diff --git a/CHANGELOG.md b/CHANGELOG.md index b5cb675..66c4ac6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,7 +1,15 @@ # Zlux App Server Changelog All notable changes to the Zlux App Server package will be documented in this file. - + +## v2.14.0 +- Enhancement: Updated schema to specify multiple discovery servers. + +## v2.13.0 +- Enhancement: Updated schema to allow cipher customization in IANA format. (#284) +- Enhancement: Updated schema to allow curve customization. (#284) +- Enhancement: Updated defaults to read TLS settings and IP settings from the "zowe.network.server" attribute of Zowe.yaml. (#284) + ## v2.12.0 - enhancement: new versions of components can change the location of their plugins, as the app-server will now re-inspect the plugin locations on each startup. (#280) - bugfix: Removed error message "components/app-server/bin/configure.sh 26: .: FSUM6807 expression syntax error" seen in startup of Zowe in v2.11.0, caused by incorrect shell syntax. (#283) diff --git a/bin/configure.sh b/bin/configure.sh index 36276d8..499eaac 100755 --- a/bin/configure.sh +++ b/bin/configure.sh @@ -54,7 +54,9 @@ cd ../lib CONFIG_FILE=$ZWE_CLI_PARAMETER_CONFIG $NODE_BIN initInstance.js cd ${COMPONENT_HOME}/share/zlux-app-server/bin/init -if [ "${ZWE_zowe_useConfigmgr}" = "true" ]; then +if [ "${ZWE_components_app_server_zowe_useConfigmgr}" = "false" ]; then + . ./plugins-init.sh +elif [ "${ZWE_zowe_useConfigmgr}" = "true" ]; then _CEE_RUNOPTS="XPLINK(ON),HEAPPOOLS(OFF)" ${ZWE_zowe_runtimeDirectory}/bin/utils/configmgr -script "${ZWE_zowe_runtimeDirectory}/components/app-server/share/zlux-app-server/bin/init/plugins-init.js" else . ./plugins-init.sh diff --git a/defaults/serverConfig/defaults.yaml b/defaults/serverConfig/defaults.yaml index c2daa70..53969ee 100644 --- a/defaults/serverConfig/defaults.yaml +++ b/defaults/serverConfig/defaults.yaml @@ -20,9 +20,17 @@ components: hostname: "${{ function a(){ if (process.env.ZWE_INTERNAL_HOST) { return process.env.ZWE_INTERNAL_HOST; } else if (process.env.ZWE_haInstance_hostname) { return process.env.ZWE_haInstance_hostname; } else { return undefined; } }; a() }}" https: ipAddresses: "${{ function a(){ + let addresses; + if (components['app-server'].zowe?.network?.server?.listenAddresses) { + addresses = components['app-server'].zowe.network.server.listenAddresses; + } else if (zowe.network?.server?.listenAddresses) { + addresses = zowe.network.server.listenAddresses; + } else { + addresses = ['0.0.0.0']; + } if (process.env.ZOWE_LOOPBACK_ADDRESS && process.env.BIND_TO_LOOPBACK == 'true') { - return [ process.env.ZOWE_LOOPBACK_ADDRESS , '0.0.0.0' ]; - } else { return ['0.0.0.0'] } }; + return [ process.env.ZOWE_LOOPBACK_ADDRESS ].concat(addresses); + } else { return addresses } }; a() }}" port: "${{ function a(){ if (process.env.ZWED_SERVER_HTTPS_PORT) { @@ -32,7 +40,7 @@ components: } else { return Number(7556); } }; a() }}" keys: '${{ function a() { - if (zowe.certificate?.keystore?.type == "JCERACFKS") { + if (zowe.certificate?.keystore?.type && zowe.certificate.keystore.type.match("JCE.*KS")) { return [ zowe.certificate.keystore.file+"&"+zowe.certificate.keystore.alias ]; } else if (zowe.certificate?.pem?.key) { return [ zowe.certificate.pem.key ]; @@ -40,7 +48,7 @@ components: return [ "../defaults/serverConfig/zlux.keystore.key" ]; } }; a() }}' certificates: '${{ function a(){ - if (zowe.certificate?.keystore?.type == "JCERACFKS") { + if (zowe.certificate?.keystore?.type && zowe.certificate.keystore.type.match("JCE.*KS")) { return [ zowe.certificate.keystore.file+"&"+zowe.certificate.keystore.alias ]; } else if (zowe.certificate?.pem?.certificate) { return [ zowe.certificate.pem.certificate ]; @@ -48,7 +56,7 @@ components: return [ "../defaults/serverConfig/zlux.keystore.cer" ]; } }; a() }}' certificateAuthorities: '${{ function a() { - if (zowe.certificate?.truststore?.type == "JCERACFKS") { + if (zowe.certificate?.truststore?.type && zowe.certificate.truststore.type.match("JCE.*KS")) { return [ zowe.certificate.truststore.file ]; } else if(zowe.certificate?.pem?.certificateAuthorities) { if (Array.isArray(zowe.certificate.pem.certificateAuthorities)) { @@ -58,16 +66,57 @@ components: } } else { return ["../defaults/serverConfig/apiml-localca.cer"]; } }; a() }}' + maxTls: '${{ function a(){ + if (components["app-server"].zowe?.network?.server?.tls?.maxTls) { + return components["app-server"].zowe.network.server.tls.maxTls; + } else if (zowe.network?.server?.tls?.maxTls) { + return zowe.network.server.tls.maxTls; + } else { + return "TLSv1.3"; } }; + a() }}' + minTls: '${{ function a(){ + if (components["app-server"].zowe?.network?.server?.tls?.minTls) { + return components["app-server"].zowe.network.server.tls.minTls; + } else if (zowe.network?.server?.tls?.minTls) { + return zowe.network.server.tls.minTls; + } else { + return "TLSv1.2"; } }; + a() }}' + ciphers: '${{ function a(){ + if (components["app-server"].zowe?.network?.server?.tls?.ciphers) { + return components["app-server"].zowe.network.server.tls.ciphers.join(":"); + } else if (zowe.network?.server?.tls?.ciphers) { + return zowe.network.server.tls.ciphers.join(":"); + } else { + return "" } }; + a() }}' + curves: '${{ function a(){ + if (components["app-server"].zowe?.network?.server?.tls?.curves) { + return components["app-server"].zowe.network.server.tls.curves; + } else if (zowe.network?.server?.tls?.curves) { + return zowe.network.server.tls.curves; + } else { + return [] } }; + a() }}' loopbackAddress: "${{ function a(){ if (process.env.ZOWE_LOOPBACK_ADDRESS) { return process.env.ZOWE_LOOPBACK_ADDRESS; } else { return undefined; } }; a() }}" mediationLayer: server: # strange but true: to contact discovery in a container, instead reach for the gateway hostname. + # DEPRECATED. Use discoveryUrls instead. hostname: '${{ function a() { if (process.env.ZWE_RUN_IN_CONTAINER=="true" && process.env.ZWE_GATEWAY_HOST) { return process.env.ZWE_GATEWAY_HOST; } else { return zowe.externalDomains[0] } }; a() }}' + discoveryUrls: '${{ function a() { + if (process.env.ZWE_RUN_IN_CONTAINER=="true" && process.env.ZWE_GATEWAY_HOST) { + return ["https://"+process.env.ZWE_GATEWAY_HOST+":"+components.discovery.port+"/eureka/"]; + } else if (process.env.ZWE_DISCOVERY_SERVICES_LIST) { + return process.env.ZWE_DISCOVERY_SERVICES_LIST.split(","); + } else { + return ["https://"+zowe.externalDomains[0]+":"+components.discovery.port+"/eureka/"] } }; + a() }}' # usually, externalDomains is where gateway is. But on containers, this isnt accessible to containers, so # HACK: special var ZWE_GATEWAY_HOST is used instead gatewayHostname: '${{ function a() { @@ -76,6 +125,7 @@ components: } else { return zowe.externalDomains[0] } }; a() }}' + # DEPRECATED. Use discoveryUrls instead. port: ${{ components.discovery.port }} # strange but true: to contact gateway in a container, dont use the external port. gatewayPort: '${{ function a() { diff --git a/package-lock.json b/package-lock.json index 3b0054a..797db2c 100644 --- a/package-lock.json +++ b/package-lock.json @@ -19,7 +19,7 @@ "@rocketsoftware/eureka-js-client": "~4.5.3", "@rocketsoftware/express-ws": "^5.0.0", "accept-language-parser": "~1.5.0", - "axios": "~0.22.0", + "axios": "~1.6.7", "bluebird": "~3.5.1", "body-parser": "~1.18.3", "cookie-parser": "~1.4.3", @@ -105,7 +105,7 @@ "@types/node": "~6.0.0", "@types/qs": "6.9.3", "accept-language-parser": "~1.5.0", - "axios": "~0.22.0", + "axios": "~1.6.7", "bluebird": "~3.5.1", "body-parser": "~1.18.3", "chai": "~4.2.0", diff --git a/schemas/app-server-config.json b/schemas/app-server-config.json old mode 100644 new mode 100755 index e815562..fbdbc51 --- a/schemas/app-server-config.json +++ b/schemas/app-server-config.json @@ -6,6 +6,18 @@ "type": "object", "additionalProperties": true, "properties": { + "zowe": { + "type": "object", + "additionalProperties": true, + "description": "Contains customizations from the Zowe global configuration.", + "properties": { + "useConfigmgr": { + "type": "boolean", + "default": true, + "description": "Determines whether configmgr will be used during the startup proceedure, such as to register plugins." + } + } + }, "node": { "type": "object", "description": "Configuration options specific to the app-server and things it depends upon", @@ -48,6 +60,18 @@ "deprecated": true, "description": "Passes through the secureProtocol attribute to TLS calls of nodeJS, as defined within https://nodejs.org/api/tls.html#tlscreatesecurecontextoptions" }, + "maxTls": { + "type": "string", + "enum": ["TLSv1.2", "TLSv1.3"], + "default": "TLSv1.3", + "description": "Maximum TLS version allowed for network connections." + }, + "minTls": { + "type": "string", + "enum": ["TLSv1.2", "TLSv1.3"], + "default": "TLSv1.2", + "description": "Minimum TLS version allowed for network connections, and less than or equal to maxTls." + }, "ciphers": { "oneOf": [ { "$ref": "#/$defs/nodejsDefaultCiphers" }, @@ -55,6 +79,13 @@ { "$ref": "#/$defs/customCiphers" } ] }, + "curves": { + "type": "array", + "description": "A list of curve NIDs or names, for example P-521, P-384, P-256", + "items": { + "type": "string" + } + }, "enableTrace": { "type": "boolean", "default": false @@ -98,6 +129,14 @@ "type": "boolean", "description": "Controls if connections to the API Mediation Layer gateway and/or discovery service should be HTTP or HTTPS" }, + "discoveryUrls": { + "type": "array", + "description": "A list of URLs where discovery servers can be found. URLs must be in the form of 'https://host:port/eureka/'. This will be used instead of the 'hostname' and 'port' values if present.", + "items": { + "type": "string", + "pattern": "https:\/\/.*:[0-9].*\/eureka\/" + } + }, "gatewayHostname": { "type": "string", "format": "hostname", @@ -106,7 +145,8 @@ "hostname": { "type": "string", "format": "hostname", - "description": "The hostname or IP where the Zowe Discovery service is running" + "description": "The hostname or IP where the Zowe Discovery service is running", + "deprecated": true }, "gatewayPort": { "oneOf": [ @@ -120,6 +160,7 @@ { "$ref": "/schemas/v2/server-common#zoweTcpPort" }, { "$ref": "/schemas/v2/server-common#zoweReservedTcpPort" }, ], + "deprecated": true, "description": "The port where the Zowe Discovery service is running" }, "enabled": { @@ -620,7 +661,7 @@ { "$ref": "#/$defs/zoweDefaultCiphers" } ] }, - "description": "Instructs app-server to use the list of ciphers in this string when using TLS. String must be in the form defined here https://nodejs.org/api/tls.html#modifying-the-default-tls-cipher-suite" + "description": "Instructs app-server to use the list of ciphers in this string when using TLS. String is a colon separated list of IANA or openSSL names" }, "headerCustomization": { "type": "object", @@ -660,14 +701,14 @@ }, "safKeyringCertObject": { "type": "string", - "pattern": "^safkeyring:(\/\/)+.*$" + "pattern": "^safkeyring.*:(\/\/)+.*$" }, "pathCertObject": { "type": "string", "not": { "anyOf": [ { "pattern": "^file:\/\/.*$" }, - { "pattern": "^safkeyring:(\/\/)+.*$" } + { "pattern": "^safkeyring.*:(\/\/)+.*$" } ] } },