From ba958a1e3e5c962763bbd94a747564613af0f840 Mon Sep 17 00:00:00 2001 From: Timothy Gerstel Date: Mon, 17 Jul 2023 11:03:50 -0400 Subject: [PATCH 1/5] Add global and component level network configuration options Signed-off-by: Timothy Gerstel --- schemas/zowe-yaml-schema.json | 72 +++++++++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+) diff --git a/schemas/zowe-yaml-schema.json b/schemas/zowe-yaml-schema.json index 52b6dcb0df..379e59b5b4 100644 --- a/schemas/zowe-yaml-schema.json +++ b/schemas/zowe-yaml-schema.json @@ -423,6 +423,35 @@ "additionalProperties": false, "description": "Optional, advanced network configuration parameters", "properties": { + "bind": { + "type": "array", + "description": "The IP addresses which all of the Zowe servers will be binding to.", + "items": { + "type": "string" + } + }, + "ciphers": { + "type": "array", + "description": "Acceptable TLS cipher suites for network connections.", + "items": { + "type": "string" + } + }, + "curves": { + "type": "array", + "description": "Acceptable key exchange elliptic curves for network connections.", + "items": { + "type": "string" + } + }, + "maxTls": { + "type": "string", + "description": "Maximum TLS version allowed for network connections. Must be: 1.0, 1.1, 1.2, or 1.3." + }, + "minTls": { + "type": "string", + "description": "Minimum TLS version allowed for network connections. Must be: 1.0, 1.1, 1.2, or 1.3." + }, "vipaIp": { "type": "string", "description": "The IP address which all of the Zowe servers will be binding to. If you are using multiple DIPVA addresses, do not use this option." @@ -842,6 +871,49 @@ "default": "yes" } } + }, + "zowe": { + "type": "object", + "description": "Component level overrides for top level Zowe network configuration.", + "additionalProperties": false, + "properties": { + "network": { + "type": "object", + "additionalProperties": false, + "description": "Optional, advanced network configuration parameters", + "properties": { + "bind": { + "type": "array", + "description": "The IP addresses which all of the Zowe servers will be binding to.", + "items": { + "type": "string" + } + }, + "ciphers": { + "type": "array", + "description": "Acceptable TLS cipher suites for network connections.", + "items": { + "type": "string" + } + }, + "curves": { + "type": "array", + "description": "Acceptable key exchange elliptic curves for network connections.", + "items": { + "type": "string" + } + }, + "maxTls": { + "type": "string", + "description": "Maximum TLS version allowed for network connections. Must be: 1.0, 1.1, 1.2, or 1.3." + }, + "minTls": { + "type": "string", + "description": "Minimum TLS version allowed for network connections. Must be: 1.0, 1.1, 1.2, or 1.3." + } + } + } + } } } }, From 1fb66ad8617fa41bcbe6c397a261c255860bbebb Mon Sep 17 00:00:00 2001 From: Timothy Gerstel Date: Mon, 17 Jul 2023 14:21:42 -0400 Subject: [PATCH 2/5] Use zoweIpv4 for bind addresses and update tls settings to enums Signed-off-by: Timothy Gerstel --- schemas/zowe-yaml-schema.json | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/schemas/zowe-yaml-schema.json b/schemas/zowe-yaml-schema.json index 379e59b5b4..540f972f5a 100644 --- a/schemas/zowe-yaml-schema.json +++ b/schemas/zowe-yaml-schema.json @@ -427,7 +427,7 @@ "type": "array", "description": "The IP addresses which all of the Zowe servers will be binding to.", "items": { - "type": "string" + "$ref": "/schemas/v2/server-common#zoweIpv4" } }, "ciphers": { @@ -446,11 +446,15 @@ }, "maxTls": { "type": "string", - "description": "Maximum TLS version allowed for network connections. Must be: 1.0, 1.1, 1.2, or 1.3." + "enum": ["1.0", "1.1", "1.2", "1.3"], + "default": "1.3", + "description": "Maximum TLS version allowed for network connections." }, "minTls": { "type": "string", - "description": "Minimum TLS version allowed for network connections. Must be: 1.0, 1.1, 1.2, or 1.3." + "enum": ["1.0", "1.1", "1.2", "1.3"], + "default": "1.3", + "description": "Minimum TLS version allowed for network connections, and less than network.maxTls." }, "vipaIp": { "type": "string", @@ -886,7 +890,7 @@ "type": "array", "description": "The IP addresses which all of the Zowe servers will be binding to.", "items": { - "type": "string" + "$ref": "/schemas/v2/server-common#zoweIpv4" } }, "ciphers": { @@ -905,11 +909,15 @@ }, "maxTls": { "type": "string", - "description": "Maximum TLS version allowed for network connections. Must be: 1.0, 1.1, 1.2, or 1.3." + "enum": ["1.0", "1.1", "1.2", "1.3"], + "default": "1.3", + "description": "Maximum TLS version allowed for network connections." }, "minTls": { "type": "string", - "description": "Minimum TLS version allowed for network connections. Must be: 1.0, 1.1, 1.2, or 1.3." + "enum": ["1.0", "1.1", "1.2", "1.3"], + "default": "1.3", + "description": "Minimum TLS version allowed for network connections, and less than network.maxTls." } } } From a2a3d529d574180de27192d48a1f7a0415b68fec Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Wed, 11 Oct 2023 14:58:18 -0400 Subject: [PATCH 3/5] Deduplicate schema and separate server from client Also change "bind" to "listen" and tls prefix with TLSv, as seen in the majority of our servers. Signed-off-by: 1000TurquoisePogs --- schemas/zowe-yaml-schema.json | 163 ++++++++++++++++------------------ 1 file changed, 78 insertions(+), 85 deletions(-) diff --git a/schemas/zowe-yaml-schema.json b/schemas/zowe-yaml-schema.json index 540f972f5a..2bc7b76775 100644 --- a/schemas/zowe-yaml-schema.json +++ b/schemas/zowe-yaml-schema.json @@ -419,53 +419,7 @@ } }, "network": { - "type": "object", - "additionalProperties": false, - "description": "Optional, advanced network configuration parameters", - "properties": { - "bind": { - "type": "array", - "description": "The IP addresses which all of the Zowe servers will be binding to.", - "items": { - "$ref": "/schemas/v2/server-common#zoweIpv4" - } - }, - "ciphers": { - "type": "array", - "description": "Acceptable TLS cipher suites for network connections.", - "items": { - "type": "string" - } - }, - "curves": { - "type": "array", - "description": "Acceptable key exchange elliptic curves for network connections.", - "items": { - "type": "string" - } - }, - "maxTls": { - "type": "string", - "enum": ["1.0", "1.1", "1.2", "1.3"], - "default": "1.3", - "description": "Maximum TLS version allowed for network connections." - }, - "minTls": { - "type": "string", - "enum": ["1.0", "1.1", "1.2", "1.3"], - "default": "1.3", - "description": "Minimum TLS version allowed for network connections, and less than network.maxTls." - }, - "vipaIp": { - "type": "string", - "description": "The IP address which all of the Zowe servers will be binding to. If you are using multiple DIPVA addresses, do not use this option." - }, - "validatePortFree": { - "type": "boolean", - "default": true, - "description": "Whether or not to ensure that the port a server is about to use is available. Usually, servers will know this when they attempt to bind to a port, so this option allows you to disable the additional verification step." - } - } + "$ref": "#/$defs/networkSettings" }, "extensionRegistry": { "type": "object", @@ -882,49 +836,88 @@ "additionalProperties": false, "properties": { "network": { - "type": "object", - "additionalProperties": false, - "description": "Optional, advanced network configuration parameters", - "properties": { - "bind": { - "type": "array", - "description": "The IP addresses which all of the Zowe servers will be binding to.", - "items": { - "$ref": "/schemas/v2/server-common#zoweIpv4" - } - }, - "ciphers": { - "type": "array", - "description": "Acceptable TLS cipher suites for network connections.", - "items": { - "type": "string" - } - }, - "curves": { - "type": "array", - "description": "Acceptable key exchange elliptic curves for network connections.", - "items": { - "type": "string" - } - }, - "maxTls": { - "type": "string", - "enum": ["1.0", "1.1", "1.2", "1.3"], - "default": "1.3", - "description": "Maximum TLS version allowed for network connections." - }, - "minTls": { - "type": "string", - "enum": ["1.0", "1.1", "1.2", "1.3"], - "default": "1.3", - "description": "Minimum TLS version allowed for network connections, and less than network.maxTls." - } - } + "$ref": "#/$defs/networkSettings" } } } } }, + "tlsSettings": { + "$anchor": "tlsSettings", + "type": "object", + "properties": { + "ciphers": { + "type": "array", + "description": "Acceptable TLS cipher suites for network connections.", + "items": { + "type": "string" + } + }, + "curves": { + "type": "array", + "description": "Acceptable key exchange elliptic curves for network connections.", + "items": { + "type": "string" + } + }, + "maxTls": { + "type": "string", + "enum": ["TLSv1.0", "TLSv1.1", "TLSv1.2", "TLSv1.3"], + "default": "TLSv1.3", + "description": "Maximum TLS version allowed for network connections." + }, + "minTls": { + "type": "string", + "enum": ["TLSv1.0", "TLSv1.1", "TLSv1.2", "TLSv1.3"], + "default": "TLSv1.3", + "description": "Minimum TLS version allowed for network connections, and less than network.maxTls." + } + } + }, + "networkSettings": { + "type": "object", + "$anchor": "networkSettings", + "additionalProperties": false, + "description": "Optional, advanced network configuration parameters", + "properties": { + "server": { + "type": "object", + "additionalProperties": false, + "description": "Optional, advanced network configuration parameters for Zowe servers", + "properties": { + "tlsSettings": { + "$ref": "#/$defs/tlsSettings" + }, + "listenAddress": { + "type": "array", + "description": "The IP addresses which all of the Zowe servers will be binding on and listening to. Some servers may only support listening on the first element.", + "items": { + "$ref": "/schemas/v2/server-common#zoweIpv4" + } + }, + "vipaIp": { + "type": "string", + "description": "The IP address which all of the Zowe servers will be binding to. If you are using multiple DIPVA addresses, do not use this option." + }, + "validatePortFree": { + "type": "boolean", + "default": true, + "description": "Whether or not to ensure that the port a server is about to use is available. Usually, servers will know this when they attempt to bind to a port, so this option allows you to disable the additional verification step." + } + } + }, + "client": { + "type": "object", + "additionalProperties": false, + "description": "Optional, advanced network configuration parameters for Zowe servers when sending requests as clients.", + "properties": { + "tlsSettings": { + "$ref": "#/$defs/tlsSettings" + } + } + } + } + } "registryHandler": { "$anchor": "registryHandler", "type": "object", From f984e9553dc91f4cab4c0c16ae15259a5f134382 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Fri, 27 Oct 2023 08:00:14 -0400 Subject: [PATCH 4/5] Fix schema json syntax Signed-off-by: 1000TurquoisePogs --- schemas/zowe-yaml-schema.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/schemas/zowe-yaml-schema.json b/schemas/zowe-yaml-schema.json index 2bc7b76775..6af1d42252 100644 --- a/schemas/zowe-yaml-schema.json +++ b/schemas/zowe-yaml-schema.json @@ -917,7 +917,7 @@ } } } - } + }, "registryHandler": { "$anchor": "registryHandler", "type": "object", From 89487c8c30dabf6e12b7f38a992a77c01d00a78a Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Fri, 10 Nov 2023 07:05:54 -0500 Subject: [PATCH 5/5] Shorten tlsSettings to tls, and fix plural ipAddresses Signed-off-by: 1000TurquoisePogs --- schemas/zowe-yaml-schema.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/schemas/zowe-yaml-schema.json b/schemas/zowe-yaml-schema.json index 6af1d42252..9c6fe3e499 100644 --- a/schemas/zowe-yaml-schema.json +++ b/schemas/zowe-yaml-schema.json @@ -885,10 +885,10 @@ "additionalProperties": false, "description": "Optional, advanced network configuration parameters for Zowe servers", "properties": { - "tlsSettings": { + "tls": { "$ref": "#/$defs/tlsSettings" }, - "listenAddress": { + "listenAddresses": { "type": "array", "description": "The IP addresses which all of the Zowe servers will be binding on and listening to. Some servers may only support listening on the first element.", "items": { @@ -911,7 +911,7 @@ "additionalProperties": false, "description": "Optional, advanced network configuration parameters for Zowe servers when sending requests as clients.", "properties": { - "tlsSettings": { + "tls": { "$ref": "#/$defs/tlsSettings" } }