From a942fc5a897ca30b330c8ba089d4f00b3d80d81b Mon Sep 17 00:00:00 2001 From: mm667937 Date: Thu, 26 Sep 2024 10:57:46 +0200 Subject: [PATCH 1/4] small workflow fix - delete unused variable, fix version, added auto choice for jwt autoconfig Signed-off-by: mm667937 --- pswi/03_create.sh | 2 +- pswi/scripts/deploy_test_2_3.py | 4 ++-- workflows/files/ZWECONF.properties | 12 ++---------- workflows/files/ZWECONF.xml | 13 +------------ 4 files changed, 6 insertions(+), 25 deletions(-) diff --git a/pswi/03_create.sh b/pswi/03_create.sh index 724ab7ad61..6feb2d56a7 100644 --- a/pswi/03_create.sh +++ b/pswi/03_create.sh @@ -28,7 +28,7 @@ echo "z/OSMF version :" $ZOSMF_V # JSONs ADD_SWI_JSON='{"name":"'${SWI_NAME}'","system":"'${ZOSMF_SYSTEM}'","description":"ZOWE v'${VERSION}' Portable Software Instance", "globalzone":"'${GLOBAL_ZONE}'","targetzones":["'${TZONE}'"],"workflows":[{"name":"ZOWE Mount Workflow","description":"This workflow performs mount action of ZOWE zFS.", -"location": {"dsname":"'${WORKFLOW_DSN}'(ZWEWRF02)"}},{"name":"ZOWE Configuration of Zowe 2.0","description":"This workflow configures Zowe v2.0.", +"location": {"dsname":"'${WORKFLOW_DSN}'(ZWEWRF02)"}},{"name":"ZOWE Configuration of Zowe 3.0","description":"This workflow configures Zowe v3.0.", "location": {"dsname":"'${WORKFLOW_DSN}'(ZWECONF)"}},{"name":"ZOWE Creation of CSR request workflow","description":"This workflow creates a certificate sign request.", "location": {"dsname":"'${WORKFLOW_DSN}'(ZWECRECR)"}},{"name":"ZOWE Sign a CSR request","description":"This workflow signs the certificate sign request by a local CA.", "location": {"dsname":"'${WORKFLOW_DSN}'(ZWESIGNC)"}},{"name":"ZOWE Load Authentication Certificate into ESM","description":"This workflow loads a signed client authentication certificate to the ESM.", diff --git a/pswi/scripts/deploy_test_2_3.py b/pswi/scripts/deploy_test_2_3.py index f06a631379..7163577ce5 100644 --- a/pswi/scripts/deploy_test_2_3.py +++ b/pswi/scripts/deploy_test_2_3.py @@ -196,8 +196,8 @@ def create_swi(self): {"name": "ZOWE Mount Workflow", "description": "This workflow performs mount action of ZOWE zFS.", "location": {"dsname": self.hlq + ".WORKFLOW(ZWEWRF02)"}}, - {"name": "ZOWE Configuration of Zowe 2.0", - "description": "This workflow configures Zowe v2.0.", + {"name": "ZOWE Configuration of Zowe 3.0", + "description": "This workflow configures Zowe v3.0.", "location": {"dsname": self.hlq + ".WORKFLOW(ZWECONF)"}}, {"name":"ZOWE Creation of CSR request workflow", "description":"This workflow creates a certificate sign request.", diff --git a/workflows/files/ZWECONF.properties b/workflows/files/ZWECONF.properties index ccf3efc3a8..8a90b767d2 100644 --- a/workflows/files/ZWECONF.properties +++ b/workflows/files/ZWECONF.properties @@ -407,7 +407,7 @@ components_gateway_apiml_security_auth_provider=zosmf # Category: components # Description: # JWT auto configuration for gateway security auth -# Choices: jwt,ltpa +# Choices: jwt,ltpa,auto components_gateway_apiml_security_auth_zosmf_jwtAutoconfiguration=jwt # components_gateway_apiml_security_auth_zosmf_serviceId @@ -612,14 +612,6 @@ components_zss_port=7557 # Name for the ZSS cross memory server components_zss_crossMemoryServerName=ZWESIS_STD -# components_zss_tls -# Label: ZSS TLS -# Abstract: Check this to enable TLS on ZSS -# Category: components -# Description: -# Check this to enable TLS on ZSS -components_zss_tls=true - # components_zss_agent_jwt_fallback # Label: ZSS JWT fallback # Abstract: Check this to enable fallback @@ -774,4 +766,4 @@ zowe_setup_security_stcs_aux=ZWESASTC # Check this option to enable the optional workflow step with zwe install command. After Zowe convenience build is extracted, # you can enable this flag to run the zwe install command to install MVS data sets within this workflow run. # This option is for convenience build only. SMP/E installs the MVS data sets during installation. -zowe_setup_installStep_enabled=false \ No newline at end of file +zowe_setup_installStep_enabled=false diff --git a/workflows/files/ZWECONF.xml b/workflows/files/ZWECONF.xml index b9a54cde87..9d3c51040f 100644 --- a/workflows/files/ZWECONF.xml +++ b/workflows/files/ZWECONF.xml @@ -588,6 +588,7 @@ How we want to verify SSL certificates of services. Valid values are: jwt ltpa + auto jwt @@ -867,17 +868,6 @@ How we want to verify SSL certificates of services. Valid values are: ZWESIS_STD - - - Check this to enable TLS on ZSS - Check this to enable TLS on ZSS - components - - - - true - - Check this to enable fallback @@ -1419,7 +1409,6 @@ How we want to verify SSL certificates of services. Valid values are: - Run this step to specify the values for the ZSS variables From 57ca44cc02f534a2b87d8c81379a12e26fdd50d8 Mon Sep 17 00:00:00 2001 From: mm667937 Date: Thu, 26 Sep 2024 14:11:14 +0200 Subject: [PATCH 2/4] Changes in workflow based on changes in example-zowe.yaml Signed-off-by: mm667937 --- workflows/files/ZWECONF.properties | 10 +--------- workflows/files/ZWECONF.xml | 26 +------------------------- 2 files changed, 2 insertions(+), 34 deletions(-) diff --git a/workflows/files/ZWECONF.properties b/workflows/files/ZWECONF.properties index 8a90b767d2..ea680bc7d1 100644 --- a/workflows/files/ZWECONF.properties +++ b/workflows/files/ZWECONF.properties @@ -652,14 +652,6 @@ components_explorer_mvs_enabled=true # Check this option to enable the USS explorer. components_explorer_uss_enabled=true -# useconfig_manager_enabled -# Label: Enable Zowe configuration manager -# Abstract: Check this option to enable Zowe configuration manager -# Category: configManager -# Description: -# Check this option to enable Zowe configuration manager. -useconfig_manager_enabled=true - # config_manager_validation # Label: Zowe configuration manager validation type # Abstract: STRICT or COMPONENT-COMPAT validation type @@ -667,7 +659,7 @@ useconfig_manager_enabled=true # Description: # STRICT=quit on any error, COMPONENT-COMPAT=if component missing schema, skip it with warning instead of quit # Choices: COMPONENT-COMPAT,STRICT -config_manager_validation=COMPONENT-COMPAT +config_manager_validation=STRICT # zowe_rbacProfileId # Label: Zowe Profile Identifier diff --git a/workflows/files/ZWECONF.xml b/workflows/files/ZWECONF.xml index 9d3c51040f..e516120fad 100644 --- a/workflows/files/ZWECONF.xml +++ b/workflows/files/ZWECONF.xml @@ -923,17 +923,6 @@ How we want to verify SSL certificates of services. Valid values are: true - - - Check this option to enable Zowe configuration manager - Check this option to enable Zowe configuration manager. - configManager - - - - true - - STRICT or COMPONENT-COMPAT validation type @@ -944,7 +933,7 @@ How we want to verify SSL certificates of services. Valid values are: COMPONENT-COMPAT STRICT - COMPONENT-COMPAT + STRICT @@ -1145,7 +1134,6 @@ How we want to verify SSL certificates of services. Valid values are: - @@ -1745,18 +1733,6 @@ echo ' # **COMMONLY_CUSTOMIZED**' >> "${instance-zowe_runtimeDirectory}/zowe.ya echo ' # Where extensions are installed' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' extensionDirectory: $!{instance-zowe_extensionDirectory}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo '' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' # **COMMONLY_CUSTOMIZED**' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' useConfigmgr: $!{instance-useconfig_manager_enabled}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' # Setting to true will enable:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' # * schema-backed validation of zowe.yaml' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' # * should greatly improve startup time.' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' # * can supply multiple zowe.yaml as defaults & overrides in the format of' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' # FILE(/my/customizations.yaml):PARMLIB(MYORG.ZOWE(YAML)):FILE(/zowe/defaults.yaml)' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' # * allows templating in zowe.yaml by putting references within ${{ }} blocks such as' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' # rewriting the job section below as' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' # job:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' # name: ${{ zowe.job.prefix }}SV' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' # prefix: ZWE1' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' configmgr:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # STRICT=quit on any error, including missing schema' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # COMPONENT-COMPAT=if component missing schema, skip it with warning instead of quit' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" From 0b860858463625e6f31528a5e0004be7c3af9fb4 Mon Sep 17 00:00:00 2001 From: mm667937 Date: Thu, 26 Sep 2024 15:09:51 +0200 Subject: [PATCH 3/4] line numbers changed Signed-off-by: mm667937 --- pswi/scripts/base_diff.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pswi/scripts/base_diff.txt b/pswi/scripts/base_diff.txt index d23d5ebdc1..ad4425a61f 100644 --- a/pswi/scripts/base_diff.txt +++ b/pswi/scripts/base_diff.txt @@ -1,7 +1,7 @@ -483c +471c home: "#delete_me#" . -468c +456c home: "#delete_me#" . 281c From 20acfba56b055bcf7a04ae04dce0f45bcb04a0e0 Mon Sep 17 00:00:00 2001 From: mm667937 Date: Thu, 26 Sep 2024 15:20:53 +0200 Subject: [PATCH 4/4] misunderstanding about auto jwt Signed-off-by: mm667937 --- workflows/files/ZWECONF.properties | 2 +- workflows/files/ZWECONF.xml | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/workflows/files/ZWECONF.properties b/workflows/files/ZWECONF.properties index ea680bc7d1..be0fd50ae0 100644 --- a/workflows/files/ZWECONF.properties +++ b/workflows/files/ZWECONF.properties @@ -407,7 +407,7 @@ components_gateway_apiml_security_auth_provider=zosmf # Category: components # Description: # JWT auto configuration for gateway security auth -# Choices: jwt,ltpa,auto +# Choices: jwt,ltpa components_gateway_apiml_security_auth_zosmf_jwtAutoconfiguration=jwt # components_gateway_apiml_security_auth_zosmf_serviceId diff --git a/workflows/files/ZWECONF.xml b/workflows/files/ZWECONF.xml index e516120fad..db0a2ce898 100644 --- a/workflows/files/ZWECONF.xml +++ b/workflows/files/ZWECONF.xml @@ -588,7 +588,6 @@ How we want to verify SSL certificates of services. Valid values are: jwt ltpa - auto jwt @@ -1974,7 +1973,7 @@ echo ' security:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' auth:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' provider: zosmf' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' zosmf:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' jwtAutoconfiguration: auto' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' jwtAutoconfiguration: jwt' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' serviceId: ibmzosmf' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' authorization:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' endpoint:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml"