fix SAF resource provider doc #4042
Conversation
Signed-off-by: Andrea Tabone <[email protected]>
|
😺 Thank you for creating this PR! To publish your content to Zowe Docs, follow these required steps.
Need help? Contact the Doc Squad in the #zowe-doc Slack channel. |
|
If you have addressed this issue already, refresh this page in your browser to remove this comment. |
|
🔍 The review label is missing. Add a If you have addressed this issue already, refresh this page in your browser to remove this comment. |
|
📌 The subject area label is missing. Add an If you have addressed this issue already, refresh this page in your browser to remove this comment. |
|
💾 The release label is missing. Add a If you have addressed this issue already, refresh this page in your browser to remove this comment. |
| - **`native`** | ||
| The Native JZOS classes from Java are used to determine SAF resource access. This is the default provider. | ||
|
|
||
| The Native JZOS classes from Java are used to determine SAF resource access. This is the default provider. | ||
|
|
||
| **Note:** This provider cannot be used off-platform. | ||
|
|
||
| - **`endpoint`** | ||
| The Endpoint provider relies on APIs such as a REST endpoint call (ZSS or similar one). This option is disabled by default. In Zowe, ZSS provides the API to check for SAF resource authorization. |
There was a problem hiding this comment.
I wonder if it can be considered a breaking change (for anyone relying on the default being endpoint)
There was a problem hiding this comment.
Add some note or clarification that this is the default from 3.1
There was a problem hiding this comment.
Well in theory the default was still native, as long as they didn't set endpoint.enabled to true.
| If no value is assigned to Use the parameter value to | ||
| strictly define a provider. If verification is disabled, select the `endpoint` option. |
There was a problem hiding this comment.
I think this needs to be rewritten
There was a problem hiding this comment.
I've fixed that, thanks. I'm just not totally sure about If verification is disabled, select the endpoint option. meaning
Signed-off-by: Andrea Tabone <[email protected]>
Signed-off-by: Andrew Jandacek <[email protected]>
|
|
||
| To configure the `endpoint` provider, add the following additional property: | ||
| `components.gateway.apiml.security.authorization.endpoint.enabled: true` | ||
| * **Native** |
There was a problem hiding this comment.
The order of the sections should follow this same sequence (Native, Endpoint, Dummy). Can the sections be reordered in this same sequence?
| - `components.gateway.apiml.security.authorization.endpoint.url: <endpoint_url>` | ||
|
|
||
| When using ZSS, the default value the property | ||
| `components.gateway.apiml.security.authorization.endpoint.url` is `https://${ZWE_haInstance_hostname}:${GATEWAY_PORT}/zss/api/v1/saf-auth` |
There was a problem hiding this comment.
Please define the variables that require customization in the following format:
-
ZWE_haInstance_hostname
Specifies.... -
GATEWAY_PORT
Specifies ...
| - Classes and resources are mapped into a map, user IDs into a list. | ||
| - The load method does not support formatting with dots, such as shown in the following example: | ||
| - Classes and resources are mapped into a map with user IDs contained in a list. | ||
| - The load method does not support formatting with periods `.`, such as shown in the following example: | ||
| **Example:** `{CLASS}.{RESOURCE}` | ||
| Ensure that each element is separated. | ||
| - The field `safAccess` is not required to define an empty file without a definition. |
There was a problem hiding this comment.
Can you please add a conclusion statement that describes the end result of completing this procedure? Thanks
Signed-off-by: Andrew Jandacek <[email protected]>
Describe your pull request here:
List the file(s) included in this PR:
After creating the PR, follow the instructions in the comments.