainUid, jrfDomainNamespace);
+      checkPodDeleted(managedServerPrefix + i, domainUid, fmwDomainNamespace);
     }
 
     logger.info("Domain shutdown success");
@@ -286,7 +332,7 @@ private void shutdownDomain() {
    * Startup the domain by setting serverStartPolicy as "IF_NEEDED".
    */
   private void startupDomain() {
-    patchServerStartPolicy("/spec/serverStartPolicy", "IF_NEEDED", jrfDomainNamespace, domainUid);
+    patchServerStartPolicy("/spec/serverStartPolicy", "IF_NEEDED", fmwDomainNamespace, domainUid);
     logger.info("Domain is patched to start all servers in the domain");
   }
 
@@ -305,10 +351,10 @@ private boolean patchDomainWithWalletFileSecret(String opssWalletFileSecretName)
         .append("\"}]");
 
     logger.info("Adding opssWalletPasswordSecretName for domain {0} in namespace {1} using patch string: {2}",
-        domainUid, jrfDomainNamespace, patchStr.toString());
+        domainUid, fmwDomainNamespace, patchStr.toString());
 
     V1Patch patch = new V1Patch(new String(patchStr));
 
-    return patchDomainCustomResource(domainUid, jrfDomainNamespace, patch, V1Patch.PATCH_FORMAT_JSON_PATCH);
+    return patchDomainCustomResource(domainUid, fmwDomainNamespace, patch, V1Patch.PATCH_FORMAT_JSON_PATCH);
   }
 }

integration-tests/src/test/java/oracle/weblogic/kubernetes/ItMiiUpdateDomainConfig.java

@@ -57,10 +57,6 @@
 
 import static java.util.concurrent.TimeUnit.MINUTES;
 import static java.util.concurrent.TimeUnit.SECONDS;
-import static oracle.weblogic.kubernetes.TestConstants.ADMIN_PASSWORD_DEFAULT;
-import static oracle.weblogic.kubernetes.TestConstants.ADMIN_PASSWORD_PATCH;
-import static oracle.weblogic.kubernetes.TestConstants.ADMIN_USERNAME_DEFAULT;
-import static oracle.weblogic.kubernetes.TestConstants.ADMIN_USERNAME_PATCH;
 import static oracle.weblogic.kubernetes.TestConstants.BASE_IMAGES_REPO_SECRET;
 import static oracle.weblogic.kubernetes.TestConstants.DOMAIN_API_VERSION;
 import static oracle.weblogic.kubernetes.TestConstants.DOMAIN_VERSION;
@@ -85,7 +81,7 @@
 import static oracle.weblogic.kubernetes.assertions.TestAssertions.domainExists;
 import static oracle.weblogic.kubernetes.assertions.TestAssertions.podDoesNotExist;
 import static oracle.weblogic.kubernetes.assertions.TestAssertions.verifyRollingRestartOccurred;
-import static oracle.weblogic.kubernetes.utils.CommonPatchTestUtils.patchDomainWithNewSecretAndVerify;
+import static oracle.weblogic.kubernetes.utils.CommonMiiTestUtils.verifyUpdateWebLogicCredential;
 import static oracle.weblogic.kubernetes.utils.CommonTestUtils.checkPodDeleted;
 import static oracle.weblogic.kubernetes.utils.CommonTestUtils.checkPodDoesNotExist;
 import static oracle.weblogic.kubernetes.utils.CommonTestUtils.checkPodReady;
@@ -98,13 +94,11 @@
 import static oracle.weblogic.kubernetes.utils.CommonTestUtils.createPV;
 import static oracle.weblogic.kubernetes.utils.CommonTestUtils.createPVC;
 import static oracle.weblogic.kubernetes.utils.CommonTestUtils.createSecretForBaseImages;
-import static oracle.weblogic.kubernetes.utils.CommonTestUtils.createSecretWithUsernamePassword;
 import static oracle.weblogic.kubernetes.utils.CommonTestUtils.createfixPVCOwnerContainer;
 import static oracle.weblogic.kubernetes.utils.CommonTestUtils.getExternalServicePodName;
 import static oracle.weblogic.kubernetes.utils.CommonTestUtils.getPodCreationTime;
 import static oracle.weblogic.kubernetes.utils.CommonTestUtils.installAndVerifyOperator;
 import static oracle.weblogic.kubernetes.utils.CommonTestUtils.setPodAntiAffinity;
-import static oracle.weblogic.kubernetes.utils.CommonTestUtils.verifyCredentials;
 import static oracle.weblogic.kubernetes.utils.ExecCommand.exec;
 import static oracle.weblogic.kubernetes.utils.FileUtils.copyFileToPod;
 import static oracle.weblogic.kubernetes.utils.ThreadSafeLogger.getLogger;
@@ -739,56 +733,8 @@ public void testMiiAddConfiguredCluster() {
   @Order(9)
   @DisplayName("Change the WebLogic Admin credential of the domain")
   public void testMiiUpdateWebLogicCredential() {
-    final boolean VALID = true;
-    final boolean INVALID = false;
-
-    LinkedHashMap<String, OffsetDateTime> pods = new LinkedHashMap<>();
-    // get the creation time of the admin server pod before patching
-    OffsetDateTime adminPodCreationTime = getPodCreationTime(domainNamespace,adminServerPodName);
-    pods.put(adminServerPodName, adminPodCreationTime);
-    // get the creation time of the managed server pods before patching
-    for (int i = 1; i <= replicaCount; i++) {
-      pods.put(managedServerPrefix + i, getPodCreationTime(domainNamespace, managedServerPrefix + i));
-    }
-
-    logger.info("Check that before patching current credentials are valid and new credentials are not");
-    verifyCredentials(adminServerPodName, domainNamespace, ADMIN_USERNAME_DEFAULT, ADMIN_PASSWORD_DEFAULT, VALID);
-    verifyCredentials(adminServerPodName, domainNamespace, ADMIN_USERNAME_PATCH, ADMIN_PASSWORD_PATCH, INVALID);
-
-    // create a new secret for admin credentials
-    logger.info("Create a new secret that contains new WebLogic admin credentials");
-    String adminSecretName = "weblogic-credentials-new";
-    assertDoesNotThrow(() -> createSecretWithUsernamePassword(
-        adminSecretName,
-        domainNamespace,
-        ADMIN_USERNAME_PATCH,
-        ADMIN_PASSWORD_PATCH),
-        String.format("createSecret failed for %s", adminSecretName));
-
-    // patch the domain resource with the new secret and verify that the domain resource is patched.
-    logger.info("Patch domain {0} in namespace {1} with the secret {2}, and verify the result",
-        domainUid, domainNamespace, adminSecretName);
-    String restartVersion = patchDomainWithNewSecretAndVerify(
-        domainUid,
-        domainNamespace,
-        adminServerPodName,
-        managedServerPrefix,
-        replicaCount,
-        adminSecretName);
-
-    logger.info("Wait for domain {0} admin server pod {1} in namespace {2} to be restarted",
-        domainUid, adminServerPodName, domainNamespace);
-
-    assertTrue(verifyRollingRestartOccurred(pods, 1, domainNamespace),
-        "Rolling restart failed");
-
-    // check if the new credentials are valid and the old credentials are not valid any more
-    logger.info("Check that after patching current credentials are not valid and new credentials are");
-    verifyCredentials(adminServerPodName, domainNamespace, ADMIN_USERNAME_DEFAULT, ADMIN_PASSWORD_DEFAULT, INVALID);
-    verifyCredentials(adminServerPodName, domainNamespace, ADMIN_USERNAME_PATCH, ADMIN_PASSWORD_PATCH, VALID);
-
-    logger.info("Domain {0} in namespace {1} is fully started after changing WebLogic credentials secret",
-        domainUid, domainNamespace);
+    verifyUpdateWebLogicCredential(domainNamespace, domainUid, adminServerPodName,
+        managedServerPrefix, replicaCount);
   }
 
   /**

integration-tests/src/test/java/oracle/weblogic/kubernetes/ItOperatorRestart.java

@@ -285,9 +285,6 @@ public void testOperatorRestartWhenPodRoll() {
     String restartVersion = CommonPatchTestUtils.patchDomainWithNewSecretAndVerify(
         domainUid,
         domainNamespace,
-        adminServerPodName,
-        managedServerPrefix,
-        replicaCount,
         adminSecretName);
 
     // wait till rolling restart has started by checking admin server pod has restarted

integration-tests/src/test/java/oracle/weblogic/kubernetes/assertions/TestAssertions.java

@@ -441,8 +441,9 @@ public static Callable<Boolean> credentialsValid(
       String podName,
       String namespace,
       String username,
-      String password) {
-    return () -> Domain.credentialsValid(host, podName, namespace, username, password);
+      String password,
+      String... args) {
+    return () -> Domain.credentialsValid(host, podName, namespace, username, password, args);
   }
 
   /**
@@ -461,8 +462,9 @@ public static Callable<Boolean> credentialsNotValid(
       String podName,
       String namespace,
       String username,
-      String password) {
-    return () -> Domain.credentialsNotValid(host, podName, namespace, username, password);
+      String password,
+      String... args) {
+    return () -> Domain.credentialsNotValid(host, podName, namespace, username, password, args);
   }
 
   /**