Skip to content

Commit

Permalink
Merge pull request #298 from zowe/fix-v2-branch
Browse files Browse the repository at this point in the history 
Fix V3 branch so V2 can be merged in
  • Loading branch information
@DivergentEuropeans
DivergentEuropeans authored Mar 15, 2024
2 parents b277d9f + e7db221 commit ae2a9e2
Show file tree
Hide file tree
Showing 5 changed files with 114 additions and 13 deletions.
10 changes: 9 additions & 1 deletion CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,15 @@
# Zlux App Server Changelog

All notable changes to the Zlux App Server package will be documented in this file.


## v2.14.0
- Enhancement: Updated schema to specify multiple discovery servers.

## v2.13.0
- Enhancement: Updated schema to allow cipher customization in IANA format. (#284)
- Enhancement: Updated schema to allow curve customization. (#284)
- Enhancement: Updated defaults to read TLS settings and IP settings from the "zowe.network.server" attribute of Zowe.yaml. (#284)

## v2.12.0
- enhancement: new versions of components can change the location of their plugins, as the app-server will now re-inspect the plugin locations on each startup. (#280)
- bugfix: Removed error message "components/app-server/bin/configure.sh 26: .: FSUM6807 expression syntax error" seen in startup of Zowe in v2.11.0, caused by incorrect shell syntax. (#283)
Expand Down
4 changes: 3 additions & 1 deletion bin/configure.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,9 @@ cd ../lib
CONFIG_FILE=$ZWE_CLI_PARAMETER_CONFIG $NODE_BIN initInstance.js

cd ${COMPONENT_HOME}/share/zlux-app-server/bin/init
if [ "${ZWE_zowe_useConfigmgr}" = "true" ]; then
if [ "${ZWE_components_app_server_zowe_useConfigmgr}" = "false" ]; then
. ./plugins-init.sh
elif [ "${ZWE_zowe_useConfigmgr}" = "true" ]; then
_CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/components/app-server/share/zlux-app-server/bin/init/plugins-init.js"
else
. ./plugins-init.sh
Expand Down
60 changes: 55 additions & 5 deletions defaults/serverConfig/defaults.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,9 +20,17 @@ components:
hostname: "${{ function a(){ if (process.env.ZWE_INTERNAL_HOST) { return process.env.ZWE_INTERNAL_HOST; } else if (process.env.ZWE_haInstance_hostname) { return process.env.ZWE_haInstance_hostname; } else { return undefined; } }; a() }}"
https:
ipAddresses: "${{ function a(){
let addresses;
if (components['app-server'].zowe?.network?.server?.listenAddresses) {
addresses = components['app-server'].zowe.network.server.listenAddresses;
} else if (zowe.network?.server?.listenAddresses) {
addresses = zowe.network.server.listenAddresses;
} else {
addresses = ['0.0.0.0'];
}
if (process.env.ZOWE_LOOPBACK_ADDRESS && process.env.BIND_TO_LOOPBACK == 'true') {
return [ process.env.ZOWE_LOOPBACK_ADDRESS , '0.0.0.0' ];
} else { return ['0.0.0.0'] } };
return [ process.env.ZOWE_LOOPBACK_ADDRESS ].concat(addresses);
} else { return addresses } };
a() }}"
port: "${{ function a(){
if (process.env.ZWED_SERVER_HTTPS_PORT) {
Expand All @@ -32,23 +40,23 @@ components:
} else { return Number(7556); } };
a() }}"
keys: '${{ function a() {
if (zowe.certificate?.keystore?.type == "JCERACFKS") {
if (zowe.certificate?.keystore?.type && zowe.certificate.keystore.type.match("JCE.*KS")) {
return [ zowe.certificate.keystore.file+"&"+zowe.certificate.keystore.alias ];
} else if (zowe.certificate?.pem?.key) {
return [ zowe.certificate.pem.key ];
} else {
return [ "../defaults/serverConfig/zlux.keystore.key" ]; } };
a() }}'
certificates: '${{ function a(){
if (zowe.certificate?.keystore?.type == "JCERACFKS") {
if (zowe.certificate?.keystore?.type && zowe.certificate.keystore.type.match("JCE.*KS")) {
return [ zowe.certificate.keystore.file+"&"+zowe.certificate.keystore.alias ];
} else if (zowe.certificate?.pem?.certificate) {
return [ zowe.certificate.pem.certificate ];
} else {
return [ "../defaults/serverConfig/zlux.keystore.cer" ]; } };
a() }}'
certificateAuthorities: '${{ function a() {
if (zowe.certificate?.truststore?.type == "JCERACFKS") {
if (zowe.certificate?.truststore?.type && zowe.certificate.truststore.type.match("JCE.*KS")) {
return [ zowe.certificate.truststore.file ];
} else if(zowe.certificate?.pem?.certificateAuthorities) {
if (Array.isArray(zowe.certificate.pem.certificateAuthorities)) {
Expand All @@ -58,16 +66,57 @@ components:
}
} else { return ["../defaults/serverConfig/apiml-localca.cer"]; } };
a() }}'
maxTls: '${{ function a(){
if (components["app-server"].zowe?.network?.server?.tls?.maxTls) {
return components["app-server"].zowe.network.server.tls.maxTls;
} else if (zowe.network?.server?.tls?.maxTls) {
return zowe.network.server.tls.maxTls;
} else {
return "TLSv1.3"; } };
a() }}'
minTls: '${{ function a(){
if (components["app-server"].zowe?.network?.server?.tls?.minTls) {
return components["app-server"].zowe.network.server.tls.minTls;
} else if (zowe.network?.server?.tls?.minTls) {
return zowe.network.server.tls.minTls;
} else {
return "TLSv1.2"; } };
a() }}'
ciphers: '${{ function a(){
if (components["app-server"].zowe?.network?.server?.tls?.ciphers) {
return components["app-server"].zowe.network.server.tls.ciphers.join(":");
} else if (zowe.network?.server?.tls?.ciphers) {
return zowe.network.server.tls.ciphers.join(":");
} else {
return "" } };
a() }}'
curves: '${{ function a(){
if (components["app-server"].zowe?.network?.server?.tls?.curves) {
return components["app-server"].zowe.network.server.tls.curves;
} else if (zowe.network?.server?.tls?.curves) {
return zowe.network.server.tls.curves;
} else {
return [] } };
a() }}'
loopbackAddress: "${{ function a(){ if (process.env.ZOWE_LOOPBACK_ADDRESS) { return process.env.ZOWE_LOOPBACK_ADDRESS; } else { return undefined; } }; a() }}"
mediationLayer:
server:
# strange but true: to contact discovery in a container, instead reach for the gateway hostname.
# DEPRECATED. Use discoveryUrls instead.
hostname: '${{ function a() {
if (process.env.ZWE_RUN_IN_CONTAINER=="true" && process.env.ZWE_GATEWAY_HOST) {
return process.env.ZWE_GATEWAY_HOST;
} else {
return zowe.externalDomains[0] } };
a() }}'
discoveryUrls: '${{ function a() {
if (process.env.ZWE_RUN_IN_CONTAINER=="true" && process.env.ZWE_GATEWAY_HOST) {
return ["https://"+process.env.ZWE_GATEWAY_HOST+":"+components.discovery.port+"/eureka/"];
} else if (process.env.ZWE_DISCOVERY_SERVICES_LIST) {
return process.env.ZWE_DISCOVERY_SERVICES_LIST.split(",");
} else {
return ["https://"+zowe.externalDomains[0]+":"+components.discovery.port+"/eureka/"] } };
a() }}'
# usually, externalDomains is where gateway is. But on containers, this isnt accessible to containers, so
# HACK: special var ZWE_GATEWAY_HOST is used instead
gatewayHostname: '${{ function a() {
Expand All @@ -76,6 +125,7 @@ components:
} else {
return zowe.externalDomains[0] } };
a() }}'
# DEPRECATED. Use discoveryUrls instead.
port: ${{ components.discovery.port }}
# strange but true: to contact gateway in a container, dont use the external port.
gatewayPort: '${{ function a() {
Expand Down
4 changes: 2 additions & 2 deletions package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

49 changes: 45 additions & 4 deletions schemas/app-server-config.json
100644 → 100755
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,18 @@
"type": "object",
"additionalProperties": true,
"properties": {
"zowe": {
"type": "object",
"additionalProperties": true,
"description": "Contains customizations from the Zowe global configuration.",
"properties": {
"useConfigmgr": {
"type": "boolean",
"default": true,
"description": "Determines whether configmgr will be used during the startup proceedure, such as to register plugins."
}
}
},
"node": {
"type": "object",
"description": "Configuration options specific to the app-server and things it depends upon",
Expand Down Expand Up @@ -48,13 +60,32 @@
"deprecated": true,
"description": "Passes through the secureProtocol attribute to TLS calls of nodeJS, as defined within https://nodejs.org/api/tls.html#tlscreatesecurecontextoptions"
},
"maxTls": {
"type": "string",
"enum": ["TLSv1.2", "TLSv1.3"],
"default": "TLSv1.3",
"description": "Maximum TLS version allowed for network connections."
},
"minTls": {
"type": "string",
"enum": ["TLSv1.2", "TLSv1.3"],
"default": "TLSv1.2",
"description": "Minimum TLS version allowed for network connections, and less than or equal to maxTls."
},
"ciphers": {
"oneOf": [
{ "$ref": "#/$defs/nodejsDefaultCiphers" },
{ "$ref": "#/$defs/zoweDefaultCiphers" },
{ "$ref": "#/$defs/customCiphers" }
]
},
"curves": {
"type": "array",
"description": "A list of curve NIDs or names, for example P-521, P-384, P-256",
"items": {
"type": "string"
}
},
"enableTrace": {
"type": "boolean",
"default": false
Expand Down Expand Up @@ -98,6 +129,14 @@
"type": "boolean",
"description": "Controls if connections to the API Mediation Layer gateway and/or discovery service should be HTTP or HTTPS"
},
"discoveryUrls": {
"type": "array",
"description": "A list of URLs where discovery servers can be found. URLs must be in the form of 'https://host:port/eureka/'. This will be used instead of the 'hostname' and 'port' values if present.",
"items": {
"type": "string",
"pattern": "https:\/\/.*:[0-9].*\/eureka\/"
}
},
"gatewayHostname": {
"type": "string",
"format": "hostname",
Expand All @@ -106,7 +145,8 @@
"hostname": {
"type": "string",
"format": "hostname",
"description": "The hostname or IP where the Zowe Discovery service is running"
"description": "The hostname or IP where the Zowe Discovery service is running",
"deprecated": true
},
"gatewayPort": {
"oneOf": [
Expand All @@ -120,6 +160,7 @@
{ "$ref": "/schemas/v2/server-common#zoweTcpPort" },
{ "$ref": "/schemas/v2/server-common#zoweReservedTcpPort" },
],
"deprecated": true,
"description": "The port where the Zowe Discovery service is running"
},
"enabled": {
Expand Down Expand Up @@ -620,7 +661,7 @@
{ "$ref": "#/$defs/zoweDefaultCiphers" }
]
},
"description": "Instructs app-server to use the list of ciphers in this string when using TLS. String must be in the form defined here https://nodejs.org/api/tls.html#modifying-the-default-tls-cipher-suite"
"description": "Instructs app-server to use the list of ciphers in this string when using TLS. String is a colon separated list of IANA or openSSL names"
},
"headerCustomization": {
"type": "object",
Expand Down Expand Up @@ -660,14 +701,14 @@
},
"safKeyringCertObject": {
"type": "string",
"pattern": "^safkeyring:(\/\/)+.*$"
"pattern": "^safkeyring.*:(\/\/)+.*$"
},
"pathCertObject": {
"type": "string",
"not": {
"anyOf": [
{ "pattern": "^file:\/\/.*$" },
{ "pattern": "^safkeyring:(\/\/)+.*$" }
{ "pattern": "^safkeyring.*:(\/\/)+.*$" }
]
}
},
Expand Down

0 comments on commit ae2a9e2

Please sign in to comment.