From 883100d1c5cea5d5de1b7f9f29336fb958a16bf5 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Wed, 11 Oct 2023 15:55:36 -0400 Subject: [PATCH 1/7] Use zowe standard network config Signed-off-by: 1000TurquoisePogs --- defaults/serverConfig/defaults.yaml | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/defaults/serverConfig/defaults.yaml b/defaults/serverConfig/defaults.yaml index c2daa70..b87689f 100644 --- a/defaults/serverConfig/defaults.yaml +++ b/defaults/serverConfig/defaults.yaml @@ -20,9 +20,17 @@ components: hostname: "${{ function a(){ if (process.env.ZWE_INTERNAL_HOST) { return process.env.ZWE_INTERNAL_HOST; } else if (process.env.ZWE_haInstance_hostname) { return process.env.ZWE_haInstance_hostname; } else { return undefined; } }; a() }}" https: ipAddresses: "${{ function a(){ + let addresses; + if (components['app-server'].zowe.network.server.listenAddresses) { + addresses = components['app-server'].zowe.network.server.listenAddresses; + } else if (zowe.network.server.listenAddresses) { + addresses = zowe.networking.server.listenAddresses; + } else { + addresses = ['0.0.0.0']; + } if (process.env.ZOWE_LOOPBACK_ADDRESS && process.env.BIND_TO_LOOPBACK == 'true') { - return [ process.env.ZOWE_LOOPBACK_ADDRESS , '0.0.0.0' ]; - } else { return ['0.0.0.0'] } }; + return [ process.env.ZOWE_LOOPBACK_ADDRESS ].concat(addresses); + } else { return addresses } }; a() }}" port: "${{ function a(){ if (process.env.ZWED_SERVER_HTTPS_PORT) { @@ -58,6 +66,22 @@ components: } } else { return ["../defaults/serverConfig/apiml-localca.cer"]; } }; a() }}' + maxTls: '${{ function a(){ + if (components["app-server"].zowe.network.server.maxTls) { + return components["app-server"].zowe.network.server.maxTls; + } else if (zowe.network.server.maxTls) { + return zowe.network.server.maxTls; + } else { + return "TLSv1.3"; + a() }}' + minTls: '${{ function a(){ + if (components["app-server"].zowe.network.server.minTls) { + return components["app-server"].zowe.network.server.minTls; + } else if (zowe.network.server.minTls) { + return zowe.network.server.minTls; + } else { + return "TLSv1.2"; + a() }}' loopbackAddress: "${{ function a(){ if (process.env.ZOWE_LOOPBACK_ADDRESS) { return process.env.ZOWE_LOOPBACK_ADDRESS; } else { return undefined; } }; a() }}" mediationLayer: server: From 384994976e1fb3618f1be507e6f2d6a0944a4561 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Fri, 27 Oct 2023 08:02:49 -0400 Subject: [PATCH 2/7] Fix checking for objects that might not exist Signed-off-by: 1000TurquoisePogs --- defaults/serverConfig/defaults.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/defaults/serverConfig/defaults.yaml b/defaults/serverConfig/defaults.yaml index b87689f..397950d 100644 --- a/defaults/serverConfig/defaults.yaml +++ b/defaults/serverConfig/defaults.yaml @@ -21,9 +21,9 @@ components: https: ipAddresses: "${{ function a(){ let addresses; - if (components['app-server'].zowe.network.server.listenAddresses) { + if (components['app-server'].zowe?.network?.server?.listenAddresses) { addresses = components['app-server'].zowe.network.server.listenAddresses; - } else if (zowe.network.server.listenAddresses) { + } else if (zowe.network?.server?.listenAddresses) { addresses = zowe.networking.server.listenAddresses; } else { addresses = ['0.0.0.0']; @@ -67,17 +67,17 @@ components: } else { return ["../defaults/serverConfig/apiml-localca.cer"]; } }; a() }}' maxTls: '${{ function a(){ - if (components["app-server"].zowe.network.server.maxTls) { + if (components["app-server"].zowe?.network?.server.maxTls) { return components["app-server"].zowe.network.server.maxTls; - } else if (zowe.network.server.maxTls) { + } else if (zowe.network?.server?.maxTls) { return zowe.network.server.maxTls; } else { return "TLSv1.3"; a() }}' minTls: '${{ function a(){ - if (components["app-server"].zowe.network.server.minTls) { + if (components["app-server"].zowe?.network?.server.minTls) { return components["app-server"].zowe.network.server.minTls; - } else if (zowe.network.server.minTls) { + } else if (zowe.network?.server?.minTls) { return zowe.network.server.minTls; } else { return "TLSv1.2"; From 7bdaa10dee87f5fb59f38b0cbe66697684e662e4 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Fri, 27 Oct 2023 08:06:31 -0400 Subject: [PATCH 3/7] Update default to account for possibly missing objects Signed-off-by: 1000TurquoisePogs --- defaults/serverConfig/defaults.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/defaults/serverConfig/defaults.yaml b/defaults/serverConfig/defaults.yaml index 397950d..029cb10 100644 --- a/defaults/serverConfig/defaults.yaml +++ b/defaults/serverConfig/defaults.yaml @@ -67,7 +67,7 @@ components: } else { return ["../defaults/serverConfig/apiml-localca.cer"]; } }; a() }}' maxTls: '${{ function a(){ - if (components["app-server"].zowe?.network?.server.maxTls) { + if (components["app-server"].zowe?.network?.server?.maxTls) { return components["app-server"].zowe.network.server.maxTls; } else if (zowe.network?.server?.maxTls) { return zowe.network.server.maxTls; @@ -75,7 +75,7 @@ components: return "TLSv1.3"; a() }}' minTls: '${{ function a(){ - if (components["app-server"].zowe?.network?.server.minTls) { + if (components["app-server"].zowe?.network?.server?.minTls) { return components["app-server"].zowe.network.server.minTls; } else if (zowe.network?.server?.minTls) { return zowe.network.server.minTls; From 1f9b366cdbe73f6bed2450ee415b64628212bfba Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Fri, 10 Nov 2023 07:07:59 -0500 Subject: [PATCH 4/7] Add missing tls Signed-off-by: 1000TurquoisePogs --- defaults/serverConfig/defaults.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/defaults/serverConfig/defaults.yaml b/defaults/serverConfig/defaults.yaml index 029cb10..ac5a867 100644 --- a/defaults/serverConfig/defaults.yaml +++ b/defaults/serverConfig/defaults.yaml @@ -67,18 +67,18 @@ components: } else { return ["../defaults/serverConfig/apiml-localca.cer"]; } }; a() }}' maxTls: '${{ function a(){ - if (components["app-server"].zowe?.network?.server?.maxTls) { - return components["app-server"].zowe.network.server.maxTls; - } else if (zowe.network?.server?.maxTls) { - return zowe.network.server.maxTls; + if (components["app-server"].zowe?.network?.server?.tls?.maxTls) { + return components["app-server"].zowe.network.server.tls?.maxTls; + } else if (zowe.network?.server?.tls?.maxTls) { + return zowe.network.server.tls?.maxTls; } else { return "TLSv1.3"; a() }}' minTls: '${{ function a(){ - if (components["app-server"].zowe?.network?.server?.minTls) { - return components["app-server"].zowe.network.server.minTls; - } else if (zowe.network?.server?.minTls) { - return zowe.network.server.minTls; + if (components["app-server"].zowe?.network?.server?.tls?.minTls) { + return components["app-server"].zowe.network.server.tls?.minTls; + } else if (zowe.network?.server?.tls?.minTls) { + return zowe.network.server.tls?.minTls; } else { return "TLSv1.2"; a() }}' From f4414a22296e7eaf0d9d4758e87ea41457d57652 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Fri, 10 Nov 2023 07:09:19 -0500 Subject: [PATCH 5/7] Remove extra ? Signed-off-by: 1000TurquoisePogs --- defaults/serverConfig/defaults.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/defaults/serverConfig/defaults.yaml b/defaults/serverConfig/defaults.yaml index ac5a867..5eeb482 100644 --- a/defaults/serverConfig/defaults.yaml +++ b/defaults/serverConfig/defaults.yaml @@ -68,17 +68,17 @@ components: a() }}' maxTls: '${{ function a(){ if (components["app-server"].zowe?.network?.server?.tls?.maxTls) { - return components["app-server"].zowe.network.server.tls?.maxTls; + return components["app-server"].zowe.network.server.tls.maxTls; } else if (zowe.network?.server?.tls?.maxTls) { - return zowe.network.server.tls?.maxTls; + return zowe.network.server.tls.maxTls; } else { return "TLSv1.3"; a() }}' minTls: '${{ function a(){ if (components["app-server"].zowe?.network?.server?.tls?.minTls) { - return components["app-server"].zowe.network.server.tls?.minTls; + return components["app-server"].zowe.network.server.tls.minTls; } else if (zowe.network?.server?.tls?.minTls) { - return zowe.network.server.tls?.minTls; + return zowe.network.server.tls.minTls; } else { return "TLSv1.2"; a() }}' From 100c4ab4214079bdbc8eb340c51c70e7230776d2 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Wed, 15 Nov 2023 10:58:25 -0500 Subject: [PATCH 6/7] Update defaults.yaml Fix typo (networking -> network) Signed-off-by: 1000TurquoisePogs --- defaults/serverConfig/defaults.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/defaults/serverConfig/defaults.yaml b/defaults/serverConfig/defaults.yaml index 5eeb482..f8461d2 100644 --- a/defaults/serverConfig/defaults.yaml +++ b/defaults/serverConfig/defaults.yaml @@ -24,7 +24,7 @@ components: if (components['app-server'].zowe?.network?.server?.listenAddresses) { addresses = components['app-server'].zowe.network.server.listenAddresses; } else if (zowe.network?.server?.listenAddresses) { - addresses = zowe.networking.server.listenAddresses; + addresses = zowe.network.server.listenAddresses; } else { addresses = ['0.0.0.0']; } From 483902a64d73384ee0fe4400385249f711479281 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Thu, 16 Nov 2023 06:57:25 -0500 Subject: [PATCH 7/7] Fixed schema errors and added curve and cipher customization Signed-off-by: 1000TurquoisePogs --- CHANGELOG.md | 7 ++++++- defaults/serverConfig/defaults.yaml | 20 ++++++++++++++++++-- schemas/app-server-config.json | 9 ++++++++- 3 files changed, 32 insertions(+), 4 deletions(-) mode change 100644 => 100755 schemas/app-server-config.json diff --git a/CHANGELOG.md b/CHANGELOG.md index b5cb675..6f98ed3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,7 +1,12 @@ # Zlux App Server Changelog All notable changes to the Zlux App Server package will be documented in this file. - + +## v2.13.0 +- Enhancement: Updated schema to allow cipher customization in IANA format. (#284) +- Enhancement: Updated schema to allow curve customization. (#284) +- Enhancement: Updated defaults to read TLS settings and IP settings from the "zowe.network.server" attribute of Zowe.yaml. (#284) + ## v2.12.0 - enhancement: new versions of components can change the location of their plugins, as the app-server will now re-inspect the plugin locations on each startup. (#280) - bugfix: Removed error message "components/app-server/bin/configure.sh 26: .: FSUM6807 expression syntax error" seen in startup of Zowe in v2.11.0, caused by incorrect shell syntax. (#283) diff --git a/defaults/serverConfig/defaults.yaml b/defaults/serverConfig/defaults.yaml index f8461d2..87db761 100644 --- a/defaults/serverConfig/defaults.yaml +++ b/defaults/serverConfig/defaults.yaml @@ -72,7 +72,7 @@ components: } else if (zowe.network?.server?.tls?.maxTls) { return zowe.network.server.tls.maxTls; } else { - return "TLSv1.3"; + return "TLSv1.3"; } }; a() }}' minTls: '${{ function a(){ if (components["app-server"].zowe?.network?.server?.tls?.minTls) { @@ -80,7 +80,23 @@ components: } else if (zowe.network?.server?.tls?.minTls) { return zowe.network.server.tls.minTls; } else { - return "TLSv1.2"; + return "TLSv1.2"; } }; + a() }}' + ciphers: '${{ function a(){ + if (components["app-server"].zowe?.network?.server?.tls?.ciphers) { + return components["app-server"].zowe.network.server.tls.ciphers.join(":"); + } else if (zowe.network?.server?.tls?.ciphers) { + return zowe.network.server.tls.ciphers.join(":"); + } else { + return "" } }; + a() }}' + curves: '${{ function a(){ + if (components["app-server"].zowe?.network?.server?.tls?.curves) { + return components["app-server"].zowe.network.server.tls.curves; + } else if (zowe.network?.server?.tls?.curves) { + return zowe.network.server.tls.curves; + } else { + return [] } }; a() }}' loopbackAddress: "${{ function a(){ if (process.env.ZOWE_LOOPBACK_ADDRESS) { return process.env.ZOWE_LOOPBACK_ADDRESS; } else { return undefined; } }; a() }}" mediationLayer: diff --git a/schemas/app-server-config.json b/schemas/app-server-config.json old mode 100644 new mode 100755 index e815562..17edc05 --- a/schemas/app-server-config.json +++ b/schemas/app-server-config.json @@ -55,6 +55,13 @@ { "$ref": "#/$defs/customCiphers" } ] }, + "curves": { + "type": "array", + "description": "A list of curve NIDs or names, for example P-521, P-384, P-256", + "items": { + "type": "string" + } + }, "enableTrace": { "type": "boolean", "default": false @@ -620,7 +627,7 @@ { "$ref": "#/$defs/zoweDefaultCiphers" } ] }, - "description": "Instructs app-server to use the list of ciphers in this string when using TLS. String must be in the form defined here https://nodejs.org/api/tls.html#modifying-the-default-tls-cipher-suite" + "description": "Instructs app-server to use the list of ciphers in this string when using TLS. String is a colon separated list of IANA or openSSL names" }, "headerCustomization": { "type": "object",