Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add global and component level network configuration options #3509

Merged
merged 8 commits into from
Nov 17, 2023
101 changes: 87 additions & 14 deletions schemas/zowe-yaml-schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -419,20 +419,7 @@
}
},
"network": {
"type": "object",
"additionalProperties": false,
"description": "Optional, advanced network configuration parameters",
"properties": {
"vipaIp": {
"type": "string",
"description": "The IP address which all of the Zowe servers will be binding to. If you are using multiple DIPVA addresses, do not use this option."
},
"validatePortFree": {
"type": "boolean",
"default": true,
"description": "Whether or not to ensure that the port a server is about to use is available. Usually, servers will know this when they attempt to bind to a port, so this option allows you to disable the additional verification step."
}
}
"$ref": "#/$defs/networkSettings"
},
"extensionRegistry": {
"type": "object",
Expand Down Expand Up @@ -854,6 +841,92 @@
"default": "yes"
}
}
},
"zowe": {
"type": "object",
"description": "Component level overrides for top level Zowe network configuration.",
"additionalProperties": false,
"properties": {
"network": {
"$ref": "#/$defs/networkSettings"
}
}
}
}
},
"tlsSettings": {
"$anchor": "tlsSettings",
"type": "object",
"properties": {
"ciphers": {
"type": "array",
"description": "Acceptable TLS cipher suites for network connections.",
"items": {
"type": "string"
}
},
"curves": {
"type": "array",
"description": "Acceptable key exchange elliptic curves for network connections.",
"items": {
"type": "string"
}
},
"maxTls": {
"type": "string",
"enum": ["TLSv1.0", "TLSv1.1", "TLSv1.2", "TLSv1.3"],
"default": "TLSv1.3",
"description": "Maximum TLS version allowed for network connections."
},
"minTls": {
"type": "string",
"enum": ["TLSv1.0", "TLSv1.1", "TLSv1.2", "TLSv1.3"],
"default": "TLSv1.3",
"description": "Minimum TLS version allowed for network connections, and less than network.maxTls."
}
}
},
"networkSettings": {
"type": "object",
"$anchor": "networkSettings",
"additionalProperties": false,
"description": "Optional, advanced network configuration parameters",
"properties": {
"server": {
"type": "object",
"additionalProperties": false,
"description": "Optional, advanced network configuration parameters for Zowe servers",
"properties": {
"tls": {
"$ref": "#/$defs/tlsSettings"
},
"listenAddresses": {
"type": "array",
"description": "The IP addresses which all of the Zowe servers will be binding on and listening to. Some servers may only support listening on the first element.",
"items": {
"$ref": "/schemas/v2/server-common#zoweIpv4"
}
},
"vipaIp": {
"type": "string",
"description": "The IP address which all of the Zowe servers will be binding to. If you are using multiple DIPVA addresses, do not use this option."
},
"validatePortFree": {
"type": "boolean",
"default": true,
"description": "Whether or not to ensure that the port a server is about to use is available. Usually, servers will know this when they attempt to bind to a port, so this option allows you to disable the additional verification step."
}
}
},
"client": {
"type": "object",
"additionalProperties": false,
"description": "Optional, advanced network configuration parameters for Zowe servers when sending requests as clients.",
"properties": {
"tls": {
"$ref": "#/$defs/tlsSettings"
}
}
}
}
},
Expand Down
Loading