Skip to content

Commit 59ce9fc

Browse files
committed
draft
Signed-off-by: Pavel Jareš <[email protected]>
1 parent 6fcc468 commit 59ce9fc

File tree

17 files changed

+169
-69
lines changed

17 files changed

+169
-69
lines changed

api-catalog-package/src/main/resources/bin/start.sh

Lines changed: 15 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -150,25 +150,30 @@ ADD_OPENS="--add-opens=java.base/java.lang=ALL-UNNAMED
150150
--add-opens=java.base/sun.nio.ch=ALL-UNNAMED
151151
--add-opens=java.base/java.io=ALL-UNNAMED"
152152

153-
ATTLS_ENABLED="false"
153+
add_profile() {
154+
new_profile=$1
155+
if [ -n "${ZWE_configs_spring_profiles_active}" ]; then
156+
ZWE_configs_spring_profiles_active="${ZWE_configs_spring_profiles_active},"
157+
fi
158+
ZWE_configs_spring_profiles_active="${ZWE_configs_spring_profiles_active}${new_profile}"
159+
}
160+
161+
ATTLS_SERVER_ENABLED="false"
154162
ATTLS_CLIENT_ENABLED="false"
155163

156164
if [ "${ZWE_zowe_network_server_tls_attls}" = "true" ]; then
157-
ATTLS_ENABLED="true"
165+
ATTLS_SERVER_ENABLED="true"
158166
fi
159167
if [ "${ZWE_zowe_network_client_tls_attls}" = "true" ]; then
160168
ATTLS_CLIENT_ENABLED="true"
161169
fi
162170

163-
if [ "${ATTLS_ENABLED}" = "true" ]; then
171+
if [ "${ATTLS_SERVER_ENABLED}" = "true" ]; then
172+
add_profile "attlsServer"
164173
ZWE_configs_server_ssl_enabled="false"
165-
if [ -n "${ZWE_configs_spring_profiles_active}" ]; then
166-
ZWE_configs_spring_profiles_active="${ZWE_configs_spring_profiles_active},"
167-
fi
168-
ZWE_configs_spring_profiles_active="${ZWE_configs_spring_profiles_active}attls"
169174
fi
170175

171-
if [ "${ZWE_configs_server_ssl_enabled:-true}" = "true" -o "$ATTLS_ENABLED" = "true" ]; then
176+
if [ "${ZWE_configs_server_ssl_enabled:-true}" = "true" -o "$ATTLS_SERVER_ENABLED" = "true" ]; then
172177
externalProtocol="https"
173178
else
174179
externalProtocol="http"
@@ -177,6 +182,7 @@ fi
177182
internalProtocol="https"
178183
ZWE_DISCOVERY_SERVICES_LIST=${ZWE_DISCOVERY_SERVICES_LIST:-"https://${ZWE_haInstance_hostname:-localhost}:${ZWE_components_discovery_port:-7553}/eureka/"}
179184
if [ "$ATTLS_CLIENT_ENABLED" = "true" ]; then
185+
add_profile "attlsClient"
180186
ZWE_DISCOVERY_SERVICES_LIST=$(echo "${ZWE_DISCOVERY_SERVICES_LIST=}" | sed -e 's|https://|http://|g')
181187
internalProtocol="http"
182188
fi
@@ -245,7 +251,7 @@ elif [ "${keystore_type}" = "JCEHYBRIDRACFKS" ]; then
245251
truststore_location=$(echo "${truststore_location}" | sed s_safkeyring://_safkeyringjcehybrid://_)
246252
fi
247253

248-
if [ "${ATTLS_ENABLED}" = "true" -a "${APIML_ATTLS_LOAD_KEYRING:-false}" = "true" ]; then
254+
if [ "${ATTLS_SERVER_ENABLED}" = "true" -a "${APIML_ATTLS_LOAD_KEYRING:-false}" = "true" ]; then
249255
keystore_type=
250256
keystore_pass=
251257
key_pass=

api-catalog-services/src/main/resources/application.yml

Lines changed: 13 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,6 @@
1+
# for back-compatibility
2+
spring.profiles.group.attls: attlsServer
3+
14
spring:
25
application:
36
name: ${apiml.service.id}
@@ -232,13 +235,22 @@ management:
232235
exposure:
233236
include: "*"
234237
---
235-
spring.config.activate.on-profile: attls
238+
spring.config.activate.on-profile: attlsServer
236239

237240
server:
238241
attls:
239242
enabled: true
240243
ssl:
241244
enabled: false
245+
apiml:
246+
service:
247+
scheme: http
248+
nonSecurePortEnabled: true
249+
securePortEnabled: false
250+
251+
---
252+
spring.config.activate.on-profile: attlsClient
253+
242254
eureka:
243255
instance:
244256
securePort: 0
@@ -254,8 +266,3 @@ eureka:
254266
version: 1.0.0
255267
gatewayUrl: api/v1
256268
swaggerUrl: http://${apiml.service.hostname}:${apiml.service.port}${apiml.service.contextPath}/v3/api-docs
257-
apiml:
258-
service:
259-
scheme: http
260-
nonSecurePortEnabled: true
261-
securePortEnabled: false

apiml-package/src/main/resources/bin/start.sh

Lines changed: 15 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -170,33 +170,39 @@ fi
170170

171171
echo "Setting loader path: "${APIML_LOADER_PATH}
172172

173-
ATTLS_ENABLED="false"
173+
add_profile() {
174+
new_profile=$1
175+
if [ -n "${ZWE_configs_spring_profiles_active}" ]; then
176+
ZWE_configs_spring_profiles_active="${ZWE_configs_spring_profiles_active},"
177+
fi
178+
ZWE_configs_spring_profiles_active="${ZWE_configs_spring_profiles_active}${new_profile}"
179+
}
180+
181+
ATTLS_SERVER_ENABLED="false"
174182
ATTLS_CLIENT_ENABLED="false"
175183

176184
if [ "${ZWE_zowe_network_server_tls_attls}" = "true" ]; then
177-
ATTLS_ENABLED="true"
185+
ATTLS_SERVER_ENABLED="true"
178186
fi
179187
if [ "${ZWE_zowe_network_client_tls_attls}" = "true" ]; then
180188
ATTLS_CLIENT_ENABLED="true"
181189
fi
182190

183-
if [ "${ATTLS_ENABLED}" = "true" ]; then
191+
if [ "${ATTLS_SERVER_ENABLED}" = "true" ]; then
192+
add_profile "attlsServer"
184193
ZWE_configs_server_ssl_enabled="false"
185-
if [ -n "${ZWE_configs_spring_profiles_active}" ]; then
186-
ZWE_configs_spring_profiles_active="${ZWE_configs_spring_profiles_active},"
187-
fi
188-
ZWE_configs_spring_profiles_active="${ZWE_configs_spring_profiles_active}attls"
189194
fi
190195

191196
internalProtocol="https"
192197
ZWE_DISCOVERY_SERVICES_LIST=${ZWE_DISCOVERY_SERVICES_LIST:-"https://${ZWE_haInstance_hostname:-localhost}:${ZWE_components_discovery_port:-7553}/eureka/"}
193198
if [ "${ATTLS_CLIENT_ENABLED}" = "true" ]; then
199+
add_profile "attlsClient"
194200
ZWE_DISCOVERY_SERVICES_LIST=$(echo "${ZWE_DISCOVERY_SERVICES_LIST=}" | sed -e 's|https://|http://|g')
195201
internalProtocol=http
196202
ZWE_configs_apiml_service_corsEnabled=true
197203
fi
198204

199-
if [ "${ZWE_configs_server_ssl_enabled:-${ZWE_components_gateway_server_ssl_enabled:-${ZWE_components_discovery_server_ssl_enabled:-true}}}" = "true" -o "$ATTLS_ENABLED" = "true" ]; then
205+
if [ "${ZWE_configs_server_ssl_enabled:-${ZWE_components_gateway_server_ssl_enabled:-${ZWE_components_discovery_server_ssl_enabled:-true}}}" = "true" -o "$ATTLS_SERVER_ENABLED" = "true" ]; then
200206
externalProtocol="https"
201207
else
202208
externalProtocol="http"
@@ -289,7 +295,7 @@ elif [ "${keystore_type}" = "JCEHYBRIDRACFKS" ]; then
289295
truststore_location=$(echo "${truststore_location}" | sed s_safkeyring://_safkeyringjcehybrid://_)
290296
fi
291297

292-
if [ "${ATTLS_ENABLED}" = "true" -a "${APIML_ATTLS_LOAD_KEYRING:-false}" = "true" ]; then
298+
if [ "${ATTLS_SERVER_ENABLED}" = "true" -a "${APIML_ATTLS_LOAD_KEYRING:-false}" = "true" ]; then
293299
keystore_type=
294300
keystore_pass=
295301
key_pass=

apiml/src/main/resources/application.yml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,6 @@
1+
# for back-compatibility
2+
spring.profiles.group.attls: attlsServer
3+
14
eureka:
25
dashboard:
36
path: /eureka
@@ -227,7 +230,7 @@ logging:
227230
reactor.netty.http.client.HttpClientConnect: DEBUG
228231

229232
---
230-
spring.config.activate.on-profile: attls
233+
spring.config.activate.on-profile: attlsServer
231234

232235
server:
233236
attls:

caching-service-package/src/main/resources/bin/start.sh

Lines changed: 14 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -120,27 +120,33 @@ ADD_OPENS="--add-opens=java.base/java.lang=ALL-UNNAMED
120120
--add-opens=java.base/sun.nio.ch=ALL-UNNAMED
121121
--add-opens=java.base/java.io=ALL-UNNAMED"
122122

123-
ATTLS_ENABLED="false"
123+
add_profile() {
124+
new_profile=$1
125+
if [ -n "${ZWE_configs_spring_profiles_active}" ]; then
126+
ZWE_configs_spring_profiles_active="${ZWE_configs_spring_profiles_active},"
127+
fi
128+
ZWE_configs_spring_profiles_active="${ZWE_configs_spring_profiles_active}${new_profile}"
129+
}
130+
131+
ATTLS_SERVER_ENABLED="false"
124132
ATTLS_CLIENT_ENABLED="false"
125133

126134
if [ "${ZWE_zowe_network_server_tls_attls}" = "true" ]; then
127-
ATTLS_ENABLED="true"
135+
ATTLS_SERVER_ENABLED="true"
128136
fi
129137
if [ "${ZWE_zowe_network_client_tls_attls}" = "true" ]; then
130138
ATTLS_CLIENT_ENABLED="true"
131139
fi
132140

133-
if [ "${ATTLS_ENABLED}" = "true" ]; then
141+
if [ "${ATTLS_SERVER_ENABLED}" = "true" ]; then
142+
add_profile "attlsServer"
134143
ZWE_configs_server_ssl_enabled="false"
135-
if [ -n "${ZWE_configs_spring_profiles_active}" ]; then
136-
ZWE_configs_spring_profiles_active="${ZWE_configs_spring_profiles_active},"
137-
fi
138-
ZWE_configs_spring_profiles_active="${ZWE_configs_spring_profiles_active}attls"
139144
fi
140145

141146
# Verify discovery service URL in case AT-TLS is enabled, assumes outgoing rules are in place
142147
ZWE_DISCOVERY_SERVICES_LIST=${ZWE_DISCOVERY_SERVICES_LIST:-"https://${ZWE_haInstance_hostname:-localhost}:${ZWE_components_discovery_port:-7553}/eureka/"}
143148
if [ "${ATTLS_CLIENT_ENABLED}" = "true" ]; then
149+
add_profile "attlsClient"
144150
ZWE_DISCOVERY_SERVICES_LIST=$(echo "${ZWE_DISCOVERY_SERVICES_LIST=}" | sed -e 's|https://|http://|g')
145151
fi
146152

@@ -211,7 +217,7 @@ fi
211217
# -Dapiml.service.ipAddress=${ZOWE_IP_ADDRESS:-127.0.0.1} \
212218
# -Dapiml.service.preferIpAddress=${APIML_PREFER_IP_ADDRESS:-false} \
213219

214-
if [ "${ATTLS_ENABLED}" = "true" -a "${APIML_ATTLS_LOAD_KEYRING:-false}" = "true" ]; then
220+
if [ "${ATTLS_SERVER_ENABLED}" = "true" -a "${APIML_ATTLS_LOAD_KEYRING:-false}" = "true" ]; then
215221
keystore_type=
216222
keystore_pass=
217223
key_pass=

caching-service/src/main/resources/application.yml

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,6 @@
1+
# for back-compatibility
2+
spring.profiles.group.attls: attlsServer
3+
14
caching:
25
storage:
36
mode: inMemory
@@ -187,7 +190,7 @@ spring.config.activate.on-profile: dev
187190
logbackServiceName: ZWEACS1
188191

189192
---
190-
spring.config.activate.on-profile: attls
193+
spring.config.activate.on-profile: attlsServer
191194

192195
server:
193196
attls:
@@ -199,6 +202,9 @@ apiml:
199202
service:
200203
scheme: http
201204

205+
---
206+
spring.config.activate.on-profile: attlsClient
207+
202208
eureka:
203209
instance:
204210
nonSecurePortEnabled: true

discoverable-client/src/main/resources/application.yml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,6 @@
1+
# for back-compatibility
2+
spring.profiles.group.attls: attlsServer
3+
14
logging:
25
level:
36
ROOT: INFO
@@ -221,7 +224,7 @@ logging:
221224
logbackServiceName: ZWEADC1
222225

223226
---
224-
spring.config.activate.on-profile: attls
227+
spring.config.activate.on-profile: attlsServer
225228

226229
apiml:
227230
service:

discovery-package/src/main/resources/bin/start.sh

Lines changed: 14 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -115,26 +115,32 @@ if [ "$(uname)" = "OS/390" ]; then
115115
fi
116116
fi
117117

118-
ATTLS_ENABLED="false"
118+
add_profile() {
119+
new_profile=$1
120+
if [ -n "${ZWE_configs_spring_profiles_active}" ]; then
121+
ZWE_configs_spring_profiles_active="${ZWE_configs_spring_profiles_active},"
122+
fi
123+
ZWE_configs_spring_profiles_active="${ZWE_configs_spring_profiles_active}${new_profile}"
124+
}
125+
126+
ATTLS_SERVER_ENABLED="false"
119127
ATTLS_CLIENT_ENABLED="false"
120128

121129
if [ "${ZWE_zowe_network_server_tls_attls}" = "true" ]; then
122-
ATTLS_ENABLED="true"
130+
ATTLS_SERVER_ENABLED="true"
123131
fi
124132
if [ "${ZWE_zowe_network_client_tls_attls}" = "true" ]; then
125133
ATTLS_CLIENT_ENABLED="true"
126134
fi
127135

128-
if [ "${ATTLS_ENABLED}" = "true" ]; then
136+
if [ "${ATTLS_SERVER_ENABLED}" = "true" ]; then
137+
add_profile "attlsServer"
129138
ZWE_configs_server_ssl_enabled="false"
130-
if [ -n "${ZWE_configs_spring_profiles_active}" ]; then
131-
ZWE_configs_spring_profiles_active="${ZWE_configs_spring_profiles_active},"
132-
fi
133-
ZWE_configs_spring_profiles_active="${ZWE_configs_spring_profiles_active}attls"
134139
fi
135140

136141
ZWE_DISCOVERY_SERVICES_LIST=${ZWE_DISCOVERY_SERVICES_LIST:-"https://${ZWE_haInstance_hostname:-localhost}:${ZWE_components_discovery_port:-7553}/eureka/"}
137142
if [ "${ATTLS_CLIENT_ENABLED}" = "true" ]; then
143+
add_profile "attlsClient"
138144
ZWE_DISCOVERY_SERVICES_LIST=$(echo "${ZWE_DISCOVERY_SERVICES_LIST=}" | sed -e 's|https://|http://|g')
139145
fi
140146

@@ -233,7 +239,7 @@ elif [ "${keystore_type}" = "JCEHYBRIDRACFKS" ]; then
233239
truststore_location=$(echo "${truststore_location}" | sed s_safkeyring://_safkeyringjcehybrid://_)
234240
fi
235241

236-
if [ "${ATTLS_ENABLED}" = "true" -a "${APIML_ATTLS_LOAD_KEYRING:-false}" = "true" ]; then
242+
if [ "${ATTLS_SERVER_ENABLED}" = "true" -a "${APIML_ATTLS_LOAD_KEYRING:-false}" = "true" ]; then
237243
keystore_type=
238244
keystore_pass=
239245
key_pass=

discovery-service/src/main/java/org/zowe/apiml/discovery/config/HttpWebSecurityConfig.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -46,7 +46,7 @@
4646
*/
4747
@Configuration
4848
@RequiredArgsConstructor
49-
@Profile("!https & !attls")
49+
@Profile("!https & !attlsServer")
5050
@ConditionalOnMissingBean(name = "modulithConfig")
5151
public class HttpWebSecurityConfig extends AbstractWebSecurityConfigurer {
5252
private static final String DISCOVERY_REALM = "API Mediation Discovery Service realm";

discovery-service/src/main/java/org/zowe/apiml/discovery/config/HttpWebSecurityLoginConfig.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,6 @@
1919
"org.zowe.apiml.security.common",
2020
"org.zowe.apiml.gateway.security.login"
2121
})
22-
@Profile("!https & !attls")
22+
@Profile("!https & !attlsServer")
2323
public class HttpWebSecurityLoginConfig {
2424
}

discovery-service/src/main/java/org/zowe/apiml/discovery/config/HttpsWebSecurityConfig.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -47,7 +47,7 @@
4747
@Configuration
4848
@RequiredArgsConstructor
4949
@EnableApimlAuth
50-
@Profile({"https", "attls"})
50+
@Profile({"https", "attlsServer"})
5151
@ConditionalOnMissingBean(name = "modulithConfig")
5252
public class HttpsWebSecurityConfig extends AbstractWebSecurityConfigurer {
5353

discovery-service/src/main/resources/application.yml

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,6 @@
1+
# for back-compatibility
2+
spring.profiles.group.attls: attlsServer
3+
14
logging:
25
level:
36
ROOT: INFO
@@ -190,7 +193,7 @@ management:
190193
logbackServiceName: ZWEADS1
191194

192195
---
193-
spring.config.activate.on-profile: attls
196+
spring.config.activate.on-profile: attlsServer
194197

195198
server:
196199
attls:
@@ -202,3 +205,10 @@ eureka:
202205
instance:
203206
nonSecurePortEnabled: true
204207
securePortEnabled: false
208+
209+
---
210+
spring.config.activate.on-profile: attlsClient
211+
212+
apiml:
213+
discovery:
214+
allPeersUrls: http://${apiml.service.hostname}:${apiml.service.port}/eureka/

0 commit comments

Comments
 (0)