Merge branch 'secrets-group-by-table' into 'main'

WIP: Allow any k8s secret keys, use group-by table for edit

See merge request weblogic-cloud/weblogic-toolkit-ui!268

Author: robertpatrick

electron/app/js/imageBuilderUtils.js

@@ -152,7 +152,7 @@ function getDockerEnv(httpsProxyUrl, bypassProxyHosts, imageBuilderOptions) {
   }
 
   let env = {
-    DOCKER_BUILDKIT: '0',
+    // DOCKER_BUILDKIT: '0',
     // podman relies on the PATH including other executables (e.g., newuidmap)...
     PATH: parentPath
   };

electron/app/locales/en/webui.json

@@ -26,6 +26,7 @@
   "dialog-button-cancel": "Cancel",
   "dialog-button-yes": "Yes",
   "dialog-button-no": "No",
+  "dialog-button-delete": "Delete",
   "docker-hub": "Docker Hub",
 
   "script-selector-label": "Shell Script Type",
@@ -833,13 +834,25 @@
   "domain-design-propoverride-header": "Model Variable Override Value",
   "domain-design-secrets-table-aria-label": "Secrets Table",
   "domain-design-secretname-header": "Secret Name",
-  "domain-design-username-header": "Username",
-  "domain-design-password-header": "Password",
-  "domain-design-secrets-cell-field-name": "Secrets table {{name}} field at row {{position}} with UID {{uid}}",
+  "domain-design-secret-key-header": "Field Name",
+  "domain-design-secret-value-header": "Field Value",
+  "domain-design-secret-name-field-name": "Secret name",
+  "domain-design-secret-key-name": "Secret {{secretName}} field name",
+  "domain-design-secret-value-name": "Secret {{secretName}} field {{fieldName}} field value",
   "domain-design-add-external-secret-tooltip": "Add External Model Secret Entry",
   "domain-design-delete-external-secret-tooltip": "Delete External Model Secret Entry",
   "domain-design-no-secrets-message": "No additional model secrets found.",
   "domain-design-no-secrets-add-remove-message": "No additional external model secrets found.  Please add secrets for any secret references in the external model that are not already handled in other parts of this page.",
+  "domain-design-edit-secret-tooltip": "Edit External Model Secret",
+
+  "domain-design-secret-dialog-add-title": "Add Secret",
+  "domain-design-secret-dialog-edit-title": "Edit Secret {{name}}",
+  "domain-design-secret-name-help": "Enter the name for the secret",
+  "domain-design-secret-name-label": "Secret Name",
+  "domain-design-secret-no-key-message": "No secret keys are specified",
+  "domain-design-secret-add-key-tooltip": "Add Secret Key",
+  "domain-design-secret-delete-key-tooltip": "Delete Secret Key",
+  "domain-design-secret-no-keys-message": "Add one or more secret keys.",
 
   "domain-design-domain-env-var-override-label": "Override Existing Environment Variable Values",
   "domain-design-domain-env-var-override-help": "Other fields in the Domain-Wide Server Settings use the JAVA_OPTIONS and USER_MEM_ARGS environment variables.  By default, any value for those variables in the table below are appended to the existing values.  Enabling this override switch will change that behavior to cause the value specified in the table to overwrite any existing values.",
@@ -1763,6 +1776,8 @@
   "vz-component-deployer-create-image-pull-secret-error-message": "Unable to deploy Verrazzano component(s) due to an error creating the image pull secret {{secretName}} in the Kubernetes namespace {{namespace}}: {{error}}",
   "vz-component-deployer-create-runtime-secret-in-progress": "Creating runtime encryption secret {{secretName}} in Kubernetes namespace {{namespace}}",
   "vz-component-deployer-create-runtime-secret-error-message": "Unable to deploy Verrazzano component(s) due to an error creating the runtime encryption secret {{secretName}} in the Kubernetes namespace {{namespace}}: {{error}}",
+  "vz-component-deployer-create-wallet-password-secret-in-progress": "Creating OPSS wallet password secret {{secretName}} in Kubernetes namespace {{namespace}}",
+  "vz-component-deployer-create-wallet-password-secret-error-message": "Unable to deploy Verrazzano component(s) due to an error creating the OPSS wallet password secret {{secretName}} in the Kubernetes namespace {{namespace}}: {{error}}",
   "vz-component-deployer-create-wl-secret-in-progress": "Creating secret {{secretName}} for WebLogic domain {{domainName}} in Kubernetes namespace {{namespace}}",
   "vz-component-deployer-create-wl-secret-failed-error-message": "Failed to create WebLogic credentials secret {{secretName}} in Kubernetes namespace {{namespace}}: {{error}}",
   "vz-component-deployer-create-secrets-in-progress": "Creating secrets for WebLogic domain {{domainName}} in Kubernetes namespace {{namespace}}",

webui/src/css/app.css

@@ -85,6 +85,16 @@
   overflow: auto;
 }
 
+/* group-by table grouping rows */
+.wkt-table-group-row {
+  background-color: #d7d7d7;
+}
+
+/* for non-editable text in table edit mode */
+.wkt-table-no-edit-text {
+  padding: 0 0.5rem;
+}
+
 /* collapsible console panel, on every page */
 
 .wkt-console-section .oj-collapsible-header-wrapper {
@@ -418,6 +428,11 @@ h6:first-child {
   overflow: auto;
 }
 
+.wkt-secret-edit-dialog {
+  width: 700px;
+  height: auto;
+}
+
 .wkt-validation-error-dialog {
   width: 75%;
   height: auto;
@@ -767,6 +782,25 @@ h6.wkt-panel-heading {
   font-weight: bold;
 }
 
+.wkt-user-assistance {
+  color: var(--oj-user-assistance-inline-text-color);
+  font-size: var(--oj-user-assistance-inline-font-size);
+  margin-top: 2px;
+}
+
+.wkt-user-assistance-error-icon {
+  font-family: "JetInternal IconFont", serif;
+  font-size: 1rem;
+  vertical-align: middle;
+  line-height:16px;
+}
+
+.wkt-user-assistance-error-icon:before {
+  color: var(--oj-core-danger-3);
+  content: "\f145";
+  padding-right: 4px;
+}
+
 .wkt-placeholder-text {
   color: var(--oj-label-inside-edge-color);
 }

webui/src/js/models/k8s-domain-definition.js

@@ -95,7 +95,32 @@ define(['knockout', 'utils/observable-properties', 'utils/common-utilities', 'ut
         this.runtimeSecretValue = props.createProperty(window.api.utils.generateUuid()).asCredential();
         this.introspectorJobActiveDeadlineSeconds = props.createProperty(900);
 
-        this.secrets = props.createListProperty(['uid', 'name', 'username', 'password']).persistByKey('uid');
+        const internalFields = {
+          // this internal observable list property is used for JSON read/write of this.secrets
+          secrets: props.createListProperty(['uid', 'name', 'keys']).persistByKey('uid')
+        };
+
+        // this.secrets supports .observable() and .value, like other observable properties.
+        // it is synchronized with internalFields.secrets during JSON read/write.
+        // each secret in this.secrets has flattened keys structure, like:
+        //
+        // uid: "YdPQBG9Y/",
+        // name: "my-secret",
+        // keys: [{
+        //   uid: "P51SNv9WA",
+        //   key: "username",
+        //   value: "me"
+        // }, {
+        //   uid: "P51SNv9WA",
+        //   key: "password",
+        //   value: "welcome1"
+        // }]
+        this.secrets = {
+          observable: ko.observableArray(),
+          get value() {
+            return this.observable();
+          }
+        };
 
         this.replicas = props.createProperty(2);
         // TODO - can a WebLogic server really run with 64MB?  If not, raise minimum limit...
@@ -165,17 +190,56 @@ define(['knockout', 'utils/observable-properties', 'utils/common-utilities', 'ut
 
         // update the secrets list when the uid changes.
         this.uid.observable.subscribe(() => {
-          this.updateSecrets();
+          this.updateSecretsFromModel();
         });
 
         // update the secrets list when any model content changes.
         wdtModel.modelContentChanged.subscribe(() => {
           wktLogger.debug('modelContentChanged event calling updateSecrets()');
-          this.updateSecrets();
+          this.updateSecretsFromModel();
+        });
+
+        this.updateFromInternalFields = (() => {
+          const flattenedSecrets = [];
+          internalFields.secrets.observable().forEach(secret => {
+            // flatten the key map to a list
+            const newKeys = [];
+            for(const keyUid in secret.keys) {
+              const keyData = secret.keys[keyUid];
+              newKeys.push({
+                uid: keyUid,
+                key: keyData.key,
+                value: keyData.value
+              });
+            }
+            const newSecret = {...secret, keys: newKeys};
+            flattenedSecrets.push(newSecret);
+          });
+          this.secrets.observable(flattenedSecrets);
+        });
+
+        this.updateInternalFields = (() => {
+          const mappedSecrets = [];
+          this.secrets.observable().forEach(secret => {
+            // create a map from each flattened key
+            const mappedKeys = {};
+            secret.keys.forEach(flatSecret => {
+              mappedKeys[flatSecret.uid] = {
+                key: flatSecret.key,
+                value: flatSecret.value
+              };
+            });
+            const newSecret = {...secret, keys: mappedKeys};
+            mappedSecrets.push(newSecret);
+          });
+          internalFields.secrets.observable(mappedSecrets);
         });
 
         this.readFrom = (json) => {
           props.createGroup(name, this).readFrom(json);
+
+          props.createGroup(name, internalFields).readFrom(json);
+          this.updateFromInternalFields();
         };
 
         this.loadPropertyOverrideValues = (json) => {
@@ -189,22 +253,22 @@ define(['knockout', 'utils/observable-properties', 'utils/common-utilities', 'ut
         };
 
         this.setCredentialPathsForSecretsTable = (json) => {
-          wktLogger.debug('entering setCredentialPathsForSecretsTable() with secrets table length = %s', this.secrets.value.length);
-          if (this.secrets.value.length > 0) {
+          const secrets = this.secrets.observable();
+          wktLogger.debug('entering setCredentialPathsForSecretsTable() with secrets table length = %s', secrets.length);
+          if (secrets.length > 0) {
             if (!json.credentialPaths) {
               wktLogger.debug('creating credentialPaths array');
               json.credentialPaths = [];
             }
-            for (const secret of this.secrets.value) {
+            for (const secret of secrets) {
               wktLogger.debug('working on secret path %s', `${name}.secrets.${secret.uid}`);
-              if (secret.username) {
-                wktLogger.debug('setting secret %s', `${name}.secrets.${secret.uid}.username`);
-                json.credentialPaths.push(`${name}.secrets.${secret.uid}.username`);
-              }
-              if (secret.password) {
-                wktLogger.debug('setting secret %s', `${name}.secrets.${secret.uid}.password`);
-                json.credentialPaths.push(`${name}.secrets.${secret.uid}.password`);
-              }
+              secret.keys.forEach(keyData => {
+                if(keyData.value) {
+                  const keyUid = keyData.uid;
+                  wktLogger.debug('setting secret %s', `${name}.secrets.${secret.uid}.keys.${keyUid}.value`);
+                  json.credentialPaths.push(`${name}.secrets.${secret.uid}.keys.${keyUid}.value`);
+                }
+              });
             }
           }
         };
@@ -213,6 +277,9 @@ define(['knockout', 'utils/observable-properties', 'utils/common-utilities', 'ut
           this.setCredentialPathsForSecretsTable(json);
           props.createGroup(name, this).writeTo(json);
 
+          this.updateInternalFields();
+          props.createGroup(name, internalFields).writeTo(json);
+
           // Force the generated runtime secret to be written to the project.
           // This will allow us to keep the same generated password for the life
           // of the project (assuming the user doesn't intentionally change it).
@@ -241,10 +308,18 @@ define(['knockout', 'utils/observable-properties', 'utils/common-utilities', 'ut
         };
 
         this.isChanged = () => {
+          this.updateInternalFields();
+          if(props.createGroup(name, internalFields).isChanged()) {
+            return true;
+          }
+
           return props.createGroup(name, this).isChanged();
         };
 
         this.setNotChanged = () => {
+          this.updateInternalFields();
+          props.createGroup(name, internalFields).setNotChanged();
+
           props.createGroup(name, this).setNotChanged();
         };
 
@@ -352,20 +427,28 @@ define(['knockout', 'utils/observable-properties', 'utils/common-utilities', 'ut
           };
         };
 
+        // search existing secrets for an existing secret/key value
         this.getFieldValueFromExistingSecrets = (uid, fieldName, defaultValue) => {
           let result = defaultValue;
           for (const domainSecret of this.secrets.observable()) {
             if (domainSecret.uid === uid) {
-              if (domainSecret[fieldName]) {
-                result = domainSecret[fieldName];
+              for(const keyMap of domainSecret.keys) {
+                if (keyMap.key === fieldName) {
+                  result = keyMap.value;
+                  break;
+                }
               }
-              break;
             }
           }
           return result;
         };
 
-        this.updateSecrets = () => {
+        this.updateSecretsFromModel = () => {
+          const auxImageHelper = require('utils/aux-image-helper');
+          if(auxImageHelper.projectUsingExternalImageContainingModel()) {
+            return;
+          }
+
           const modelSecretsData = wdtModel.getModelSecretsData();
 
           const modelSecrets = new Map();
@@ -374,14 +457,21 @@ define(['knockout', 'utils/observable-properties', 'utils/common-utilities', 'ut
             const key = modelSecretData.envVar ? `${modelSecretData.envVar}${modelSecretData.name}` : modelSecretData.name;
             const uid = utils.hashIt(key);
 
+            const secretKeys = [];
+            for(const secretKey in modelSecretData.keys) {
+              const keyUid = utils.getShortUuid();
+              const existing_value = this.getFieldValueFromExistingSecrets(uid, secretKey,
+                modelSecretData.keys[secretKey]);
+              secretKeys.push({uid: keyUid, key: secretKey, value: existing_value});
+            }
+
             modelSecrets.set(uid, {
               uid: uid,
               name: computeSecretNameFromModelData(modelSecretData, envVarMap),
-              username: this.getFieldValueFromExistingSecrets(uid, 'username', modelSecretData.username),
-              password: this.getFieldValueFromExistingSecrets(uid, 'password', modelSecretData.password)
+              keys: secretKeys
             });
           }
-          this.secrets.value = [...modelSecrets.values()];
+          this.secrets.observable([...modelSecrets.values()]);
         };
 
         function computeSecretNameFromModelData(modelSecretData, envVarMap) {

webui/src/js/models/wdt-model-definition.js

@@ -172,12 +172,12 @@ define(['knockout', 'utils/observable-properties', 'js-yaml', 'utils/validation-
               if (secretsMap.has(secretKey)) {
                 secretData = secretsMap.get(secretKey);
               } else {
-                secretData = { name: secretName };
+                secretData = { name: secretName, keys: {} };
                 if (secretEnvVar) {
                   secretData.envVar = secretEnvVar;
                 }
               }
-              secretData[secretField] = '';
+              secretData.keys[secretField] = '';
               secretsMap.set(secretKey, secretData);
             } else {
               wktLogger.debug('skipping matching secret %s', matches.groups.name);

webui/src/js/models/wkt-project.js

@@ -151,6 +151,28 @@ function (ko, wdtConstructor, imageConstructor, kubectlConstructor, domainConstr
           wktProjectJson.k8sDomain.clusters = newClusters;
         }
       }
+
+      // Version 1.6 changes domain secrets to allow any keys.
+      // Prior versions allowed only username and password.
+      // If username or password attributes are present, convert them to objects in the keys map.
+      //
+      if ('k8sDomain' in wktProjectJson && 'secrets' in wktProjectJson.k8sDomain) {
+        const secrets = wktProjectJson.k8sDomain.secrets;
+        for(const secretUid in secrets) {
+          const secret = secrets[secretUid];
+          if (!secret.hasOwnProperty('keys')) {
+            const keyMap = {};
+            ['username', 'password'].forEach(attribute_key => {
+              if(secret.hasOwnProperty(attribute_key)) {
+                const keyUid = utils.getShortUuid();
+                keyMap[keyUid] = {key: attribute_key, value: secret[attribute_key]};
+                delete secret[attribute_key];
+              }
+            });
+            secret['keys'] = keyMap;
+          }
+        }
+      }
     };
 
     this.setFromJson = (wktProjectJson, modelContentsJson) => {

webui/src/js/utils/k8s-domain-actions-base.js

@@ -1,6 +1,6 @@
 /**
  * @license
- * Copyright (c) 2021, Oracle and/or its affiliates.
+ * Copyright (c) 2021, 2023, Oracle and/or its affiliates.
  * Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
  */
 'use strict';
@@ -172,6 +172,15 @@ function (WktActionsBase, project, wktConsole, i18n, projectIo, dialogHelper) {
       }
       return false;
     }
+
+    getSecretValue(secret, key) {
+      for(const secretKey of secret.keys) {
+        if(secretKey.key === key) {
+          return secretKey.value;
+        }
+      }
+      return null;
+    }
   }
 
   return K8sDomainActionsBase;