Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

V3 API Mediation Layer related cleanup #3777

Merged
merged 43 commits into from
Jul 24, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
43 commits
Select commit Hold shift + click to select a range
beed3bd
Fix information in Overview.
balhar-jakub Jul 16, 2024
25d6dc9
Update image in Zowe Architecture
balhar-jakub Jul 16, 2024
d74b76c
Remove invalid statements from requirements
balhar-jakub Jul 16, 2024
0e542f4
Update User Roadmap for V3.
balhar-jakub Jul 16, 2024
443c30b
Update caching service backend details
balhar-jakub Jul 16, 2024
49a08a2
Add information about current year Zowe webinars
balhar-jakub Jul 16, 2024
3616050
Reflect only valid methods from client side
balhar-jakub Jul 16, 2024
1ae4948
Clean security overview
balhar-jakub Jul 16, 2024
2deb38a
Fixed used code language
balhar-jakub Jul 16, 2024
26fc118
Correct requirements for Contributing
balhar-jakub Jul 16, 2024
b13a2ed
Remove unused parts.
balhar-jakub Jul 16, 2024
f387100
Add Infinispan properties
balhar-jakub Jul 16, 2024
da5297f
Remove unused file
balhar-jakub Jul 16, 2024
9624efc
Correct path
balhar-jakub Jul 16, 2024
7a565d7
Add OIDC related properties
balhar-jakub Jul 16, 2024
fb1da34
Add information about deprecation of VSAM
balhar-jakub Jul 16, 2024
9c048be
Remove invalid option
balhar-jakub Jul 16, 2024
0624701
Remove unused article
balhar-jakub Jul 16, 2024
ee3071d
Remove unused article
balhar-jakub Jul 16, 2024
aedaf25
Remove wrong URLs
balhar-jakub Jul 16, 2024
ccf7c3a
Remove unused page
balhar-jakub Jul 16, 2024
3001fb5
Clearly state Infinispan as recommended backend and VSAM as Deprecated
balhar-jakub Jul 16, 2024
6cd80ed
Clean API ML overview.
balhar-jakub Jul 17, 2024
2141881
Remove note of pre-req APAR
balhar-jakub Jul 22, 2024
689e282
Personal Access Tokens improvements for V3
balhar-jakub Jul 22, 2024
dc614d0
Update AT-TLS for V3
balhar-jakub Jul 22, 2024
ceff240
Update Client Certificates details
balhar-jakub Jul 22, 2024
02c4cc9
Add zaas to the java heap sizes
balhar-jakub Jul 22, 2024
936b17b
Correct property using environment notation.
balhar-jakub Jul 22, 2024
e762d4a
Fix typo
balhar-jakub Jul 22, 2024
1fa2301
Remove V2 mentions
balhar-jakub Jul 22, 2024
9430ba2
Show configuration for zowe.yaml
balhar-jakub Jul 22, 2024
8545f8d
Remove mention of Jobs and Datasets
balhar-jakub Jul 22, 2024
f5f0848
Clarify the usage of the expired passsword.
balhar-jakub Jul 22, 2024
3dc83ab
Update Client certificate for V3
balhar-jakub Jul 22, 2024
f553222
Proper default service id
balhar-jakub Jul 22, 2024
8fbf631
Fix errors in additional yaml configuration
balhar-jakub Jul 23, 2024
94639c1
Correct admonitions
balhar-jakub Jul 23, 2024
1e088e5
Use learn instead of discover
balhar-jakub Jul 23, 2024
d049285
Improve confusing message
balhar-jakub Jul 23, 2024
cbff9a0
Use docusaurus admonition
balhar-jakub Jul 23, 2024
a999fda
Update docs/user-guide/api-mediation/api-mediation-caching-service.md
balhar-jakub Jul 24, 2024
50a3b8b
DCO Remediation Commit for Jakub Balhar <[email protected]>
balhar-jakub Jul 24, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 44 additions & 2 deletions docs/appendix/zowe-yaml-configuration.md
Original file line number Diff line number Diff line change
Expand Up @@ -442,13 +442,43 @@ These configurations can be used under the `components.gateway` section:
- **`apiml.security.authorization.endpoint.url`**
Defines the URL to the authorization endpoint. This endpoint tells Gateway if a user has a particular permission on SAF profile. For example, permission to the `APIML.SERVICES` profile of `ZOWE` class.
- **`apiml.security.ssl.verifySslCertificatesOfServices`**
Defines whether APIML should verify certificates of services in strict mode. Setting to `true` will enable the `strict` mode where APIML will validate if the certificate is trusted in turststore, and also if the certificate Common Name or Subject Alternate Name (SAN) matches the service hostname.
Defines whether APIML should verify certificates of services in strict mode. Setting to `true` will enable the `strict` mode where APIML will validate if the certificate is trusted in truststore, and also if the certificate Common Name or Subject Alternate Name (SAN) matches the service hostname.
- **`apiml.security.ssl.nonStrictVerifySslCertificatesOfServices`**
Defines whether APIML should verify certificates of services in non-strict mode. Setting the value to `true` will enable the `non-strict` mode where APIML will validate if the certificate is trusted in turststore, but ignore the certificate Common Name or Subject Alternate Name (SAN) check. Zowe will ignore this configuration when strict mode is enabled with `apiml.security.ssl.verifySslCertificatesOfServices`.
Defines whether APIML should verify certificates of services in non-strict mode. Setting the value to `true` will enable the `non-strict` mode where APIML will validate if the certificate is trusted in truststore, but ignore the certificate Common Name or Subject Alternate Name (SAN) check. Zowe will ignore this configuration when strict mode is enabled with `apiml.security.ssl.verifySslCertificatesOfServices`.
- **`apiml.server.maxConnectionsPerRoute`**
Specifies the maximum connections for each service.
- **`apiml.server.maxTotalConnections`**
Specifies the total connections for all services registered under API Mediation Layer.
- **`apiml.security.oidc.enabled`**
Specifies the global feature toggle. Set the value to `true` to enable OIDC authentication functionality.

- **`apiml.security.oidc.registry`**
Specifies the SAF registry used to group the identities recognized as having an OIDC identity mapping. The registry name is the string used during the creation of the mapping between the distributed and mainframe user identities. For more information, see the [ESM configuration](#esm-configuration).

- **`apiml.security.oidc.jwks.uri`**
Specifies the URI obtained from the authorization server's metadata where the Gateway will query for the JWK used to sign and verify the access tokens.

- **`apiml.security.oidc.jwks.refreshInternalHours`**
Specifies the frequency in hours to refresh the JWK keys from the OIDC provider. Defaults to one hour.

- **`apiml.security.oidc.identityMapperUser`**
(Optional) If the userId is different from the default Zowe runtime userId (`ZWESVUSR`), specify the `identityMapperUser` userId to configure API ML access to the external user identity mapper.

:::note

User authorization is required to use the `IRR.RUSERMAP` resource within the `FACILITY` class. The default value is `ZWESVUSR`. Permissions are set up during installation with the `ZWESECUR` JCL or workflow. To authenticate to the mapping API, a JWT is sent with the request. The token represents the user that is configured with this property.

:::

- **`apiml.security.oidc.identityMapperUrl`**
Defines the URL where the Gateway can query the mapping of the distributed user ID to the mainframe user ID.
This property informs the Gateway about the location of this API. ZSS is the default API provider in Zowe, but if you are using Zowe release 2.14 or a later version, we recommend you use the [API ML internal mapper](../../user-guide/authenticating-with-client-certificates.md#enabling-the-internal-api-ml-mapper). You can provide your own API to perform the mapping. In this case, it is necessary to customize this value.

The following URL is the default value for Zowe and ZSS:

```
https://${ZWE_haInstance_hostname}:${GATEWAY_PORT}/zss/api/v1/certificate/dn
```

#### Configure component discovery

Expand Down Expand Up @@ -512,6 +542,18 @@ These configurations can be used under the `components.caching-service` section:
Specifies eviction strategy to be used when the storage size is achieved.
- **`storage.vsam.name`**
Specifies the data set name of the caching service VSAM data set.
- **`storage.infinispan.initialHosts`**

This property specifies the list of cluster nodes (members). In case of multiple instances, the value for each Caching Service instance can be either a list of all the members, separated by a comma, or just the replica. The format is `${haInstance.hostname}[${zowe.components.caching-service.storage.infinispan.jgroups.port}]`.

- **`storage.infinispan.persistence.dataLocation`**

The path where the Soft-Index store keeps its data files for the Infinispan Soft-Index Cache Store.
The default value is `data`. If you run the Caching Service in Highly Available mode and the instances use the same filesystem, you have to specify a different value of the `CACHING_STORAGE_INFINISPAN_PERSISTENCE_DATALOCATION` property for each instance. For more information, see the [Soft-Index File Store](https://infinispan.org/blog/2014/10/31/soft-index-file-store).

- **`storage.infinispan.jgroups.port`**

The port number used by Infinispan to synchronise data among caching-service instances.
- **`storage.redis.masterNodeUri`**
Specifies the URI used to connect to the Redis master instance in the form `username:password@host:port`.
- **`storage.redis.timeout`**
Expand Down
2 changes: 1 addition & 1 deletion docs/contribute/contributing.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ Before contributing a documentation change to the repository, you should be fami
* Slack: The Zowe Documentation team communicates using the Slack application. To learn about Slack, refer to the [Slack Help Center](https://slack.com/help). The Zowe team is part of the [Open Mainframe Project](https://openmainframeproject.slack.com) channel.
* Markdown Language: The Zowe documentation is written in Markdown language. To learn about Markdown, refer to [The Markdown Guide](https://www.markdownguide.org/).

In addition to being familiar with the Zowe community and how we work together, you will need to sign the CNCF Contributor License Agreement. The Contributor License Agreement defines the terms under which you contribute to Zowe documentation. Contributions to Zowe documentation are reviewed before being committed to the repository. Committing changes to the Zowe repository requires additional access rights. See https://github.com/zowe/community/blob/master/COMMITTERS.md. Also see Participating in Zowe Documentation for more details about roles and permissions.
Contributions to Zowe documentation are reviewed before being committed to the repository. Commits needs to have Developer Certificate of Origin (DCO). Committing changes to the Zowe repository requires additional access rights. See https://github.com/zowe/community/blob/master/COMMITTERS.md. Also see Participating in Zowe Documentation for more details about roles and permissions.

## Getting started checklist

Expand Down
8 changes: 6 additions & 2 deletions docs/contribute/guidelines-code/categories.md
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,13 @@ For each area of the codebase, there are established and favored programming lan
- **CLI** - Node.js, TypeScript
- **Desktop UI** - Node.js, JavaScript
- **APIs** - C, Assembler, Java, Spring
- **API Mediation Layer** - Java, Spring
- **API Mediation Layer** - Java, Spring, JavaScript
balhar-jakub marked this conversation as resolved.
Show resolved Hide resolved

**Note:** JavaScript is not recommended and should be avoided in favor of Typescript to utilize typing.
:::note

JavaScript is not recommended and should be avoided in favor of Typescript to utilize typing.

:::

## Component-specific guidelines and tutorials

Expand Down
21 changes: 0 additions & 21 deletions docs/extend/dynamic-static-registration-overview.md

This file was deleted.

192 changes: 0 additions & 192 deletions docs/extend/extend-api/ReactJSUI.md

This file was deleted.

3 changes: 0 additions & 3 deletions docs/extend/extend-api/api-intro.md

This file was deleted.

Loading
Loading