From d56e96247e0885110e9866de66eef24c252cef33 Mon Sep 17 00:00:00 2001
From: ac892247 <a.chmelo@gmail.com>
Date: Tue, 17 Sep 2024 14:53:42 +0200
Subject: [PATCH 1/3] fix: move security configuration back to gateway section
 for backward compatibility

Signed-off-by: ac892247 <a.chmelo@gmail.com>
---
 .../src/main/resources/manifest.yaml          | 48 +++++++++++++++++--
 zaas-package/src/main/resources/manifest.yaml | 42 +---------------
 2 files changed, 45 insertions(+), 45 deletions(-)

diff --git a/gateway-package/src/main/resources/manifest.yaml b/gateway-package/src/main/resources/manifest.yaml
index a124c6073b..6538493b2f 100644
--- a/gateway-package/src/main/resources/manifest.yaml
+++ b/gateway-package/src/main/resources/manifest.yaml
@@ -24,10 +24,50 @@ apimlServices:
   dynamic:
     - serviceId: gateway
 configs:
-  port: 7563
+  port: 7554
   debug: false
   sslDebug: ""
+  apimlId:
   apiml:
-    service:
-      # Enables forwarding client certificate from request to next gateway in a special request header
-      forwardClientCertEnabled: false
+      service:
+          # Enables forwarding client certificate from request to next gateway in a special request header
+          forwardClientCertEnabled: false
+      security:
+          auth:
+              provider: zosmf
+              zosmf:
+                  jwtAutoconfiguration: jwt
+                  serviceId: ibmzosmf
+          authorization:
+              endpoint:
+                  enabled: false
+                  # default value is https://${ZWE_haInstance_hostname:-localhost}:${ZWE_configs_port}/zss/api/v1/saf-auth
+                  url:
+              provider: ""
+              resourceClass: ZOWE
+              resourceNamePrefix: "APIML."
+          x509:
+              enabled: false
+              # default value is https://${ZWE_haInstance_hostname:-localhost}:${ZWE_configs_port}/zss/api/v1/certificate/x509/map
+              externalMapperUrl:
+              # default value is Zowe runtime user defined in zowe.yaml "zowe.setup.security.users.zowe"
+              externalMapperUser:
+              # Enables consumption of forwarded client certificate from proxy gateway in a special request header
+              acceptForwardedCert: true
+          oidc:
+              enabled: false
+              clientId:
+              clientSecret:
+              registry:
+              # default value is https://${ZWE_haInstance_hostname:-localhost}:${ZWE_configs_port}/zss/api/v1/certificate/dn
+              identityMapperUrl:
+              # default value is Zowe runtime user defined in zowe.yaml "zowe.setup.security.users.zowe"
+              identityMapperUser:
+          saf:
+              provider:
+              urls:
+                  authenticate:
+                  verify:
+  server:
+    maxConnectionsPerRoute: 100
+    maxTotalConnections: 1000
diff --git a/zaas-package/src/main/resources/manifest.yaml b/zaas-package/src/main/resources/manifest.yaml
index 0a6d3e7fe9..77dac21a09 100644
--- a/zaas-package/src/main/resources/manifest.yaml
+++ b/zaas-package/src/main/resources/manifest.yaml
@@ -29,52 +29,12 @@ apimlServices:
   dynamic:
     - serviceId: zaas
 configs:
-  port: 7554
+  port: 7563
   debug: false
   sslDebug: ""
-  apimlId:
 
-  apiml:
-    security:
-      auth:
-        provider: zosmf
-        zosmf:
-          jwtAutoconfiguration: auto
-          serviceId: ibmzosmf
-      authorization:
-        endpoint:
-          enabled: false
-          # default value is https://${ZWE_haInstance_hostname:-localhost}:${ZWE_configs_port}/zss/api/v1/saf-auth
-          url:
-        provider: ""
-        resourceClass: ZOWE
-        resourceNamePrefix: "APIML."
-      x509:
-        enabled: false
-        # default value is https://${ZWE_haInstance_hostname:-localhost}:${ZWE_configs_port}/zss/api/v1/certificate/x509/map
-        externalMapperUrl:
-        # default value is Zowe runtime user defined in zowe.yaml "zowe.setup.security.users.zowe"
-        externalMapperUser:
-        # Enables consumption of forwarded client certificate from proxy gateway in a special request header
-        acceptForwardedCert: true
-      oidc:
-        enabled: false
-        clientId:
-        clientSecret:
-        registry:
-        # default value is https://${ZWE_haInstance_hostname:-localhost}:${ZWE_configs_port}/zss/api/v1/certificate/dn
-        identityMapperUrl:
-        # default value is Zowe runtime user defined in zowe.yaml "zowe.setup.security.users.zowe"
-        identityMapperUser:
-      saf:
-          provider:
-          urls:
-              authenticate:
-              verify:
 
   server:
-    maxConnectionsPerRoute: 100
-    maxTotalConnections: 1000
     ssl:
       enabled: true
 

From 9c639770ec5eb7648aca9165cf6f3b91423d3459 Mon Sep 17 00:00:00 2001
From: ac892247 <a.chmelo@gmail.com>
Date: Tue, 17 Sep 2024 15:27:53 +0200
Subject: [PATCH 2/3] change default zaas port

Signed-off-by: ac892247 <a.chmelo@gmail.com>
---
 containers/zaas-service/Dockerfile            | 2 +-
 schemas/zaas-schema.json                      | 2 +-
 zaas-package/src/main/resources/manifest.yaml | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/containers/zaas-service/Dockerfile b/containers/zaas-service/Dockerfile
index b04a493c4e..e1b82f99c9 100644
--- a/containers/zaas-service/Dockerfile
+++ b/containers/zaas-service/Dockerfile
@@ -36,5 +36,5 @@ COPY --chown=zowe:zowe component/LICENSE /licenses
 
 ##################################
 # start command
-EXPOSE 7563
+EXPOSE 7558
 ENTRYPOINT [ "bin/start.sh" ]
diff --git a/schemas/zaas-schema.json b/schemas/zaas-schema.json
index a7b114c5a3..842d9b0edb 100644
--- a/schemas/zaas-schema.json
+++ b/schemas/zaas-schema.json
@@ -18,7 +18,7 @@
                                     "properties": {
                                         "port": {
                                             "$ref": "#/$defs/port",
-                                            "default": 7563
+                                            "default": 7558
                                         },
                                         "debug": {
                                             "type": "boolean",
diff --git a/zaas-package/src/main/resources/manifest.yaml b/zaas-package/src/main/resources/manifest.yaml
index 77dac21a09..c8ce431852 100644
--- a/zaas-package/src/main/resources/manifest.yaml
+++ b/zaas-package/src/main/resources/manifest.yaml
@@ -29,7 +29,7 @@ apimlServices:
   dynamic:
     - serviceId: zaas
 configs:
-  port: 7563
+  port: 7558
   debug: false
   sslDebug: ""
 

From 5f01657ca12d869035b405392f6cb1645f57308a Mon Sep 17 00:00:00 2001
From: ac892247 <a.chmelo@gmail.com>
Date: Tue, 17 Sep 2024 16:30:21 +0200
Subject: [PATCH 3/3] do not log spring beans

Signed-off-by: ac892247 <a.chmelo@gmail.com>
---
 gateway-service/src/main/resources/application.yml | 1 +
 gateway-service/src/test/resources/application.yml | 1 +
 2 files changed, 2 insertions(+)

diff --git a/gateway-service/src/main/resources/application.yml b/gateway-service/src/main/resources/application.yml
index d23625da9d..057bd86c22 100644
--- a/gateway-service/src/main/resources/application.yml
+++ b/gateway-service/src/main/resources/application.yml
@@ -129,6 +129,7 @@ logging:
         org.springframework.cloud.gateway.filter: WARN
         org.springframework.cloud.gateway.route: WARN
         org.springframework.context.support: WARN
+        org.springframework.beans: WARN
         reactor.netty.http.client: INFO
         reactor.netty.http.client.HttpClientConnect: OFF
         javax.net.ssl: ERROR
diff --git a/gateway-service/src/test/resources/application.yml b/gateway-service/src/test/resources/application.yml
index 97d87cdbb9..256b0dce02 100644
--- a/gateway-service/src/test/resources/application.yml
+++ b/gateway-service/src/test/resources/application.yml
@@ -48,6 +48,7 @@ logging:
         org.springframework.cloud.gateway: DEBUG
         reactor.netty: DEBUG
         org.springframework.security: DEBUG
+        org.springframework.beans: WARN
 
 
 management: