Warn if custom security provider in compareModels model comparison (#897)

* Warn if custom security provider in compareModels model comparison

* add in test yaml files

Author: CarolynRountree

core/src/main/python/wlsdeploy/tool/compare/model_comparer.py

@@ -3,6 +3,7 @@
 Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
 """
 
+from oracle.weblogic.deploy.aliases import AliasException
 from oracle.weblogic.deploy.util import PyOrderedDict
 
 from wlsdeploy.aliases import alias_utils
@@ -277,6 +278,16 @@ def _check_key(self, key, location):
         if (location is None) and (key == KUBERNETES):
             self._logger.info('WLSDPLY-05713', KUBERNETES, class_name=self._class_name, method_name=_method_name)
             return False
+        try:
+            if (location is not None) and (not self._aliases.is_artificial_type_folder(location)) and \
+                    (self._aliases.requires_artificial_type_subfolder_handling(location)):
+                providers = self._aliases.get_model_subfolder_names(location)
+                if key not in providers:
+                    self._logger.warning('WLSDPLY-05716', key,
+                                         class_name=self._class_name, method_name=_method_name)
+                    return False
+        except AliasException:
+            return True
         return True
 
     def _finalize_folder(self, current_folder, past_folder, change_folder, location):

core/src/main/resources/oracle/weblogic/deploy/messages/wlsdeploy_rb.properties

@@ -498,6 +498,8 @@ WLSDPLY-05712=Unrecognized token {0} in path {1}
 WLSDPLY-05713=Model section {0} will not be compared
 WLSDPLY-05714={0} is unchanged, but required if other changes are present
 WLSDPLY-05715=There are {0} attributes that only exist in the previous model, see {1}
+WLSDPLY-05716=Model Security Configuration section contains a custom security provider {0}. The compare model cannot compare \
+  a custom security provider and the section will not be included in the diffed model.
 
 # prepare_model.py
 WLSDPLY-05801=Error in prepare model {0}

core/src/test/python/compare_model_test.py

@@ -122,6 +122,54 @@ def testCompareModelFull(self):
 
         self.assertEqual(return_code, 0)
 
+    def testCompareModelSecurityConfiguration(self):
+        _method_name = 'testCompareModelSecurityConfiguration'
+
+        _new_model_file = self._resources_dir + '/compare/model-a-old.yaml'
+        _old_model_file = self._resources_dir + '/compare/model-a-new.yaml'
+        _temp_dir = os.path.join(tempfile.gettempdir(), _method_name)
+
+        if os.path.exists(_temp_dir):
+            shutil.rmtree(_temp_dir)
+
+        os.mkdir(_temp_dir)
+
+        mw_home = os.environ['MW_HOME']
+        args_map = {
+            '-oracle_home': mw_home,
+            '-output_dir' : _temp_dir,
+            '-domain_type' : 'WLS',
+            '-trailing_arguments': [ _new_model_file, _old_model_file ]
+        }
+
+        try:
+            model_context = ModelContext('CompareModelTestCase', args_map)
+            obj = ModelFileDiffer(_new_model_file, _old_model_file, model_context, _temp_dir)
+            return_code = obj.compare()
+            self.assertEqual(return_code, 0)
+
+            yaml_result = _temp_dir + os.sep + 'diffed_model.yaml'
+            json_result = _temp_dir + os.sep + 'diffed_model.json'
+            stdout_result = obj.get_compare_msgs()
+            model_dictionary = FileToPython(yaml_result).parse()
+            self.assertEqual(model_dictionary.has_key('topology'), True)
+            self.assertEqual(model_dictionary['topology'].has_key('SecurityConfiguration'), True)
+            self.assertEqual(model_dictionary['topology']['SecurityConfiguration'].has_key('Realm'), True)
+            self.assertEqual(model_dictionary['topology']['SecurityConfiguration']['Realm'].has_key('myrealm'), True)
+            self.assertEqual(model_dictionary['topology']['SecurityConfiguration']['Realm']['myrealm'].has_key('Auditor'), False)
+            self.assertEqual(model_dictionary['topology']['SecurityConfiguration']['Realm']['myrealm'].has_key('AuthenticationProvider'), True)
+
+        except (CompareException, PyWLSTException), te:
+            return_code = 2
+            self._logger.severe('WLSDPLY-05709',
+                                te.getLocalizedMessage(), error=te,
+                                class_name=self._program_name, method_name=_method_name)
+
+        if os.path.exists(_temp_dir):
+            shutil.rmtree(_temp_dir)
+
+        self.assertEqual(return_code, 0)
+
     def testCompareModelInvalidModel(self):
         _method_name = 'testCompareModelInvalidModel'
 

core/src/test/resources/compare/model-a-new.yaml

@@ -0,0 +1,11 @@
+# Copyright (c) 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#  Test to check omit of custom provider from diffed model. But known providers should be in changes.
+topology:
+    SecurityConfiguration:
+        Realm:
+            myrealm:
+                Auditor:
+                    CustomAudit:
+                        myorg.audit.providers.ECCustomAudit:
+                            ControlFlag: REQUIRED

core/src/test/resources/compare/model-a-old.yaml

@@ -0,0 +1,18 @@
+# Copyright (c) 2021, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+#  Test to check omit of custom provider from diffed model. But known providers should be in changes.
+topology:
+    SecurityConfiguration:
+        Realm:
+            myrealm:
+                Auditor:
+                    CustomAudit:
+                        myorg.audit.providers.ECCustomAudit:
+                            ControlFlag: OPTIONAL
+                AuthenticationProvider:
+                    DefaultIdentityAsserter:
+                        DefaultIdentityAsserter:
+                            DefaultUserNameMapperAttributeType: CN
+                            ActiveType: [ 'AuthenticatedUser', 'X.509' ]
+                            DefaultUserNameMapperAttributeDelimiter: ','
+                            UseDefaultUserNameMapper: true