From 88eebe0be7ddb3518e4b1472f8eadd925ecf9925 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Thu, 23 May 2024 05:43:55 -0400 Subject: [PATCH] Revert to null approach for zowe.setup.certificate. allow null in schema. This is a quirk of configmgr template and merge behavior that should be enhanced in the future. Signed-off-by: 1000TurquoisePogs --- files/defaults.yaml | 26 ++++++++++++++++++-------- schemas/zowe-yaml-schema.json | 28 ++++++++++++++-------------- 2 files changed, 32 insertions(+), 22 deletions(-) diff --git a/files/defaults.yaml b/files/defaults.yaml index 77251f0ffd..b795de4f41 100644 --- a/files/defaults.yaml +++ b/files/defaults.yaml @@ -79,17 +79,27 @@ zowe: # This section fully defines a default for certificate scenario 1, but makes way when detecting any other scenarios. certificate: type: PKCS12 - # Quirk in templating and schema - undefined/null here will be rejected by a schema that wants a string, so instead of templating individual objects - # This templates the entire object. - # Templating the entire object as "pkcs12: zowe.setup.certificate.pkcs12" also does not work, because internal template attributes are added. - # This will work for pkcs12 and dname objects as long as they dont have 'required' fields. - pkcs12: "${{ zowe.setup.certificate.type != 'PKCS12' ? {} : zowe.setup.certificate.pkcs12.import ? { directory: zowe.setup.certificate.pkcs12.directory, lock: zowe.setup.certificate.pkcs12.lock, import: zowe.setup.certificate.pkcs12.import } : { directory: '/var/zowe/keystore', lock: true, name: 'localhost', password: 'password', caAlias: 'local_ca', caPassword: 'local_ca_password' } }}" + pkcs12: + directory: "${{ zowe.setup.certificate.type != 'PKCS12' ? null : '/var/zowe/keystore' }}" + lock: "${{ zowe.setup.certificate.type != 'PKCS12' ? null : true }}" + name: "${{ zowe.setup.certificate.type == 'PKCS12' && !zowe.setup.certificate.pkcs12.import ? 'localhost' : null }}" + password: "${{ zowe.setup.certificate.type == 'PKCS12' && !zowe.setup.certificate.pkcs12.import ? 'password' : null }}" + caAlias: "${{ zowe.setup.certificate.type == 'PKCS12' && !zowe.setup.certificate.pkcs12.import ? 'local_ca' : null }}" + caPassword: "${{ zowe.setup.certificate.type == 'PKCS12' && !zowe.setup.certificate.pkcs12.import ? 'local_ca_password' : null }}" - # Distinguished name for Zowe generated certificates. - dname: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? { caCommonName: 'Zowe Development Instances CA', commonName: 'Zowe Development Instances Certificate', orgUnit: 'API Mediation Layer', org: 'Zowe Sample', locality: 'Prague', state: 'Prague', country: 'CZ' } : {} }}" +#"${{ zowe.setup.certificate.type != 'PKCS12' ? null : zowe.setup.certificate.pkcs12.import ? { directory: zowe.setup.certificate.pkcs12.directory, lock: zowe.setup.certificate.pkcs12.lock, import: zowe.setup.certificate.pkcs12.import } : { directory: '/var/zowe/keystore', lock: true, name: 'localhost', password: 'password', caAlias: 'local_ca', caPassword: 'local_ca_password'} }}" + # Distinguished name for Zowe generated certificates. + dname: + caCommonName: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'Zowe Development Instances CA' : null }}" + commonName: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'Zowe Development Instances Certificate' : null }}" + orgUnit: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'API Mediation Layer' : null }}" + org: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'Zowe Sample' : null }}" + locality: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'Prague' : null }}" + state: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'Prague' : null }}" + country: "${{ (zowe.setup.certificate.pkcs12?.name || zowe.setup.certificate.keyring?.label) ? 'CZ' : null }}" # Validity days for Zowe generated certificates - validity: "${{ (zowe.setup.certificate.pkcs12?.import || zowe.setup.certificate.keyring?.label) ? undefined : 3650 }}" + validity: "${{ (zowe.setup.certificate.pkcs12?.import || zowe.setup.certificate.keyring?.label) ? null : 3650 }}" # Where to store runtime logs diff --git a/schemas/zowe-yaml-schema.json b/schemas/zowe-yaml-schema.json index ddabae1beb..6c497e7526 100644 --- a/schemas/zowe-yaml-schema.json +++ b/schemas/zowe-yaml-schema.json @@ -190,31 +190,31 @@ "description": "PKCS#12 keystore settings", "properties": { "directory": { - "$ref": "/schemas/v2/server-common#zowePath", + "type": [ "string", "null" ], "description": "Keystore directory" }, "name": { - "type": "string", + "type": [ "string", "null" ], "description": "Certificate alias name. Note: please use all lower cases as alias.", "default": "localhost" }, "password": { - "type": "string", + "type": [ "string", "null" ], "description": "Keystore password", "default": "password" }, "caAlias": { - "type": "string", + "type": [ "string", "null" ], "description": "Alias name of self-signed certificate authority. Note: please use all lower cases as alias.", "default": "local_ca" }, "caPassword": { - "type": "string", + "type": [ "string", "null" ], "description": "Password of keystore stored self-signed certificate authority.", "default": "local_ca_password" }, "lock": { - "type": "boolean", + "type": [ "boolean", "null" ], "description": "Whether to restrict the permissions of the keystore after creation" }, "import": { @@ -314,37 +314,37 @@ "description": "Certificate distinguish name", "properties": { "caCommonName": { - "type": "string", + "type": [ "string", "null" ], "description": "Common name of certificate authority generated by Zowe." }, "commonName": { - "type": "string", + "type": [ "string", "null" ], "description": "Common name of certificate generated by Zowe." }, "orgUnit": { - "type": "string", + "type": [ "string", "null" ], "description": "Organization unit of certificate generated by Zowe." }, "org": { - "type": "string", + "type": [ "string", "null" ], "description": "Organization of certificate generated by Zowe." }, "locality": { - "type": "string", + "type": [ "string", "null" ], "description": "Locality of certificate generated by Zowe. This is usually the city name." }, "state": { - "type": "string", + "type": [ "string", "null" ], "description": "State of certificate generated by Zowe. You can also put province name here." }, "country": { - "type": "string", + "type": [ "string", "null" ], "description": "2 letters country code of certificate generated by Zowe." } } }, "validity": { - "type": "integer", + "type": [ "integer", "null" ], "description": "Validity days for Zowe generated certificates", "default": 3650 },