diff --git a/files/defaults.yaml b/files/defaults.yaml index 45541202ef..77251f0ffd 100644 --- a/files/defaults.yaml +++ b/files/defaults.yaml @@ -79,23 +79,15 @@ zowe: # This section fully defines a default for certificate scenario 1, but makes way when detecting any other scenarios. certificate: type: PKCS12 - pkcs12: - directory: "${{ zowe.setup.certificate.type != 'PKCS12' ? undefined : '/var/zowe/keystore' }}" - lock: "${{ zowe.setup.certificate.type != 'PKCS12' ? undefined : true }}" - name: "${{ zowe.setup.certificate.type == 'PKCS12' && !zowe.setup.certificate.pkcs12.import ? 'localhost' : undefined }}" - password: "${{ zowe.setup.certificate.type == 'PKCS12' && !zowe.setup.certificate.pkcs12.import ? 'password' : undefined }}" - caAlias: "${{ zowe.setup.certificate.type == 'PKCS12' && !zowe.setup.certificate.pkcs12.import ? 'local_ca' : undefined }}" - caPassword: "${{ zowe.setup.certificate.type == 'PKCS12' && !zowe.setup.certificate.pkcs12.import ? 'local_ca_password' : undefined }}" + # Quirk in templating and schema - undefined/null here will be rejected by a schema that wants a string, so instead of templating individual objects + # This templates the entire object. + # Templating the entire object as "pkcs12: zowe.setup.certificate.pkcs12" also does not work, because internal template attributes are added. + # This will work for pkcs12 and dname objects as long as they dont have 'required' fields. + pkcs12: "${{ zowe.setup.certificate.type != 'PKCS12' ? {} : zowe.setup.certificate.pkcs12.import ? { directory: zowe.setup.certificate.pkcs12.directory, lock: zowe.setup.certificate.pkcs12.lock, import: zowe.setup.certificate.pkcs12.import } : { directory: '/var/zowe/keystore', lock: true, name: 'localhost', password: 'password', caAlias: 'local_ca', caPassword: 'local_ca_password' } }}" # Distinguished name for Zowe generated certificates. - dname: - caCommonName: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'Zowe Development Instances CA' : undefined }}" - commonName: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'Zowe Development Instances Certificate' : undefined }}" - orgUnit: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'API Mediation Layer' : undefined }}" - org: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'Zowe Sample' : undefined }}" - locality: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'Prague' : undefined }}" - state: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'Prague' : undefined }}" - country: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'CZ' : undefined }}" + dname: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? { caCommonName: 'Zowe Development Instances CA', commonName: 'Zowe Development Instances Certificate', orgUnit: 'API Mediation Layer', org: 'Zowe Sample', locality: 'Prague', state: 'Prague', country: 'CZ' } : {} }}" + # Validity days for Zowe generated certificates validity: "${{ (zowe.setup.certificate.pkcs12?.import || zowe.setup.certificate.keyring?.label) ? undefined : 3650 }}"