diff --git a/.pax/pre-packaging.sh b/.pax/pre-packaging.sh index a183f1e207..15bad07711 100755 --- a/.pax/pre-packaging.sh +++ b/.pax/pre-packaging.sh @@ -282,7 +282,7 @@ EOT echo "[$SCRIPT_NAME] extract components" mkdir -p "${BASE_DIR}/logs" mkdir -p "${ZOWE_ROOT_DIR}/components" -for component in launcher zlux-core zss apiml-common-lib common-java-lib apiml-sample-extension gateway cloud-gateway caching-service discovery api-catalog explorer-jes explorer-mvs explorer-uss; do +for component in launcher zlux-core zss apiml-common-lib common-java-lib apiml-sample-extension zaas gateway caching-service discovery api-catalog explorer-jes explorer-mvs explorer-uss; do echo "[$SCRIPT_NAME] - ${component}" component_file=$(find "${ZOWE_ROOT_DIR}/files" -type f \( -name "${component}*.pax" -o -name "${component}*.zip" \) | head -n 1) "${ZOWE_ROOT_DIR}/bin/zwe" \ diff --git a/bin/README.md b/bin/README.md index c41812e683..3241ab1d44 100644 --- a/bin/README.md +++ b/bin/README.md @@ -80,6 +80,7 @@ These Zowe environment variables are created globally. Any Zowe components, exte - `ZWE_ENABLED_COMPONENTS` is a list of components will be started in current HA instance. - `ZWE_GATEWAY_HOST` contains domain name to access gateway internally. - `ZWE_GATEWAY_SHARED_LIBS` contains a directory where gateway shared libraries are installed. +- `ZWE_ZAAS_SHARED_LIBS` contains a directory where zaas (Zowe Authentication and Authorization Service) libraries are installed. - `ZWE_INSTALLED_COMPONENTS` is a list of all installed components. - `ZWE_LAUNCH_COMPONENTS` is a list of enabled components for current HA instance and has start command defined. - `ZWE_POD_CLUSTERNAME` indicates the current Kubernetes cluster name Zowe is running. This variable is only applicable when Zowe is running in Kubernetes. diff --git a/bin/commands/internal/start/prepare/index.sh b/bin/commands/internal/start/prepare/index.sh index 1c47c0c99d..3b3ef25b1a 100644 --- a/bin/commands/internal/start/prepare/index.sh +++ b/bin/commands/internal/start/prepare/index.sh @@ -67,6 +67,7 @@ prepare_workspace_directory() { export ZWE_PRIVATE_WORKSPACE_ENV_DIR="${ZWE_zowe_workspaceDirectory}/.env" export ZWE_STATIC_DEFINITIONS_DIR="${ZWE_zowe_workspaceDirectory}/api-mediation/api-defs" export ZWE_GATEWAY_SHARED_LIBS="${ZWE_zowe_workspaceDirectory}/gateway/sharedLibs/" + export ZWE_ZAAS_SHARED_LIBS="${ZWE_zowe_workspaceDirectory}/zaas/sharedLibs/" export ZWE_DISCOVERY_SHARED_LIBS="${ZWE_zowe_workspaceDirectory}/discovery/sharedLibs/" mkdir -p "${ZWE_zowe_workspaceDirectory}" @@ -88,9 +89,11 @@ prepare_workspace_directory() { # create apiml static defs directory mkdir -p "${ZWE_STATIC_DEFINITIONS_DIR}" - # create apiml gateway share library directory + # create apiml gateway shared libraries directory mkdir -p "${ZWE_GATEWAY_SHARED_LIBS}" - # create apiml discovery share library directory + # create apiml zaas shared libraries directory + mkdir -p "${ZWE_ZAAS_SHARED_LIBS}" + # create apiml discovery shared libraries directory mkdir -p "${ZWE_DISCOVERY_SHARED_LIBS}" # Copy Zowe manifest into WORKSPACE_DIR so we know the version for support enquiries/migration @@ -128,7 +131,7 @@ global_validate() { validate_this "validate_node_home 2>&1" "zwe-internal-start-prepare,global_validate:${LINENO}" # validate java for some core components - if [[ ${ZWE_ENABLED_COMPONENTS} == *"gateway"* || ${ZWE_ENABLED_COMPONENTS} == *"cloud-gateway"* || ${ZWE_ENABLED_COMPONENTS} == *"discovery"* || ${ZWE_ENABLED_COMPONENTS} == *"api-catalog"* || ${ZWE_ENABLED_COMPONENTS} == *"caching-service"* ]]; then + if [[ ${ZWE_ENABLED_COMPONENTS} == *"gateway"* || ${ZWE_ENABLED_COMPONENTS} == *"zaas"* || ${ZWE_ENABLED_COMPONENTS} == *"discovery"* || ${ZWE_ENABLED_COMPONENTS} == *"api-catalog"* || ${ZWE_ENABLED_COMPONENTS} == *"caching-service"* ]]; then validate_this "validate_java_home 2>&1" "zwe-internal-start-prepare,global_validate:${LINENO}" fi else @@ -142,8 +145,8 @@ global_validate() { if [[ ${ZWE_ENABLED_COMPONENTS} == *"discovery"* ]]; then validate_this "validate_zosmf_host_and_port \"${ZOSMF_HOST}\" \"${ZOSMF_PORT}\" 2>&1" "zwe-internal-start-prepare,global_validate:${LINENO}" fi - elif [ "${ZWE_components_gateway_apiml_security_auth_provider}" = "zosmf" ]; then - validate_this "validate_zosmf_as_auth_provider \"${ZOSMF_HOST}\" \"${ZOSMF_PORT}\" \"${ZWE_components_gateway_apiml_security_auth_provider}\" 2>&1" "zwe-internal-start-prepare,global_validate:${LINENO}" + elif [ "${ZWE_components_zaas_apiml_security_auth_provider}" = "zosmf" ]; then + validate_this "validate_zosmf_as_auth_provider \"${ZOSMF_HOST}\" \"${ZOSMF_PORT}\" \"${ZWE_components_zaas_apiml_security_auth_provider}\" 2>&1" "zwe-internal-start-prepare,global_validate:${LINENO}" fi check_runtime_validation_result "zwe-internal-start-prepare,global_validate:${LINENO}" @@ -266,6 +269,17 @@ configure_components() { fi fi + # - zaas shared lib + result=$(process_component_zaas_shared_libs "${component_dir}" 2>&1) + retval=$? + if [ -n "${result}" ]; then + if [ "${retval}" = "0" ]; then + print_formatted_debug "ZWELS" "zwe-internal-start-prepare,configure_components:${LINENO}" "${result}" + else + print_formatted_error "ZWELS" "zwe-internal-start-prepare,configure_components:${LINENO}" "${result}" + fi + fi + # - gateway shared lib result=$(process_component_gateway_shared_libs "${component_dir}" 2>&1) retval=$? diff --git a/bin/commands/internal/start/prepare/index.ts b/bin/commands/internal/start/prepare/index.ts index 9337487c2e..b70b4f10ae 100644 --- a/bin/commands/internal/start/prepare/index.ts +++ b/bin/commands/internal/start/prepare/index.ts @@ -147,7 +147,7 @@ function globalValidate(enabledComponents:string[]): void { // validate java for some core components //TODO this should be a manifest parameter that you require java, not a hardcoded list. What if extensions require it? - if (enabledComponents.includes('gateway') || enabledComponents.includes('cloud-gateway') || enabledComponents.includes('discovery') || enabledComponents.includes('api-catalog') || enabledComponents.includes('caching-service')) { + if (enabledComponents.includes('gateway') || enabledComponents.includes('zaas') || enabledComponents.includes('discovery') || enabledComponents.includes('api-catalog') || enabledComponents.includes('caching-service')) { let javaOk = java.validateJavaHome(); if (!javaOk) { privateErrors++; @@ -172,7 +172,7 @@ function globalValidate(enabledComponents:string[]): void { privateErrors++; common.printFormattedError('ZWELS', "zwe-internal-start-prepare,global_validate", "Zosmf validation failed"); } - } else if (std.getenv('ZWE_components_gateway_apiml_security_auth_provider') == "zosmf") { + } else if (std.getenv('ZWE_components_zaas_apiml_security_auth_provider') == "zosmf") { let zosmfOk = zosmf.validateZosmfAsAuthProvider(zosmfHost, zosmfPort, 'zosmf'); if (!zosmfOk) { privateErrors++; @@ -318,6 +318,14 @@ function configureComponents(componentEnvironments?: any, enabledComponents?:str } else { common.printFormattedError("ZWELS", "zwe-internal-start-prepare,configure_components", `${componentName} processComponentAppfwPlugin failure`); } + + // zaas shared lib + success=component.processComponentZaasSharedLibs(componentDir); + if (success) { + common.printFormattedDebug("ZWELS", "zwe-internal-start-prepare,configure_components", `${componentName} processComponentZaasSharedLibs success`); + } else { + common.printFormattedError("ZWELS", "zwe-internal-start-prepare,configure_components", `${componentName} processComponentZaasSharedLibs failure`); + } // - gateway shared lib success=component.processComponentGatewaySharedLibs(componentDir); diff --git a/bin/commands/migrate/for/kubernetes/index.sh b/bin/commands/migrate/for/kubernetes/index.sh index 7f421ea181..0987017672 100644 --- a/bin/commands/migrate/for/kubernetes/index.sh +++ b/bin/commands/migrate/for/kubernetes/index.sh @@ -49,7 +49,7 @@ mkdir -p "${ZWE_PRIVATE_WORKSPACE_ENV_DIR}" generate_instance_env_from_yaml_config convert-for-k8s source_env "${ZWE_PRIVATE_WORKSPACE_ENV_DIR}/.instance-convert-for-k8s.env" # prepare full SAN list for k8s -full_k8s_domain_list="${ZWE_CLI_PARAMETER_DOMAINS},localhost.localdomain,localhost,127.0.0.1,*.${ZWE_CLI_PARAMETER_K8S_NAMESPACE}.svc.${ZWE_CLI_PARAMETER_K8S_CLUSTER_NAME},*.${ZWE_CLI_PARAMETER_K8S_NAMESPACE}.pod.${ZWE_CLI_PARAMETER_K8S_CLUSTER_NAME},*.discovery-service.${ZWE_CLI_PARAMETER_K8S_NAMESPACE}.svc.${ZWE_CLI_PARAMETER_K8S_CLUSTER_NAME},*.gateway-service.${ZWE_CLI_PARAMETER_K8S_NAMESPACE}.svc.${ZWE_CLI_PARAMETER_K8S_CLUSTER_NAME}" +full_k8s_domain_list="${ZWE_CLI_PARAMETER_DOMAINS},localhost.localdomain,localhost,127.0.0.1,*.${ZWE_CLI_PARAMETER_K8S_NAMESPACE}.svc.${ZWE_CLI_PARAMETER_K8S_CLUSTER_NAME},*.${ZWE_CLI_PARAMETER_K8S_NAMESPACE}.pod.${ZWE_CLI_PARAMETER_K8S_CLUSTER_NAME},*.discovery-service.${ZWE_CLI_PARAMETER_K8S_NAMESPACE}.svc.${ZWE_CLI_PARAMETER_K8S_CLUSTER_NAME},*.gateway-service.${ZWE_CLI_PARAMETER_K8S_NAMESPACE}.svc.${ZWE_CLI_PARAMETER_K8S_CLUSTER_NAME},*.zaas-service.${ZWE_CLI_PARAMETER_K8S_NAMESPACE}.svc.${ZWE_CLI_PARAMETER_K8S_CLUSTER_NAME}" original_zss_host="${ZWE_zowe_externalDomains_0}" original_zss_port="${ZWE_components_zss_port}" @@ -77,9 +77,9 @@ if [[ "${ZWE_zowe_certificate_keystore_type}" == JCE*KS ]]; then ZWE_zowe_certificate_truststore_password="${ZWE_CLI_PARAMETER_PASSWORD}" keystore_content=$(pkeytool -list \ - -keystore "${ZWE_zowe_certificate_keystore_file}" \ - -storepass "${ZWE_zowe_certificate_keystore_password}" \ - -storetype "${ZWE_zowe_certificate_keystore_type}") + -keystore "${ZWE_zowe_certificate_keystore_file}" \ + -storepass "${ZWE_zowe_certificate_keystore_password}" \ + -storetype "${ZWE_zowe_certificate_keystore_type}") ZWE_zowe_certificate_keystore_alias= aliases=$(echo "${keystore_content}" | grep -i keyentry | awk -F, '{print $1}') @@ -145,7 +145,7 @@ if [ "${ZWE_zowe_setup_certificate_type}" = "PKCS12" -a "${ZWE_zowe_verifyCertif print_error_and_exit "Error ZWEL0169E: Failed to create certificate \"${ZWE_zowe_setup_certificate_pkcs12_name}\"." "" 169 fi if [ ! -f "${temp_dir}/keystore/${ZWE_zowe_setup_certificate_pkcs12_name}/${ZWE_zowe_setup_certificate_pkcs12_name}.keystore.p12" ]; then - >&2 echo "Error: failed to generate keystore for Kubernetes" + echo >&2 "Error: failed to generate keystore for Kubernetes" exit 1 fi @@ -204,12 +204,14 @@ done update_zowe_yaml "${temp_dir}/zowe.yaml" "zowe.externalPort" "${ZWE_CLI_PARAMETER_EXTERNAL_PORT}" update_zowe_yaml "${temp_dir}/zowe.yaml" "components.gateway.port" "7554" +update_zowe_yaml "${temp_dir}/zowe.yaml" "components.zaas.port" "7563" update_zowe_yaml "${temp_dir}/zowe.yaml" "components.discovery.port" "7553" update_zowe_yaml "${temp_dir}/zowe.yaml" "components.api-catalog.port" "7552" update_zowe_yaml "${temp_dir}/zowe.yaml" "components.caching-service.port" "7555" update_zowe_yaml "${temp_dir}/zowe.yaml" "components.app-server.port" "7556" update_zowe_yaml "${temp_dir}/zowe.yaml" "components.gateway.enabled" "true" +update_zowe_yaml "${temp_dir}/zowe.yaml" "components.zaas.enabled" "true" update_zowe_yaml "${temp_dir}/zowe.yaml" "components.discovery.enabled" "true" update_zowe_yaml "${temp_dir}/zowe.yaml" "components.api-catalog.enabled" "true" update_zowe_yaml "${temp_dir}/zowe.yaml" "components.caching-service.enabled" "true" @@ -218,13 +220,13 @@ update_zowe_yaml "${temp_dir}/zowe.yaml" "components.explorer-jes.enabled" "true update_zowe_yaml "${temp_dir}/zowe.yaml" "components.explorer-mvs.enabled" "true" update_zowe_yaml "${temp_dir}/zowe.yaml" "components.explorer-uss.enabled" "true" -update_zowe_yaml "${temp_dir}/zowe.yaml" "components.gateway.apiml.security.x509.externalMapperUrl" "" -update_zowe_yaml "${temp_dir}/zowe.yaml" "components.gateway.apiml.security.authorization.endpoint.url" "" -gateway_auth_provider=$(read_yaml "${temp_dir}/zowe.yaml" ".components.gateway.apiml.security.authorization.endpoint.provider") -if [ "${gateway_auth_provider}" != "" ]; then - print_message "Zowe APIML Gateway authorization provider is suggested to be empty when running in Kubernetes. 'native' is not supported off Z platform." +update_zowe_yaml "${temp_dir}/zowe.yaml" "components.zaas.apiml.security.x509.externalMapperUrl" "" +update_zowe_yaml "${temp_dir}/zowe.yaml" "components.zaas.apiml.security.authorization.endpoint.url" "" +zaas_auth_provider=$(read_yaml "${temp_dir}/zowe.yaml" ".components.zaas.apiml.security.authorization.endpoint.provider") +if [ "${zaas_auth_provider}" != "" ]; then + print_message "Zowe APIML ZAAS authorization provider is suggested to be empty when running in Kubernetes. 'native' is not supported off Z platform." fi -update_zowe_yaml "${temp_dir}/zowe.yaml" "components.gateway.apiml.security.authorization.endpoint.provider" "" +update_zowe_yaml "${temp_dir}/zowe.yaml" "components.zaas.apiml.security.authorization.endpoint.provider" "" update_zowe_yaml "${temp_dir}/zowe.yaml" "components.discovery.replicas" "1" update_zowe_yaml "${temp_dir}/zowe.yaml" "components.caching-service.storage.mode" "" diff --git a/bin/libs/common.ts b/bin/libs/common.ts index 2245cd8d31..76f94ae3c0 100644 --- a/bin/libs/common.ts +++ b/bin/libs/common.ts @@ -374,6 +374,6 @@ std.setenv('ZWE_PRIVATE_DEFAULT_ZIS_USER', 'ZWESIUSR'); std.setenv('ZWE_PRIVATE_DEFAULT_ZOWE_STC', 'ZWESLSTC'); std.setenv('ZWE_PRIVATE_DEFAULT_ZIS_STC', 'ZWESISTC'); std.setenv('ZWE_PRIVATE_DEFAULT_AUX_STC', 'ZWESASTC'); -std.setenv('ZWE_PRIVATE_CORE_COMPONENTS_REQUIRE_JAVA', 'gateway,cloud-gateway,discovery,api-catalog,caching-service'); +std.setenv('ZWE_PRIVATE_CORE_COMPONENTS_REQUIRE_JAVA', 'gateway,zaas,discovery,api-catalog,caching-service'); std.setenv('ZWE_PRIVATE_CLI_LIBRARY_LOADED', 'true'); diff --git a/bin/libs/component.sh b/bin/libs/component.sh index 7f405e972f..9a57d98d8c 100644 --- a/bin/libs/component.sh +++ b/bin/libs/component.sh @@ -680,6 +680,72 @@ process_component_appfw_plugin() { fi } +############################### +# Parse and process manifest Gateway Shared Libs (gatewaySharedLibs) definitions +# +# The supported manifest entry is ".gatewaySharedLibs". All shared libs +# defined will be passed to install-app.sh for proper installation. +# +# Note: this function requires node, which means NODE_HOME should have been defined, +# and ensure_node_is_on_path should have been executed. +# +# @param string component directory +process_component_zaas_shared_libs() { + component_dir="${1}" + + # make sure $ZWE_ZAAS_SHARED_LIBS exists + mkdir -p "${ZWE_ZAAS_SHARED_LIBS}" + + all_succeed=true + iterator_index=0 + plugin_name= + zaas_shared_libs_workspace_path= + zaas_shared_libs_path=$(read_component_manifest "${component_dir}" ".zaasSharedLibs[${iterator_index}]" 2>/dev/null) + while [ -n "${zaas_shared_libs_path}" ]; do + cd "${component_dir}" + + if [ -z "${plugin_name}" ]; then + # prepare plugin directory + plugin_name=$(read_component_manifest "${component_dir}" ".name" 2>/dev/null) + if [ -z "${plugin_name}" ]; then + print_error "Cannot read name from the plugin ${component_dir}" + all_succeed=false + break + fi + zaas_shared_libs_workspace_path="${ZWE_ZAAS_SHARED_LIBS}/${plugin_name}" + mkdir -p "${zaas_shared_libs_workspace_path}" + fi + + # copy manifest to workspace + component_manifest=$(get_component_manifest "${component_dir}") + if [ ! -z "${component_manifest}" -a -f "${component_manifest}" ]; then + cp "${component_manifest}" "${zaas_shared_libs_workspace_path}" + fi + + # copy libraries to workspace/zaas/sharedLibs/ + # Due to limitation of how Java loading shared libraries, all jars are copied to plugin root directly. + if [ -f "${zaas_shared_libs_path}" ]; then + cp "${zaas_shared_libs_path}" "${zaas_shared_libs_workspace_path}" + elif [ -d "${zaas_shared_libs_path}" ]; then + find "${zaas_shared_libs_path}" -type f | xargs -I{} cp {} "${zaas_shared_libs_workspace_path}" + else + print_error "Zaas shared libs directory ${zaas_shared_libs_path} is not accessible" + all_succeed=false + break + fi + + iterator_index=`expr $iterator_index + 1` + zaas_shared_libs_path=$(read_component_manifest "${component_dir}" ".zaasSharedLibs[${iterator_index}]" 2>/dev/null) + done + + if [ "${all_succeed}" = "true" ]; then + return 0 + else + # error message should have be echoed before this + return 1 + fi +} + ############################### # Parse and process manifest Gateway Shared Libs (gatewaySharedLibs) definitions # @@ -695,7 +761,6 @@ process_component_gateway_shared_libs() { # make sure $ZWE_GATEWAY_SHARED_LIBS exists mkdir -p "${ZWE_GATEWAY_SHARED_LIBS}" - all_succeed=true iterator_index=0 plugin_name= diff --git a/bin/libs/component.ts b/bin/libs/component.ts index 457a12364c..5f5bbe5160 100644 --- a/bin/libs/component.ts +++ b/bin/libs/component.ts @@ -809,8 +809,57 @@ export function processComponentAppfwPlugin(componentDir: string): boolean { } /* - Parse and process manifest Gateway Shared Libs (gatewaySharedLibs) definitions + Parse and process manifest Zaas Shared Libs (zaasSharedLibs) definitions + The supported manifest entry is ".zaasSharedLibs". All shared libs + defined will be passed to install-app.sh for proper installation. +*/ +export function processComponentZaasSharedLibs(componentDir: string): boolean { + const zaasSharedLibs = std.getenv('ZWE_ZAAS_SHARED_LIBS'); + fs.mkdirp(zaasSharedLibs, 0o770); + + const manifest = getManifest(componentDir); + let pluginName; + let zaasSharedLibsWorkspacePath:string|undefined; + + if (manifest && manifest.zaasSharedLibs) { + for (let i = 0; i < manifest.zaasSharedLibs.length; i++) { + const zaasSharedLibsDef = manifest.zaasSharedLibs[i]; + const fileOrDir=`${componentDir}/${zaasSharedLibsDef}`; + if (!pluginName) { + pluginName = manifest.name; + if (!pluginName) { + common.printError(`Cannot read name from the plugin ${componentDir}`); + return false; + } + zaasSharedLibsWorkspacePath = `${zaasSharedLibs}/${pluginName}`; + fs.mkdirp(zaasSharedLibsWorkspacePath, 0o770); + } + + if (!zaasSharedLibsWorkspacePath){ + common.printError("Unexpected error: did not find zaasSharedLibsWorkspacePath"); + return false; + } + const manifestPath = getManifestPath(componentDir); + if (manifestPath){ + fs.cp(manifestPath, zaasSharedLibsWorkspacePath); + } + + if (fs.fileExists(fileOrDir)) { + fs.cp(fileOrDir, zaasSharedLibsWorkspacePath); + } else if (fs.directoryExists(fileOrDir)) { + fs.cp(`${fileOrDir}/\*`, zaasSharedLibsWorkspacePath); + } else { + common.printError(`Zaas shared libs directory ${fileOrDir} is not accessible`); + return false; + } + } + } + return true; +} + +/* + Parse and process manifest Gateway Shared Libs (gatewaySharedLibs) definitions The supported manifest entry is ".gatewaySharedLibs". All shared libs defined will be passed to install-app.sh for proper installation. */ diff --git a/bin/libs/config.sh b/bin/libs/config.sh index 64d41ef80e..a78eea8cbc 100755 --- a/bin/libs/config.sh +++ b/bin/libs/config.sh @@ -124,6 +124,7 @@ load_environment_variables() { export ZWE_PRIVATE_WORKSPACE_ENV_DIR="${ZWE_zowe_workspaceDirectory}/.env" export ZWE_STATIC_DEFINITIONS_DIR="${ZWE_zowe_workspaceDirectory}/api-mediation/api-defs" export ZWE_GATEWAY_SHARED_LIBS="${ZWE_zowe_workspaceDirectory}/gateway/sharedLibs/" + export ZWE_ZAAS_SHARED_LIBS="${ZWE_zowe_workspaceDirectory}/zaas/sharedLibs/" export ZWE_DISCOVERY_SHARED_LIBS="${ZWE_zowe_workspaceDirectory}/discovery/sharedLibs/" # now we can load all variables diff --git a/bin/libs/config.ts b/bin/libs/config.ts index ce56e57607..71e3d67b18 100644 --- a/bin/libs/config.ts +++ b/bin/libs/config.ts @@ -275,6 +275,7 @@ export function loadEnvironmentVariables(componentId?: string) { std.setenv('ZWE_PRIVATE_WORKSPACE_ENV_DIR', zwePrivateWorkspaceEnvDir); std.setenv('ZWE_STATIC_DEFINITIONS_DIR', `${workspaceDirectory}/api-mediation/api-defs`); std.setenv('ZWE_GATEWAY_SHARED_LIBS', `${workspaceDirectory}/gateway/sharedLibs/`); + std.setenv('ZWE_ZAAS_SHARED_LIBS', `${workspaceDirectory}/zaas/sharedLibs/`); std.setenv('ZWE_DISCOVERY_SHARED_LIBS', `${workspaceDirectory}/discovery/sharedLibs/`); // now we can load all variables diff --git a/bin/libs/index.sh b/bin/libs/index.sh index c70833e610..4871a8fac3 100755 --- a/bin/libs/index.sh +++ b/bin/libs/index.sh @@ -27,7 +27,7 @@ export ZWE_PRIVATE_DEFAULT_ZIS_USER=ZWESIUSR export ZWE_PRIVATE_DEFAULT_ZOWE_STC=ZWESLSTC export ZWE_PRIVATE_DEFAULT_ZIS_STC=ZWESISTC export ZWE_PRIVATE_DEFAULT_AUX_STC=ZWESASTC -export ZWE_PRIVATE_CORE_COMPONENTS_REQUIRE_JAVA=gateway,cloud-gateway,discovery,api-catalog,caching-service +export ZWE_PRIVATE_CORE_COMPONENTS_REQUIRE_JAVA=zaas,gateway,discovery,api-catalog,caching-service . "${ZWE_zowe_runtimeDirectory}/bin/libs/certificate.sh" . "${ZWE_zowe_runtimeDirectory}/bin/libs/container.sh" diff --git a/containers/kubernetes/samples/config-cm.yaml b/containers/kubernetes/samples/config-cm.yaml index 1f53d349d6..a8956595c4 100644 --- a/containers/kubernetes/samples/config-cm.yaml +++ b/containers/kubernetes/samples/config-cm.yaml @@ -88,6 +88,11 @@ data: port: 7554 debug: false + zaas: + enabled: true + port: 7563 + debug: false + discovery: enabled: true port: 7553 diff --git a/containers/kubernetes/samples/zaas-service.yaml b/containers/kubernetes/samples/zaas-service.yaml new file mode 100644 index 0000000000..1057286890 --- /dev/null +++ b/containers/kubernetes/samples/zaas-service.yaml @@ -0,0 +1,25 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: zaas-service + namespace: zowe + labels: + app.kubernetes.io/name: zowe + app.kubernetes.io/instance: zowe + app.kubernetes.io/version: "2.1.0" + app.kubernetes.io/component: zaas + app.kubernetes.io/part-of: apiml + app.kubernetes.io/managed-by: manual +spec: + type: ClusterIP + selector: + app.kubernetes.io/name: zowe + app.kubernetes.io/instance: zowe + app.kubernetes.io/component: zaas + ports: + - name: zaas + protocol: TCP + port: 7563 + targetPort: zaas-port + appProtocol: https diff --git a/containers/kubernetes/workloads/zaas-deployment.yaml b/containers/kubernetes/workloads/zaas-deployment.yaml new file mode 100644 index 0000000000..acf548cbbd --- /dev/null +++ b/containers/kubernetes/workloads/zaas-deployment.yaml @@ -0,0 +1,141 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: zaas + namespace: zowe + labels: + app.kubernetes.io/name: zowe + app.kubernetes.io/instance: zowe + app.kubernetes.io/version: "2.1.0" + app.kubernetes.io/component: zaas + app.kubernetes.io/part-of: apiml + app.kubernetes.io/managed-by: manual +spec: + selector: + matchLabels: + app.kubernetes.io/name: zowe + app.kubernetes.io/instance: zowe + app.kubernetes.io/component: zaas + template: + metadata: + labels: + app.kubernetes.io/name: zowe + app.kubernetes.io/instance: zowe + app.kubernetes.io/component: zaas + spec: + securityContext: + runAsUser: 20000 + runAsGroup: 20000 + fsGroup: 20000 + runAsNonRoot: true + serviceAccountName: zowe-sa + volumes: + - name: tmp + emptyDir: {} + - name: zowe-runtime + emptyDir: {} + - name: zowe-config + configMap: + name: zowe-config + - name: zowe-keystore + projected: + sources: + - secret: + name: zowe-certificates-secret + - name: zowe-logs + emptyDir: {} + - name: zowe-workspace + persistentVolumeClaim: + claimName: zowe-workspace-pvc + containers: + - name: zaas + image: zowe-docker-snapshot.jfrog.io/ompzowe/zaas-service:2.4.9-SNAPSHOT-ubuntu.v2-x-x + imagePullPolicy: Always + resources: + requests: + memory: "384Mi" + cpu: "150m" + limits: + memory: "512Mi" + cpu: "700m" + ports: + - name: zaas-port + containerPort: 7563 + protocol: TCP + startupProbe: + tcpSocket: + port: 7563 + # this should give 90 * periodSeconds(default to 10) seconds about 15 minutes to confirm it's ready + periodSeconds: 10 + failureThreshold: 90 + livenessProbe: + tcpSocket: + port: 7563 + # this should give 3 * periodSeconds(default to 10) seconds about 30 seconds to confirm it's offline + periodSeconds: 10 + failureThreshold: 3 + command: ["/bin/bash", "-c"] + args: + - "/home/zowe/runtime/bin/zwe internal start -c /home/zowe/instance/zowe.yaml" + env: + - name: ZWE_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CMMN_LB + value: apiml-common-lib/bin/api-layer-lite-lib-all.jar + lifecycle: + preStop: + exec: + command: ["/bin/sh", "-c", "/home/zowe/runtime/bin/zwe internal container prestop -c /home/zowe/instance/zowe.yaml"] + securityContext: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + capabilities: + drop: + - all + volumeMounts: + - name: tmp + mountPath: /tmp + - name: zowe-runtime + mountPath: "/home/zowe/runtime" + - name: zowe-config + mountPath: "/home/zowe/instance/zowe.yaml" + subPath: zowe.yaml + readOnly: true + - name: zowe-keystore + mountPath: "/home/zowe/keystore" + readOnly: true + - name: zowe-logs + mountPath: "/home/zowe/instance/logs" + - name: zowe-workspace + mountPath: "/home/zowe/instance/workspace" + initContainers: + - name: init-zowe + image: zowe-docker-snapshot.jfrog.io/ompzowe/zowe-launch-scripts:2.5.0-ubuntu.v2-x-staging + imagePullPolicy: Always + resources: + requests: + memory: "64Mi" + cpu: "10m" + limits: + memory: "128Mi" + cpu: "100m" + securityContext: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + privileged: false + runAsNonRoot: true + capabilities: + drop: + - all + volumeMounts: + - name: tmp + mountPath: /tmp + - name: zowe-runtime + mountPath: "/home/zowe/runtime" + - name: zowe-workspace + mountPath: "/home/zowe/instance/workspace" diff --git a/containers/server-bundle/ubuntu/README.md b/containers/server-bundle/ubuntu/README.md new file mode 100644 index 0000000000..e69de29bb2 diff --git a/example-zowe.yaml b/example-zowe.yaml index 6fb4f1d8f7..25ca4b77b5 100644 --- a/example-zowe.yaml +++ b/example-zowe.yaml @@ -348,7 +348,7 @@ zowe: # # In this section, behavior such as which TLS levels, ciphers should be used, and if native TLS versus AT-TLS should be used. # See the schema for options. - # + # # This section applies to all components that support it. # So far: "zss" and "app-server" # @@ -518,6 +518,18 @@ components: enabled: true port: 7554 debug: false + + # If we customize this to use different external certificate, than should also + # define "server.internal.ssl.certificate" and enable "server.internal.ssl.enabled". + # certificate: + # keystore: + # alias: "" + + # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + zaas: + enabled: true + port: 7563 + debug: false apiml: security: auth: @@ -528,33 +540,9 @@ components: authorization: endpoint: enabled: false - provider: "" + provider: "native" x509: enabled: false - server: - internal: - # gateway supports internal connector - enabled: false - port: 7550 - ssl: - enabled: false - # internal connector can use different certificate - # certificate: - # keystore: - # alias: "" - - # If we customize this to use different external certificate, than should also - # define "server.internal.ssl.certificate" and enable "server.internal.ssl.enabled". - # certificate: - # keystore: - # alias: "" - - # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> - cloud-gateway: - enabled: false - port: 7563 - debug: false - # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> api-catalog: enabled: true @@ -681,6 +669,8 @@ components: # # These configurations will overwrite highest level default "components" configuration # components: +# zaas: +# enabled: false # gateway: # enabled: false # discovery: diff --git a/manifest.json.template b/manifest.json.template index ebe48a1bea..86f91a72fa 100644 --- a/manifest.json.template +++ b/manifest.json.template @@ -91,9 +91,9 @@ "artifact": "apiml-sample-extension-*.zip", "exclusions": ["*PR*.zip"] }, - "org.zowe.apiml.cloud-gateway-package": { + "org.zowe.apiml.zaas-package": { "version": "^3.0.3-SNAPSHOT", - "artifact": "cloud-gateway-*.zip", + "artifact": "zaas-package-*.zip", "exclusions": ["*PR*.zip"] }, "org.zowe.getesm": { @@ -131,7 +131,7 @@ "componentGroup": "Zowe API Mediation Layer", "entries": [{ "repository": "api-layer", - "tag": "v2.x.x", + "tag": "v3.x.x", "destinations": ["Zowe PAX"] }] }, { @@ -358,23 +358,28 @@ "api-catalog": { "registry": "zowe-docker-snapshot.jfrog.io", "name": "ompzowe/api-catalog-services", - "tag" : "3.0.0-SNAPSHOT-ubuntu.v2-x-x" + "tag" : "3.0.21-SNAPSHOT-ubuntu.v2-x-x" + }, + "gateway": { + "registry": "zowe-docker-snapshot.jfrog.io", + "name": "ompzowe/gateway-service", + "tag" : "3.0.21-SNAPSHOT-ubuntu.v2-x-x" }, "caching": { "registry": "zowe-docker-snapshot.jfrog.io", "name": "ompzowe/caching-service", - "tag" : "3.0.0-SNAPSHOT-ubuntu.v2-x-x" + "tag" : "3.0.21-SNAPSHOT-ubuntu.v2-x-x" }, "discovery": { "kind": "statefulset", "registry": "zowe-docker-snapshot.jfrog.io", "name": "ompzowe/discovery-service", - "tag" : "3.0.0-SNAPSHOT-ubuntu.v2-x-x" + "tag" : "3.0.21-SNAPSHOT-ubuntu.v2-x-x" }, - "gateway": { + "zaas": { "registry": "zowe-docker-snapshot.jfrog.io", - "name": "ompzowe/gateway-service", - "tag" : "3.0.0-SNAPSHOT-ubuntu.v2-x-x" + "name": "ompzowe/zaas-service", + "tag" : "3.0.21-SNAPSHOT-ubuntu.v2-x-x" }, "app-server": { "registry": "zowe-docker-snapshot.jfrog.io", diff --git a/playbooks/all_host_vars_list.yml b/playbooks/all_host_vars_list.yml index 7c20e6117a..93f9f01653 100644 --- a/playbooks/all_host_vars_list.yml +++ b/playbooks/all_host_vars_list.yml @@ -28,17 +28,18 @@ zos_zosmf_user: IZUSVR zowe_apiml_catalog_port: 7552 zowe_apiml_discovery_port: 7553 zowe_apiml_gateway_port: 7554 -zowe_apiml_cloud_gateway_port: 7563 +zowe_apiml_zaas_port: 7563 zowe_apiml_gateway_timeout_millis: 600000 zowe_apiml_nonstrict_verify_certficates_of_services: true zowe_apiml_security_auth_provider: zosmf zowe_apiml_security_x509_enabled: false +zowe_apiml_service_forwardClientCertEnabled: true zowe_apiml_security_oidc_enabled: false zowe_apiml_security_oidc_client_id: zowe_apiml_security_oidc_client_secret: zowe_apiml_security_oidc_registry: zowe_apiml_security_zosmf_applid: IZUDFLT -zowe_apiml_security_zosmf_jwt_autoconfiguration_mode: auto +zowe_apiml_security_zosmf_jwt_autoconfiguration_mode: AUTO zowe_apiml_verify_certficates_of_services: true zowe_auto_create_user_group: false zowe_caching_service_persistent: VSAM diff --git a/playbooks/roles/configfmid/defaults/main.yml b/playbooks/roles/configfmid/defaults/main.yml index aca2bd6662..34b56b1682 100644 --- a/playbooks/roles/configfmid/defaults/main.yml +++ b/playbooks/roles/configfmid/defaults/main.yml @@ -5,8 +5,8 @@ # full core components list, they should show up in components section in zowe.yaml zowe_core_components: +- zaas - gateway -- cloud-gateway - api-catalog - discovery - caching-service @@ -61,7 +61,7 @@ zowe_apiml_gateway_timeout_millis: 600000 zowe_apiml_security_x509_enabled: false zowe_apiml_security_zosmf_applid: IZUDFLT zowe_apiml_security_auth_provider: zosmf -zowe_apiml_security_zosmf_jwt_autoconfiguration_mode: auto +zowe_apiml_security_zosmf_jwt_autoconfiguration_mode: AUTO zowe_apiml_security_oidc_enabled: false zowe_apiml_security_oidc_client_id: zowe_apiml_security_oidc_client_secret: diff --git a/playbooks/roles/configfmid/tasks/main.yml b/playbooks/roles/configfmid/tasks/main.yml index 030e3cd610..317cb6e7af 100644 --- a/playbooks/roles/configfmid/tasks/main.yml +++ b/playbooks/roles/configfmid/tasks/main.yml @@ -33,6 +33,7 @@ - zowe_apiml_gateway_port - zowe_apiml_gateway_timeout_millis - zowe_apiml_security_x509_enabled + - zowe_apiml_service_forwardClientCertEnabled - zowe_apiml_security_zosmf_applid - zowe_apiml_security_auth_provider - zowe_apiml_security_oidc_enabled @@ -287,14 +288,16 @@ "components.zss.port": "{{ zowe_zss_port }}" # other gateway configs "components.gateway.apiml.gateway.timeoutMillis": "{{ zowe_apiml_gateway_timeout_millis }}" - "components.gateway.apiml.security.x509.enabled": "{{ zowe_apiml_security_x509_enabled|string|lower }}" - "components.gateway.apiml.security.auth.provider": "{{ zowe_apiml_security_auth_provider|string|lower }}" - "components.gateway.apiml.security.auth.zosmf.jwtAutoconfiguration": "{{ zowe_apiml_security_zosmf_jwt_autoconfiguration_mode }}" - "components.gateway.apiml.security.oidc.enabled": "{{ zowe_apiml_security_oidc_enabled|string|lower }}" - "components.gateway.apiml.security.oidc.clientId": "{{ zowe_apiml_security_oidc_client_id|string }}" - "components.gateway.apiml.security.oidc.clientSecret": "{{ zowe_apiml_security_oidc_client_secret|string }}" - "components.gateway.apiml.security.oidc.registry": "{{ zowe_apiml_security_oidc_registry|string }}" - "components.gateway.apiml.security.oidc.jwks.uri": "{{ zowe_apiml_security_oidc_jwks_uri|string }}" + + # zaas settings + "components.zaas.apiml.security.x509.enabled": "{{ zowe_apiml_security_x509_enabled|string|lower }}" + "components.zaas.apiml.security.auth.provider": "{{ zowe_apiml_security_auth_provider|string|lower }}" + "components.zaas.apiml.security.auth.zosmf.jwtAutoconfiguration": "{{ zowe_apiml_security_zosmf_jwt_autoconfiguration_mode }}" + "components.zaas.apiml.security.oidc.enabled": "{{ zowe_apiml_security_oidc_enabled|string|lower }}" + "components.zaas.apiml.security.oidc.clientId": "{{ zowe_apiml_security_oidc_client_id|string }}" + "components.zaas.apiml.security.oidc.clientSecret": "{{ zowe_apiml_security_oidc_client_secret|string }}" + "components.zaas.apiml.security.oidc.registry": "{{ zowe_apiml_security_oidc_registry|string }}" + "components.zaas.apiml.security.oidc.jwks.uri": "{{ zowe_apiml_security_oidc_jwks_uri|string }}" # desktop customizations "zowe.environments.ZWED_SSH_PORT": "{{ zowe_zlux_terminal_ssh_port }}" "zowe.environments.ZWED_TN3270_PORT": "{{ zowe_zlux_terminal_telnet_port }}" diff --git a/playbooks/roles/configure/defaults/main.yml b/playbooks/roles/configure/defaults/main.yml index 63e98c2cde..39ad5e895f 100644 --- a/playbooks/roles/configure/defaults/main.yml +++ b/playbooks/roles/configure/defaults/main.yml @@ -5,8 +5,8 @@ # full core components list, they should show up in components section in zowe.yaml zowe_core_components: +- zaas - gateway -- cloud-gateway - api-catalog - discovery - caching-service @@ -54,15 +54,16 @@ zos_zosmf_ca: zowe_apiml_catalog_port: 7552 zowe_apiml_discovery_port: 7553 zowe_apiml_gateway_port: 7554 -zowe_apiml_cloud_gateway_port: 7563 +zowe_apiml_zaas_port: 7563 zowe_apiml_verify_certficates_of_services: true zowe_apiml_nonstrict_verify_certficates_of_services: true # APIML configuration properties zowe_apiml_gateway_timeout_millis: 600000 zowe_apiml_security_x509_enabled: false +zowe_apiml_service_forwardClientCertEnabled: true zowe_apiml_security_zosmf_applid: IZUDFLT zowe_apiml_security_auth_provider: zosmf -zowe_apiml_security_zosmf_jwt_autoconfiguration_mode: auto +zowe_apiml_security_zosmf_jwt_autoconfiguration_mode: AUTO zowe_apiml_security_oidc_enabled: false zowe_apiml_security_oidc_client_id: zowe_apiml_security_oidc_client_secret: diff --git a/playbooks/roles/configure/tasks/main.yml b/playbooks/roles/configure/tasks/main.yml index d9f7d9aaf9..979fdf6e0f 100644 --- a/playbooks/roles/configure/tasks/main.yml +++ b/playbooks/roles/configure/tasks/main.yml @@ -33,6 +33,7 @@ - zowe_apiml_gateway_port - zowe_apiml_gateway_timeout_millis - zowe_apiml_security_x509_enabled + - zowe_apiml_service_forwardClientCertEnabled - zowe_apiml_security_zosmf_applid - zowe_apiml_security_auth_provider - zowe_apiml_security_oidc_enabled @@ -280,8 +281,8 @@ tasks_from: update_zowe_yaml vars: configs: + "components.zaas.port": "{{ zowe_apiml_zaas_port }}" "components.gateway.port": "{{ zowe_apiml_gateway_port }}" - "components.cloud-gateway.port": "{{ zowe_apiml_cloud_gateway_port }}" "components.api-catalog.port": "{{ zowe_apiml_catalog_port }}" "components.discovery.port": "{{ zowe_apiml_discovery_port }}" "components.caching-service.port": "{{ zowe_caching_service_port }}" @@ -290,13 +291,17 @@ # other gateway configs "components.gateway.apiml.gateway.timeoutMillis": "{{ zowe_apiml_gateway_timeout_millis }}" "components.gateway.apiml.security.x509.enabled": "{{ zowe_apiml_security_x509_enabled|string|lower }}" - "components.gateway.apiml.security.auth.provider": "{{ zowe_apiml_security_auth_provider|string|lower }}" - "components.gateway.apiml.security.auth.zosmf.jwtAutoconfiguration": "{{ zowe_apiml_security_zosmf_jwt_autoconfiguration_mode }}" - "components.gateway.apiml.security.oidc.enabled": "{{ zowe_apiml_security_oidc_enabled|string|lower }}" - "components.gateway.apiml.security.oidc.clientId": "{{ zowe_apiml_security_oidc_client_id|string }}" - "components.gateway.apiml.security.oidc.clientSecret": "{{ zowe_apiml_security_oidc_client_secret|string }}" - "components.gateway.apiml.security.oidc.registry": "{{ zowe_apiml_security_oidc_registry|string }}" - "components.gateway.apiml.security.oidc.jwks.uri": "{{ zowe_apiml_security_oidc_jwks_uri|string }}" + "components.gateway.apiml.service.forwardClientCertEnabled": "{{ zowe_apiml_service_forwardClientCertEnabled|string|lower }}" + + # zaas configs + "components.zaas.apiml.security.x509.enabled": "{{ zowe_apiml_security_x509_enabled|string|lower }}" + "components.zass.apiml.security.auth.provider": "{{ zowe_apiml_security_auth_provider|string|lower }}" + "components.zaas.apiml.security.auth.zosmf.jwtAutoconfiguration": "{{ zowe_apiml_security_zosmf_jwt_autoconfiguration_mode }}" + "components.zaas.apiml.security.oidc.enabled": "{{ zowe_apiml_security_oidc_enabled|string|lower }}" + "components.zaas.apiml.security.oidc.clientId": "{{ zowe_apiml_security_oidc_client_id|string }}" + "components.zaas.apiml.security.oidc.clientSecret": "{{ zowe_apiml_security_oidc_client_secret|string }}" + "components.zaas.apiml.security.oidc.registry": "{{ zowe_apiml_security_oidc_registry|string }}" + "components.zaas.apiml.security.oidc.jwks.uri": "{{ zowe_apiml_security_oidc_jwks_uri|string }}" # desktop customizations "zowe.environments.ZWED_SSH_PORT": "{{ zowe_zlux_terminal_ssh_port }}" "zowe.environments.ZWED_TN3270_PORT": "{{ zowe_zlux_terminal_telnet_port }}" diff --git a/playbooks/roles/custom_for_test/defaults/main.yml b/playbooks/roles/custom_for_test/defaults/main.yml index 02c7476376..5209791295 100644 --- a/playbooks/roles/custom_for_test/defaults/main.yml +++ b/playbooks/roles/custom_for_test/defaults/main.yml @@ -5,8 +5,8 @@ # full core components list, they should show up in components section in zowe.yaml zowe_core_components: +- zaas - gateway -- cloud-gateway - api-catalog - discovery - caching-service @@ -67,7 +67,7 @@ zowe_apiml_security_oidc_registry: zowe_apiml_security_oidc_jwks_uri: zowe_apiml_security_zosmf_applid: IZUDFLT zowe_apiml_security_auth_provider: zosmf -zowe_apiml_security_zosmf_jwt_autoconfiguration_mode: auto +zowe_apiml_security_zosmf_jwt_autoconfiguration_mode: AUTO # explorer APIs/plugins ports zowe_jobs_explorer_port: 7560 zowe_mvs_explorer_port: 7561 diff --git a/playbooks/roles/custom_for_test/tasks/main.yml b/playbooks/roles/custom_for_test/tasks/main.yml index eb4a7fe056..4403348fad 100644 --- a/playbooks/roles/custom_for_test/tasks/main.yml +++ b/playbooks/roles/custom_for_test/tasks/main.yml @@ -33,6 +33,7 @@ # - zowe_apiml_gateway_port # - zowe_apiml_gateway_timeout_millis # - zowe_apiml_security_x509_enabled + # - zowe_apiml_service_forwardClientCertEnabled # - zowe_apiml_security_zosmf_applid # - zowe_apiml_security_auth_provider # - zowe_jobs_explorer_port diff --git a/playbooks/roles/kubernetes/defaults/main.yml b/playbooks/roles/kubernetes/defaults/main.yml index 836ba1bc08..877dbf1618 100644 --- a/playbooks/roles/kubernetes/defaults/main.yml +++ b/playbooks/roles/kubernetes/defaults/main.yml @@ -48,4 +48,4 @@ k8s_gateway_domain: k8s_discovery_domain: #list of the apps required for zowe -k8s_required_apps: ["api-catalog", "app-server", "caching", "discovery", "gateway"] +k8s_required_apps: ["api-catalog", "app-server", "caching", "discovery", "gateway", "zaas"] diff --git a/playbooks/roles/verify/defaults/main.yml b/playbooks/roles/verify/defaults/main.yml index 625b9cdc16..62fc35714b 100644 --- a/playbooks/roles/verify/defaults/main.yml +++ b/playbooks/roles/verify/defaults/main.yml @@ -27,5 +27,6 @@ zowe_job_prefix: ZWE zowe_proclib_membername: ZWESLSTC zowe_instance_id: 1 # ports will be tested +zowe_apiml_zaas_port: 7563 zowe_apiml_gateway_port: 7554 zowe_zlux_port: 7556 diff --git a/tests/sanity/README.md b/tests/sanity/README.md index 843a27f1f2..2fcb50fccf 100644 --- a/tests/sanity/README.md +++ b/tests/sanity/README.md @@ -50,7 +50,7 @@ The existing test cases are tested on Firefox v61.0.2 which is pre-installed in Example command: ``` -ZOWE_ROOT_DIR=/path/to/zowe \ + ZOWE_ROOT_DIR=/path/to/zowe \ ZOWE_WORKSPACE_DIR=/path/to/zowe/workspaceDir \ ZOWE_EXTERNAL_HOST=test-server \ SSH_HOST=test-server \ diff --git a/tests/sanity/test/apiml/test-authentication-zosmf-via-gateway.js b/tests/sanity/test/apiml/test-authentication-zosmf-via-gateway.js index 6193c279af..4f229c96f5 100644 --- a/tests/sanity/test/apiml/test-authentication-zosmf-via-gateway.js +++ b/tests/sanity/test/apiml/test-authentication-zosmf-via-gateway.js @@ -10,7 +10,7 @@ const expect = require('chai').expect; const { HTTPRequest, APIMLAuth } = require('../http-helper'); -const { APIML_AUTH_COOKIE, ZOSMF_TOKEN } = require('../constants'); +const { APIML_AUTH_COOKIE } = require('../constants'); describe('test api mediation layer zosmf authentication', function() { @@ -62,26 +62,6 @@ describe('test api mediation layer zosmf authentication', function() { assertNotEmptyValidResponse(res); }); - it('with valid LTPA cookie', async function() { - const token = Buffer.from(`${username}:${password}`, 'utf8').toString('base64'); - const loginResponse = await hq.request({ - url: '/ibmzosmf/api/v1/zosmf/info', - headers: { - 'Authorization': `Basic ${token}`, - } - }); - - const ltpaCookie = hq.findCookieInResponse(loginResponse, ZOSMF_TOKEN); - const response = await hq.request({ - url: '/ibmzosmf/api/v1/zosmf/info', - headers: { - 'Cookie': ltpaCookie, - } - }); - - assertNotEmptyValidResponse(response); - }); - it('with valid JWT token via Bearer', async function() { const token = await apiml.login(); const res = await hq.request({ diff --git a/workflows/files/ZWECONF.properties b/workflows/files/ZWECONF.properties index 9c3767d3f0..4eadca84d7 100644 --- a/workflows/files/ZWECONF.properties +++ b/workflows/files/ZWECONF.properties @@ -329,30 +329,6 @@ components_gateway_port=7554 # Switch on the debug mode for the gateway components_gateway_debug=false -# components_gateway_apiml_security_auth_provider -# Label: Gateway APIML security auth provider -# Abstract: Authorization provider for the gateway -# Category: components -# Description: -# Authorization provider for the gateway -components_gateway_apiml_security_auth_provider=zosmf - -# components_gateway_apiml_security_auth_zosmf_jwtAutoconfiguration -# Label: Gateway APIML security auth z/OSMF jwtAutoconfiguration -# Abstract: JWT auto configuration for gateway security auth -# Category: components -# Description: -# JWT auto configuration for gateway security auth -components_gateway_apiml_security_auth_zosmf_jwtAutoconfiguration=auto - -# components_gateway_apiml_security_auth_zosmf_serviceId -# Label: Gateway APIML security auth z/OSMF serviceId -# Abstract: Service ID for gateway security auth -# Category: components -# Description: -# Service ID for gateway security auth -components_gateway_apiml_security_auth_zosmf_serviceId=zosmf - # components_gateway_apiml_security_authorization_endpoint_enabled # Label: Enable gateway APIML security authorization endpoint # Abstract: Use this to enable the security authorization endpoint @@ -377,30 +353,6 @@ components_gateway_apiml_security_authorization_provider= # Check to enable the gateway security x509 components_gateway_apiml_security_x509_enabled=false -# components_gateway_server_internal_enabled -# Label: Enable gateway server internal connector -# Abstract: Enable gateway server internal connector -# Category: components -# Description: -# Enable gateway server internal connector -components_gateway_server_internal_enabled=false - -# components_gateway_server_internal_port -# Label: Gateway server internal port -# Abstract: Gateway internal connector port -# Category: components -# Description: -# Gateway internal connector port -components_gateway_server_internal_port=7550 - -# components_gateway_server_internal_ssl_enabled -# Label: Enable gateway server internal SSL -# Abstract: Enable gateway internal connector SSL -# Category: components -# Description: -# Enable gateway internal connector SSL -components_gateway_server_internal_ssl_enabled=false - # components_metrics_service_enabled # Label: Enable metrics service # Abstract: Use this option to enable the metrics seervice @@ -425,29 +377,53 @@ components_metrics_service_port=7551 # Check this value to get additional debugging components_metrics_service_debug=false -# components_cloud_gateway_enabled -# Label: Enable cloud gateway -# Abstract: Use this option to enable the cloud gateway +# components_zaas_enabled +# Label: Enable ZAAS +# Abstract: Use this option to enable the Zowe Authentication and Authorization Service # Category: components # Description: -# Use this option to enable the cloud gateway -components_cloud_gateway_enabled=false +# Use this option to enable the Zowe Authentication and Authorization Service +components_zaas_enabled=false -# components_cloud_gateway_port -# Label: Cloud gateway port -# Abstract: Port for the cloud gateway +# components_zaas_port +# Label: ZAAS port +# Abstract: Port for ZAAS # Category: components # Description: -# Port for the cloud gateway -components_cloud_gateway_port=7563 +# Port for ZAAS +components_zaas_port=7563 -# components_cloud_gatewaye_debug -# Label: Cloud gateway debug +# components_zaas_debug +# Label: ZAAS debug # Abstract: Check this value to get additional debugging # Category: components # Description: # Check this value to get additional debugging -components_cloud_gatewaye_debug=false +components_zaas_debug=false + +# components_zaas_apiml_security_auth_provider +# Label: ZAAS APIML security auth provider +# Abstract: Authentication provider for ZAAS +# Category: components +# Description: +# Authentication provider for the gateway +components_zaas_apiml_security_auth_provider=zosmf + +# components_zaas_apiml_security_auth_zosmf_jwtAutoconfiguration +# Label: ZAAS APIML security auth z/OSMF jwtAutoconfiguration +# Abstract: JWT auto configuration for ZAAS (Authentication) +# Category: components +# Description: +# JWT auto configuration for ZAAS (Authentication) +components_zaas_apiml_security_auth_zosmf_jwtAutoconfiguration=auto + +# components_zaas_apiml_security_auth_zosmf_serviceId +# Label: ZAAS APIML - z/OSMF serviceId +# Abstract: Service ID for ZAAS (Authentication) +# Category: components +# Description: +# Service ID for ZAAS (Authentication) +components_zaas_apiml_security_auth_zosmf_serviceId=zosmf # components_api_catalog_enabled # Label: Enable API catalog diff --git a/workflows/files/ZWECONF.xml b/workflows/files/ZWECONF.xml index c45b29385e..c51f0b78f4 100644 --- a/workflows/files/ZWECONF.xml +++ b/workflows/files/ZWECONF.xml @@ -480,10 +480,43 @@ How we want to verify SSL certificates of services. Valid values are: false - - - Authorization provider for the gateway - Authorization provider for the gateway + + + Should the APIML ZAAS be enabled? + Should the APIML ZAAS be enabled? + components + + + + true + + + + + Port for the APIML ZAAS + Port for the APIML ZAAS + components + + + + 7563 + + + + + Switch on the debug mode for the ZAAS + Switch on the debug mode for the ZAAS + components + + + + false + + + + + Authorization provider for the ZAAS + Authorization provider for the ZAAS components @@ -491,8 +524,8 @@ How we want to verify SSL certificates of services. Valid values are: zosmf - - + + JWT auto configuration for gateway security auth JWT auto configuration for gateway security auth components @@ -502,10 +535,10 @@ How we want to verify SSL certificates of services. Valid values are: auto - - - Service ID for gateway security auth - Service ID for gateway security auth + + + Service ID for ZAAS security auth + Service ID for ZAAS security auth components @@ -513,8 +546,8 @@ How we want to verify SSL certificates of services. Valid values are: zosmf - - + + Use this to enable the security authorization endpoint Use this to enable the security authorization endpoint components @@ -524,119 +557,20 @@ How we want to verify SSL certificates of services. Valid values are: false - - - Security authorization provider for the gateway - Security authorization provider for the gateway + + + Security authorization provider for the ZAAS + Security authorization provider for the ZAAS components - - - Check to enable the gateway security x509 - Check to enable the gateway security x509 - components - - - - false - - - - - Enable gateway server internal connector - Enable gateway server internal connector - components - - - - false - - - - - Gateway internal connector port - Gateway internal connector port - components - - - - 7550 - - - - - Enable gateway internal connector SSL - Enable gateway internal connector SSL - components - - - - false - - - - - Use this option to enable the metrics seervice - Use this option to enable the metrics seervice - components - - - - false - - - - - Port for the metrics service - Port for the metrics service - components - - - - 7551 - - - - - Check this value to get additional debugging - Check this value to get additional debugging - components - - - - false - - - - - Use this option to enable the cloud gateway - Use this option to enable the cloud gateway - components - - - - false - - - - - Port for the cloud gateway - Port for the cloud gateway - components - - - - 7563 - - - - - Check this value to get additional debugging - Check this value to get additional debugging + + + Check to enable the ZAAS security x509 + Check to enable the ZAAS security x509 components @@ -1198,8 +1132,7 @@ How we want to verify SSL certificates of services. Valid values are: - - + @@ -1224,32 +1157,53 @@ How we want to verify SSL certificates of services. Valid values are: false - - Gateway component variables - Define the gateway component variables here + + Gateway variables + Specify the variables for the gateway component + + + 1 == 1 + Always true + + + Skipped if the gateway was not selected + !${instance-components_gateway_enabled} + skipped + + + + + + Run this step to specify the cloud gateway variables + 1 + z/OS System Programmer + false + false + + + + ZAAS component variables + Define the ZAAS component variables here 1 == 1 Always true - Skipped if gateway is not selected - !${instance-components_gateway_enabled} + Skipped if ZAAS is not selected + !${instance-components_zaas_enabled} skipped - - - - - - - - - - - + + + + + + + + Run this step to fill gateway component variables. 1 z/OS System Programmer @@ -1257,54 +1211,6 @@ How we want to verify SSL certificates of services. Valid values are: false - - Metrics component variables - Specify the variables for the metrics component - - - 1 == 1 - Always true - - - Skipped if the metrics component was not selected - !${instance-components_metrics_service_enabled} - skipped - - - - - - Run this step to specify the metrics variables - 1 - z/OS System Programmer - false - false - - - - Cloud gateway variables - Specify the variables for the cloud gateway component - - - 1 == 1 - Always true - - - Skipped if the cloud gateway was not selected - !${instance-components_cloud_gateway_enabled} - skipped - - - - - - Run this step to specify the cloud gateway variables - 1 - z/OS System Programmer - false - false - - API Catalog Variables Variables for the API catalog @@ -2073,36 +1979,45 @@ echo ' gateway:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' enabled: ${instance-components_gateway_enabled}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' port: ${instance-components_gateway_port}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' debug: ${instance-components_gateway_debug}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +#end +#if (${instance-components_gateway_enabled} == "false" ) +echo ' gateway:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' enabled: ${instance-components_gateway_enabled}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' port: 7554' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' debug: false' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +#end +echo '' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' # If we customize this to use different external certificate, than should also' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' # define "server.internal.ssl.certificate" and enable "server.internal.ssl.enabled".' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' # certificate:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' # keystore:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' # alias: ""' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo '' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +#if (${instance-components_zaas_enabled} == "true" ) +echo ' zaas:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' enabled: ${instance-components_zaas_enabled}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' port: ${instance-components_zaas_port}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' debug: ${instance-components_zaas_debug}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo '' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' apiml:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' security:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' auth:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' provider: "$!{instance-components_gateway_apiml_security_auth_provider}"' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' provider: "$!{instance-components_zaas_apiml_security_auth_provider}"' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' zosmf:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' jwtAutoconfiguration: "$!{instance-components_gateway_apiml_security_auth_zosmf_jwtAutoconfiguration}"' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' serviceId: "$!{instance-components_gateway_apiml_security_auth_zosmf_serviceId}"' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' jwtAutoconfiguration: "$!{instance-components_zaas_apiml_security_auth_zosmf_jwtAutoconfiguration}"' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' serviceId: "$!{instance-components_zaas_apiml_security_auth_zosmf_serviceId}"' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' authorization:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' endpoint:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' enabled: ${instance-components_gateway_apiml_security_authorization_endpoint_enabled}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' provider: "$!{instance-components_gateway_apiml_security_authorization_provider}"' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' enabled: ${instance-components_zaas_apiml_security_authorization_endpoint_enabled}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' provider: "$!{instance-components_zaas_apiml_security_authorization_provider}"' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' x509:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' enabled: ${instance-components_gateway_apiml_security_x509_enabled}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' server:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' internal:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' # gateway supports internal connector' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' enabled: ${instance-components_gateway_server_internal_enabled}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' port: ${instance-components_gateway_server_internal_port}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' ssl:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' enabled: ${instance-components_gateway_server_internal_ssl_enabled}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' # internal connector can use different certificate' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' # certificate:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' # keystore:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' # alias: ""' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' enabled: ${instance-components_zaas_apiml_security_x509_enabled}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" #end -#if (${instance-components_gateway_enabled} == "false" ) -echo ' gateway:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' enabled: ${instance-components_gateway_enabled}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' port: 7554' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +#if (${instance-components_zaas_enabled} == "false" ) +echo ' zaas:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' enabled: ${instance-components_zaas_enabled}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +echo ' port: 7563' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' debug: false' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo '' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' apiml:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" @@ -2118,51 +2033,6 @@ echo ' enabled: false' >> "${instance-zowe_runtimeDirectory}/zowe.yam echo ' provider: ""' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' x509:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' enabled: false' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' server:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' internal:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' # gateway supports internal connector' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' enabled: false' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' port: 7550' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' ssl:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' enabled: false' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' # internal connector can use different certificate' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' # certificate:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' # keystore:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' # alias: ""' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -#end -echo '' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' # If we customize this to use different external certificate, than should also' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' # define "server.internal.ssl.certificate" and enable "server.internal.ssl.enabled".' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' # certificate:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' # keystore:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' # alias: ""' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo '' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -#if (${instance-components_metrics_service_enabled} == "true" ) -echo ' metrics-service:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' enabled: ${instance-components_metrics_service_enabled}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' port: ${instance-components_metrics_service_port}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' debug: ${instance-components_metrics_service_debug}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -#end -#if (${instance-components_metrics_service_enabled} == "false" ) -echo ' metrics-service:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' enabled: ${instance-components_metrics_service_enabled}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' port: 7551' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' debug: false' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -#end -echo '' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -#if (${instance-components_cloud_gateway_enabled} == "true" ) -echo ' cloud-gateway:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' enabled: ${instance-components_cloud_gateway_enabled}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' port: ${instance-components_cloud_gateway_port}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' debug: ${instance-components_cloud_gatewaye_debug}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -#end -#if (${instance-components_cloud_gateway_enabled} == "false" ) -echo ' cloud-gateway:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' enabled: ${instance-components_cloud_gateway_enabled}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' port: 7563' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" -echo ' debug: false' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" #end echo '' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" @@ -2214,7 +2084,11 @@ echo ' name: "$!{instance-components_caching_service_storage_vsam_name}"' echo ' infinispan:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' # this is required if storage mode is infinispan' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" echo ' jgroups:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +#if (${instance-components_caching_service_storage_mode} == "infinispan" ) echo ' port: ${instance-components_caching_service_storage_infinispan_jgroups_port}' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +#else +echo ' port: 7600' >> "${instance-zowe_runtimeDirectory}/zowe.yaml" +#end #end #if (${instance-components_caching_service_enabled} == "false" ) echo ' caching-service:' >> "${instance-zowe_runtimeDirectory}/zowe.yaml"