Fix in OIM MAA (#95)

Author: mdr2

FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/functions.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-# Copyright (c) 2021, Oracle and/or its affiliates.
+# Copyright (c) 2021, 2022, Oracle and/or its affiliates.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 #
 # This is an example of common functions and procedures used by the provisioning and deletion scripts
@@ -749,48 +749,48 @@ create_schemas ()
       printf "$RCUPWD\n" >> /tmp/pwd.txt
       print_msg "Creating $SCHEMA_TYPE Schemas"
 
-      printf "#!/bin/bash\n" > /tmp/create_schema.sh
-      printf "/u01/oracle/oracle_common/bin/rcu -silent -createRepository -databaseType ORACLE " >> /tmp/create_schema.sh
-      printf " -connectString $DB_HOST:$DB_PORT/$DB_SERVICE " >> /tmp/create_schema.sh
-      printf " -dbUser sys -dbRole sysdba -useSamePasswordForAllSchemaUsers true -selectDependentsForComponents true " >> /tmp/create_schema.sh
-      printf " -schemaPrefix $RCU_PREFIX" >> /tmp/create_schema.sh
+      printf "#!/bin/bash\n" > $WORKDIR/create_schema.sh
+      printf "/u01/oracle/oracle_common/bin/rcu -silent -createRepository -databaseType ORACLE " >> $WORKDIR/create_schema.sh
+      printf " -connectString $DB_HOST:$DB_PORT/$DB_SERVICE " >> $WORKDIR/create_schema.sh
+      printf " -dbUser sys -dbRole sysdba -useSamePasswordForAllSchemaUsers true -selectDependentsForComponents true " >> $WORKDIR/create_schema.sh
+      printf " -schemaPrefix $RCU_PREFIX" >> $WORKDIR/create_schema.sh
 
       if [ "$SCHEMA_TYPE" = "OIG" ]
       then
-           printf "$OIG_SCHEMAS" >> /tmp/create_schema.sh
+           printf "$OIG_SCHEMAS" >> $WORKDIR/create_schema.sh
       elif [ "$SCHEMA_TYPE" = "OAM" ]
       then
-           printf "$OAM_SCHEMAS" >> /tmp/create_schema.sh
+           printf "$OAM_SCHEMAS" >> $WORKDIR/create_schema.sh
       else
            printf "\nInvalid Schema Type: $SCHEMA_TYPE \n"
            exit 1
       fi
 
-      printf " -f < /tmp/pwd.txt \n" >> /tmp/create_schema.sh
-      printf " exit \n" >> /tmp/create_schema.sh
+      printf " -f < /tmp/pwd.txt \n" >> $WORKDIR/create_schema.sh
+      printf " exit \n" >> $WORKDIR/create_schema.sh
 
       kubectl cp /tmp/pwd.txt  $NAMESPACE/helper:/tmp
-      kubectl cp /tmp/create_schema.sh  $NAMESPACE/helper:/tmp
+      kubectl cp $WORKDIR/create_schema.sh  $NAMESPACE/helper:/tmp
       kubectl exec -n $NAMESPACE -ti helper -- /bin/bash < /tmp/create_schema.sh > $LOGDIR/create_schemas.log 2>&1
       print_status $? $LOGDIR/create_schemas.log
       if [ "$SCHEMA_TYPE" = "OIG" ]
       then
          printf "\t\t\tPatching OIM Schema - " 
-         printf "/u01/oracle/oracle_common/modules/thirdparty/org.apache.ant/1.10.5.0.0/apache-ant-1.10.5/bin/ant " >> /tmp/patch_schema.sh
-         printf " -f /u01/oracle/idm/server/setup/deploy-files/automation.xml " >> /tmp/patch_schema.sh
-         printf " run-patched-sql-files " >> /tmp/patch_schema.sh
-         printf " -logger org.apache.tools.ant.NoBannerLogger " >> /tmp/patch_schema.sh
-         printf " -logfile /tmp/patch_oim_wls.log " >> /tmp/patch_schema.sh
-         printf " -DoperationsDB.host=$DB_HOST" >> /tmp/patch_schema.sh
-         printf " -DoperationsDB.port=$DB_PORT " >> /tmp/patch_schema.sh
-         printf " -DoperationsDB.serviceName=$DB_SERVICE " >> /tmp/patch_schema.sh
-         printf " -DoperationsDB.user=${RCU_PREFIX}_OIM " >> /tmp/patch_schema.sh
-         printf " -DOIM.DBPassword=$RCUPWD " >> /tmp/patch_schema.sh
-         printf " -Dojdbc=/u01/oracle/oracle_common/modules/oracle.jdbc/ojdbc8.jar \n" >> /tmp/patch_schema.sh
-         printf "exit \n" >> /tmp/patch_schema.sh
-
-
-         kubectl cp /tmp/create_schema.sh  $NAMESPACE/helper:/tmp
+         printf "/u01/oracle/oracle_common/modules/thirdparty/org.apache.ant/1.10.5.0.0/apache-ant-1.10.5/bin/ant " >> $WORKDIR/patch_schema.sh
+         printf " -f /u01/oracle/idm/server/setup/deploy-files/automation.xml " >> $WORKDIR/patch_schema.sh
+         printf " run-patched-sql-files " >> $WORKDIR/patch_schema.sh
+         printf " -logger org.apache.tools.ant.NoBannerLogger " >> $WORKDIR/patch_schema.sh
+         printf " -logfile /tmp/patch_oim_wls.log " >> $WORKDIR/patch_schema.sh
+         printf " -DoperationsDB.host=$DB_HOST" >> $WORKDIR/patch_schema.sh
+         printf " -DoperationsDB.port=$DB_PORT " >> $WORKDIR/patch_schema.sh
+         printf " -DoperationsDB.serviceName=$DB_SERVICE " >> $WORKDIR/patch_schema.sh
+         printf " -DoperationsDB.user=${RCU_PREFIX}_OIM " >> $WORKDIR/patch_schema.sh
+         printf " -DOIM.DBPassword=$RCUPWD " >> $WORKDIR/patch_schema.sh
+         printf " -Dojdbc=/u01/oracle/oracle_common/modules/oracle.jdbc/ojdbc8.jar \n" >> $WORKDIR/patch_schema.sh
+         printf "exit \n" >> $WORKDIR/patch_schema.sh
+
+
+         kubectl cp $WORKDIR/patch_schema.sh  $NAMESPACE/helper:/tmp
          kubectl exec -n $NAMESPACE -ti helper -- /bin/bash < /tmp/patch_schema.sh > $LOGDIR/patch_schema.log 2>&1
          kubectl cp  $NAMESPACE/helper:/tmp/patch_oim_wls.log $LOGDIR/patch_oim_wls.log > /dev/null
          grep -q "BUILD SUCCESSFUL" $LOGDIR/patch_oim_wls.log

FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/oam_functions.sh

@@ -1,4 +1,4 @@
-# Copyright (c) 2021, Oracle and/or its affiliates.
+# Copyright (c) 2021, 2022, Oracle and/or its affiliates.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 #
 # This is an example of procedures used to configure OAM
@@ -435,7 +435,7 @@ run_idmConfigTool()
    printf "\t\t\tChecking Log File - "
    copy_from_k8 $PV_MOUNT/workdir/configoam.log $WORKDIR/logs/configoam.log $OAMNS $OAM_DOMAIN_NAME
 
-   grep -q SEVERE $WORKDIR/logs/configoam.log | grep -v simple
+   grep SEVERE $WORKDIR/logs/configoam.log | grep -v simple > /dev/null
    if [ $? = 0 ]
    then
       echo "Failed - Check logifle $WORKDIR/logs/configoam.log"

FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/oig_functions.sh

@@ -1,4 +1,4 @@
-# Copyright (c) 2021, Oracle and/or its affiliates.
+# Copyright (c) 2021, 2022, Oracle and/or its affiliates.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 #
 # This is an example of functions and procedures to provision and Configure Oracle Identity Governance

FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/oiri_functions.sh

@@ -1,4 +1,4 @@
-# Copyright (c) 2021, Oracle and/or its affiliates.
+# Copyright (c) 2021, 2022, Oracle and/or its affiliates.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 #
 # This is an example of functions and procedures to provision and Configure Oracle Identity Role Intelligence

FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/common/oud_functions.sh

@@ -1,4 +1,4 @@
-# Copyright (c) 2021, Oracle and/or its affiliates.
+# Copyright (c) 2021, 2022, Oracle and/or its affiliates.
 # Licensed under the Universal Permissive License v 1.0 as shown at http://oss.oracle.com/licenses/upl.
 #
 # This is an example of the checks that can be performed before Provisioning Identity Management
@@ -161,6 +161,63 @@ create_oud_nodeport()
    print_time STEP "Create OUD Nodeport services" $ST $ET >> $LOGDIR/timings.log
 }
 
+# Check Validate OUD Dataload was successful
+#
+validate_oud()
+{
+    ST=`date +%s`
+    print_msg "Validating OUD"
+    echo "Validating OUD" > $LOGDIR/validate_oud.log
+    echo "--------------" >> $LOGDIR/validate_oud.log
+    echo "" >> $LOGDIR/validate_oud.log
+    FAIL=0
+
+    printf "\n\t\t\tChecking for Import Errors - "
+    grep -q ERROR $OUD_LOCAL_PVSHARE/${OUD_POD_PREFIX}-oud-ds-rs-0/logs/importLdifCmd.log
+    if [ $? = 0 ]
+    then
+         echo "Import Errors Found check logfile $OUD_LOCAL_PVSHARE/${OUD_POD_PREFIX}-oud-ds-rs-0/logs/importLdifCmd.log"
+         echo "Import Errors Found check logfile $OUD_LOCAL_PVSHARE/${OUD_POD_PREFIX}-oud-ds-rs-0/logs/importLdifCmd.log" >> $LOGDIR/validate_oud.log
+         FAIL=1
+    else
+         echo "No Errors"
+         echo "No Import Errors discovered" >> $LOGDIR/validate_oud.log
+    fi
+    printf "\t\t\tChecking for Rejects - "
+    if [ -s $OUD_LOCAL_SHARE/rejects.ldif ]
+    then 
+         echo "Rejects found check File: $OUD_LOCAL_SHARE/rejects.ldif"
+         echo "Rejects found check File: $OUD_LOCAL_SHARE/rejects.ldif" >> $LOGDIR/validate_oud.log
+         FAIL=1
+    else
+         echo "No Rejects found"
+         echo "No Reject Errors discovered" >> $LOGDIR/validate_oud.log
+    fi
+    printf "\t\t\tChecking for Skipped Records - "
+    if [ -s $OUD_LOCAL_SHARE/skip.ldif ]
+    then 
+         echo "Skipped Records found check File: $OUD_LOCAL_SHARE/skip.ldif"
+         echo "Skipped Records found check File: $OUD_LOCAL_SHARE/skip.ldif" >> $LOGDIR/validate_oud.log
+         FAIL=1
+    else
+         echo "No Skipped Records found"
+         echo "No Skipped Records discovered" >> $LOGDIR/validate_oud.log
+    fi
+
+
+    if [ "$FAIL" = "1" ]
+    then
+        printf "\n\t\t\tOUD Vaildation Failed\n"
+        exit 1
+    else
+        printf "\n\t\t\tOUD Vaildation Succeeded\n"
+    fi
+
+
+
+   ET=`date +%s`
+   print_time STEP "Validating OUD" $ST $ET >> $LOGDIR/timings.log
+}
 create_ingress()
 {
     ST=`date +%s`
@@ -179,6 +236,7 @@ create_ingress()
     ET=`date +%s`
     print_time STEP "Creating Ingress" $ST $ET >> $LOGDIR/timings.log
 }
+
 # Create a Helm override file to deploy OUDSM
 #
 create_oudsm_override()

FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/provision_oud.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-# Copyright (c) 2021, Oracle and/or its affiliates.
+# Copyright (c) 2021, 2022, Oracle and/or its affiliates.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 #
 # This is an example of deploying Oracle Unified Directory, configuring it for use with Oracle Access Manager
@@ -127,6 +127,15 @@ then
    update_progress
 fi
 
+# Valiate OUD
+#
+new_step
+if [ $STEPNO -gt $PROGRESS ]
+then
+   validate_oud
+   update_progress
+fi
+
 # Setup Ingress if required Otherwise create NodePort Services
 #
 if [ "$USE_INGRESS" = "true" ] 

FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/start_here.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-# Copyright (c) 2021, Oracle and/or its affiliates.
+# Copyright (c) 2021, 2022, Oracle and/or its affiliates.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 #
 # This is an example script to populate the responsefile
@@ -392,6 +392,7 @@ then
       if [ ! "$ANS" = "" ]
       then
            global_replace_value $OLD_SEARCHBASE $ANS $RSPFILE
+           OUD_SEARCHBASE=$ANS
            OUD_REGION=`echo $ANS | cut -f1 -d, | cut -f2 -d=`
            replace_value OUD_REGION $OUD_REGION $RSPFILE
            OAM_COOKIE_DOMAIN=`echo $OUD_SEARCHBASE | sed 's/dc=/./g;s/,//g'`
@@ -509,8 +510,8 @@ fi
 if [ "$INSTALL_OUDSM" = "true" ]
 then
       echo
-      echo "OUDSM Paramters"
-      echo "---------------"
+      echo "OUDSM Parameters"
+      echo "----------------"
       echo
       echo -n "Enter OUDSM Image Name [$OUDSM_IMAGE]:"
       read ANS
@@ -580,8 +581,8 @@ fi
 if [ "$INSTALL_OAM" = "true" ] || [ "$INSTALL_OIG" = "true" ]
 then
       echo
-      echo "WebLogic Operator Paramters"
-      echo "---------------------------"
+      echo "WebLogic Operator Parameters"
+      echo "----------------------------"
       echo
 
       if [ "$GET_NS" = "true" ]
@@ -611,8 +612,8 @@ fi
 if [ "$INSTALL_OAM" = "true" ] 
 then
       echo
-      echo "Oracle Access Manager Paramters"
-      echo "-------------------------------"
+      echo "Oracle Access Manager Parameters"
+      echo "--------------------------------"
       echo
 
       echo -n "Enter OAM Image Name [$OAM_IMAGE]:"
@@ -870,8 +871,8 @@ fi
 if [ "$INSTALL_OIG" = "true" ] 
 then
       echo
-      echo "Oracle Identity Governance Paramters"
-      echo "------------------------------------"
+      echo "Oracle Identity Governance Parameters"
+      echo "-------------------------------------"
       echo
 
       echo -n "Enter OIG Image Name [$OIG_IMAGE]:"
@@ -1214,8 +1215,8 @@ fi
 if [ "$INSTALL_OIRI" = "true" ] 
 then
       echo
-      echo "Oracle Identity Role Intelligence Paramters"
-      echo "-------------------------------------------"
+      echo "Oracle Identity Role Intelligence Parameters"
+      echo "--------------------------------------------"
       echo
 
       echo -n "Enter OIRI Image Name [$OIRI_IMAGE]:"
@@ -1545,8 +1546,8 @@ then
       fi
 fi
 echo
-echo "Oracle HTTP Server Paramters"
-echo "----------------------------"
+echo "Oracle HTTP Server Parameters"
+echo "-----------------------------"
 echo
 
 echo -n "Enter OHS1 Hostname [$OHS_HOST1]:"

FMWKubernetesMAA/OracleEnterpriseDeploymentAutomation/OracleIdentityManagement/templates/oud/override_oud.yaml

@@ -1,4 +1,4 @@
-# Copyright (c) 2021, Oracle and/or its affiliates.
+# Copyright (c) 2021, 2022, Oracle and/or its affiliates.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 #
 # This is an example of a helm override file to deploy OUD
@@ -54,7 +54,7 @@ baseOUD:
     - name: restartAfterSchemaConfig
       value: "true"
     - name: importLdif_1
-      value: --append --replaceExisting --includeBranch dc=us,dc=oracle,dc=com --backendID userRoot --ldifFile /u01/oracle/config-input/base.ldif --rejectFile /u01/oracle/config-input/rejects.ldif --skipFile /u01/oracle/config-input/skip.ldif
+      value: --append --replaceExisting --includeBranch ${baseDN} --backendID userRoot --ldifFile /u01/oracle/config-input/base.ldif --rejectFile /u01/oracle/config-input/rejects.ldif --skipFile /u01/oracle/config-input/skip.ldif
     - name: serverTuning
       value: -Xms1024m -Xmx2048m -d64 -XX:+UseCompressedOops -server -Xmn1g -XX:MaxTenuringThreshold=1 -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=60
     - name: dsconfig_1
@@ -64,9 +64,9 @@ baseOUD:
     - name: dsconfig_3
       value: set-access-control-handler-prop --add global-aci:"(target=\"ldap:///cn=changelog\")(targetattr=\"*\")(version 3.0; acl \"External changelog access\"; allow (read,search,compare,add,write,delete,export) groupdn=\"ldap:///cn=<OUD_OIGADMIN_GRP>,cn=groups,${baseDN}\";)" 
     - name: dsconfig_4
-      value: set-access-control-handler-prop --add global-aci:"(targetcontrol=\"1.3.6.1.4.1.26027.1.5.4 || 1.3.6.1.4.1.26027.2.3.4\")(version 3.0; acl \"<OUD_OIGADMIN_GRP> control access\"; allow(read)  groupdn=\"ldap:///cn=<OUD_OIGADMIN_GRP>,cn=groups,dc=us,dc=oracle,dc=com\";)"
+      value: set-access-control-handler-prop --add global-aci:"(targetcontrol=\"1.3.6.1.4.1.26027.1.5.4 || 1.3.6.1.4.1.26027.2.3.4\")(version 3.0; acl \"<OUD_OIGADMIN_GRP> control access\"; allow(read)  groupdn=\"ldap:///cn=<OUD_OIGADMIN_GRP>,cn=groups,${baseDN}\";)"
     - name: dsconfig_5
-      value: set-access-control-handler-prop --add global-aci:"(target=\"ldap:///\")(targetscope=\"base\")(targetattr=\"lastExternalChangelogCookie\")(version 3.0; acl \"User-Visible lastExternalChangelog\"; allow (read,search,compare) groupdn=\"ldap:///cn=<OUD_OIGADMIN_GRP>,cn=groups,dc=us,dc=oracle,dc=com\";)"
+      value: set-access-control-handler-prop --add global-aci:"(target=\"ldap:///\")(targetscope=\"base\")(targetattr=\"lastExternalChangelogCookie\")(version 3.0; acl \"User-Visible lastExternalChangelog\"; allow (read,search,compare) groupdn=\"ldap:///cn=<OUD_OIGADMIN_GRP>,cn=groups,${baseDN}\";)"
     - name: dsconfig_6
       value: set-access-control-handler-prop --remove global-aci:"(targetcontrol=\"1.3.6.1.1.12 || 1.3.6.1.1.13.1 || 1.3.6.1.1.13.2 || 1.2.840.113556.1.4.319 || 1.2.826.0.1.3344810.2.3 || 2.16.840.1.113730.3.4.18 || 2.16.840.1.113730.3.4.9 || 1.2.840.113556.1.4.473 || 1.3.6.1.4.1.42.2.27.9.5.9\") (version 3.0; acl \"Authenticated users control access\"; allow(read) userdn=\"ldap:///all\";)"
     - name: dsconfig_7