Merge pull request #92 from ministryofjustice/DBA-531-DELIUS-CONFIG-A…

…RTEFACTS

Dba 531 delius config artefacts

playbooks/alfresco_wallet/alfresco_wallet/files/create_host_ace.sh

@@ -0,0 +1,27 @@
+#!/bin/bash
+#
+#  Create ACE for DELIUS_APP_SCHEMA to use HTTPS for connection to Alfresco URL
+#
+. ~oracle/.bash_profile
+
+sqlplus -s /  as sysdba <<EOF
+SET LINES 1000
+SET PAGES 0
+SET FEEDBACK OFF
+SET HEADING OFF
+WHENEVER SQLERROR EXIT FAILURE
+
+BEGIN
+   -- Enable HTTPS Access from DELIUS_APP_SCHEMA to Alfresco Host
+   DBMS_NETWORK_ACL_ADMIN.append_host_ace (
+    host       => '${ALFRESCO_HOST}', 
+    lower_port => 443,
+    upper_port => 443,
+    ace        => xs\$ace_type(privilege_list => xs\$name_list('http'),
+                               principal_name => 'DELIUS_APP_SCHEMA',
+                               principal_type => xs_acl.ptype_db)); 
+END;
+/
+
+EXIT
+EOF

playbooks/alfresco_wallet/alfresco_wallet/files/get_alfresco_url.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+#
+#  Get Alfresco URL currently configured
+#
+. ~oracle/.bash_profile
+
+sqlplus -s /  as sysdba <<EOF
+SET LINES 1000
+SET PAGES 0
+SET FEEDBACK OFF
+SET HEADING OFF
+WHENEVER SQLERROR EXIT FAILURE
+
+SELECT value_string
+FROM   delius_app_schema.spg_control
+WHERE  control_code='ALFURL';
+
+EXIT
+EOF

playbooks/alfresco_wallet/alfresco_wallet/files/get_alfresco_wallet_location.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+#
+#  Get Alfresco Wallet location
+#
+. ~oracle/.bash_profile
+
+sqlplus -s /  as sysdba <<EOF
+SET LINES 1000
+SET PAGES 0
+SET FEEDBACK OFF
+SET HEADING OFF
+WHENEVER SQLERROR EXIT FAILURE
+
+SELECT REPLACE(value_string,'file:','')
+FROM   delius_app_schema.spg_control
+WHERE  control_code='ALFWALLET';
+
+EXIT
+EOF

playbooks/alfresco_wallet/alfresco_wallet/files/remove_host_ace.sh

@@ -0,0 +1,34 @@
+#!/bin/bash
+#
+#  Remove ACEs for the previous Alfresco Host
+#  If the last ACE is removed for this host then the ACL will automatically drop
+#
+. ~oracle/.bash_profile
+
+sqlplus -s /  as sysdba <<EOF
+SET LINES 1000
+SET PAGES 0
+SET FEEDBACK OFF
+SET HEADING OFF
+WHENEVER SQLERROR EXIT FAILURE
+
+
+BEGIN
+  FOR x IN (SELECT lower_port,upper_port,principal,privilege
+            FROM   dba_host_aces
+            WHERE  host = '${PREV_ALFRESCO_HOST}')
+  LOOP
+      DBMS_NETWORK_ACL_ADMIN.remove_host_ace (
+        host             => '${PREV_ALFRESCO_HOST}', 
+        lower_port       => x.lower_port,
+        upper_port       => x.upper_port,
+        ace              => xs\$ace_type(privilege_list => xs\$name_list(x.privilege),
+                                         principal_name => x.principal,
+                                         principal_type => xs_acl.ptype_db),
+        remove_empty_acl => TRUE); 
+  END LOOP;
+END;
+/
+
+EXIT
+EOF

playbooks/alfresco_wallet/alfresco_wallet/files/set_alfresco_url.sh

@@ -0,0 +1,26 @@
+#!/bin/bash
+#
+#  Merge in the Alfresco URL
+#
+. ~oracle/.bash_profile
+
+sqlplus -s /  as sysdba <<EOF
+SET LINES 1000
+SET PAGES 0
+SET FEEDBACK OFF
+SET HEADING OFF
+WHENEVER SQLERROR EXIT FAILURE
+
+MERGE INTO delius_app_schema.spg_control sc
+USING dual d 
+ON (sc.control_code='ALFURL')
+WHEN MATCHED
+THEN UPDATE SET value_string='${ALFRESCO_URL}'
+WHEN NOT MATCHED
+THEN INSERT (spg_control_id,control_code,control_name,control_type,value_string,value_number,value_date)
+     VALUES (2002,'ALFURL','Alfresco API URL','C','${ALFRESCO_URL}',NULL,SYSDATE);
+
+COMMIT;
+
+EXIT
+EOF

playbooks/alfresco_wallet/alfresco_wallet/files/set_alfresco_wallet_location.sh

@@ -0,0 +1,26 @@
+#!/bin/bash
+#
+#  Merge in the Alfresco Wallet Location
+#
+. ~oracle/.bash_profile
+
+sqlplus -s /  as sysdba <<EOF
+SET LINES 1000
+SET PAGES 0
+SET FEEDBACK OFF
+SET HEADING OFF
+WHENEVER SQLERROR EXIT FAILURE
+
+MERGE INTO delius_app_schema.spg_control sc
+USING dual d 
+ON (sc.control_code='ALFWALLET')
+WHEN MATCHED
+THEN UPDATE SET value_string='file:${ALFRESCO_WALLET_LOCATION}'
+WHEN NOT MATCHED
+THEN INSERT (spg_control_id,control_code,control_name,control_type,value_string,value_number,value_date)
+     VALUES (2003,'ALFWALLET','Alfresco API URL','C','file:${ALFRESCO_WALLET_LOCATION}',NULL,SYSDATE);
+
+COMMIT;
+
+EXIT
+EOF

playbooks/alfresco_wallet/alfresco_wallet/files/test_connectivity.sh

@@ -0,0 +1,64 @@
+#!/bin/bash
+#  
+# Check connection to Alresco works by making a request and checking
+# for a response.  No valid data should be returned as the request
+# is not well formed, but it is sufficient to check that the
+# connection can be established.
+
+. ~/.bash_profile
+sqlplus -s / as sysdba <<EOF
+WHENEVER SQLERROR EXIT FAILURE;
+SET FEEDBACK OFF
+SET HEADING OFF
+SET SERVEROUT ON
+SET NEWPAGE 0
+SET PAGESIZE 0
+
+ALTER SESSION SET CURRENT_SCHEMA=delius_app_schema;
+
+SET SERVEROUT ON
+
+DECLARE
+  l_url             spg_control.value_string%TYPE;  
+  l_wallet_location spg_control.value_string%TYPE;       
+  l_http_request    UTL_HTTP.req;
+  l_http_response   UTL_HTTP.resp;
+  l_text            VARCHAR2(32767);
+BEGIN
+
+
+  SELECT   value_string
+  INTO     l_wallet_location
+  FROM     spg_control
+  WHERE    control_code = 'ALFWALLET';
+
+  UTL_HTTP.set_wallet(l_wallet_location, NULL);
+
+  SELECT    value_string
+  INTO      l_url
+  FROM      spg_control
+  WHERE     control_code = 'ALFURL';
+
+  -- Make a HTTP request and get the response.
+  l_http_request  := UTL_HTTP.begin_request(l_url);
+
+  l_http_response := UTL_HTTP.get_response(l_http_request);
+
+  -- Loop through the response.
+  BEGIN
+    LOOP
+      UTL_HTTP.read_text(l_http_response, l_text, 32766);
+      DBMS_OUTPUT.put_line (l_text);
+    END LOOP;
+  EXCEPTION
+    WHEN UTL_HTTP.end_of_body THEN
+      UTL_HTTP.end_response(l_http_response);
+  END;
+EXCEPTION
+  WHEN OTHERS THEN
+    UTL_HTTP.end_response(l_http_response);
+    RAISE;
+END;
+/
+exit
+EOF

playbooks/alfresco_wallet/alfresco_wallet/tasks/check-password.yml

@@ -0,0 +1,37 @@
+---
+# If the wallet already exists we need to confirm that it has the correct
+# password (the system password is used).   orapki does not provide any
+# direct means to do this, but we can try changing the password to itself and check
+# which error is raised.   These differ if -oldpwd has the correct or
+# incorrect passwords
+- name: Ensure Working Directory is Empty by Deleting It
+  file:
+    path: "{{ wallet_working_dir }}"
+    state: absent
+
+- name: Create Working Directory for Checking Wallet Password
+  file:
+    path: "{{ wallet_working_dir }}"
+    state: directory
+
+- name: Copy Existing Wallet into Working Directory
+  copy:
+    src: "{{ wallet_dir }}/{{ item }}"
+    dest: "{{ wallet_working_dir }}/{{ item }}"
+    remote_src: true
+  loop:
+    - cwallet.sso
+    - ewallet.p12
+
+- name: Use Dummy Password Change to Confirm the Copied Wallet Password
+  shell: |
+    . ~/.bash_profile
+    orapki wallet change_pwd -wallet {{ wallet_working_dir }} -oldpwd {{ system_pwd}} -newpwd {{ system_pwd }}x
+  register: dummy_password_change
+  failed_when: false
+  changed_when: false
+  no_log: true
+
+- name: Set Password Correct Flag
+  set_fact:
+    password_correct: "{{ false if (dummy_password_change is search('.*incorrect password.*')) else true }}"

playbooks/alfresco_wallet/alfresco_wallet/tasks/get-checksum.yml

@@ -0,0 +1,10 @@
+---
+- name: Get Checksum for file {{ certificate_filename }}
+  shell: |
+    echo $(cat {{ certificate_filename }}) | sed 's/\s*//g' | md5sum
+  register: certificate_checksum
+  changed_when: false
+
+- name: Record Certificate Checksum in Dictionary
+  set_fact:
+    certificate_dict: "{{ certificate_dict|combine({certificate_filename: {'md5sum': certificate_checksum.stdout }}, recursive=true) }}"