Skip to content

Commit

Permalink
Revert to null approach for zowe.setup.certificate. allow null in sch…
Browse files Browse the repository at this point in the history 
…ema. This is a quirk of configmgr template and merge behavior that should be enhanced in the future.

Signed-off-by: 1000TurquoisePogs <[email protected]>
  • Loading branch information
@1000TurquoisePogs
1000TurquoisePogs committed May 23, 2024
1 parent a47703f commit 88eebe0
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 22 deletions.
26 changes: 18 additions & 8 deletions files/defaults.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,17 +79,27 @@ zowe:
# This section fully defines a default for certificate scenario 1, but makes way when detecting any other scenarios.
certificate:
type: PKCS12
# Quirk in templating and schema - undefined/null here will be rejected by a schema that wants a string, so instead of templating individual objects
# This templates the entire object.
# Templating the entire object as "pkcs12: zowe.setup.certificate.pkcs12" also does not work, because internal template attributes are added.
# This will work for pkcs12 and dname objects as long as they dont have 'required' fields.
pkcs12: "${{ zowe.setup.certificate.type != 'PKCS12' ? {} : zowe.setup.certificate.pkcs12.import ? { directory: zowe.setup.certificate.pkcs12.directory, lock: zowe.setup.certificate.pkcs12.lock, import: zowe.setup.certificate.pkcs12.import } : { directory: '/var/zowe/keystore', lock: true, name: 'localhost', password: 'password', caAlias: 'local_ca', caPassword: 'local_ca_password' } }}"
pkcs12:
directory: "${{ zowe.setup.certificate.type != 'PKCS12' ? null : '/var/zowe/keystore' }}"
lock: "${{ zowe.setup.certificate.type != 'PKCS12' ? null : true }}"
name: "${{ zowe.setup.certificate.type == 'PKCS12' && !zowe.setup.certificate.pkcs12.import ? 'localhost' : null }}"
password: "${{ zowe.setup.certificate.type == 'PKCS12' && !zowe.setup.certificate.pkcs12.import ? 'password' : null }}"
caAlias: "${{ zowe.setup.certificate.type == 'PKCS12' && !zowe.setup.certificate.pkcs12.import ? 'local_ca' : null }}"
caPassword: "${{ zowe.setup.certificate.type == 'PKCS12' && !zowe.setup.certificate.pkcs12.import ? 'local_ca_password' : null }}"

# Distinguished name for Zowe generated certificates.
dname: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? { caCommonName: 'Zowe Development Instances CA', commonName: 'Zowe Development Instances Certificate', orgUnit: 'API Mediation Layer', org: 'Zowe Sample', locality: 'Prague', state: 'Prague', country: 'CZ' } : {} }}"
#"${{ zowe.setup.certificate.type != 'PKCS12' ? null : zowe.setup.certificate.pkcs12.import ? { directory: zowe.setup.certificate.pkcs12.directory, lock: zowe.setup.certificate.pkcs12.lock, import: zowe.setup.certificate.pkcs12.import } : { directory: '/var/zowe/keystore', lock: true, name: 'localhost', password: 'password', caAlias: 'local_ca', caPassword: 'local_ca_password'} }}"

# Distinguished name for Zowe generated certificates.
dname:
caCommonName: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'Zowe Development Instances CA' : null }}"
commonName: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'Zowe Development Instances Certificate' : null }}"
orgUnit: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'API Mediation Layer' : null }}"
org: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'Zowe Sample' : null }}"
locality: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'Prague' : null }}"
state: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'Prague' : null }}"
country: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'CZ' : null }}"
# Validity days for Zowe generated certificates
validity: "${{ (zowe.setup.certificate.pkcs12?.import || zowe.setup.certificate.keyring?.label) ? undefined : 3650 }}"
validity: "${{ (zowe.setup.certificate.pkcs12?.import || zowe.setup.certificate.keyring?.label) ? null : 3650 }}"


# Where to store runtime logs
Expand Down
28 changes: 14 additions & 14 deletions schemas/zowe-yaml-schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -190,31 +190,31 @@
"description": "PKCS#12 keystore settings",
"properties": {
"directory": {
"$ref": "/schemas/v2/server-common#zowePath",
"type": [ "string", "null" ],
"description": "Keystore directory"
},
"name": {
"type": "string",
"type": [ "string", "null" ],
"description": "Certificate alias name. Note: please use all lower cases as alias.",
"default": "localhost"
},
"password": {
"type": "string",
"type": [ "string", "null" ],
"description": "Keystore password",
"default": "password"
},
"caAlias": {
"type": "string",
"type": [ "string", "null" ],
"description": "Alias name of self-signed certificate authority. Note: please use all lower cases as alias.",
"default": "local_ca"
},
"caPassword": {
"type": "string",
"type": [ "string", "null" ],
"description": "Password of keystore stored self-signed certificate authority.",
"default": "local_ca_password"
},
"lock": {
"type": "boolean",
"type": [ "boolean", "null" ],
"description": "Whether to restrict the permissions of the keystore after creation"
},
"import": {
Expand Down Expand Up @@ -314,37 +314,37 @@
"description": "Certificate distinguish name",
"properties": {
"caCommonName": {
"type": "string",
"type": [ "string", "null" ],
"description": "Common name of certificate authority generated by Zowe."
},
"commonName": {
"type": "string",
"type": [ "string", "null" ],
"description": "Common name of certificate generated by Zowe."
},
"orgUnit": {
"type": "string",
"type": [ "string", "null" ],
"description": "Organization unit of certificate generated by Zowe."
},
"org": {
"type": "string",
"type": [ "string", "null" ],
"description": "Organization of certificate generated by Zowe."
},
"locality": {
"type": "string",
"type": [ "string", "null" ],
"description": "Locality of certificate generated by Zowe. This is usually the city name."
},
"state": {
"type": "string",
"type": [ "string", "null" ],
"description": "State of certificate generated by Zowe. You can also put province name here."
},
"country": {
"type": "string",
"type": [ "string", "null" ],
"description": "2 letters country code of certificate generated by Zowe."
}
}
},
"validity": {
"type": "integer",
"type": [ "integer", "null" ],
"description": "Validity days for Zowe generated certificates",
"default": 3650
},
Expand Down

0 comments on commit 88eebe0

Please sign in to comment.