Resolve security issue for CI/CD: secure transfer to storage accounts should be enabled.

[edburns]

Because the CI/CD pipeline runs within the Microsoft tenancy, everything that happens during a CI/CD run is subject to the security policy of that tenancy. These policies are constantly evolving as threats evolve. The latest evolution is a requirement to require secure transfer to ensure secure connections to the storage account. Our offers use the storage account for various activities during deployment.

The problem comes with versions of Oracle Linux that are based on RHEL < 7.5. These versions do not support SMB 3.0. I see the following choices:

1. We move the CI/CD out of the Microsoft tenancy and into the Oracle global sponsored Azure subscription.
   • to keep costs down, I suggest we reduce the CI/CD schedule to just run on repository_dispatch trigger, via CURL command.
2. We keep the CI/CD in the Microsoft tenancy, but we make it so no Oracle Linux versions based on RHEL < 7.5 are run in CI/CD.
3. Some combination of both options.

Highlight tech issues:

• OL 7.3, 7.4 does not support SMB 3.0 https://docs.microsoft.com/en-us/azure/storage/common/storage-require-secure-transfer

[edburns]

AB#1330008

[edburns]

We discussed this at the 2021-05-19 meeting and agreed to the following.

• Move the jobs from the Microsoft tenancy to the Oracle tenancy
• Turn everything to be on-demand.

To implement this, we must

1. Give Jacob a new Azure credentials bound to the Oracle tenancy
2. Modify all the build.yamls to remove the schedule trigger.

[galiacheng]

Current SP is expired, so all the pipelines are failed. I will not create a new one in Open Standard Enterprise Java Testing with TTL = 7 Days. Please change to Oracle tenancy SP.

[zhengchang907]

• To make pipeline works, repo secrets AZURE_CREDENTIALS needs to be updated with latest created for 'Oracle Enterprise Java' sub.
• Removed scheduled trigger
• Update NSG rule related logic since no policy rule will be automated created under Oracle sub, reused as much code as possible.
• Update vm size selection everywhere to reduce costs.

PRs: Single Node: https://github.com/wls-eng/arm-oraclelinux-wls/pull/320 Admin: https://github.com/wls-eng/arm-oraclelinux-wls-admin/pull/107 Configured Cluster: https://github.com/wls-eng/arm-oraclelinux-wls-cluster/pull/150 Dynamic Cluster: https://github.com/wls-eng/arm-oraclelinux-wls-dynamic-cluster/pull/138