Merge branch 'v3.x/staging' into v3.x/feature/checkFSforNOSUID

.github/workflows/build-packaging.yml

@@ -353,8 +353,8 @@ jobs:
           jfrog rt dl ${{github.event.inputs.PSWI_SMPE_AZWE_ARTIFACTORY_PATH}}/AZWE002*.zip --flat=true .pax/AZWE002.zip
           jfrog rt dl ${{github.event.inputs.PSWI_SMPE_ARTIFACTORY_PATH}}/zowe-smpe-*.zip --flat=true .pax/zowe-smpe.zip
 
-
       - name: '[SMPE Pax 4] Build PSWI'
+        id: pswi
         if: env.INPUTS_BUILD_PSWI == 'true'
         timeout-minutes: 60
         run: |
@@ -367,6 +367,14 @@ jobs:
           ZZOW_SSH_PORT: ${{ secrets.SSH_MARIST_ALLSYS_PORT }}
           VERSION: ${{ env.P_VERSION }}
 
+      - name: Store PSWI folder
+        uses: actions/upload-artifact@v4
+        if: env.INPUTS_BUILD_PSWI == 'true' && failure()
+        with:
+          name: pswi-folder
+          path: |
+            pswi/**
+
       - name: '[K8S] Build Kubernetes'
         timeout-minutes: 10
         if: env.INPUTS_BUILD_KUBERNETES == 'true'

.github/workflows/pswi-zowe-config-test.yml

@@ -0,0 +1,52 @@
+name: PSWI zowe.yaml sync check
+
+permissions:
+  id-token: write
+  issues: write
+  pull-requests: write
+  contents: write
+
+on:
+  push:
+    branches:
+      - v3.x/staging 
+  pull_request:
+    types: [opened, synchronize]
+  workflow_dispatch:
+
+jobs:
+  test-pswi-zowe-yaml:
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: '[Prep 1] Checkout'
+        uses: actions/checkout@v4
+
+      - name: '[PSI-LOCK] Lock marist servers to build PSWI'
+        uses: zowe-actions/shared-actions/lock-resource@main
+        with:
+          lock-repository: ${{ github.repository }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          lock-resource-name: zowe-psi-build-zzow07-lock
+          lock-avg-retry-interval: 30
+
+      - name: 'Test ZWECONF workflow'
+        id: zweconf
+        timeout-minutes: 30
+        run: |
+          cd pswi
+          ./ZWECONF_test.sh
+        env:
+          ZOSMF_USER: ${{ secrets.ZOWE_PSWI_BUILD_USR }}
+          ZOSMF_PASS: ${{ secrets.ZOWE_PSWI_BUILD_PASSWD }}
+          ZZOW_SSH_PORT: ${{ secrets.SSH_MARIST_ALLSYS_PORT }}
+
+      - name: Store test output
+        uses: actions/upload-artifact@v4
+        if: steps.zweconf.outcome != '' && failure()
+        with:
+          name: zweconf_test
+          path: |
+            pswi/**.txt
+            pswi/zowe_.yaml
+            pswi/ZWECONF1/**

bin/commands/internal/start/prepare/index.sh

@@ -145,9 +145,9 @@ global_validate() {
     if [[ ${ZWE_ENABLED_COMPONENTS} == *"discovery"* ]]; then
       validate_this "validate_zosmf_host_and_port \"${ZOSMF_HOST}\" \"${ZOSMF_PORT}\" 2>&1" "zwe-internal-start-prepare,global_validate:${LINENO}"
     else
-      if [ "${ZWE_components_zaas_apiml_security_auth_provider}" = "zosmf" ]; then
+      if [ "${ZWE_components_gateway_apiml_security_auth_provider}" = "zosmf" ]; then
         let "ZWE_PRIVATE_ERRORS_FOUND=${ZWE_PRIVATE_OLD_ERRORS_FOUND}+1"
-        print_error "Using z/OSMF as 'components.zaas.apiml.security.auth.provider' is not possible: discovery is disabled."
+        print_error "Using z/OSMF as 'components.gateway.apiml.security.auth.provider' is not possible: discovery is disabled."
         print_formatted_info "ZWELS" "zwe-internal-start-prepare,global_validate:${LINENO}" "Zosmf validation failed"
       fi
     fi

bin/commands/internal/start/prepare/index.ts

@@ -172,9 +172,9 @@ function globalValidate(enabledComponents:string[]): void {
         privateErrors++;
         common.printFormattedError('ZWELS', "zwe-internal-start-prepare,global_validate", "Zosmf validation failed");
       }
-    } else if (std.getenv('ZWE_components_zaas_apiml_security_auth_provider') == "zosmf") {
+    } else if (std.getenv('ZWE_components_gateway_apiml_security_auth_provider') == "zosmf") {
         privateErrors++;
-        common.printError("Using z/OSMF as 'components.zaas.apiml.security.auth.provider' is not possible: discovery is disabled.");
+        common.printError("Using z/OSMF as 'components.gateway.apiml.security.auth.provider' is not possible: discovery is disabled.");
         common.printFormattedError('ZWELS', "zwe-internal-start-prepare,global_validate", "Zosmf validation failed");
     }
   }

bin/commands/migrate/for/kubernetes/index.sh

@@ -204,7 +204,7 @@ done
 
 update_zowe_yaml "${temp_dir}/zowe.yaml" "zowe.externalPort" "${ZWE_CLI_PARAMETER_EXTERNAL_PORT}"
 update_zowe_yaml "${temp_dir}/zowe.yaml" "components.gateway.port" "7554"
-update_zowe_yaml "${temp_dir}/zowe.yaml" "components.zaas.port" "7563"
+update_zowe_yaml "${temp_dir}/zowe.yaml" "components.zaas.port" "7558"
 update_zowe_yaml "${temp_dir}/zowe.yaml" "components.discovery.port" "7553"
 update_zowe_yaml "${temp_dir}/zowe.yaml" "components.api-catalog.port" "7552"
 update_zowe_yaml "${temp_dir}/zowe.yaml" "components.caching-service.port" "7555"
@@ -220,13 +220,13 @@ update_zowe_yaml "${temp_dir}/zowe.yaml" "components.explorer-jes.enabled" "true
 update_zowe_yaml "${temp_dir}/zowe.yaml" "components.explorer-mvs.enabled" "true"
 update_zowe_yaml "${temp_dir}/zowe.yaml" "components.explorer-uss.enabled" "true"
 
-update_zowe_yaml "${temp_dir}/zowe.yaml" "components.zaas.apiml.security.x509.externalMapperUrl" ""
-update_zowe_yaml "${temp_dir}/zowe.yaml" "components.zaas.apiml.security.authorization.endpoint.url" ""
-zaas_auth_provider=$(read_yaml "${temp_dir}/zowe.yaml" ".components.zaas.apiml.security.authorization.endpoint.provider")
+update_zowe_yaml "${temp_dir}/zowe.yaml" "components.gateway.apiml.security.x509.externalMapperUrl" ""
+update_zowe_yaml "${temp_dir}/zowe.yaml" "components.gateway.apiml.security.authorization.endpoint.url" ""
+zaas_auth_provider=$(read_yaml "${temp_dir}/zowe.yaml" ".components.gateway.apiml.security.authorization.endpoint.provider")
 if [ "${zaas_auth_provider}" != "" ]; then
   print_message "Zowe APIML ZAAS authorization provider is suggested to be empty when running in Kubernetes. 'native' is not supported off Z platform."
 fi
-update_zowe_yaml "${temp_dir}/zowe.yaml" "components.zaas.apiml.security.authorization.endpoint.provider" ""
+update_zowe_yaml "${temp_dir}/zowe.yaml" "components.gateway.apiml.security.authorization.endpoint.provider" ""
 update_zowe_yaml "${temp_dir}/zowe.yaml" "components.discovery.replicas" "1"
 update_zowe_yaml "${temp_dir}/zowe.yaml" "components.caching-service.storage.mode" ""
 

containers/kubernetes/samples/config-cm.yaml

@@ -90,7 +90,7 @@ data:
 
       zaas:
         enabled: true
-        port: 7563
+        port: 7558
         debug: false
 
       discovery:

containers/kubernetes/samples/zaas-service.yaml

@@ -20,6 +20,6 @@ spec:
   ports:
     - name: zaas
       protocol: TCP
-      port: 7563
+      port: 7558
       targetPort: zaas-port
       appProtocol: https

containers/kubernetes/workloads/zaas-deployment.yaml

@@ -61,17 +61,17 @@ spec:
               cpu: "700m"
           ports:
             - name: zaas-port
-              containerPort: 7563
+              containerPort: 7558
               protocol: TCP
           startupProbe:
             tcpSocket:
-              port: 7563
+              port: 7558
             # this should give 90 * periodSeconds(default to 10) seconds about 15 minutes to confirm it's ready
             periodSeconds: 10
             failureThreshold: 90
           livenessProbe:
             tcpSocket:
-              port: 7563
+              port: 7558
             # this should give 3 * periodSeconds(default to 10) seconds about 30 seconds to confirm it's offline
             periodSeconds: 10
             failureThreshold: 3

example-zowe.yaml

@@ -320,7 +320,7 @@ zowe:
   # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
   # This is an ID you use to separate multiple Zowe installs when determining
   # resource names used in RBAC authorization checks such as dataservices with RBAC
-  # expects this ID in SAF resources 
+  # expects this ID in SAF resources
   rbacProfileIdentifier: "1"
 
   # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
@@ -336,7 +336,7 @@ zowe:
   externalDomains:
     # this should be the domain name to access Zowe APIML Gateway
     - sample-domain.com
-  
+
   # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
   # This is the port you use to access Zowe Gateway from your web browser.
   #
@@ -378,8 +378,8 @@ zowe:
   #   ZWED_TN3270_PORT: 23
 
   # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
-  # You can define any Zowe message portions to be checked for and the message added to the 
-  # system log upon its logging, truncated to 126 characters. 
+  # You can define any Zowe message portions to be checked for and the message added to the
+  # system log upon its logging, truncated to 126 characters.
   sysMessages:
   #   # Zowe starting
     - "ZWEL0021I"
@@ -449,7 +449,7 @@ zowe:
   #              This mode does not validate certificate Common Name and Subject
   #              Alternative Name (SAN).
   # - DISABLED:  disable certificate validation. This is NOT recommended for
-  #              security. 
+  #              security.
   verifyCertificates: STRICT
 
 
@@ -518,18 +518,6 @@ components:
     enabled: true
     port: 7554
     debug: false
-
-    # If we customize this to use different external certificate, than should also
-    # define "server.internal.ssl.certificate" and enable "server.internal.ssl.enabled".
-    # certificate:
-    #   keystore:
-    #     alias: ""
-
-  # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
-  zaas:
-    enabled: true
-    port: 7563
-    debug: false
     apiml:
       security:
         auth:
@@ -543,6 +531,18 @@ components:
           provider: "native"
         x509:
           enabled: false
+
+    # If we customize this to use different external certificate, than should also
+    # define "server.internal.ssl.certificate" and enable "server.internal.ssl.enabled".
+    # certificate:
+    #   keystore:
+    #     alias: ""
+
+  # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
+  zaas:
+    enabled: true
+    port: 7558
+    debug: false
   # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
   api-catalog:
     enabled: true
@@ -633,7 +633,7 @@ components:
 #     # This sysname will be used to route your JES command to target system.
 #     sysname: LPR1
 #     # for this HA instance, we did not customize "components", so it will use default value.
-  
+
 #   # HA instance ID, we will start 2 instances on LPAR2
 #   # **NOTE**, we can only start one gateway in same LPAR.
 #   lpar2a:

files/defaults.yaml

@@ -169,15 +169,9 @@ components:
           enabled: false
 
   # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
-  metrics-service:
+  zaas:
     enabled: false
-    port: 7551
-    debug: false
-
-  # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
-  cloud-gateway:
-    enabled: false
-    port: 7563
+    port: 7558
     debug: false
 
   # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
@@ -201,16 +195,13 @@ components:
     storage:
       evictionStrategy: reject
       # can be inMemory, VSAM, redis or infinispan
-      mode: VSAM
-      size: 10000
-      vsam:
-        # your VSAM data set created by "zwe init vsam" command or ZWECSVSM JCL
-        # this is required if storage mode is VSAM
-        name: ""
+      mode: infinispan
       infinispan:
         # this is required if storage mode is infinispan
         jgroups:
           port: 7600
+          keyExchange:
+            port: 7601
 
   # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
   app-server:

playbooks/all_host_vars_list.yml

@@ -28,7 +28,7 @@ zos_zosmf_user: IZUSVR
 zowe_apiml_catalog_port: 7552
 zowe_apiml_discovery_port: 7553
 zowe_apiml_gateway_port: 7554
-zowe_apiml_zaas_port: 7563
+zowe_apiml_zaas_port: 7558
 zowe_apiml_gateway_timeout_millis: 600000
 zowe_apiml_nonstrict_verify_certficates_of_services: true
 zowe_apiml_security_auth_provider: zosmf

playbooks/roles/configfmid/tasks/main.yml

@@ -290,14 +290,14 @@
       "components.gateway.apiml.gateway.timeoutMillis": "{{ zowe_apiml_gateway_timeout_millis }}"
 
       # zaas settings
-      "components.zaas.apiml.security.x509.enabled": "{{ zowe_apiml_security_x509_enabled|string|lower }}"
-      "components.zaas.apiml.security.auth.provider": "{{ zowe_apiml_security_auth_provider|string|lower }}"
-      "components.zaas.apiml.security.auth.zosmf.jwtAutoconfiguration": "{{ zowe_apiml_security_zosmf_jwt_autoconfiguration_mode }}"
-      "components.zaas.apiml.security.oidc.enabled": "{{ zowe_apiml_security_oidc_enabled|string|lower }}"
-      "components.zaas.apiml.security.oidc.clientId": "{{ zowe_apiml_security_oidc_client_id|string }}"
-      "components.zaas.apiml.security.oidc.clientSecret": "{{ zowe_apiml_security_oidc_client_secret|string }}"
-      "components.zaas.apiml.security.oidc.registry": "{{ zowe_apiml_security_oidc_registry|string }}"
-      "components.zaas.apiml.security.oidc.jwks.uri": "{{ zowe_apiml_security_oidc_jwks_uri|string }}"
+      "components.gateway.apiml.security.x509.enabled": "{{ zowe_apiml_security_x509_enabled|string|lower }}"
+      "components.gateway.apiml.security.auth.provider": "{{ zowe_apiml_security_auth_provider|string|lower }}"
+      "components.gateway.apiml.security.auth.zosmf.jwtAutoconfiguration": "{{ zowe_apiml_security_zosmf_jwt_autoconfiguration_mode }}"
+      "components.gateway.apiml.security.oidc.enabled": "{{ zowe_apiml_security_oidc_enabled|string|lower }}"
+      "components.gateway.apiml.security.oidc.clientId": "{{ zowe_apiml_security_oidc_client_id|string }}"
+      "components.gateway.apiml.security.oidc.clientSecret": "{{ zowe_apiml_security_oidc_client_secret|string }}"
+      "components.gateway.apiml.security.oidc.registry": "{{ zowe_apiml_security_oidc_registry|string }}"
+      "components.gateway.apiml.security.oidc.jwks.uri": "{{ zowe_apiml_security_oidc_jwks_uri|string }}"
       # desktop customizations
       "zowe.environments.ZWED_SSH_PORT": "{{ zowe_zlux_terminal_ssh_port }}"
       "zowe.environments.ZWED_TN3270_PORT": "{{ zowe_zlux_terminal_telnet_port }}"

playbooks/roles/configure/defaults/main.yml

@@ -54,7 +54,7 @@ zos_zosmf_ca:
 zowe_apiml_catalog_port: 7552
 zowe_apiml_discovery_port: 7553
 zowe_apiml_gateway_port: 7554
-zowe_apiml_zaas_port: 7563
+zowe_apiml_zaas_port: 7558
 zowe_apiml_verify_certficates_of_services: true
 zowe_apiml_nonstrict_verify_certficates_of_services: true
 # APIML configuration properties

playbooks/roles/configure/tasks/main.yml

@@ -290,18 +290,17 @@
       "components.zss.port": "{{ zowe_zss_port }}"
       # other gateway configs
       "components.gateway.apiml.gateway.timeoutMillis": "{{ zowe_apiml_gateway_timeout_millis }}"
-      "components.gateway.apiml.security.x509.enabled": "{{ zowe_apiml_security_x509_enabled|string|lower }}"
       "components.gateway.apiml.service.forwardClientCertEnabled": "{{ zowe_apiml_service_forwardClientCertEnabled|string|lower }}"
 
       # zaas configs
-      "components.zaas.apiml.security.x509.enabled": "{{ zowe_apiml_security_x509_enabled|string|lower }}"
-      "components.zass.apiml.security.auth.provider": "{{ zowe_apiml_security_auth_provider|string|lower }}"
-      "components.zaas.apiml.security.auth.zosmf.jwtAutoconfiguration": "{{ zowe_apiml_security_zosmf_jwt_autoconfiguration_mode }}"
-      "components.zaas.apiml.security.oidc.enabled": "{{ zowe_apiml_security_oidc_enabled|string|lower }}"
-      "components.zaas.apiml.security.oidc.clientId": "{{ zowe_apiml_security_oidc_client_id|string }}"
-      "components.zaas.apiml.security.oidc.clientSecret": "{{ zowe_apiml_security_oidc_client_secret|string }}"
-      "components.zaas.apiml.security.oidc.registry": "{{ zowe_apiml_security_oidc_registry|string }}"
-      "components.zaas.apiml.security.oidc.jwks.uri": "{{ zowe_apiml_security_oidc_jwks_uri|string }}"
+      "components.gateway.apiml.security.x509.enabled": "{{ zowe_apiml_security_x509_enabled|string|lower }}"
+      "components.gateway.apiml.security.auth.provider": "{{ zowe_apiml_security_auth_provider|string|lower }}"
+      "components.gateway.apiml.security.auth.zosmf.jwtAutoconfiguration": "{{ zowe_apiml_security_zosmf_jwt_autoconfiguration_mode }}"
+      "components.gateway.apiml.security.oidc.enabled": "{{ zowe_apiml_security_oidc_enabled|string|lower }}"
+      "components.gateway.apiml.security.oidc.clientId": "{{ zowe_apiml_security_oidc_client_id|string }}"
+      "components.gateway.apiml.security.oidc.clientSecret": "{{ zowe_apiml_security_oidc_client_secret|string }}"
+      "components.gateway.apiml.security.oidc.registry": "{{ zowe_apiml_security_oidc_registry|string }}"
+      "components.gateway.apiml.security.oidc.jwks.uri": "{{ zowe_apiml_security_oidc_jwks_uri|string }}"
       # desktop customizations
       "zowe.environments.ZWED_SSH_PORT": "{{ zowe_zlux_terminal_ssh_port }}"
       "zowe.environments.ZWED_TN3270_PORT": "{{ zowe_zlux_terminal_telnet_port }}"

playbooks/roles/custom_for_test/defaults/main.yml

@@ -54,7 +54,7 @@ zos_zosmf_ca:
 zowe_apiml_catalog_port: 7552
 zowe_apiml_discovery_port: 7553
 zowe_apiml_gateway_port: 7554
-zowe_apiml_cloud_gateway_port: 7563
+zowe_apiml_zaas_port: 7558
 zowe_apiml_verify_certficates_of_services: true
 zowe_apiml_nonstrict_verify_certficates_of_services: true
 # APIML configuration properties

playbooks/roles/verify/defaults/main.yml

@@ -27,6 +27,6 @@ zowe_job_prefix: ZWE
 zowe_proclib_membername: ZWESLSTC
 zowe_instance_id: 1
 # ports will be tested
-zowe_apiml_zaas_port: 7563
+zowe_apiml_zaas_port: 7558
 zowe_apiml_gateway_port: 7554
 zowe_zlux_port: 7556

pswi/01_smpe.sh

@@ -91,8 +91,8 @@ STATUS_NAME=`echo $RESP | grep -o '"statusName":".*"' | cut -f4 -d\"`
 
 if [ "$STATUS_NAME" = "in-progress" ]
 then
-  echo "Workflow ended with an error."
-  echo $RESP
+  echo "Workflow with SMP/E ended with an error." >> report.txt
+  echo $RESP >> report.txt
   exit -1
 elif [ "$STATUS_NAME" = "complete" ]
 then

pswi/02_ptf.sh

@@ -87,8 +87,8 @@ STATUS_NAME=`echo $RESP | grep -o '"statusName":".*"' | cut -f4 -d\"`
 
 if [ "$STATUS_NAME" = "in-progress" ]
 then
-  echo "Workflow ended with an error."
-  echo $RESP
+  echo "Workflow with PTFs ended with an error." >> report.txt
+  echo $RESP >> report.txt
   exit -1
 elif [ "$STATUS_NAME" = "complete" ]
 then