From 2f06f6ee64eddd6fc447cd3f55157507651b833a Mon Sep 17 00:00:00 2001 From: Elena Kubantseva Date: Mon, 22 Dec 2025 18:23:19 +0100 Subject: [PATCH 1/7] Fix schemas validation in APIML components Signed-off-by: Elena Kubantseva --- api-catalog-package/build.gradle | 6 +- .../resources/schemas/api-catalog-config.json | 85 +++ .../main/resources/schemas/zowe-schema.json | 23 + apiml-common-lib-package/build.gradle | 1 - apiml-package/build.gradle | 6 +- .../main/resources/schemas/apiml-config.json | 72 ++ .../main/resources/schemas/zowe-schema.json | 23 + apiml-sample-extension-package/build.gradle | 5 +- .../main/resources/schemas/zowe-schema.json | 22 + caching-service-package/build.gradle | 6 +- .../schemas/caching-service-config.json | 148 ++++ .../main/resources/schemas/zowe-schema.json | 23 + discovery-package/build.gradle | 6 +- .../resources/schemas/discovery-config.json | 48 ++ .../main/resources/schemas/zowe-schema.json | 23 + gateway-package/build.gradle | 6 +- .../resources/schemas/gateway-config.json | 670 +++++++++++++++++ .../main/resources/schemas/zowe-schema.json | 23 + schemas/apiml-common-lib-schema.json | 22 - schemas/apiml-sample-extension-schema.json | 22 - schemas/apiml-schema.json | 91 --- schemas/caching-schema.json | 167 ----- schemas/catalog-schema.json | 104 --- schemas/discovery-schema.json | 67 -- schemas/gateway-schema.json | 689 ------------------ schemas/zaas-schema.json | 246 ------- zaas-package/build.gradle | 6 +- .../main/resources/schemas/zaas-config.json | 227 ++++++ .../main/resources/schemas/zowe-schema.json | 23 + 29 files changed, 1444 insertions(+), 1416 deletions(-) create mode 100644 api-catalog-package/src/main/resources/schemas/api-catalog-config.json create mode 100644 api-catalog-package/src/main/resources/schemas/zowe-schema.json create mode 100644 apiml-package/src/main/resources/schemas/apiml-config.json create mode 100644 apiml-package/src/main/resources/schemas/zowe-schema.json create mode 100644 apiml-sample-extension-package/src/main/resources/schemas/zowe-schema.json create mode 100644 caching-service-package/src/main/resources/schemas/caching-service-config.json create mode 100644 caching-service-package/src/main/resources/schemas/zowe-schema.json create mode 100644 discovery-package/src/main/resources/schemas/discovery-config.json create mode 100644 discovery-package/src/main/resources/schemas/zowe-schema.json create mode 100644 gateway-package/src/main/resources/schemas/gateway-config.json create mode 100644 gateway-package/src/main/resources/schemas/zowe-schema.json delete mode 100644 schemas/apiml-common-lib-schema.json delete mode 100644 schemas/apiml-sample-extension-schema.json delete mode 100644 schemas/apiml-schema.json delete mode 100644 schemas/caching-schema.json delete mode 100644 schemas/catalog-schema.json delete mode 100644 schemas/discovery-schema.json delete mode 100644 schemas/gateway-schema.json delete mode 100644 schemas/zaas-schema.json create mode 100644 zaas-package/src/main/resources/schemas/zaas-config.json create mode 100644 zaas-package/src/main/resources/schemas/zowe-schema.json diff --git a/api-catalog-package/build.gradle b/api-catalog-package/build.gradle index 6588d5aea0..2072b044aa 100644 --- a/api-catalog-package/build.gradle +++ b/api-catalog-package/build.gradle @@ -20,7 +20,6 @@ task packageApiCatalog(type: Zip) { into('/') { from "$buildDir/convert/manifest.yaml" from "$resourceDir/pluginDefinition.json" - from "../schemas/catalog-schema.json" } into('plugin/') { @@ -31,6 +30,11 @@ task packageApiCatalog(type: Zip) { from "$resourceDir/plugin/web/assets/api-catalog.png" } + into('schemas/') { + from "$resourceDir/schemas/api-catalog-config.json" + from "$resourceDir/schemas/zowe-schema.json" + } + into('bin/') { from configurations.catalogServiceJar from "$resourceDir/bin/start.sh" diff --git a/api-catalog-package/src/main/resources/schemas/api-catalog-config.json b/api-catalog-package/src/main/resources/schemas/api-catalog-config.json new file mode 100644 index 0000000000..3768db1c99 --- /dev/null +++ b/api-catalog-package/src/main/resources/schemas/api-catalog-config.json @@ -0,0 +1,85 @@ +{ + "$schema": "https://json-schema.org/draft/2019-09/schema", + "$id": "https://zowe.org/schemas/v2/api-catalog-config", + "title": "api-catalog configuration", + "description": "Configuration properties for api-catalog, as specified within a configuration file such as zowe.yaml", + "type": "object", + "properties": { + "port": { + "$ref": "#/$defs/port", + "default": 7554 + }, + "apiml": { + "type": "object", + "description": "Zowe API ML specific properties", + "properties": { + "catalog": { + "type": "object", + "description": "API Catalog customization", + "properties": { + "customStyle": { + "type": "object", + "description": "", + "properties": { + "logo": { + "type": "string", + "description": "Location of API Catalog logo" + }, + "titlesColor": { + "type": "string", + "description": "Color of the Catalog title labels" + }, + "fontFamily": { + "type": "string", + "description": "Font family used for the UI" + }, + "headerColor": { + "type": "string", + "description": "Header color" + }, + "backgroundColor": { + "type": "string", + "description": "Background color for dashboard and detail page" + }, + "textColor": { + "type": "string", + "description": "Color used for the UI paragraph texts (i.e. service description)" + }, + "docLink": { + "type": "string", + "description": "Custom link that would be displayed in the top right side of the header" + } + } + } + } + } + } + }, + "debug": { + "type": "boolean", + "description": "Enable debug logs in API Catalog" + }, + "heap": { + "type": "object", + "description": "Configure JVM parameters for heap size", + "properties": { + "init": { + "type": "integer", + "description": "Initial heap size in MB." + }, + "max": { + "type": "integer", + "description": "Maximum heap size in MB." + } + } + } + }, + "$defs": { + "port": { + "type": "integer", + "description": "TCP network port", + "minimum": 1024, + "maximum": 65535 + } + } +} diff --git a/api-catalog-package/src/main/resources/schemas/zowe-schema.json b/api-catalog-package/src/main/resources/schemas/zowe-schema.json new file mode 100644 index 0000000000..b69bdaa6f3 --- /dev/null +++ b/api-catalog-package/src/main/resources/schemas/zowe-schema.json @@ -0,0 +1,23 @@ +{ + "$schema": "https://json-schema.org/draft/2019-09/schema", + "$id": "https://zowe.org/schemas/v2/api-catalog", + "allOf": [ + { "$ref": "/schemas/v2/server-base" }, + { "type": "object", + "properties": { + "components": { + "type": "object", + "additionalProperties": true, + "properties": { + "api-catalog": { + "allOf": [ + { "$ref": "/schemas/v2/server-base#zoweComponent" }, + { "$ref": "/schemas/v2/api-catalog-config" } + ] + } + } + } + } + } + ] +} diff --git a/apiml-common-lib-package/build.gradle b/apiml-common-lib-package/build.gradle index e7d6c737ae..7976fda4e8 100644 --- a/apiml-common-lib-package/build.gradle +++ b/apiml-common-lib-package/build.gradle @@ -24,7 +24,6 @@ task packageCommonLib(type: Zip) { into('/') { from "$buildDir/convert/manifest.yaml" - from "../schemas/apiml-common-lib-schema.json" } into('bin/') { diff --git a/apiml-package/build.gradle b/apiml-package/build.gradle index 7d815fb066..035665e965 100644 --- a/apiml-package/build.gradle +++ b/apiml-package/build.gradle @@ -20,7 +20,11 @@ task packageApiml(type: Zip) { into('/') { from "$resourceDir/zosmf-static-definition.yaml.template" from "$buildDir/convert/manifest.yaml" - from "../schemas/apiml-schema.json" + } + + into('schemas/') { + from "$resourceDir/schemas/apiml-config.json" + from "$resourceDir/schemas/zowe-schema.json" } into('bin/') { diff --git a/apiml-package/src/main/resources/schemas/apiml-config.json b/apiml-package/src/main/resources/schemas/apiml-config.json new file mode 100644 index 0000000000..8932da8565 --- /dev/null +++ b/apiml-package/src/main/resources/schemas/apiml-config.json @@ -0,0 +1,72 @@ +{ + "$schema": "https://json-schema.org/draft/2019-09/schema", + "$id": "https://zowe.org/schemas/v2/apiml-config", + "title": "apiml configuration", + "description": "Configuration properties for apiml, as specified within a configuration file such as zowe.yaml", + "type": "object", + "properties": { + "port": { + "$ref": "#/$defs/port", + "default": 7554 + }, + "debug": { + "type": "boolean", + "description": "Enable debug logs in API ML service" + }, + "heap": { + "type": "object", + "description": "Configure JVM parameters for heap size", + "properties": { + "init": { + "type": "integer", + "description": "Initial heap size in MB." + }, + "max": { + "type": "integer", + "description": "Maximum heap size in MB." + } + } + }, + "server": { + "type": "object", + "description": "Configure API ML server properties.", + "properties": { + "ssl": { + "type": "object", + "description": "Network encryption for API ML service connections.", + "properties": { + "enabled": { + "type": "boolean", + "description": "Should API ML use encrypted communication?", + "default": true + } + } + } + } + }, + "spring": { + "type": "object", + "description": "Application framework parameters", + "properties": { + "profiles": { + "type": "object", + "description": "Profiles that can hold multiple configuration parameters.", + "properties": { + "active": { + "type": "string", + "description": "List of the active configuration profiles." + } + } + } + } + } + }, + "$defs": { + "port": { + "type": "integer", + "description": "TCP network port", + "minimum": 1024, + "maximum": 65535 + } + } +} diff --git a/apiml-package/src/main/resources/schemas/zowe-schema.json b/apiml-package/src/main/resources/schemas/zowe-schema.json new file mode 100644 index 0000000000..86498d4b65 --- /dev/null +++ b/apiml-package/src/main/resources/schemas/zowe-schema.json @@ -0,0 +1,23 @@ +{ + "$schema": "https://json-schema.org/draft/2019-09/schema", + "$id": "https://zowe.org/schemas/v2/apiml", + "allOf": [ + { "$ref": "/schemas/v2/server-base" }, + { "type": "object", + "properties": { + "components": { + "type": "object", + "additionalProperties": true, + "properties": { + "apiml": { + "allOf": [ + { "$ref": "/schemas/v2/server-base#zoweComponent" }, + { "$ref": "/schemas/v2/apiml-config" } + ] + } + } + } + } + } + ] +} diff --git a/apiml-sample-extension-package/build.gradle b/apiml-sample-extension-package/build.gradle index 5ecfcd7b56..02d231ddc7 100644 --- a/apiml-sample-extension-package/build.gradle +++ b/apiml-sample-extension-package/build.gradle @@ -28,7 +28,10 @@ task packageSampleExtension(type: Zip) { into('/') { from "$buildDir/convert/manifest.yaml" - from "../schemas/apiml-sample-extension-schema.json" + } + + into('schemas/') { + from "$resourceDir/schemas/zowe-schema.json" } into('bin/') { diff --git a/apiml-sample-extension-package/src/main/resources/schemas/zowe-schema.json b/apiml-sample-extension-package/src/main/resources/schemas/zowe-schema.json new file mode 100644 index 0000000000..427aeeeb63 --- /dev/null +++ b/apiml-sample-extension-package/src/main/resources/schemas/zowe-schema.json @@ -0,0 +1,22 @@ +{ + "$schema": "https://json-schema.org/draft/2019-09/schema", + "$id": "https://zowe.org/schemas/v2/apiml-sample-extension", + "allOf": [ + { "$ref": "/schemas/v2/server-base" }, + { "type": "object", + "properties": { + "components": { + "type": "object", + "additionalProperties": true, + "properties": { + "apiml-sample-extension": { + "allOf": [ + { "$ref": "/schemas/v2/server-base#zoweComponent" } + ] + } + } + } + } + } + ] +} diff --git a/caching-service-package/build.gradle b/caching-service-package/build.gradle index 90e4db2841..e9b53faef0 100644 --- a/caching-service-package/build.gradle +++ b/caching-service-package/build.gradle @@ -19,7 +19,11 @@ task packageCachingService(type: Zip) { into('/') { from "$buildDir/convert/manifest.yaml" - from "../schemas/caching-schema.json" + } + + into('schemas/') { + from "$resourceDir/schemas/caching-service-config.json" + from "$resourceDir/schemas/zowe-schema.json" } into('bin/') { diff --git a/caching-service-package/src/main/resources/schemas/caching-service-config.json b/caching-service-package/src/main/resources/schemas/caching-service-config.json new file mode 100644 index 0000000000..61a1ad9713 --- /dev/null +++ b/caching-service-package/src/main/resources/schemas/caching-service-config.json @@ -0,0 +1,148 @@ +{ + "$schema": "https://json-schema.org/draft/2019-09/schema", + "$id": "https://zowe.org/schemas/v2/caching-service-config", + "title": "caching-service configuration", + "description": "Configuration properties for caching-service, as specified within a configuration file such as zowe.yaml", + "type": "object", + "properties": { + "port": { + "$ref": "#/$defs/port", + "default": 7555 + }, + "debug": { + "type": "boolean", + "description": "Enable debug logs in discovery service" + }, + "heap": { + "type": "object", + "description": "Configure JVM parameters for heap size", + "properties": { + "init": { + "type": "integer", + "description": "Initial heap size in MB." + }, + "max": { + "type": "integer", + "description": "Maximum heap size in MB." + } + } + }, + "storage": { + "evictionStrategy": { + "type": "string", + "description": "Strategy for caching entries eviction.", + "default": "reject" + }, + "mode": { + "type": "string", + "description": "Type of storge in caching service.", + "enum": ["inMemory","VSAM","redis","infinispan"], + "default": "inMemory" + }, + "size": { + "type": "integer", + "description": "the number of records stored before the eviction strategy is initiated", + "default": 10000 + }, + "infinispan":{ + "type": "object", + "description": "Use Infinispan as the selected storage solution", + "properties": { + "jgroups": { + "type": "object", + "description": "Data synchronization between Caching instances.", + "properties": { + "port": { + "type": "integer", + "description": "TCP port number", + "default": 7600 + }, + "host": { + "type": "string", + "description": "TCP hostname" + }, + "keyExchange": { + "type": "object", + "description": "Data encryption key exchange.", + "properties": { + "port": { + "type": "integer", + "description": "TCP port number", + "default": 7601 + } + } + }, + "tcp": { + "type": "object", + "description": "TCP stack", + "properties": { + "diag": { + "type": "object", + "description": "Cluster diagnostics", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable diagnostics of infinispan cluster" + } + } + } + } + } + } + }, + "persistence": { + "type": "object", + "description": "Where to persistently store caching data.", + "properties": { + "dataLocation": { + "type": "string", + "description": "File location where to store data." + }, + "indexLocation": { + "type": "string", + "description": "File location where to store index." + } + } + }, + "initialHosts": { + "type": "string", + "description": "Address of the other Caching services. Consists of jgroups port and host in the form of 'host[port]'." + } + } + }, + "vsam": { + "type": "object", + "description": "When storage is selected as VSAM", + "properties": { + "name": { + "type": "string", + "description": "The ZFile filename of created VSAM." + }, + "keyLength": { + "type": "integer", + "description": "The VsamKey length", + "default": 32 + }, + "recordLength": { + "type": "integer", + "description": "The record length.", + "default": 512 + }, + "encoding": { + "type": "string", + "description": "The character encoding.", + "default": "IBM-1047" + } + } + } + } + }, + "$defs": { + "port": { + "type": "integer", + "description": "TCP network port", + "minimum": 1024, + "maximum": 65535 + } + } +} diff --git a/caching-service-package/src/main/resources/schemas/zowe-schema.json b/caching-service-package/src/main/resources/schemas/zowe-schema.json new file mode 100644 index 0000000000..a0c4501bef --- /dev/null +++ b/caching-service-package/src/main/resources/schemas/zowe-schema.json @@ -0,0 +1,23 @@ +{ + "$schema": "https://json-schema.org/draft/2019-09/schema", + "$id": "https://zowe.org/schemas/v2/caching-service", + "allOf": [ + { "$ref": "/schemas/v2/server-base" }, + { "type": "object", + "properties": { + "components": { + "type": "object", + "additionalProperties": true, + "properties": { + "caching-service": { + "allOf": [ + { "$ref": "/schemas/v2/server-base#zoweComponent" }, + { "$ref": "/schemas/v2/caching-service-config" } + ] + } + } + } + } + } + ] +} diff --git a/discovery-package/build.gradle b/discovery-package/build.gradle index 10571ebf6c..3718dd12d7 100644 --- a/discovery-package/build.gradle +++ b/discovery-package/build.gradle @@ -19,7 +19,11 @@ task packageDiscovery(type: Zip) { into('/') { from "$buildDir/convert/manifest.yaml", "$resourceDir/zosmf-static-definition.yaml.template" - from "../schemas/discovery-schema.json" + } + + into('schemas/') { + from "$resourceDir/schemas/discovery-config.json" + from "$resourceDir/schemas/zowe-schema.json" } into('bin/') { diff --git a/discovery-package/src/main/resources/schemas/discovery-config.json b/discovery-package/src/main/resources/schemas/discovery-config.json new file mode 100644 index 0000000000..005c6821a8 --- /dev/null +++ b/discovery-package/src/main/resources/schemas/discovery-config.json @@ -0,0 +1,48 @@ +{ + "$schema": "https://json-schema.org/draft/2019-09/schema", + "$id": "https://zowe.org/schemas/v2/discovery-config", + "title": "discovery configuration", + "description": "Configuration properties for discovery, as specified within a configuration file such as zowe.yaml", + "type": "object", + "properties": { + "apiml": { + "type": "object", + "properties": { + "serviceIdPrefixReplacer": { + "type": "string", + "description": "A comma separated tuple to replace service ID with new one in API ML registry." + } + } + }, + "port": { + "$ref": "#/$defs/port", + "default": 7552 + }, + "debug": { + "type": "boolean", + "description": "Enable debug logs in discovery service" + }, + "heap": { + "type": "object", + "description": "Configure JVM parameters for heap size", + "properties": { + "init": { + "type": "integer", + "description": "Initial heap size in MB." + }, + "max": { + "type": "integer", + "description": "Maximum heap size in MB." + } + } + } + }, + "$defs": { + "port": { + "type": "integer", + "description": "TCP network port", + "minimum": 1024, + "maximum": 65535 + } + } +} diff --git a/discovery-package/src/main/resources/schemas/zowe-schema.json b/discovery-package/src/main/resources/schemas/zowe-schema.json new file mode 100644 index 0000000000..4a2e43dafb --- /dev/null +++ b/discovery-package/src/main/resources/schemas/zowe-schema.json @@ -0,0 +1,23 @@ +{ + "$schema": "https://json-schema.org/draft/2019-09/schema", + "$id": "https://zowe.org/schemas/v2/discovery", + "allOf": [ + { "$ref": "/schemas/v2/server-base" }, + { "type": "object", + "properties": { + "components": { + "type": "object", + "additionalProperties": true, + "properties": { + "discovery": { + "allOf": [ + { "$ref": "/schemas/v2/server-base#zoweComponent" }, + { "$ref": "/schemas/v2/discovery-config" } + ] + } + } + } + } + } + ] +} diff --git a/gateway-package/build.gradle b/gateway-package/build.gradle index ed92af999e..26f2fb7047 100644 --- a/gateway-package/build.gradle +++ b/gateway-package/build.gradle @@ -19,7 +19,11 @@ task packageApiGateway(type: Zip) { into('/') { from "$buildDir/convert/manifest.yaml" - from "../schemas/gateway-schema.json" + } + + into('schemas/') { + from "$resourceDir/schemas/gateway-config.json" + from "$resourceDir/schemas/zowe-schema.json" } into('bin/') { diff --git a/gateway-package/src/main/resources/schemas/gateway-config.json b/gateway-package/src/main/resources/schemas/gateway-config.json new file mode 100644 index 0000000000..8a89658c84 --- /dev/null +++ b/gateway-package/src/main/resources/schemas/gateway-config.json @@ -0,0 +1,670 @@ +{ + "$schema": "https://json-schema.org/draft/2019-09/schema", + "$id": "https://zowe.org/schemas/v2/gateway-config", + "title": "gateway configuration", + "description": "Configuration properties for gateway, as specified within a configuration file such as zowe.yaml", + "type": "object", + "properties": { + "port": { + "$ref": "#/$defs/port", + "default": 7553 + }, + "debug": { + "type": "boolean", + "description": "Enable debug logs in gateway service", + "default": false + }, + "sslDebug": { + "type": "string", + "description": "Configure attributes fro SSL config, see java property javax.net.debug." + }, + "heap": { + "type": "object", + "description": "Configure JVM parameters for heap size", + "properties": { + "init": { + "type": "integer", + "description": "Initial heap size in MB.", + "default": 32 + }, + "max": { + "type": "integer", + "description": "Maximum heap size in MB.", + "max": 512 + } + } + }, + "apimlId": { + "type": "string", + "pattern": "^[a-z0-9]{1,64}$", + "description": "Specifies identifier of the domain gateway for routing purpose in the central Gateway." + }, + "certificate": { + "type": "object", + "description": "Network encryption for gateway service connections.", + "properties": { + "enabled": { + "type": "boolean", + "description": "Should gateway use encrypted communication?", + "default": true + }, + "keystore": { + "type": "object", + "properties": { + "alias": { + "type": "string", + "description": "Specifies the alias used to address the private key in the keystore." + }, + "key": { + "type": "object", + "properties": { + "password": { + "type": "string", + "description": "Specifies the password associated with the private key." + } + } + }, + "file": { + "type": "string", + "description": "Specifies the keystore file used to store the private key. When using keyring, the value should be set to the SAF keyring location. For information about required certificates." + }, + "password": { + "type": "string", + "description": "Specifies the password used to unlock the keystore." + }, + "type": { + "type": "string", + "pattern": "^((PKCS12)|(JCE.*RACFKS))$", + "description": "Specifies the type of the keystore.", + "default": "PKCS12" + } + }, + "allOf": [ + { + "if": { + "properties": { + "type": { + "pattern": "^JCE.*RACFKS$" + } + } + }, + "then": { + "properties": { + "file": { + "pattern": "^safkeyring[^:]*://" + } + } + } + } + ] + }, + "truststore": { + "type": "object", + "properties": { + "file": { + "type": "string", + "description": "Specifies the truststore file used to keep other parties public keys and certificates. When using keyring, this value should be set to the SAF keyring location. For information about required certificates." + }, + "password": { + "type": "string", + "description": "Specifies the password used to unlock the truststore." + }, + "type": { + "type": "string", + "pattern": "^((PKCS12)|(JCE.*RACFKS))$", + "description": "Specifies the truststore type. The default for this parameter is PKCS12.", + "default": "PKCS12" + } + }, + "allOf": [ + { + "if": { + "properties": { + "type": { + "pattern": "^JCE.*RACFKS$" + } + } + }, + "then": { + "properties": { + "file": { + "pattern": "^safkeyring[^:]*://" + } + } + } + } + ] + } + } + }, + "apiml": { + "type": "object", + "description": "Zowe API ML specific properties.", + "properties": { + "connection": { + "type": "object", + "properties": { + "idleConnectionTimeoutSeconds" : { + "type": "integer", + "description": "Specifies a timeout limit for idle client connections, in seconds.", + "default": 5 + }, + "timeout": { + "type": "integer", + "description": "Specifies a timeout limit for a connection, in milliseconds.", + "default": 60000 + }, + "timeToLive": { + "type": "integer", + "description": "Specifies a timeout limit how long to keep open connection to be reused, in milliseconds.", + "default": 60000 + } + } + }, + "gateway": { + "type": "object", + "properties": { + "routing": { + "properties": { + "rateLimiterCapacity":{ + "type": "integer", + "description": "Defines the total number of requests that can be allowed at one time.", + "default": 20 + }, + "rateLimiterTokens":{ + "type": "integer", + "description": "Defines the number of requests that are added to the service’s allowance at regular intervals.", + "default": 20 + }, + "rateLimiterRefillDuration":{ + "type": "integer", + "description": "Sets the time interval (in minutes) at which new requests (or tokens) are added.", + "default": 1 + }, + "servicesToLimitRequestRate":{ + "type": "array", + "description": "Array of services which the rate limiter will be applied to.", + "items": { + "type": "string", + "description": "The name of the service." + } + }, + "servicesToDisableRetry":{ + "type": "array", + "description": "Array of services which the retry filter will be disabled for.", + "items": { + "type": "string", + "description": "The name of the service." + } + } + } + }, + "registry": { + "type": "object", + "description": "Gateway configuration of a service registry endpoint.", + "properties": { + "cachePeriodSec": { + "type": "integer", + "description": "Specifies time in seconds to expired of cached data about /registry endpoint.", + "default": 120 + }, + "enabled": { + "type": "boolean", + "description": "Specifies whether the /registry endpoint is enabled.", + "default": false + }, + "maxSimultaneousRequests": { + "type": "integer", + "description": "Specifies amount of parallel connection to obtain information from other APIML instances about services to construct response of /registry endpoint.", + "default": 20 + }, + "metadataKeyAllowList": { + "type": "string", + "description": "Specifies what custom metadata are displayed in the /registry endpoint.", + "pattern": "^[^,]+(,[^,]+)*$" + }, + "refreshIntervalMs": { + "type": "integer", + "description": "Specifies time period in milliseconds for how often to update data in /registry endpoint.", + "default": 30000 + } + } + } + } + }, + "health": { + "type": "object", + "properties": { + "protected": { + "type": "boolean", + "description": "Specifies if the /application/health endpoint is protected or accessible without any credentials.", + "default": true + } + } + }, + "security": { + "type": "object", + "description": "Security configuration of the Gateway", + "properties": { + "auth": { + "type": "object", + "description": "Detail configuration of authentication schemes.", + "properties": { + "jwt": { + "type": "object", + "description": "Detail configuration of zoweJwt scheme.", + "properties": { + "customAuthHeader": { + "type": "string", + "description": "Additional header to set JWT token in case of zoweJwt scheme." + } + } + }, + "passticket": { + "type": "object", + "description": "Detail configuration of httpBasicPassTicket scheme.", + "properties": { + "customAuthHeader": { + "type": "string", + "description": "Additional header to set passticket in case of httpBasicPassTicket scheme." + }, + "customUserHeader": { + "type": "string", + "description": "Additional header to set userId in case of httpBasicPassTicket scheme." + } + } + }, + "uniqueCookie": { + "type": "boolean", + "default": false + } + } + }, + "authorization": { + "type": "object", + "description": "Authorization configuration.", + "properties": { + "endpoint": { + "type": "object", + "description": "Configuration of SAF resource to check authorization via HTTP call.", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable provider based on endpoint. to verify SAF authorization.", + "default": false + }, + "url": { + "type": "string", + "format": "uri", + "pattern": "^(https?)://", + "description": "URL of endpoint to verify SAF resource. Ie. https://<zss hostname>:<zss port>/saf-auth" + } + }, + "allOf": [ + { + "if": { + "properties": { + "enabled": { + "const": true + } + } + }, + "then": { + "required": [ + "url" + ] + } + } + ] + }, + "provider": { + "type": "string", + "enum": ["endpoint", "native", "dummy"], + "description": "Specifies security provider to be used by the Gateway." + } + }, + "allOf": [ + { + "if": { + "properties": { + "provider": { + "const": "endpoint" + } + } + }, + "then": { + "required": [ + "endpoint" + ] + } + } + ] + }, + "x509": { + "type": "object", + "description": "Client certificate configuration.", + "properties": { + "acceptForwardedCert": { + "type": "boolean", + "description": "To enable accepting client certificate from request header. It is used in domain APIML to accept forwarded client certificate by the caller.", + "default": false + }, + "certificatesUrl": { + "type": "string", + "format": "uri", + "pattern": "^(https?)://", + "description": "URL of the trusted caller to obtain used certificate. Request signed by this certificate are authorized to accept client certificate provided in the header." + }, + "enabled": { + "type": "boolean", + "default": false, + "description": "To enable accepting client certificate in the Gateway." + }, + "registry": { + "type": "object", + "description": "Security configuration of /registry endpoint.", + "properties": { + "allowedUsers": { + "type": "string", + "pattern": "^[*]?|([a-zA-Z0-9]+(,[a-zA-Z0-9]+)*)$", + "description": "Specifies the comma-separated list of users that are permitted to use /registry endpoints. The user is obtained from the common name in the provided client certificate." + } + } + } + }, + "allOf": [ + { + "if": { + "properties": { + "acceptForwardedCert": { + "const": true + } + } + }, + "then": { + "required": [ + "certificatesUrl" + ] + } + } + ] + }, + "oidc": { + "type": "object", + "description": "OIDC configuration.", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable authentication with OIDC token.", + "default": false + }, + "registry": { + "type": "string", + "description": "Registry name." + }, + "jwks": { + "type": "object", + "description": "JWKS configuration", + "properties": { + "uri": { + "type": "string", + "description": "JWK set URL for OIDC token validation." + }, + "refreshInternalHours": { + "type": "integer", + "description": "How often are JWKs renewed.", + "default": 1 + } + } + }, + "userInfo": { + "type": "object", + "description": "OIDC user info endpoint configuration", + "properties": { + "uri": { + "type": "string", + "description": "OIDC user info endpoint URL." + } + } + }, + "validationType": { + "type": "string", + "description": "How OIDC token is validated.", + "enum": ["JWK","endpoint"], + "default": "JWK" + } + } + }, + "allowtokenrefresh": { + "type": "boolean", + "description": "Allow JWT to refresh.", + "default": false + } + } + }, + "service": { + "type": "object", + "description": "General configuration of the Gateway.", + "properties": { + "additionalRegistration": { + "type": "object", + "description": "List of additional Discovery Services URLs to register with and the routing patterns.", + "patternProperties": { + "^[0-9]+$": { + "type": "object", + "properties": { + "discoveryServiceUrls": { + "type": "string", + "description": "List of Discovery Services URLs in one security domain. You can separate multiple urls by comma or semicolon." + }, + "routes": { + "$ref": "#/$defs/routes" + } + }, + "required": ["discoveryServiceUrls","routes"] + } + } + }, + "allowEncodedSlashes": { + "type": "boolean", + "description": "When this parameter is set to true, the Gateway allows encoded characters to be part of URL requests redirected through the Gateway.", + "default": true + }, + "corsEnabled": { + "type": "boolean", + "description": "Allow CORS on gateway.", + "default": false + }, + "forwardClientCertEnabled": { + "type": "boolean", + "description": "Enable forwarding client certificate to the next service or APIML.", + "default": false + } + } + } + } + }, + "server": { + "type": "object", + "description": "Configure gateway server properties.", + "properties": { + "maxConnectionsPerRoute": { + "type": "integer", + "description": "How many connection should exists for single HTTP client?", + "default": 100 + }, + "maxTotalConnections": { + "type": "integer", + "description": "How many connection should exists in total?", + "default": 1000 + }, + "webSocket": { + "type": "object", + "description": "Customize websocket server parameters", + "properties": { + "maxIdleTimeout": { + "type": "integer", + "description": "The gateway acts as a server and client. This parameters customizes the default idle timeout for its client role.", + "default": 3600000 + }, + "connectTimeout": { + "type": "integer", + "description": "The gateway acts as a server and client. This parameters customizes the default connect timeout for its client role.", + "default": 45000 + }, + "asyncWriteTimeout": { + "type": "integer", + "description": "The gateway acts as a server and client. This parameters customizes the default async write timeout for its client role.", + "default": 60000 + }, + "requestBufferSize": { + "type": "integer", + "description": "Specifies the buffer size in bytes to load request headers.", + "default": 8192 + } + } + }, + "ssl": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "To enable SSL/tls layer.", + "default": true + } + } + } + } + }, + "spring": { + "type": "object", + "description": "Application framework parameters", + "properties": { + "profiles": { + "type": "object", + "description": "Profiles that can hold multiple configuration parameters.", + "properties": { + "active": { + "type": "string", + "description": "List of the active configuration profiles.", + "pattern": "^[a-zA-Z0-9]+(,[a-zA-Z0-9]+)*$" + } + } + }, + "security": { + "type": "object", + "description": "Security configuration.", + "properties": { + "oauth2": { + "type": "object", + "description": "OAuth2 configuration values.", + "properties": { + "client": { + "type": "object", + "description": "Configuration of OAuth2 communication.", + "properties": { + "registration": { + "type": "object", + "description": "Provider specific values.", + "patternProperties": { + "^.+$": { + "clientId": { + "type": "string", + "description": "The client identifier." + }, + "clientSecret":{ + "type": "string", + "description": "The client secret." + }, + "redirectUri": { + "type": "string", + "description": "The client’s registered redirect URI that the Authorization Server redirects the end-user’s user-agent to after the end-user has authenticated and authorized access to the client." + }, + "scope": { + "type": "array", + "description": "The scope(s) requested by the client during the Authorization Request flow, such as openid, email, or profile.", + "items": { + "type": "string", + "description": "The scope identifier." + } + } + } + } + }, + "provider": { + "type": "object", + "description": "Provider specific values.", + "patternProperties": { + "^.+$": { + "authorizationUri": { + "type": "string", + "format": "uri", + "pattern": "^(https?)://", + "description": "The Authorization Endpoint URI for the Authorization Server." + }, + "tokenUri": { + "type": "string", + "format": "uri", + "pattern": "^(https?)://", + "description": "The Token Endpoint URI for the Authorization Server." + }, + "userInfoUri": { + "type": "string", + "format": "uri", + "pattern": "^(https?)://", + "description": "The URL of endpoint to obtain details about user by provided token." + }, + "userNameAttribute": { + "type": "string", + "description": "The name of the attribute returned in the UserInfo Response that references the Name or Identifier of the end-user." + }, + "jwkSetUri": { + "type": "string", + "format": "uri", + "pattern": "^(https?)://", + "description": "The URI used to retrieve the JSON Web Key (JWK) Set from the Authorization Server, which contains the cryptographic key(s) used to verify the JSON Web Signature (JWS) of the ID Token and optionally the UserInfo Response." + } + } + } + } + } + } + } + } + } + } + } + } + }, + "$defs": { + "port": { + "type": "integer", + "description": "TCP network port", + "minimum": 1024, + "maximum": 65535 + }, + "routes": { + "type": "array", + "description": "Routing parameters", + "items": { + "type": "object", + "properties": { + "gatewayUrl": { + "type": "string", + "description": "The portion of the gateway URL which is replaced by the serviceUrl path." + }, + "serviceUrl": { + "type": "string", + "description": "The portion of the service instance URL path which replaces the gatewayUrl part." + } + }, + "required": ["gatewayUrl","serviceUrl"] + } + }, + "tlsType": { + "type": "string", + "description": "List of supported SSL/TLS protocols", + "enum": ["TLSv1.1", "TLSv1.2", "TLSv1.3", "TLSv1.4"] + } + } +} diff --git a/gateway-package/src/main/resources/schemas/zowe-schema.json b/gateway-package/src/main/resources/schemas/zowe-schema.json new file mode 100644 index 0000000000..e071e1d1d4 --- /dev/null +++ b/gateway-package/src/main/resources/schemas/zowe-schema.json @@ -0,0 +1,23 @@ +{ + "$schema": "https://json-schema.org/draft/2019-09/schema", + "$id": "https://zowe.org/schemas/v2/gateway", + "allOf": [ + { "$ref": "/schemas/v2/server-base" }, + { "type": "object", + "properties": { + "components": { + "type": "object", + "additionalProperties": true, + "properties": { + "gateway": { + "allOf": [ + { "$ref": "/schemas/v2/server-base#zoweComponent" }, + { "$ref": "/schemas/v2/gateway-config" } + ] + } + } + } + } + } + ] +} diff --git a/schemas/apiml-common-lib-schema.json b/schemas/apiml-common-lib-schema.json deleted file mode 100644 index 89907ab6a9..0000000000 --- a/schemas/apiml-common-lib-schema.json +++ /dev/null @@ -1,22 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft/2019-09/schema", - "$id": "https://zowe.org/schemas/v2/apiml-common-lib", - "allOf": [ - { "$ref": "https://zowe.org/schemas/v2/server-base" }, - { - "type": "object", - "properties": { - "components": { - "type": "object", - "additionalProperties": true, - "properties": { - "apiml-common-lib": { - "$ref": "https://zowe.org/schemas/v2/server-base#zoweComponent" - } - } - } - } - } - ] -} - diff --git a/schemas/apiml-sample-extension-schema.json b/schemas/apiml-sample-extension-schema.json deleted file mode 100644 index 8a35bc7869..0000000000 --- a/schemas/apiml-sample-extension-schema.json +++ /dev/null @@ -1,22 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft/2019-09/schema", - "$id": "https://zowe.org/schemas/v2/apiml-sample-extension", - "allOf": [ - { "$ref": "https://zowe.org/schemas/v2/server-base" }, - { - "type": "object", - "properties": { - "components": { - "type": "object", - "additionalProperties": true, - "properties": { - "apiml-sample-extension": { - "$ref": "https://zowe.org/schemas/v2/server-base#zoweComponent" - } - } - } - } - } - ] -} - diff --git a/schemas/apiml-schema.json b/schemas/apiml-schema.json deleted file mode 100644 index b196daf2cb..0000000000 --- a/schemas/apiml-schema.json +++ /dev/null @@ -1,91 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft/2019-09/schema", - "$id": "https://zowe.org/schema/apiml-config", - "allOf": [ - { "$ref": "https://zowe.org/schemas/v2/server-base" }, - { - "type": "object", - "properties": { - "components": { - "type": "object", - "additionalProperties": true, - "properties": { - "apiml": { - "allOf": [ - {"$ref": "https://zowe.org/schemas/v2/server-base#zoweComponent"}, - { - "type": "object", - "properties": { - "port": { - "$ref": "#/$defs/port", - "default": 7554 - }, - "debug": { - "type": "boolean", - "description": "Enable debug logs in API ML service" - }, - "heap": { - "type": "object", - "description": "Configure JVM parameters for heap size", - "properties": { - "init": { - "type": "integer", - "description": "Initial heap size in MB." - }, - "max": { - "type": "integer", - "description": "Maximum heap size in MB." - } - } - }, - "server": { - "type": "object", - "description": "Configure API ML server properties.", - "properties": { - "ssl": { - "type": "object", - "description": "Network encryption for API ML service connections.", - "properties": { - "enabled": { - "type": "boolean", - "description": "Should API ML use encrypted communication?", - "default": true - } - } - } - } - }, - "spring": { - "type": "object", - "description": "Application framework parameters", - "properties": { - "profiles": { - "type": "object", - "description": "Profiles that can hold multiple configuration parameters.", - "properties": { - "active": { - "type": "string", - "description": "List of the active configuration profiles." - } - } - } - } - } - } - } - ] - } - } - } - } - } - ], - "$defs": { - "port": { - "type": "integer", - "description": "TCP network port", - "minimum": 1024, - "maximum": 65535 - } - } -} diff --git a/schemas/caching-schema.json b/schemas/caching-schema.json deleted file mode 100644 index 503903a609..0000000000 --- a/schemas/caching-schema.json +++ /dev/null @@ -1,167 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft/2019-09/schema", - "$id": "https://zowe.org/schema/caching-config", - "allOf": [ - { "$ref": "https://zowe.org/schemas/v2/server-base" }, - { - "type": "object", - "properties": { - "components": { - "type": "object", - "additionalProperties": true, - "properties": { - "caching-service": { - "allOf": [ - {"$ref": "https://zowe.org/schemas/v2/server-base#zoweComponent"}, - { - "type": "object", - "properties": { - "port": { - "$ref": "#/$defs/port", - "default": 7555 - }, - "debug": { - "type": "boolean", - "description": "Enable debug logs in discovery service" - }, - "heap": { - "type": "object", - "description": "Configure JVM parameters for heap size", - "properties": { - "init": { - "type": "integer", - "description": "Initial heap size in MB." - }, - "max": { - "type": "integer", - "description": "Maximum heap size in MB." - } - } - }, - "storage": { - "evictionStrategy": { - "type": "string", - "description": "Strategy for caching entries eviction.", - "default": "reject" - }, - "mode": { - "type": "string", - "description": "Type of storge in caching service.", - "enum": ["inMemory","VSAM","redis","infinispan"], - "default": "inMemory" - }, - "size": { - "type": "integer", - "description": "the number of records stored before the eviction strategy is initiated", - "default": 10000 - }, - "infinispan":{ - "type": "object", - "description": "Use Infinispan as the selected storage solution", - "properties": { - "jgroups": { - "type": "object", - "description": "Data synchronization between Caching instances.", - "properties": { - "port": { - "type": "integer", - "description": "TCP port number", - "default": 7600 - }, - "host": { - "type": "string", - "description": "TCP hostname" - }, - "keyExchange": { - "type": "object", - "description": "Data encryption key exchange.", - "properties": { - "port": { - "type": "integer", - "description": "TCP port number", - "default": 7601 - } - } - }, - "tcp": { - "type": "object", - "description": "TCP stack", - "properties": { - "diag": { - "type": "object", - "description": "Cluster diagnostics", - "properties": { - "enabled": { - "type": "boolean", - "description": "Enable diagnostics of infinispan cluster" - } - } - } - } - } - } - }, - "persistence": { - "type": "object", - "description": "Where to persistently store caching data.", - "properties": { - "dataLocation": { - "type": "string", - "description": "File location where to store data." - }, - "indexLocation": { - "type": "string", - "description": "File location where to store index." - } - } - }, - "initialHosts": { - "type": "string", - "description": "Address of the other Caching services. Consists of jgroups port and host in the form of 'host[port]'." - } - } - }, - "vsam": { - "type": "object", - "description": "When storage is selected as VSAM", - "properties": { - "name": { - "type": "string", - "description": "The ZFile filename of created VSAM." - }, - "keyLength": { - "type": "integer", - "description": "The VsamKey length", - "default": 32 - }, - "recordLength": { - "type": "integer", - "description": "The record length.", - "default": 512 - }, - "encoding": { - "type": "string", - "description": "The character encoding.", - "default": "IBM-1047" - } - } - } - } - } - } - ] - } - } - } - } - } - ], - "$defs": { - "port": { - "type": "integer", - "description": "TCP network port", - "minimum": 1024, - "maximum": 65535 - } - } -} diff --git a/schemas/catalog-schema.json b/schemas/catalog-schema.json deleted file mode 100644 index 4aab5b3518..0000000000 --- a/schemas/catalog-schema.json +++ /dev/null @@ -1,104 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft/2019-09/schema", - "$id": "https://zowe.org/schema/catalog-config", - "allOf": [ - { "$ref": "https://zowe.org/schemas/v2/server-base" }, - { - "type": "object", - "properties": { - "components": { - "type": "object", - "additionalProperties": true, - "properties": { - "api-catalog": { - "allOf": [ - {"$ref": "https://zowe.org/schemas/v2/server-base#zoweComponent"}, - { - "type": "object", - "properties": { - "port": { - "$ref": "#/$defs/port", - "default": 7554 - }, - "apiml": { - "type": "object", - "description": "Zowe API ML specific properties", - "properties": { - "catalog": { - "type": "object", - "description": "API Catalog customization", - "properties": { - "customStyle": { - "type": "object", - "description": "", - "properties": { - "logo": { - "type": "string", - "description": "Location of API Catalog logo" - }, - "titlesColor": { - "type": "string", - "description": "Color of the Catalog title labels" - }, - "fontFamily": { - "type": "string", - "description": "Font family used for the UI" - }, - "headerColor": { - "type": "string", - "description": "Header color" - }, - "backgroundColor": { - "type": "string", - "description": "Background color for dashboard and detail page" - }, - "textColor": { - "type": "string", - "description": "Color used for the UI paragraph texts (i.e. service description)" - }, - "docLink": { - "type": "string", - "description": "Custom link that would be displayed in the top right side of the header" - } - } - } - } - } - } - }, - "debug": { - "type": "boolean", - "description": "Enable debug logs in API Catalog" - }, - "heap": { - "type": "object", - "description": "Configure JVM parameters for heap size", - "properties": { - "init": { - "type": "integer", - "description": "Initial heap size in MB." - }, - "max": { - "type": "integer", - "description": "Maximum heap size in MB." - } - } - } - } - } - ] - } - } - } - } - } - ], - "$defs": { - "port": { - "type": "integer", - "description": "TCP network port", - "minimum": 1024, - "maximum": 65535 - } - } -} diff --git a/schemas/discovery-schema.json b/schemas/discovery-schema.json deleted file mode 100644 index 999a054d9e..0000000000 --- a/schemas/discovery-schema.json +++ /dev/null @@ -1,67 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft/2019-09/schema", - "$id": "https://zowe.org/schema/discovery-config", - "allOf": [ - { "$ref": "https://zowe.org/schemas/v2/server-base" }, - { - "type": "object", - "properties": { - "components": { - "type": "object", - "additionalProperties": true, - "properties": { - "discovery-service": { - "allOf": [ - {"$ref": "https://zowe.org/schemas/v2/server-base#zoweComponent"}, - { - "type": "object", - "properties": { - "apiml": { - "type": "object", - "properties": { - "serviceIdPrefixReplacer": { - "type": "string", - "description": "A comma separated tuple to replace service ID with new one in API ML registry." - } - } - }, - "port": { - "$ref": "#/$defs/port", - "default": 7552 - }, - "debug": { - "type": "boolean", - "description": "Enable debug logs in discovery service" - }, - "heap": { - "type": "object", - "description": "Configure JVM parameters for heap size", - "properties": { - "init": { - "type": "integer", - "description": "Initial heap size in MB." - }, - "max": { - "type": "integer", - "description": "Maximum heap size in MB." - } - } - } - } - } - ] - } - } - } - } - } - ], - "$defs": { - "port": { - "type": "integer", - "description": "TCP network port", - "minimum": 1024, - "maximum": 65535 - } - } -} diff --git a/schemas/gateway-schema.json b/schemas/gateway-schema.json deleted file mode 100644 index c7524c1d36..0000000000 --- a/schemas/gateway-schema.json +++ /dev/null @@ -1,689 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft/2019-09/schema", - "$id": "https://zowe.org/schema/gateway-config", - "allOf": [ - { "$ref": "https://zowe.org/schemas/v2/server-base" }, - { - "type": "object", - "properties": { - "components": { - "type": "object", - "additionalProperties": true, - "properties": { - "gateway-service": { - "allOf": [ - {"$ref": "https://zowe.org/schemas/v2/server-base#zoweComponent"}, - { - "type": "object", - "properties": { - "port": { - "$ref": "#/$defs/port", - "default": 7553 - }, - "debug": { - "type": "boolean", - "description": "Enable debug logs in gateway service", - "default": false - }, - "sslDebug": { - "type": "string", - "description": "Configure attributes fro SSL config, see java property javax.net.debug." - }, - "heap": { - "type": "object", - "description": "Configure JVM parameters for heap size", - "properties": { - "init": { - "type": "integer", - "description": "Initial heap size in MB.", - "default": 32 - }, - "max": { - "type": "integer", - "description": "Maximum heap size in MB.", - "max": 512 - } - } - }, - "apimlId": { - "type": "string", - "pattern": "^[a-z0-9]{1,64}$", - "description": "Specifies identifier of the domain gateway for routing purpose in the central Gateway." - }, - "certificate": { - "type": "object", - "description": "Network encryption for gateway service connections.", - "properties": { - "enabled": { - "type": "boolean", - "description": "Should gateway use encrypted communication?", - "default": true - }, - "keystore": { - "type": "object", - "properties": { - "alias": { - "type": "string", - "description": "Specifies the alias used to address the private key in the keystore." - }, - "key": { - "type": "object", - "properties": { - "password": { - "type": "string", - "description": "Specifies the password associated with the private key." - } - } - }, - "file": { - "type": "string", - "description": "Specifies the keystore file used to store the private key. When using keyring, the value should be set to the SAF keyring location. For information about required certificates." - }, - "password": { - "type": "string", - "description": "Specifies the password used to unlock the keystore." - }, - "type": { - "type": "string", - "pattern": "^((PKCS12)|(JCE.*RACFKS))$", - "description": "Specifies the type of the keystore.", - "default": "PKCS12" - } - }, - "allOf": [ - { - "if": { - "properties": { - "type": { - "pattern": "^JCE.*RACFKS$" - } - } - }, - "then": { - "properties": { - "file": { - "pattern": "^safkeyring[^:]*://" - } - } - } - } - ] - }, - "truststore": { - "type": "object", - "properties": { - "file": { - "type": "string", - "description": "Specifies the truststore file used to keep other parties public keys and certificates. When using keyring, this value should be set to the SAF keyring location. For information about required certificates." - }, - "password": { - "type": "string", - "description": "Specifies the password used to unlock the truststore." - }, - "type": { - "type": "string", - "pattern": "^((PKCS12)|(JCE.*RACFKS))$", - "description": "Specifies the truststore type. The default for this parameter is PKCS12.", - "default": "PKCS12" - } - }, - "allOf": [ - { - "if": { - "properties": { - "type": { - "pattern": "^JCE.*RACFKS$" - } - } - }, - "then": { - "properties": { - "file": { - "pattern": "^safkeyring[^:]*://" - } - } - } - } - ] - } - } - }, - "apiml": { - "type": "object", - "description": "Zowe API ML specific properties.", - "properties": { - "connection": { - "type": "object", - "properties": { - "idleConnectionTimeoutSeconds" : { - "type": "integer", - "description": "Specifies a timeout limit for idle client connections, in seconds.", - "default": 5 - }, - "timeout": { - "type": "integer", - "description": "Specifies a timeout limit for a connection, in milliseconds.", - "default": 60000 - }, - "timeToLive": { - "type": "integer", - "description": "Specifies a timeout limit how long to keep open connection to be reused, in milliseconds.", - "default": 60000 - } - } - }, - "gateway": { - "type": "object", - "properties": { - "routing": { - "properties": { - "rateLimiterCapacity":{ - "type": "integer", - "description": "Defines the total number of requests that can be allowed at one time.", - "default": 20 - }, - "rateLimiterTokens":{ - "type": "integer", - "description": "Defines the number of requests that are added to the service’s allowance at regular intervals.", - "default": 20 - }, - "rateLimiterRefillDuration":{ - "type": "integer", - "description": "Sets the time interval (in minutes) at which new requests (or tokens) are added.", - "default": 1 - }, - "servicesToLimitRequestRate":{ - "type": "array", - "description": "Array of services which the rate limiter will be applied to.", - "items": { - "type": "string", - "description": "The name of the service." - } - }, - "servicesToDisableRetry":{ - "type": "array", - "description": "Array of services which the retry filter will be disabled for.", - "items": { - "type": "string", - "description": "The name of the service." - } - } - } - }, - "registry": { - "type": "object", - "description": "Gateway configuration of a service registry endpoint.", - "properties": { - "cachePeriodSec": { - "type": "integer", - "description": "Specifies time in seconds to expired of cached data about /registry endpoint.", - "default": 120 - }, - "enabled": { - "type": "boolean", - "description": "Specifies whether the /registry endpoint is enabled.", - "default": false - }, - "maxSimultaneousRequests": { - "type": "integer", - "description": "Specifies amount of parallel connection to obtain information from other APIML instances about services to construct response of /registry endpoint.", - "default": 20 - }, - "metadataKeyAllowList": { - "type": "string", - "description": "Specifies what custom metadata are displayed in the /registry endpoint.", - "pattern": "^[^,]+(,[^,]+)*$" - }, - "refreshIntervalMs": { - "type": "integer", - "description": "Specifies time period in milliseconds for how often to update data in /registry endpoint.", - "default": 30000 - } - } - } - } - }, - "health": { - "type": "object", - "properties": { - "protected": { - "type": "boolean", - "description": "Specifies if the /application/health endpoint is protected or accessible without any credentials.", - "default": true - } - } - }, - "security": { - "type": "object", - "description": "Security configuration of the Gateway", - "properties": { - "auth": { - "type": "object", - "description": "Detail configuration of authentication schemes.", - "properties": { - "jwt": { - "type": "object", - "description": "Detail configuration of zoweJwt scheme.", - "properties": { - "customAuthHeader": { - "type": "string", - "description": "Additional header to set JWT token in case of zoweJwt scheme." - } - } - }, - "passticket": { - "type": "object", - "description": "Detail configuration of httpBasicPassTicket scheme.", - "properties": { - "customAuthHeader": { - "type": "string", - "description": "Additional header to set passticket in case of httpBasicPassTicket scheme." - }, - "customUserHeader": { - "type": "string", - "description": "Additional header to set userId in case of httpBasicPassTicket scheme." - } - } - }, - "uniqueCookie": { - "type": "boolean", - "default": false - } - } - }, - "authorization": { - "type": "object", - "description": "Authorization configuration.", - "properties": { - "endpoint": { - "type": "object", - "description": "Configuration of SAF resource to check authorization via HTTP call.", - "properties": { - "enabled": { - "type": "boolean", - "description": "Enable provider based on endpoint. to verify SAF authorization.", - "default": false - }, - "url": { - "type": "string", - "format": "uri", - "pattern": "^(https?)://", - "description": "URL of endpoint to verify SAF resource. Ie. https://<zss hostname>:<zss port>/saf-auth" - } - }, - "allOf": [ - { - "if": { - "properties": { - "enabled": { - "const": true - } - } - }, - "then": { - "required": [ - "url" - ] - } - } - ] - }, - "provider": { - "type": "string", - "enum": ["endpoint", "native", "dummy"], - "description": "Specifies security provider to be used by the Gateway." - } - }, - "allOf": [ - { - "if": { - "properties": { - "provider": { - "const": "endpoint" - } - } - }, - "then": { - "required": [ - "endpoint" - ] - } - } - ] - }, - "x509": { - "type": "object", - "description": "Client certificate configuration.", - "properties": { - "acceptForwardedCert": { - "type": "boolean", - "description": "To enable accepting client certificate from request header. It is used in domain APIML to accept forwarded client certificate by the caller.", - "default": false - }, - "certificatesUrl": { - "type": "string", - "format": "uri", - "pattern": "^(https?)://", - "description": "URL of the trusted caller to obtain used certificate. Request signed by this certificate are authorized to accept client certificate provided in the header." - }, - "enabled": { - "type": "boolean", - "default": false, - "description": "To enable accepting client certificate in the Gateway." - }, - "registry": { - "type": "object", - "description": "Security configuration of /registry endpoint.", - "properties": { - "allowedUsers": { - "type": "string", - "pattern": "^[*]?|([a-zA-Z0-9]+(,[a-zA-Z0-9]+)*)$", - "description": "Specifies the comma-separated list of users that are permitted to use /registry endpoints. The user is obtained from the common name in the provided client certificate." - } - } - } - }, - "allOf": [ - { - "if": { - "properties": { - "acceptForwardedCert": { - "const": true - } - } - }, - "then": { - "required": [ - "certificatesUrl" - ] - } - } - ] - }, - "oidc": { - "type": "object", - "description": "OIDC configuration.", - "properties": { - "enabled": { - "type": "boolean", - "description": "Enable authentication with OIDC token.", - "default": false - }, - "registry": { - "type": "string", - "description": "Registry name." - }, - "jwks": { - "type": "object", - "description": "JWKS configuration", - "properties": { - "uri": { - "type": "string", - "description": "JWK set URL for OIDC token validation." - }, - "refreshInternalHours": { - "type": "integer", - "description": "How often are JWKs renewed.", - "default": 1 - } - } - }, - "userInfo": { - "type": "object", - "description": "OIDC user info endpoint configuration", - "properties": { - "uri": { - "type": "string", - "description": "OIDC user info endpoint URL." - } - } - }, - "validationType": { - "type": "string", - "description": "How OIDC token is validated.", - "enum": ["JWK","endpoint"], - "default": "JWK" - } - } - }, - "allowtokenrefresh": { - "type": "boolean", - "description": "Allow JWT to refresh.", - "default": false - } - } - }, - "service": { - "type": "object", - "description": "General configuration of the Gateway.", - "properties": { - "additionalRegistration": { - "type": "object", - "description": "List of additional Discovery Services URLs to register with and the routing patterns.", - "patternProperties": { - "^[0-9]+$": { - "type": "object", - "properties": { - "discoveryServiceUrls": { - "type": "string", - "description": "List of Discovery Services URLs in one security domain. You can separate multiple urls by comma or semicolon." - }, - "routes": { - "$ref": "#/$defs/routes" - } - }, - "required": ["discoveryServiceUrls","routes"] - } - } - }, - "allowEncodedSlashes": { - "type": "boolean", - "description": "When this parameter is set to true, the Gateway allows encoded characters to be part of URL requests redirected through the Gateway.", - "default": true - }, - "corsEnabled": { - "type": "boolean", - "description": "Allow CORS on gateway.", - "default": false - }, - "forwardClientCertEnabled": { - "type": "boolean", - "description": "Enable forwarding client certificate to the next service or APIML.", - "default": false - } - } - } - } - }, - "server": { - "type": "object", - "description": "Configure gateway server properties.", - "properties": { - "maxConnectionsPerRoute": { - "type": "integer", - "description": "How many connection should exists for single HTTP client?", - "default": 100 - }, - "maxTotalConnections": { - "type": "integer", - "description": "How many connection should exists in total?", - "default": 1000 - }, - "webSocket": { - "type": "object", - "description": "Customize websocket server parameters", - "properties": { - "maxIdleTimeout": { - "type": "integer", - "description": "The gateway acts as a server and client. This parameters customizes the default idle timeout for its client role.", - "default": 3600000 - }, - "connectTimeout": { - "type": "integer", - "description": "The gateway acts as a server and client. This parameters customizes the default connect timeout for its client role.", - "default": 45000 - }, - "asyncWriteTimeout": { - "type": "integer", - "description": "The gateway acts as a server and client. This parameters customizes the default async write timeout for its client role.", - "default": 60000 - }, - "requestBufferSize": { - "type": "integer", - "description": "Specifies the buffer size in bytes to load request headers.", - "default": 8192 - } - } - }, - "ssl": { - "type": "object", - "properties": { - "enabled": { - "type": "boolean", - "description": "To enable SSL/tls layer.", - "default": true - } - } - } - } - }, - "spring": { - "type": "object", - "description": "Application framework parameters", - "properties": { - "profiles": { - "type": "object", - "description": "Profiles that can hold multiple configuration parameters.", - "properties": { - "active": { - "type": "string", - "description": "List of the active configuration profiles.", - "pattern": "^[a-zA-Z0-9]+(,[a-zA-Z0-9]+)*$" - } - } - }, - "security": { - "type": "object", - "description": "Security configuration.", - "properties": { - "oauth2": { - "type": "object", - "description": "OAuth2 configuration values.", - "properties": { - "client": { - "type": "object", - "description": "Configuration of OAuth2 communication.", - "properties": { - "registration": { - "type": "object", - "description": "Provider specific values.", - "patternProperties": { - "^.+$": { - "clientId": { - "type": "string", - "description": "The client identifier." - }, - "clientSecret":{ - "type": "string", - "description": "The client secret." - }, - "redirectUri": { - "type": "string", - "description": "The client’s registered redirect URI that the Authorization Server redirects the end-user’s user-agent to after the end-user has authenticated and authorized access to the client." - }, - "scope": { - "type": "array", - "description": "The scope(s) requested by the client during the Authorization Request flow, such as openid, email, or profile.", - "items": { - "type": "string", - "description": "The scope identifier." - } - } - } - } - }, - "provider": { - "type": "object", - "description": "Provider specific values.", - "patternProperties": { - "^.+$": { - "authorizationUri": { - "type": "string", - "format": "uri", - "pattern": "^(https?)://", - "description": "The Authorization Endpoint URI for the Authorization Server." - }, - "tokenUri": { - "type": "string", - "format": "uri", - "pattern": "^(https?)://", - "description": "The Token Endpoint URI for the Authorization Server." - }, - "userInfoUri": { - "type": "string", - "format": "uri", - "pattern": "^(https?)://", - "description": "The URL of endpoint to obtain details about user by provided token." - }, - "userNameAttribute": { - "type": "string", - "description": "The name of the attribute returned in the UserInfo Response that references the Name or Identifier of the end-user." - }, - "jwkSetUri": { - "type": "string", - "format": "uri", - "pattern": "^(https?)://", - "description": "The URI used to retrieve the JSON Web Key (JWK) Set from the Authorization Server, which contains the cryptographic key(s) used to verify the JSON Web Signature (JWS) of the ID Token and optionally the UserInfo Response." - } - } - } - } - } - } - } - } - } - } - } - } - } - } - ] - } - } - } - } - } - ], - "$defs": { - "port": { - "type": "integer", - "description": "TCP network port", - "minimum": 1024, - "maximum": 65535 - }, - "routes": { - "type": "array", - "description": "Routing parameters", - "items": { - "type": "object", - "properties": { - "gatewayUrl": { - "type": "string", - "description": "The portion of the gateway URL which is replaced by the serviceUrl path." - }, - "serviceUrl": { - "type": "string", - "description": "The portion of the service instance URL path which replaces the gatewayUrl part." - } - }, - "required": ["gatewayUrl","serviceUrl"] - } - }, - "tlsType": { - "type": "string", - "description": "List of supported SSL/TLS protocols", - "enum": ["TLSv1.1", "TLSv1.2", "TLSv1.3", "TLSv1.4"] - } - } -} diff --git a/schemas/zaas-schema.json b/schemas/zaas-schema.json deleted file mode 100644 index 842d9b0edb..0000000000 --- a/schemas/zaas-schema.json +++ /dev/null @@ -1,246 +0,0 @@ -{ - "$schema": "https://json-schema.org/draft/2019-09/schema", - "$id": "https://zowe.org/schema/zaas-config", - "allOf": [ - { "$ref": "https://zowe.org/schemas/v2/server-base" }, - { - "type": "object", - "properties": { - "components": { - "type": "object", - "additionalProperties": true, - "properties": { - "zaas": { - "allOf": [ - {"$ref": "https://zowe.org/schemas/v2/server-base#zoweComponent"}, - { - "type": "object", - "properties": { - "port": { - "$ref": "#/$defs/port", - "default": 7558 - }, - "debug": { - "type": "boolean", - "description": "Enable debug logs in ZAAS service" - }, - "heap": { - "type": "object", - "description": "Configure JVM parameters for heap size", - "properties": { - "init": { - "type": "integer", - "description": "Initial heap size in MB." - }, - "max": { - "type": "integer", - "description": "Maximum heap size in MB." - } - } - }, - "apiml": { - "type": "object", - "description": "Zowe API ML specific properties.", - "properties": { - "security": { - "type": "object", - "description": "Authentication and authorization options", - "properties": { - "useInternalMapper": { - "type": "boolean", - "description": "Enables direct native calls to z/OS to query distributed identity mappings and client certificate mappings. Use only if APIML is running on z/OS.", - "default": false - }, - "auth": { - "type": "object", - "description": "Authentication against API ML.", - "properties": { - "provider": { - "type": "string", - "description": "Which provider should be used to verify user credentials.", - "enum": ["zosmf","saf"], - "default": "zosmf" - }, - "zosmf": { - "type": "object", - "description": "When zosmf is set as authentication provider, this section can be used to provide more details.", - "properties": { - "jwtAutoconfiguration": { - "type": "string", - "description": "Type of the token that is returned from zOSMF after login.", - "enum": ["JWT","jwt","LTPA","ltpa"], - "default": "jwt" - }, - "serviceId": { - "type": "string", - "description": "Service ID of zOSMF from discovery service. Under this ID is zOSMF registered", - "default": "zosmf" - } - } - } - } - }, - "authorization": { - "type": "object", - "description": "Service info endpoints on ZAAS service can be protected by SAF resource check. Update this section to enable it.", - "properties": { - "provider": { - "type": "string", - "description": "Which provider will be used to validate access authorization.", - "enum": ["endpoint","native","dummy"] - }, - "endpoint": { - "type": "object", - "description": "Where the access will be validate.", - "properties": { - "enabled": { - "type": "boolean", - "description": "Is this endpoint enabled?", - "default": false - }, - "url": { - "type": "string", - "description": "Url to validate the authorization." - } - } - }, - "resourceClass": { - "type": "string", - "description": "zOS resource to verify access.", - "default": "ZOWE" - }, - "resourceNamePrefix": { - "type": "string", - "description": "Prefix of the resource.", - "default": "APIML." - } - } - }, - "x509": { - "type": "object", - "description": "Client certificate authentication support.", - "properties": { - "enabled": { - "type": "boolean", - "description": "Enable if client certificate should be considered as a source of authentication.", - "default": false - }, - "acceptForwardedCert": { - "type": "boolean", - "description": "Enable if the the Client Certificate forwarded in a dedicated header should be accepted", - "default": false - }, - "certificatesUrl": { - "type": "string", - "description": "URL of the Central ZAAS and its endpoint where it provides its public certificates." - }, - "externalMapperUrl": { - "type": "string", - "description": "URL of the service where certificate will be mapped to user. ZSS is used if no value is provided." - }, - "externalMapperUser": { - "type": "string", - "description": "User that has permission to do such mapping. Zowe user is used if no value is provided." - } - } - }, - "saf": { - "type": "object", - "description": "SAF IDT provider.", - "properties": { - "provider": { - "type": "string", - "description": "Method of communication used by the SAF IDT provider implementation. REST is used if no value is provided.", - "enum": ["rest"], - "default": "rest" - }, - "urls": { - "type": "string", - "description": "URLs of the SAF IDT provider used for the token generation and verification.", - "properties": { - "authenticate": { - "type": "string", - "description": "URL of the SAF IDT provider used to generate the SAF token on behalf of the specified user." - }, - "verify": { - "type": "string", - "description": "URL of the SAF IDT provider used to validate the SAF token." - } - } - } - } - } - } - } - } - }, - "server": { - "type": "object", - "description": "Configure ZAAS server properties.", - "properties": { - "ssl": { - "type": "object", - "description": "Network encryption for ZAAS service connections.", - "properties": { - "enabled": { - "type": "boolean", - "description": "Should ZAAS use encrypted communication?", - "default": true - } - } - } - - } - }, - "spring": { - "type": "object", - "description": "Application framework parameters", - "properties": { - "profiles": { - "type": "object", - "description": "Profiles that can hold multiple configuration parameters.", - "properties": { - "active": { - "type": "string", - "description": "List of the active configuration profiles." - } - } - } - } - } - } - } - ] - } - } - } - } - } - ], - "$defs": { - "port": { - "type": "integer", - "description": "TCP network port", - "minimum": 1024, - "maximum": 65535 - }, - "routes": { - "type": "array", - "description": "Routing parameters", - "items": { - "type": "object", - "properties": { - "gatewayUrl": { - "type": "string", - "description": "The portion of the ZAAS URL which is replaced by the serviceUrl path." - }, - "serviceUrl": { - "type": "string", - "description": "The portion of the service instance URL path which replaces the gatewayUrl part." - } - }, - "required": ["gatewayUrl","serviceUrl"] - } - } - } -} diff --git a/zaas-package/build.gradle b/zaas-package/build.gradle index e88b3a3ff7..2c869a0cd7 100644 --- a/zaas-package/build.gradle +++ b/zaas-package/build.gradle @@ -19,7 +19,11 @@ task packageZaas(type: Zip) { into('/') { from "$buildDir/convert/manifest.yaml" - from "../schemas/zaas-schema.json" + } + + into('schemas/') { + from "$resourceDir/schemas/zaas-config.json" + from "$resourceDir/schemas/zowe-schema.json" } into('bin/') { diff --git a/zaas-package/src/main/resources/schemas/zaas-config.json b/zaas-package/src/main/resources/schemas/zaas-config.json new file mode 100644 index 0000000000..3a8e2e3c70 --- /dev/null +++ b/zaas-package/src/main/resources/schemas/zaas-config.json @@ -0,0 +1,227 @@ +{ + "$schema": "https://json-schema.org/draft/2019-09/schema", + "$id": "https://zowe.org/schemas/v2/zaas-config", + "title": "zaas configuration", + "description": "Configuration properties for zaas, as specified within a configuration file such as zowe.yaml", + "type": "object", + "properties": { + "port": { + "$ref": "#/$defs/port", + "default": 7558 + }, + "debug": { + "type": "boolean", + "description": "Enable debug logs in ZAAS service" + }, + "heap": { + "type": "object", + "description": "Configure JVM parameters for heap size", + "properties": { + "init": { + "type": "integer", + "description": "Initial heap size in MB." + }, + "max": { + "type": "integer", + "description": "Maximum heap size in MB." + } + } + }, + "apiml": { + "type": "object", + "description": "Zowe API ML specific properties.", + "properties": { + "security": { + "type": "object", + "description": "Authentication and authorization options", + "properties": { + "useInternalMapper": { + "type": "boolean", + "description": "Enables direct native calls to z/OS to query distributed identity mappings and client certificate mappings. Use only if APIML is running on z/OS.", + "default": false + }, + "auth": { + "type": "object", + "description": "Authentication against API ML.", + "properties": { + "provider": { + "type": "string", + "description": "Which provider should be used to verify user credentials.", + "enum": ["zosmf","saf"], + "default": "zosmf" + }, + "zosmf": { + "type": "object", + "description": "When zosmf is set as authentication provider, this section can be used to provide more details.", + "properties": { + "jwtAutoconfiguration": { + "type": "string", + "description": "Type of the token that is returned from zOSMF after login.", + "enum": ["JWT","jwt","LTPA","ltpa"], + "default": "jwt" + }, + "serviceId": { + "type": "string", + "description": "Service ID of zOSMF from discovery service. Under this ID is zOSMF registered", + "default": "zosmf" + } + } + } + } + }, + "authorization": { + "type": "object", + "description": "Service info endpoints on ZAAS service can be protected by SAF resource check. Update this section to enable it.", + "properties": { + "provider": { + "type": "string", + "description": "Which provider will be used to validate access authorization.", + "enum": ["endpoint","native","dummy"] + }, + "endpoint": { + "type": "object", + "description": "Where the access will be validate.", + "properties": { + "enabled": { + "type": "boolean", + "description": "Is this endpoint enabled?", + "default": false + }, + "url": { + "type": "string", + "description": "Url to validate the authorization." + } + } + }, + "resourceClass": { + "type": "string", + "description": "zOS resource to verify access.", + "default": "ZOWE" + }, + "resourceNamePrefix": { + "type": "string", + "description": "Prefix of the resource.", + "default": "APIML." + } + } + }, + "x509": { + "type": "object", + "description": "Client certificate authentication support.", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable if client certificate should be considered as a source of authentication.", + "default": false + }, + "acceptForwardedCert": { + "type": "boolean", + "description": "Enable if the the Client Certificate forwarded in a dedicated header should be accepted", + "default": false + }, + "certificatesUrl": { + "type": "string", + "description": "URL of the Central ZAAS and its endpoint where it provides its public certificates." + }, + "externalMapperUrl": { + "type": "string", + "description": "URL of the service where certificate will be mapped to user. ZSS is used if no value is provided." + }, + "externalMapperUser": { + "type": "string", + "description": "User that has permission to do such mapping. Zowe user is used if no value is provided." + } + } + }, + "saf": { + "type": "object", + "description": "SAF IDT provider.", + "properties": { + "provider": { + "type": "string", + "description": "Method of communication used by the SAF IDT provider implementation. REST is used if no value is provided.", + "enum": ["rest"], + "default": "rest" + }, + "urls": { + "type": "string", + "description": "URLs of the SAF IDT provider used for the token generation and verification.", + "properties": { + "authenticate": { + "type": "string", + "description": "URL of the SAF IDT provider used to generate the SAF token on behalf of the specified user." + }, + "verify": { + "type": "string", + "description": "URL of the SAF IDT provider used to validate the SAF token." + } + } + } + } + } + } + } + } + }, + "server": { + "type": "object", + "description": "Configure ZAAS server properties.", + "properties": { + "ssl": { + "type": "object", + "description": "Network encryption for ZAAS service connections.", + "properties": { + "enabled": { + "type": "boolean", + "description": "Should ZAAS use encrypted communication?", + "default": true + } + } + } + + } + }, + "spring": { + "type": "object", + "description": "Application framework parameters", + "properties": { + "profiles": { + "type": "object", + "description": "Profiles that can hold multiple configuration parameters.", + "properties": { + "active": { + "type": "string", + "description": "List of the active configuration profiles." + } + } + } + } + } + }, + "$defs": { + "port": { + "type": "integer", + "description": "TCP network port", + "minimum": 1024, + "maximum": 65535 + }, + "routes": { + "type": "array", + "description": "Routing parameters", + "items": { + "type": "object", + "properties": { + "gatewayUrl": { + "type": "string", + "description": "The portion of the ZAAS URL which is replaced by the serviceUrl path." + }, + "serviceUrl": { + "type": "string", + "description": "The portion of the service instance URL path which replaces the gatewayUrl part." + } + }, + "required": ["gatewayUrl","serviceUrl"] + } + } + } +} diff --git a/zaas-package/src/main/resources/schemas/zowe-schema.json b/zaas-package/src/main/resources/schemas/zowe-schema.json new file mode 100644 index 0000000000..54e5370608 --- /dev/null +++ b/zaas-package/src/main/resources/schemas/zowe-schema.json @@ -0,0 +1,23 @@ +{ + "$schema": "https://json-schema.org/draft/2019-09/schema", + "$id": "https://zowe.org/schemas/v2/zaas", + "allOf": [ + { "$ref": "/schemas/v2/server-base" }, + { "type": "object", + "properties": { + "components": { + "type": "object", + "additionalProperties": true, + "properties": { + "zaas": { + "allOf": [ + { "$ref": "/schemas/v2/server-base#zoweComponent" }, + { "$ref": "/schemas/v2/zaas-config" } + ] + } + } + } + } + } + ] +} From 6685a6fef0133efb6df43cc9df439c814ddc90d2 Mon Sep 17 00:00:00 2001 From: Elena Kubantseva Date: Tue, 23 Dec 2025 17:23:50 +0100 Subject: [PATCH 2/7] update schemas in manifest Signed-off-by: Elena Kubantseva --- api-catalog-package/src/main/resources/manifest.yaml | 4 +++- apiml-common-lib-package/src/main/resources/manifest.yaml | 2 -- apiml-package/src/main/resources/manifest.yaml | 4 +++- .../src/main/resources/manifest.yaml | 3 ++- caching-service-package/src/main/resources/manifest.yaml | 4 +++- discovery-package/src/main/resources/manifest.yaml | 4 +++- gateway-package/src/main/resources/manifest.yaml | 4 +++- zaas-package/src/main/resources/manifest.yaml | 4 +++- 8 files changed, 20 insertions(+), 9 deletions(-) diff --git a/api-catalog-package/src/main/resources/manifest.yaml b/api-catalog-package/src/main/resources/manifest.yaml index 0f5c2493f0..765eb87566 100644 --- a/api-catalog-package/src/main/resources/manifest.yaml +++ b/api-catalog-package/src/main/resources/manifest.yaml @@ -9,7 +9,9 @@ title: API Catalog description: API Catalog service to display service details and API documentation for discovered API services. license: EPL-2.0 schemas: - configs: catalog-schema.json + configs: + - schemas/zowe-schema.json + - schemas/api-catalog-config.json repository: type: git url: https://github.com/zowe/api-layer.git diff --git a/apiml-common-lib-package/src/main/resources/manifest.yaml b/apiml-common-lib-package/src/main/resources/manifest.yaml index 0d7e81a794..e4a6f2d352 100644 --- a/apiml-common-lib-package/src/main/resources/manifest.yaml +++ b/apiml-common-lib-package/src/main/resources/manifest.yaml @@ -16,5 +16,3 @@ build: number: "{{build.number}}" commitHash: "{{build.commitHash}}" timestamp: {{build.timestamp}} -schemas: - configs: "apiml-common-lib-schema.json" diff --git a/apiml-package/src/main/resources/manifest.yaml b/apiml-package/src/main/resources/manifest.yaml index c6da26c1db..39b00472a5 100644 --- a/apiml-package/src/main/resources/manifest.yaml +++ b/apiml-package/src/main/resources/manifest.yaml @@ -9,7 +9,9 @@ title: API Mediation Layer description: API Mediation Layer license: EPL-2.0 schemas: - configs: apiml-schema.json + configs: + - schemas/zowe-schema.json + - schemas/apiml-config.json repository: type: git url: https://github.com/zowe/api-layer.git diff --git a/apiml-sample-extension-package/src/main/resources/manifest.yaml b/apiml-sample-extension-package/src/main/resources/manifest.yaml index e6e8462766..e090b7f160 100644 --- a/apiml-sample-extension-package/src/main/resources/manifest.yaml +++ b/apiml-sample-extension-package/src/main/resources/manifest.yaml @@ -21,4 +21,5 @@ build: gatewaySharedLibs: - bin/apiml-sample-extension.jar schemas: - configs: "apiml-sample-extension-schema.json" + configs: + - schemas/zowe-schema.json diff --git a/caching-service-package/src/main/resources/manifest.yaml b/caching-service-package/src/main/resources/manifest.yaml index 237a6b3c88..7d8c3fddc0 100644 --- a/caching-service-package/src/main/resources/manifest.yaml +++ b/caching-service-package/src/main/resources/manifest.yaml @@ -9,7 +9,9 @@ title: Caching service for internal usage description: Service that provides caching API. license: EPL-2.0 schemas: - configs: caching-schema.json + configs: + - schemas/zowe-schema.json + - schemas/caching-service-config.json repository: type: git url: https://github.com/zowe/api-layer.git diff --git a/discovery-package/src/main/resources/manifest.yaml b/discovery-package/src/main/resources/manifest.yaml index 0d2dbbf70e..98a9bdead7 100644 --- a/discovery-package/src/main/resources/manifest.yaml +++ b/discovery-package/src/main/resources/manifest.yaml @@ -9,7 +9,9 @@ title: API Discovery description: The API Discovery service acts as the registration service broker between the API Gateway and its southbound servers. license: EPL-2.0 schemas: - configs: discovery-schema.json + configs: + - schemas/zowe-schema.json + - schemas/discovery-config.json repository: type: git url: https://github.com/zowe/api-layer.git diff --git a/gateway-package/src/main/resources/manifest.yaml b/gateway-package/src/main/resources/manifest.yaml index 11a0532702..b7bc951569 100644 --- a/gateway-package/src/main/resources/manifest.yaml +++ b/gateway-package/src/main/resources/manifest.yaml @@ -9,7 +9,9 @@ title: Gateway description: API Gateway service to route requests to services registered in the API Mediation Layer and provides an API for mainframe security. license: EPL-2.0 schemas: - configs: gateway-schema.json + configs: + - schemas/zowe-schema.json + - schemas/gateway-config.json repository: type: git url: https://github.com/zowe/api-layer.git diff --git a/zaas-package/src/main/resources/manifest.yaml b/zaas-package/src/main/resources/manifest.yaml index 74ef5cbb0e..95ca5d6bcd 100644 --- a/zaas-package/src/main/resources/manifest.yaml +++ b/zaas-package/src/main/resources/manifest.yaml @@ -9,7 +9,9 @@ title: ZAAS description: Zowe Authentication and Authorization Service. license: EPL-2.0 schemas: - configs: zaas-schema.json + configs: + - schemas/zowe-schema.json + - schemas/zaas-config.json repository: type: git url: https://github.com/zowe/api-layer.git From c6b39f7ffa18dea9f4a8f47f35cfbc27c67431fb Mon Sep 17 00:00:00 2001 From: Elena Kubantseva Date: Tue, 6 Jan 2026 16:26:15 +0100 Subject: [PATCH 3/7] add default value for authorization provider Signed-off-by: Elena Kubantseva --- gateway-package/src/main/resources/schemas/gateway-config.json | 1 + 1 file changed, 1 insertion(+) diff --git a/gateway-package/src/main/resources/schemas/gateway-config.json b/gateway-package/src/main/resources/schemas/gateway-config.json index 8a89658c84..afe3a9d340 100644 --- a/gateway-package/src/main/resources/schemas/gateway-config.json +++ b/gateway-package/src/main/resources/schemas/gateway-config.json @@ -320,6 +320,7 @@ "provider": { "type": "string", "enum": ["endpoint", "native", "dummy"], + "default": "native", "description": "Specifies security provider to be used by the Gateway." } }, From 9cca442f2eb8c188d6f53eb5430ed449dd0c969c Mon Sep 17 00:00:00 2001 From: Elena Kubantseva Date: Wed, 7 Jan 2026 11:37:22 +0100 Subject: [PATCH 4/7] pr review first part Signed-off-by: Elena Kubantseva --- .../resources/schemas/api-catalog-config.json | 11 +++++++---- .../src/main/resources/schemas/apiml-config.json | 11 +++++++---- .../resources/schemas/caching-service-config.json | 12 ++++++++---- .../main/resources/schemas/discovery-config.json | 11 +++++++---- .../main/resources/schemas/gateway-config.json | 12 ++++++------ .../src/main/resources/schemas/zaas-config.json | 15 +++++++++------ 6 files changed, 44 insertions(+), 28 deletions(-) diff --git a/api-catalog-package/src/main/resources/schemas/api-catalog-config.json b/api-catalog-package/src/main/resources/schemas/api-catalog-config.json index 3768db1c99..4df77c1f68 100644 --- a/api-catalog-package/src/main/resources/schemas/api-catalog-config.json +++ b/api-catalog-package/src/main/resources/schemas/api-catalog-config.json @@ -2,7 +2,7 @@ "$schema": "https://json-schema.org/draft/2019-09/schema", "$id": "https://zowe.org/schemas/v2/api-catalog-config", "title": "api-catalog configuration", - "description": "Configuration properties for api-catalog, as specified within a configuration file such as zowe.yaml", + "description": "Configuration properties for API Catalog, as specified within a configuration file such as zowe.yaml", "type": "object", "properties": { "port": { @@ -57,7 +57,8 @@ }, "debug": { "type": "boolean", - "description": "Enable debug logs in API Catalog" + "description": "Enable debug logs in API Catalog", + "default": false }, "heap": { "type": "object", @@ -65,11 +66,13 @@ "properties": { "init": { "type": "integer", - "description": "Initial heap size in MB." + "description": "Initial heap size in MB.", + "default": 32 }, "max": { "type": "integer", - "description": "Maximum heap size in MB." + "description": "Maximum heap size in MB.", + "default": 512 } } } diff --git a/apiml-package/src/main/resources/schemas/apiml-config.json b/apiml-package/src/main/resources/schemas/apiml-config.json index 8932da8565..37eb8d9408 100644 --- a/apiml-package/src/main/resources/schemas/apiml-config.json +++ b/apiml-package/src/main/resources/schemas/apiml-config.json @@ -2,7 +2,7 @@ "$schema": "https://json-schema.org/draft/2019-09/schema", "$id": "https://zowe.org/schemas/v2/apiml-config", "title": "apiml configuration", - "description": "Configuration properties for apiml, as specified within a configuration file such as zowe.yaml", + "description": "Configuration properties for APIML, as specified within a configuration file such as zowe.yaml", "type": "object", "properties": { "port": { @@ -11,7 +11,8 @@ }, "debug": { "type": "boolean", - "description": "Enable debug logs in API ML service" + "description": "Enable debug logs in API ML service", + "default": false }, "heap": { "type": "object", @@ -19,11 +20,13 @@ "properties": { "init": { "type": "integer", - "description": "Initial heap size in MB." + "description": "Initial heap size in MB.", + "default": 32 }, "max": { "type": "integer", - "description": "Maximum heap size in MB." + "description": "Maximum heap size in MB.", + "default": 512 } } }, diff --git a/caching-service-package/src/main/resources/schemas/caching-service-config.json b/caching-service-package/src/main/resources/schemas/caching-service-config.json index 61a1ad9713..b4c5291363 100644 --- a/caching-service-package/src/main/resources/schemas/caching-service-config.json +++ b/caching-service-package/src/main/resources/schemas/caching-service-config.json @@ -2,7 +2,7 @@ "$schema": "https://json-schema.org/draft/2019-09/schema", "$id": "https://zowe.org/schemas/v2/caching-service-config", "title": "caching-service configuration", - "description": "Configuration properties for caching-service, as specified within a configuration file such as zowe.yaml", + "description": "Configuration properties for Caching Service, as specified within a configuration file such as zowe.yaml", "type": "object", "properties": { "port": { @@ -11,7 +11,8 @@ }, "debug": { "type": "boolean", - "description": "Enable debug logs in discovery service" + "description": "Enable debug logs in Caching Service", + "default": false }, "heap": { "type": "object", @@ -19,11 +20,13 @@ "properties": { "init": { "type": "integer", - "description": "Initial heap size in MB." + "description": "Initial heap size in MB.", + "default": 32 }, "max": { "type": "integer", - "description": "Maximum heap size in MB." + "description": "Maximum heap size in MB.", + "default": 512 } } }, @@ -112,6 +115,7 @@ }, "vsam": { "type": "object", + "deprecated": true, "description": "When storage is selected as VSAM", "properties": { "name": { diff --git a/discovery-package/src/main/resources/schemas/discovery-config.json b/discovery-package/src/main/resources/schemas/discovery-config.json index 005c6821a8..236784ba15 100644 --- a/discovery-package/src/main/resources/schemas/discovery-config.json +++ b/discovery-package/src/main/resources/schemas/discovery-config.json @@ -2,7 +2,7 @@ "$schema": "https://json-schema.org/draft/2019-09/schema", "$id": "https://zowe.org/schemas/v2/discovery-config", "title": "discovery configuration", - "description": "Configuration properties for discovery, as specified within a configuration file such as zowe.yaml", + "description": "Configuration properties for Discovery Service, as specified within a configuration file such as zowe.yaml", "type": "object", "properties": { "apiml": { @@ -20,7 +20,8 @@ }, "debug": { "type": "boolean", - "description": "Enable debug logs in discovery service" + "description": "Enable debug logs in Discovery service", + "default": false }, "heap": { "type": "object", @@ -28,11 +29,13 @@ "properties": { "init": { "type": "integer", - "description": "Initial heap size in MB." + "description": "Initial heap size in MB.", + "default": 32 }, "max": { "type": "integer", - "description": "Maximum heap size in MB." + "description": "Maximum heap size in MB.", + "default": 512 } } } diff --git a/gateway-package/src/main/resources/schemas/gateway-config.json b/gateway-package/src/main/resources/schemas/gateway-config.json index afe3a9d340..4d2cd66753 100644 --- a/gateway-package/src/main/resources/schemas/gateway-config.json +++ b/gateway-package/src/main/resources/schemas/gateway-config.json @@ -2,7 +2,7 @@ "$schema": "https://json-schema.org/draft/2019-09/schema", "$id": "https://zowe.org/schemas/v2/gateway-config", "title": "gateway configuration", - "description": "Configuration properties for gateway, as specified within a configuration file such as zowe.yaml", + "description": "Configuration properties for Gateway Service, as specified within a configuration file such as zowe.yaml", "type": "object", "properties": { "port": { @@ -11,7 +11,7 @@ }, "debug": { "type": "boolean", - "description": "Enable debug logs in gateway service", + "description": "Enable debug logs in Gateway service", "default": false }, "sslDebug": { @@ -30,7 +30,7 @@ "max": { "type": "integer", "description": "Maximum heap size in MB.", - "max": 512 + "default": 512 } } }, @@ -491,12 +491,12 @@ "properties": { "maxConnectionsPerRoute": { "type": "integer", - "description": "How many connection should exists for single HTTP client?", + "description": "How many connections should exist for single route?", "default": 100 }, "maxTotalConnections": { "type": "integer", - "description": "How many connection should exists in total?", + "description": "How many connections should exist in total?", "default": 1000 }, "webSocket": { @@ -665,7 +665,7 @@ "tlsType": { "type": "string", "description": "List of supported SSL/TLS protocols", - "enum": ["TLSv1.1", "TLSv1.2", "TLSv1.3", "TLSv1.4"] + "enum": ["TLSv1.2", "TLSv1.3", "TLSv1.4"] } } } diff --git a/zaas-package/src/main/resources/schemas/zaas-config.json b/zaas-package/src/main/resources/schemas/zaas-config.json index 3a8e2e3c70..f66ed0aa95 100644 --- a/zaas-package/src/main/resources/schemas/zaas-config.json +++ b/zaas-package/src/main/resources/schemas/zaas-config.json @@ -2,7 +2,7 @@ "$schema": "https://json-schema.org/draft/2019-09/schema", "$id": "https://zowe.org/schemas/v2/zaas-config", "title": "zaas configuration", - "description": "Configuration properties for zaas, as specified within a configuration file such as zowe.yaml", + "description": "Configuration properties for ZAAS, as specified within a configuration file such as zowe.yaml", "type": "object", "properties": { "port": { @@ -11,7 +11,8 @@ }, "debug": { "type": "boolean", - "description": "Enable debug logs in ZAAS service" + "description": "Enable debug logs in ZAAS service", + "default": false }, "heap": { "type": "object", @@ -19,11 +20,13 @@ "properties": { "init": { "type": "integer", - "description": "Initial heap size in MB." + "description": "Initial heap size in MB.", + "default": 32 }, "max": { "type": "integer", - "description": "Maximum heap size in MB." + "description": "Maximum heap size in MB.", + "default": 512 } } }, @@ -38,7 +41,7 @@ "useInternalMapper": { "type": "boolean", "description": "Enables direct native calls to z/OS to query distributed identity mappings and client certificate mappings. Use only if APIML is running on z/OS.", - "default": false + "default": true }, "auth": { "type": "object", @@ -48,7 +51,7 @@ "type": "string", "description": "Which provider should be used to verify user credentials.", "enum": ["zosmf","saf"], - "default": "zosmf" + "default": "saf" }, "zosmf": { "type": "object", From c785255a96bcc336476f8684c32e07d30d0466dc Mon Sep 17 00:00:00 2001 From: Elena Kubantseva Date: Fri, 16 Jan 2026 17:58:25 +0100 Subject: [PATCH 5/7] Actualize schemas Signed-off-by: Elena Kubantseva --- .../resources/schemas/api-catalog-config.json | 121 ++- apiml-package/src/main/resources/bin/start.sh | 2 +- .../main/resources/schemas/apiml-config.json | 812 +++++++++++++++++- .../schemas/caching-service-config.json | 271 ++++-- .../resources/schemas/discovery-config.json | 83 +- .../src/main/resources/bin/start.sh | 10 +- .../resources/schemas/gateway-config.json | 363 ++++---- zaas-package/src/main/resources/bin/start.sh | 4 +- .../main/resources/schemas/zaas-config.json | 175 +++- 9 files changed, 1554 insertions(+), 287 deletions(-) diff --git a/api-catalog-package/src/main/resources/schemas/api-catalog-config.json b/api-catalog-package/src/main/resources/schemas/api-catalog-config.json index 4df77c1f68..fca34e5ee4 100644 --- a/api-catalog-package/src/main/resources/schemas/api-catalog-config.json +++ b/api-catalog-package/src/main/resources/schemas/api-catalog-config.json @@ -9,6 +9,31 @@ "$ref": "#/$defs/port", "default": 7554 }, + "debug": { + "type": "boolean", + "description": "Enable debug logs in API Catalog", + "default": false + }, + "sslDebug": { + "type": "string", + "description": "Configure attributes fro SSL config, see java property javax.net.debug." + }, + "heap": { + "type": "object", + "description": "Configure JVM parameters for heap size", + "properties": { + "init": { + "type": "integer", + "description": "Initial heap size in MB.", + "default": 32 + }, + "max": { + "type": "integer", + "description": "Maximum heap size in MB.", + "default": 512 + } + } + }, "apiml": { "type": "object", "description": "Zowe API ML specific properties", @@ -17,12 +42,23 @@ "type": "object", "description": "API Catalog customization", "properties": { + "hide": { + "type": "object", + "properties": { + "serviceInfo": { + "type": "boolean", + "description": "Hide the instance URL value of all services registered to the API ML in the API Catalog.", + "default": false + } + } + }, "customStyle": { "type": "object", - "description": "", + "description": "Customization of the logotype and selected style options", "properties": { "logo": { "type": "string", + "pattern": "^.*\\.(svg|png|jpe?g)$", "description": "Location of API Catalog logo" }, "titlesColor": { @@ -47,32 +83,85 @@ }, "docLink": { "type": "string", + "pattern": "^[^|]+\\|https?:\/\/.+$", "description": "Custom link that would be displayed in the top right side of the header" } } } } + }, + "health": { + "type": "object", + "properties": { + "protected": { + "type": "boolean", + "description": "Specifies if the /application/health endpoint is protected or accessible without any credentials.", + "default": true + } + } + }, + "security": { + "type": "object", + "description": "Security configuration of the API Catalog", + "properties": { + "authorization": { + "type": "object", + "description": "Authorization configuration.", + "properties": { + "provider": { + "type": "string", + "enum": ["endpoint", "native", "dummy"], + "default": "native", + "description": "Specifies security provider to be used by the API Catalog." + } + } + } + } } } }, - "debug": { - "type": "boolean", - "description": "Enable debug logs in API Catalog", - "default": false + "server": { + "type": "object", + "description": "Configure API Catalog server properties.", + "properties": { + "ssl": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "To enable SSL/tls layer.", + "default": true + } + } + } + } }, - "heap": { + "spring": { "type": "object", - "description": "Configure JVM parameters for heap size", + "description": "Application framework parameters", "properties": { - "init": { - "type": "integer", - "description": "Initial heap size in MB.", - "default": 32 - }, - "max": { - "type": "integer", - "description": "Maximum heap size in MB.", - "default": 512 + "profiles": { + "type": "object", + "description": "Profiles that can hold multiple configuration parameters.", + "properties": { + "active": { + "type": "string", + "description": "List of the active configuration profiles.", + "pattern": "^[a-zA-Z0-9]+(,[a-zA-Z0-9]+)*$" + } + } + } + } + }, + "logging": { + "type": "string", + "description": "Logging configuration for API Catalog service.", + "properties": { + "config": { + "type": "string", + "description": "Path to custom logback configuration file.", + "minLength": 1, + "maxLength": 1024 } } } diff --git a/apiml-package/src/main/resources/bin/start.sh b/apiml-package/src/main/resources/bin/start.sh index 65bcee4716..fb41541db8 100755 --- a/apiml-package/src/main/resources/bin/start.sh +++ b/apiml-package/src/main/resources/bin/start.sh @@ -408,7 +408,7 @@ _BPX_JOBNAME=${ZWE_zowe_job_prefix}${APIML_CODE} ${JAVA_BIN_DIR}java \ -Dapiml.security.x509.externalMapperUrl=${ZWE_components_gateway_apiml_security_x509_externalMapperUrl:-${ZWE_configs_apiml_security_x509_externalMapperUrl:-"${internalProtocol:-https}://${ZWE_haInstance_hostname:-localhost}:${ZWE_components_gateway_port:-7554}/zss/api/v1/certificate/x509/map"}} \ -Dapiml.security.x509.externalMapperUser=${ZWE_components_gateway_apiml_security_x509_externalMapperUser:-${ZWE_configs_apiml_security_x509_externalMapperUser:-${ZWE_zowe_setup_security_users_zowe:-ZWESVUSR}}} \ -Dapiml.security.x509.registry.allowedUsers=${ZWE_components_gateway_apiml_security_x509_registry_allowedUsers:-${ZWE_configs_apiml_security_x509_registry_allowedUsers:-}} \ - -Dapiml.security.zosmf.applid=${ZWE_components_gateway_apiml_security_zosmf_applid:-${ZWE_configs_apiml_security_zosmf_applid:-IZUDFLT}} \ + -Dapiml.security.zosmf.applid=${ZWE_zosmf_applId:-IZUDFLT} \ -Dapiml.service.allowEncodedSlashes=${ZWE_components_gateway_apiml_service_allowEncodedSlashes:-${ZWE_configs_apiml_service_allowEncodedSlashes:-true}} \ -Dapiml.service.apimlId=${ZWE_components_gateway_apimlId:-${ZWE_configs_apimlId:-}} \ -Dapiml.service.corsEnabled=${ZWE_components_gateway_apiml_service_corsEnabled:-${ZWE_configs_apiml_service_corsEnabled:-false}} \ diff --git a/apiml-package/src/main/resources/schemas/apiml-config.json b/apiml-package/src/main/resources/schemas/apiml-config.json index 37eb8d9408..e6aeb0e170 100644 --- a/apiml-package/src/main/resources/schemas/apiml-config.json +++ b/apiml-package/src/main/resources/schemas/apiml-config.json @@ -14,6 +14,10 @@ "description": "Enable debug logs in API ML service", "default": false }, + "sslDebug": { + "type": "string", + "description": "Configure attributes fro SSL config, see java property javax.net.debug." + }, "heap": { "type": "object", "description": "Configure JVM parameters for heap size", @@ -30,17 +34,699 @@ } } }, + "apiml": { + "type": "object", + "description": "Zowe API ML specific properties", + "properties": { + "catalog": { + "type": "object", + "description": "API Catalog customization", + "properties": { + "hide": { + "type": "object", + "properties": { + "serviceInfo": { + "type": "boolean", + "description": "Hide the instance URL value of all services registered to the API ML in the API Catalog.", + "default": false + } + } + }, + "customStyle": { + "type": "object", + "description": "Customization of the logotype and selected style options", + "properties": { + "logo": { + "type": "string", + "pattern": "^.*\\.(svg|png|jpe?g)$", + "description": "Location of API Catalog logo" + }, + "titlesColor": { + "type": "string", + "description": "Color of the Catalog title labels" + }, + "fontFamily": { + "type": "string", + "description": "Font family used for the UI" + }, + "headerColor": { + "type": "string", + "description": "Header color" + }, + "backgroundColor": { + "type": "string", + "description": "Background color for dashboard and detail page" + }, + "textColor": { + "type": "string", + "description": "Color used for the UI paragraph texts (i.e. service description)" + }, + "docLink": { + "type": "string", + "pattern": "^[^|]+\\|https?:\/\/.+$", + "description": "Custom link that would be displayed in the top right side of the header" + } + } + } + } + }, + "connection": { + "type": "object", + "properties": { + "idleConnectionTimeoutSeconds" : { + "type": "integer", + "description": "Specifies a timeout limit for idle client connections, in seconds.", + "default": 5 + }, + "timeout": { + "type": "integer", + "description": "Specifies a timeout limit for a connection, in milliseconds.", + "default": 60000 + }, + "timeToLive": { + "type": "integer", + "description": "Specifies a timeout limit how long to keep open connection to be reused, in milliseconds.", + "default": 10000 + } + } + }, + "discovery": { + "type": "object", + "properties": { + "serviceIdPrefixReplacer": { + "type": "string", + "description": "A comma separated tuple to replace service ID with new one in API ML registry." + } + } + }, + "gateway": { + "type": "object", + "properties": { + "rateLimiterCapacity":{ + "type": "integer", + "description": "Defines the total number of requests that can be allowed at one time.", + "default": 20 + }, + "rateLimiterTokens":{ + "type": "integer", + "description": "Defines the number of requests that are added to the service’s allowance at regular intervals.", + "default": 20 + }, + "rateLimiterRefillDuration":{ + "type": "integer", + "description": "Sets the time interval (in minutes) at which new requests (or tokens) are added.", + "default": 1 + }, + "servicesToLimitRequestRate":{ + "type": "array", + "description": "Array of services which the rate limiter will be applied to.", + "items": { + "type": "string", + "description": "The name of the service." + } + }, + "servicesToDisableRetry":{ + "type": "array", + "description": "Array of services which the retry filter will be disabled for.", + "items": { + "type": "string", + "description": "The name of the service." + } + }, + "registry": { + "type": "object", + "description": "Gateway configuration of a service registry endpoint.", + "properties": { + "cachePeriodSec": { + "type": "integer", + "description": "Specifies time in seconds to expired of cached data about /registry endpoint.", + "default": 120 + }, + "enabled": { + "type": "boolean", + "description": "Specifies whether the /registry endpoint is enabled.", + "default": false + }, + "maxSimultaneousRequests": { + "type": "integer", + "description": "Specifies amount of parallel connection to obtain information from other APIML instances about services to construct response of /registry endpoint.", + "default": 20 + }, + "metadataKeyAllowList": { + "type": "string", + "description": "Specifies what custom metadata are displayed in the /registry endpoint.", + "pattern": "^[^,]+(,[^,]+)*$" + }, + "refreshIntervalMs": { + "type": "integer", + "description": "Specifies time period in milliseconds for how often to update data in /registry endpoint.", + "default": 30000 + } + } + } + } + }, + "internal": { + "type": "object", + "description": "Single-service specific configuration", + "properties": { + "discovery": { + "type": "object", + "properties": { + "port": { + "$ref": "#/$defs/port", + "default": 7553 + } + } + } + } + }, + "health": { + "type": "object", + "properties": { + "protected": { + "type": "boolean", + "description": "Specifies if the /application/health endpoint is protected or accessible without any credentials.", + "default": true + } + } + }, + "security": { + "type": "object", + "description": "Security configuration of the Gateway", + "properties": { + "useInternalMapper": { + "type": "boolean", + "description": "Enables direct native calls to z/OS to query distributed identity mappings and client certificate mappings. Use only if APIML is running on z/OS.", + "default": true + }, + "auth": { + "type": "object", + "description": "Detail configuration of authentication schemes.", + "properties": { + "jwt": { + "type": "object", + "description": "Detail configuration of zoweJwt scheme.", + "properties": { + "customAuthHeader": { + "type": "string", + "description": "Additional header to set JWT token in case of zoweJwt scheme." + } + } + }, + "passticket": { + "type": "object", + "description": "Detail configuration of httpBasicPassTicket scheme.", + "properties": { + "customAuthHeader": { + "type": "string", + "description": "Additional header to set passticket in case of httpBasicPassTicket scheme." + }, + "customUserHeader": { + "type": "string", + "description": "Additional header to set userId in case of httpBasicPassTicket scheme." + } + } + }, + "provider": { + "type": "string", + "description": "Which provider should be used to verify user credentials.", + "enum": ["zosmf","saf"], + "default": "saf" + }, + "zosmf": { + "type": "object", + "description": "When zosmf is set as authentication provider, this section can be used to provide more details.", + "properties": { + "jwtAutoconfiguration": { + "type": "string", + "description": "Type of the token that is returned from zOSMF after login.", + "enum": ["JWT","jwt","LTPA","ltpa"], + "default": "jwt" + }, + "serviceId": { + "type": "string", + "description": "Service ID of zOSMF from discovery service. Under this ID is zOSMF registered", + "default": "ibmzosmf" + } + } + }, + "uniqueCookie": { + "type": "boolean", + "default": false + } + } + }, + "authorization": { + "type": "object", + "description": "Authorization configuration.", + "properties": { + "endpoint": { + "type": "object", + "description": "Configuration of SAF resource to check authorization via HTTP call.", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable provider based on endpoint. to verify SAF authorization.", + "default": false + }, + "url": { + "type": "string", + "format": "uri", + "pattern": "^(https?):\/\/", + "description": "URL of endpoint to verify SAF resource. Ie. https://<zss hostname>:<zss port>/saf-auth" + } + }, + "allOf": [ + { + "if": { + "properties": { + "enabled": { + "const": true + } + } + }, + "then": { + "required": [ + "url" + ] + } + } + ] + }, + "provider": { + "type": "string", + "enum": ["endpoint", "native", "dummy"], + "default": "native", + "description": "Specifies security provider to be used by the Gateway." + }, + "resourceClass": { + "type": "string", + "description": "zOS resource to verify access.", + "default": "ZOWE" + }, + "resourceNamePrefix": { + "type": "string", + "description": "Prefix of the resource.", + "default": "APIML." + } + }, + "allOf": [ + { + "if": { + "properties": { + "provider": { + "const": "endpoint" + } + } + }, + "then": { + "required": [ + "endpoint" + ] + } + } + ] + }, + "x509": { + "type": "object", + "description": "Client certificate configuration.", + "properties": { + "acceptForwardedCert": { + "type": "boolean", + "description": "To enable accepting client certificate from request header. It is used in domain APIML to accept forwarded client certificate by the caller.", + "default": false + }, + "certificatesUrl": { + "type": "string", + "format": "uri", + "pattern": "^(https?):\/\/", + "description": "URL of the trusted caller to obtain used certificate. Request signed by this certificate are authorized to accept client certificate provided in the header." + }, + "certificatesUrls": { + "type": "string", + "format": "uri", + "pattern": "https?:\/\/[^\\s,]+", + "description": "List of URLs of the trusted callers to obtain used certificate. Request signed by this certificate are authorized to accept client certificate provided in the header." + }, + "enabled": { + "type": "boolean", + "default": false, + "description": "To enable accepting client certificate in the Gateway." + }, + "externalMapperUrl": { + "type": "string", + "format": "uri", + "pattern": "^(https?):\/\/", + "description": "URL of the service where certificate will be mapped to user. ZSS is used if no value is provided." + }, + "externalMapperUser": { + "type": "string", + "description": "User that has permission to do such mapping. Zowe user is used if no value is provided." + }, + "registry": { + "type": "object", + "description": "Security configuration of /registry endpoint.", + "properties": { + "allowedUsers": { + "type": "string", + "pattern": "^[*]?|([a-zA-Z0-9]+(,[a-zA-Z0-9]+)*)$", + "description": "Specifies the comma-separated list of users that are permitted to use /registry endpoints. The user is obtained from the common name in the provided client certificate." + } + } + } + }, + "allOf": [ + { + "if": { + "properties": { + "acceptForwardedCert": { + "const": true + } + } + }, + "then": { + "anyOf": [ + { "required": [ "certificatesUrl" ] }, + { "required": [ "certificatesUrls" ] } + ] + } + } + ] + }, + "oidc": { + "type": "object", + "description": "OIDC configuration.", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable authentication with OIDC token.", + "default": false + }, + "registry": { + "type": "string", + "description": "Registry name." + }, + "identityMapperUrl": { + "type": "string", + "deprecated": true, + "format": "uri", + "pattern": "^(https?):\/\/", + "description": "URL where the Gateway can query the mapping of the distributed user ID to the mainframe user ID. ZSS is used if no value is provided." + }, + "identityMapperUser": { + "type": "string", + "deprecated": true, + "description": "User with access to external user identity mapper specified in identityMapperUrl. Zowe user is used if no value is provided." + }, + "jwks": { + "type": "object", + "description": "JWKS configuration", + "properties": { + "uri": { + "type": "string", + "description": "JWK set URL for OIDC token validation." + }, + "refreshInternalHours": { + "type": "integer", + "description": "How often are JWKs renewed.", + "default": 1 + } + } + }, + "userIdField": { + "type": "string", + "description": "OIDC token field used for user mapping in SAF.", + "default": "sub" + }, + "userInfo": { + "type": "object", + "description": "OIDC user info endpoint configuration.", + "properties": { + "uri": { + "type": "string", + "description": "OIDC user info endpoint URL." + } + } + }, + "validationType": { + "type": "string", + "description": "How OIDC token is validated.", + "enum": ["JWK","endpoint"], + "default": "JWK" + } + } + }, + "allowtokenrefresh": { + "type": "boolean", + "description": "Allow JWT to refresh.", + "default": false + }, + "jwtInitializerTimeout": { + "type": "integer", + "description": "Timeout for initialization of JWT in minutes.", + "default": 5 + }, + "personalAccessToken": { + "type": "object", + "description": "Personal Access Tokens configuration.", + "properties": { + "enabled": { + "type": "boolean", + "description": "To enable Personal Access Tokens.", + "default": false + } + } + }, + "saf": { + "type": "object", + "description": "SAF IDT provider.", + "properties": { + "provider": { + "type": "string", + "description": "Method of communication used by the SAF IDT provider implementation. REST is used if no value is provided.", + "enum": ["rest"], + "default": "rest" + }, + "urls": { + "type": "string", + "description": "URLs of the SAF IDT provider used for the token generation and verification.", + "properties": { + "authenticate": { + "type": "string", + "format": "uri", + "pattern": "^(https?):\/\/", + "description": "URL of the SAF IDT provider used to generate the SAF token on behalf of the specified user." + }, + "verify": { + "type": "string", + "format": "uri", + "pattern": "^(https?):\/\/", + "description": "URL of the SAF IDT provider used to validate the SAF token." + } + } + } + } + }, + "rauditx": { + "type": "object", + "description": "Configuration for issuing SMF records.", + "properties": { + "onOidcUserIsMapped": { + "type": "boolean", + "description": "To enable cutting SMF record on mapping distributed user from OIDC token to mainframe one.", + "default": false + }, + "oidcSourceUserPaths": { + "type": "string", + "description": "Comma separated JSON paths to find source user in the OIDC token to be cut in the SMF record.", + "default": "sub" + } + } + } + } + }, + "service": { + "type": "object", + "description": "General configuration of the Gateway.", + "properties": { + "allowEncodedSlashes": { + "type": "boolean", + "description": "When this parameter is set to true, the Gateway allows encoded characters to be part of URL requests redirected through the Gateway.", + "default": true + }, + "corsEnabled": { + "type": "boolean", + "description": "Allow CORS on gateway.", + "default": false + }, + "corsAllowedMethods": { + "type": "string", + "description": "List of allowed HTTP methods when CORS is enabled.", + "default": "GET,HEAD,POST,PATCH,DELETE,PUT,OPTIONS" + } + } + }, + "storage": { + "type": "object", + "description": "Storage configuration for Caching service", + "properties": { + "evictionStrategy": { + "type": "string", + "description": "Strategy for caching entries eviction.", + "enum": [ + "reject", + "removeOldest" + ], + "default": "reject" + }, + "mode": { + "type": "string", + "description": "Type of storge in caching service.", + "enum": [ + "inMemory", + "VSAM", + "redis", + "infinispan" + ], + "default": "infinispan" + }, + "size": { + "type": "integer", + "description": "The number of records stored before the eviction strategy is initiated", + "default": 10000 + }, + "infinispan": { + "type": "object", + "description": "Use Infinispan as the selected storage solution", + "properties": { + "jgroups": { + "type": "object", + "description": "Data synchronization between Caching instances.", + "properties": { + "port": { + "type": "integer", + "description": "The port number used by Infinispan to synchronize data among caching-service instances.", + "default": 7600 + }, + "host": { + "type": "string", + "description": "The hostname used by Infinispan to synchronize data among caching-service instances.", + "default": "localhost" + }, + "keyExchange": { + "type": "object", + "description": "Data encryption key exchange.", + "properties": { + "port": { + "type": "integer", + "description": "The port number used by Infinispan to exchange encryption key among Caching Service instances.", + "default": 7601 + } + } + }, + "tcp": { + "type": "object", + "description": "TCP stack", + "properties": { + "diag": { + "type": "object", + "description": "Cluster diagnostics", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable diagnostics of infinispan cluster", + "default": false + } + } + } + } + } + } + }, + "initialHosts": { + "type": "string", + "description": "Address of the other Caching services. Consists of jgroups port and host in the form of 'host[port]'.", + "default": "localhost[7600]" + } + } + }, + "vsam": { + "type": "object", + "deprecated": true, + "description": "When storage is selected as VSAM", + "properties": { + "name": { + "type": "string", + "description": "The ZFile filename of created VSAM." + }, + "keyLength": { + "type": "integer", + "description": "The VsamKey length", + "default": 128 + }, + "recordLength": { + "type": "integer", + "description": "The record length.", + "default": 4096 + }, + "encoding": { + "type": "string", + "description": "The character encoding.", + "default": "IBM-1047" + } + } + } + } + } + } + }, "server": { "type": "object", - "description": "Configure API ML server properties.", + "description": "Configure APIML server properties.", "properties": { + "maxConnectionsPerRoute": { + "type": "integer", + "description": "How many connections should exist for single route?", + "default": 100 + }, + "maxTotalConnections": { + "type": "integer", + "description": "How many connections should exist in total?", + "default": 1000 + }, + "webSocket": { + "type": "object", + "description": "Customize websocket server parameters", + "properties": { + "maxIdleTimeout": { + "type": "integer", + "description": "The gateway acts as a server and client. This parameters customizes the default idle timeout for its client role.", + "default": 3600000 + }, + "connectTimeout": { + "type": "integer", + "description": "The gateway acts as a server and client. This parameters customizes the default connect timeout for its client role.", + "default": 45000 + }, + "asyncWriteTimeout": { + "type": "integer", + "description": "The gateway acts as a server and client. This parameters customizes the default async write timeout for its client role.", + "default": 60000 + }, + "requestBufferSize": { + "type": "integer", + "description": "Specifies the buffer size in bytes to load request headers.", + "default": 8192 + } + } + }, "ssl": { "type": "object", - "description": "Network encryption for API ML service connections.", "properties": { "enabled": { "type": "boolean", - "description": "Should API ML use encrypted communication?", + "description": "To enable SSL/tls layer.", "default": true } } @@ -57,9 +743,109 @@ "properties": { "active": { "type": "string", - "description": "List of the active configuration profiles." + "description": "List of the active configuration profiles.", + "pattern": "^[a-zA-Z0-9]+(,[a-zA-Z0-9]+)*$" } } + }, + "security": { + "type": "object", + "description": "Security configuration.", + "properties": { + "oauth2": { + "type": "object", + "description": "OAuth2 configuration values.", + "properties": { + "client": { + "type": "object", + "description": "Configuration of OAuth2 communication.", + "properties": { + "registration": { + "type": "object", + "description": "Provider specific values.", + "patternProperties": { + "^.+$": { + "clientId": { + "type": "string", + "description": "The client identifier." + }, + "clientSecret":{ + "type": "string", + "description": "The client secret." + }, + "redirectUri": { + "type": "string", + "description": "The client’s registered redirect URI that the Authorization Server redirects the end-user’s user-agent to after the end-user has authenticated and authorized access to the client." + }, + "scope": { + "type": "array", + "description": "The scope(s) requested by the client during the Authorization Request flow, such as openid, email, or profile.", + "items": { + "type": "string", + "description": "The scope identifier." + } + } + } + } + }, + "provider": { + "type": "object", + "description": "Provider specific values.", + "patternProperties": { + "^.+$": { + "authorizationUri": { + "type": "string", + "format": "uri", + "pattern": "^(https?)://", + "description": "The Authorization Endpoint URI for the Authorization Server." + }, + "tokenUri": { + "type": "string", + "format": "uri", + "pattern": "^(https?)://", + "description": "The Token Endpoint URI for the Authorization Server." + }, + "userInfoUri": { + "type": "string", + "format": "uri", + "pattern": "^(https?)://", + "description": "The URL of endpoint to obtain details about user by provided token." + }, + "userNameAttribute": { + "type": "string", + "description": "The name of the attribute returned in the UserInfo Response that references the Name or Identifier of the end-user." + }, + "jwkSetUri": { + "type": "string", + "format": "uri", + "pattern": "^(https?)://", + "description": "The URI used to retrieve the JSON Web Key (JWK) Set from the Authorization Server, which contains the cryptographic key(s) used to verify the JSON Web Signature (JWS) of the ID Token and optionally the UserInfo Response." + } + } + } + } + } + } + } + } + } + } + } + }, + "apimlId": { + "type": "string", + "pattern": "^[a-z0-9]{1,64}$", + "description": "Specifies identifier of the domain APIML for routing purpose in the central APIML." + }, + "logging": { + "type": "string", + "description": "Logging configuration for APIML single-service.", + "properties": { + "config": { + "type": "string", + "description": "Path to custom logback configuration file.", + "minLength": 1, + "maxLength": 1024 } } } @@ -70,6 +856,24 @@ "description": "TCP network port", "minimum": 1024, "maximum": 65535 + }, + "routes": { + "type": "array", + "description": "Routing parameters", + "items": { + "type": "object", + "properties": { + "gatewayUrl": { + "type": "string", + "description": "The portion of the gateway URL which is replaced by the serviceUrl path." + }, + "serviceUrl": { + "type": "string", + "description": "The portion of the service instance URL path which replaces the gatewayUrl part." + } + }, + "required": ["gatewayUrl","serviceUrl"] + } } } } diff --git a/caching-service-package/src/main/resources/schemas/caching-service-config.json b/caching-service-package/src/main/resources/schemas/caching-service-config.json index b4c5291363..824e2f9685 100644 --- a/caching-service-package/src/main/resources/schemas/caching-service-config.json +++ b/caching-service-package/src/main/resources/schemas/caching-service-config.json @@ -14,6 +14,10 @@ "description": "Enable debug logs in Caching Service", "default": false }, + "sslDebug": { + "type": "string", + "description": "Configure attributes fro SSL config, see java property javax.net.debug." + }, "heap": { "type": "object", "description": "Configure JVM parameters for heap size", @@ -30,115 +34,192 @@ } } }, + "apiml": { + "type": "object", + "description": "Zowe API ML specific properties.", + "properties": { + "health": { + "type": "object", + "properties": { + "protected": { + "type": "boolean", + "description": "Specifies if the /application/health endpoint is protected or accessible without any credentials.", + "default": true + } + } + } + } + }, "storage": { - "evictionStrategy": { - "type": "string", - "description": "Strategy for caching entries eviction.", - "default": "reject" - }, - "mode": { - "type": "string", - "description": "Type of storge in caching service.", - "enum": ["inMemory","VSAM","redis","infinispan"], - "default": "inMemory" - }, - "size": { - "type": "integer", - "description": "the number of records stored before the eviction strategy is initiated", - "default": 10000 - }, - "infinispan":{ - "type": "object", - "description": "Use Infinispan as the selected storage solution", - "properties": { - "jgroups": { - "type": "object", - "description": "Data synchronization between Caching instances.", - "properties": { - "port": { - "type": "integer", - "description": "TCP port number", - "default": 7600 - }, - "host": { - "type": "string", - "description": "TCP hostname" - }, - "keyExchange": { - "type": "object", - "description": "Data encryption key exchange.", - "properties": { - "port": { - "type": "integer", - "description": "TCP port number", - "default": 7601 + "type": "object", + "description": "Storage configuration for Caching service", + "properties": { + "evictionStrategy": { + "type": "string", + "description": "Strategy for caching entries eviction.", + "enum": [ + "reject", + "removeOldest" + ], + "default": "reject" + }, + "mode": { + "type": "string", + "description": "Type of storge in caching service.", + "enum": [ + "inMemory", + "VSAM", + "redis", + "infinispan" + ], + "default": "inMemory" + }, + "size": { + "type": "integer", + "description": "The number of records stored before the eviction strategy is initiated", + "default": 10000 + }, + "infinispan": { + "type": "object", + "description": "Use Infinispan as the selected storage solution", + "properties": { + "jgroups": { + "type": "object", + "description": "Data synchronization between Caching instances.", + "properties": { + "port": { + "type": "integer", + "description": "The port number used by Infinispan to synchronize data among caching-service instances.", + "default": 7600 + }, + "host": { + "type": "string", + "description": "The hostname used by Infinispan to synchronize data among caching-service instances." + }, + "keyExchange": { + "type": "object", + "description": "Data encryption key exchange.", + "properties": { + "port": { + "type": "integer", + "description": "The port number used by Infinispan to exchange encryption key among Caching Service instances.", + "default": 7601 + } } - } - }, - "tcp": { - "type": "object", - "description": "TCP stack", - "properties": { - "diag": { - "type": "object", - "description": "Cluster diagnostics", - "properties": { - "enabled": { - "type": "boolean", - "description": "Enable diagnostics of infinispan cluster" + }, + "tcp": { + "type": "object", + "description": "TCP stack", + "properties": { + "diag": { + "type": "object", + "description": "Cluster diagnostics", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable diagnostics of infinispan cluster", + "default": false + } } } } } } - } - }, - "persistence": { - "type": "object", - "description": "Where to persistently store caching data.", - "properties": { - "dataLocation": { - "type": "string", - "description": "File location where to store data." - }, - "indexLocation": { - "type": "string", - "description": "File location where to store index." + }, + "persistence": { + "type": "object", + "description": "Where to persistently store caching data.", + "properties": { + "dataLocation": { + "type": "string", + "deprecated": true, + "description": "File location where to store data." + }, + "indexLocation": { + "type": "string", + "deprecated": true, + "description": "File location where to store index." + } } + }, + "initialHosts": { + "type": "string", + "description": "Address of the other Caching services. Consists of jgroups port and host in the form of 'host[port]'." + } + } + }, + "vsam": { + "type": "object", + "deprecated": true, + "description": "When storage is selected as VSAM", + "properties": { + "name": { + "type": "string", + "description": "The ZFile filename of created VSAM." + }, + "keyLength": { + "type": "integer", + "description": "The VsamKey length", + "default": 128 + }, + "recordLength": { + "type": "integer", + "description": "The record length.", + "default": 4096 + }, + "encoding": { + "type": "string", + "description": "The character encoding.", + "default": "IBM-1047" + } + } + } + } + }, + "server": { + "type": "object", + "description": "Configure Caching service server properties.", + "properties": { + "ssl": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "To enable SSL/tls layer.", + "default": true } - }, - "initialHosts": { - "type": "string", - "description": "Address of the other Caching services. Consists of jgroups port and host in the form of 'host[port]'." } } - }, - "vsam": { - "type": "object", - "deprecated": true, - "description": "When storage is selected as VSAM", - "properties": { - "name": { - "type": "string", - "description": "The ZFile filename of created VSAM." - }, - "keyLength": { - "type": "integer", - "description": "The VsamKey length", - "default": 32 - }, - "recordLength": { - "type": "integer", - "description": "The record length.", - "default": 512 - }, - "encoding": { - "type": "string", - "description": "The character encoding.", - "default": "IBM-1047" + } + }, + "spring": { + "type": "object", + "description": "Application framework parameters", + "properties": { + "profiles": { + "type": "object", + "description": "Profiles that can hold multiple configuration parameters.", + "properties": { + "active": { + "type": "string", + "description": "List of the active configuration profiles.", + "pattern": "^[a-zA-Z0-9]+(,[a-zA-Z0-9]+)*$" + } } } } + }, + "logging": { + "type": "string", + "description": "Logging configuration for Caching service.", + "properties": { + "config": { + "type": "string", + "description": "Path to custom logback configuration file.", + "minLength": 1, + "maxLength": 1024 + } + } } }, "$defs": { diff --git a/discovery-package/src/main/resources/schemas/discovery-config.json b/discovery-package/src/main/resources/schemas/discovery-config.json index 236784ba15..96641a80f3 100644 --- a/discovery-package/src/main/resources/schemas/discovery-config.json +++ b/discovery-package/src/main/resources/schemas/discovery-config.json @@ -5,15 +5,6 @@ "description": "Configuration properties for Discovery Service, as specified within a configuration file such as zowe.yaml", "type": "object", "properties": { - "apiml": { - "type": "object", - "properties": { - "serviceIdPrefixReplacer": { - "type": "string", - "description": "A comma separated tuple to replace service ID with new one in API ML registry." - } - } - }, "port": { "$ref": "#/$defs/port", "default": 7552 @@ -23,6 +14,10 @@ "description": "Enable debug logs in Discovery service", "default": false }, + "sslDebug": { + "type": "string", + "description": "Configure attributes fro SSL config, see java property javax.net.debug." + }, "heap": { "type": "object", "description": "Configure JVM parameters for heap size", @@ -38,6 +33,76 @@ "default": 512 } } + }, + "apiml": { + "type": "object", + "description": "Zowe API ML specific properties.", + "properties": { + "discovery": { + "type": "object", + "properties": { + "serviceIdPrefixReplacer": { + "type": "string", + "description": "A comma separated tuple to replace service ID with new one in API ML registry." + } + } + }, + "health": { + "type": "object", + "properties": { + "protected": { + "type": "boolean", + "description": "Specifies if the /application/health endpoint is protected or accessible without any credentials.", + "default": true + } + } + } + } + }, + "server": { + "type": "object", + "description": "Configure Discovery server properties.", + "properties": { + "ssl": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "To enable SSL/tls layer.", + "default": true + } + } + } + } + }, + "spring": { + "type": "object", + "description": "Application framework parameters", + "properties": { + "profiles": { + "type": "object", + "description": "Profiles that can hold multiple configuration parameters.", + "properties": { + "active": { + "type": "string", + "description": "List of the active configuration profiles.", + "pattern": "^[a-zA-Z0-9]+(,[a-zA-Z0-9]+)*$" + } + } + } + } + }, + "logging": { + "type": "string", + "description": "Logging configuration for Discovery service.", + "properties": { + "config": { + "type": "string", + "description": "Path to custom logback configuration file.", + "minLength": 1, + "maxLength": 1024 + } + } } }, "$defs": { diff --git a/gateway-package/src/main/resources/bin/start.sh b/gateway-package/src/main/resources/bin/start.sh index a08c5b5c3a..df414e62e9 100755 --- a/gateway-package/src/main/resources/bin/start.sh +++ b/gateway-package/src/main/resources/bin/start.sh @@ -42,7 +42,6 @@ # - ZWE_configs_apiml_connection_idleConnectionTimeoutSeconds # - ZWE_configs_apiml_connection_timeToLive # - ZWE_configs_apiml_health_protected -# - ZWE_configs_apiml_service_forwardClientCertEnabled # - ZWE_configs_apiml_security_auth_jwt_customAuthHeader # - ZWE_configs_apiml_security_auth_passticket_customUserHeader # - ZWE_configs_apiml_security_auth_passticket_customAuthHeader @@ -55,6 +54,7 @@ # - ZWE_configs_apiml_security_x509_registry_allowedUsers # - ZWE_configs_apiml_service_allowEncodedSlashes # - ZWE_configs_apiml_service_corsEnabled +# - ZWE_configs_apiml_service_corsAllowedMethods # - ZWE_configs_apiml_gateway_registry_enabled # - ZWE_configs_apiml_gateway_registry_cachePeriodSec # - ZWE_configs_apiml_gateway_registry_maxSimultaneousRequests @@ -311,13 +311,13 @@ _BPX_JOBNAME=${ZWE_zowe_job_prefix}${GATEWAY_CODE} ${JAVA_BIN_DIR}java \ -Dapiml.connection.timeToLive=${ZWE_configs_apiml_connection_timeToLive:-10000} \ -Dapiml.gateway.cachePeriodSec=${ZWE_configs_apiml_gateway_registry_cachePeriodSec:-120} \ -Dapiml.gateway.cookieNameForRateLimit=${cookieName:-apimlAuthenticationToken} \ - -Dapiml.gateway.maxSimultaneousRequests=${ZWE_configs_gateway_registry_maxSimultaneousRequests:-20} \ + -Dapiml.gateway.maxSimultaneousRequests=${ZWE_configs_apiml_gateway_registry_maxSimultaneousRequests:-20} \ -Dapiml.gateway.rateLimiterCapacity=${ZWE_configs_apiml_gateway_rateLimiterCapacity:-20} \ -Dapiml.gateway.rateLimiterRefillDuration=${ZWE_configs_apiml_gateway_rateLimiterRefillDuration:-1} \ -Dapiml.gateway.rateLimiterTokens=${ZWE_configs_apiml_gateway_rateLimiterTokens:-20} \ - -Dapiml.gateway.refresh-interval-ms=${ZWE_configs_gateway_registry_refreshIntervalMs:-30000} \ + -Dapiml.gateway.refresh-interval-ms=${ZWE_configs_apiml_gateway_registry_refreshIntervalMs:-30000} \ -Dapiml.gateway.registry.enabled=${ZWE_configs_apiml_gateway_registry_enabled:-false} \ - -Dapiml.gateway.registry.metadata-key-allow-list=${ZWE_configs_gateway_registry_metadataKeyAllowList:-} \ + -Dapiml.gateway.registry.metadata-key-allow-list=${ZWE_configs_apiml_gateway_registry_metadataKeyAllowList:-} \ -Dapiml.gateway.servicesToLimitRequestRate=${ZWE_configs_apiml_gateway_servicesToLimitRequestRate:-} \ -Dapiml.gateway.servicesToDisableRetry=${ZWE_configs_apiml_gateway_servicesToDisableRetry:-} \ -Dapiml.health.protected=${ZWE_configs_apiml_health_protected:-true} \ @@ -328,7 +328,7 @@ _BPX_JOBNAME=${ZWE_zowe_job_prefix}${GATEWAY_CODE} ${JAVA_BIN_DIR}java \ -Dapiml.security.auth.passticket.customAuthHeader=${ZWE_configs_apiml_security_auth_passticket_customAuthHeader:-} \ -Dapiml.security.auth.passticket.customUserHeader=${ZWE_configs_apiml_security_auth_passticket_customUserHeader:-} \ -Dapiml.security.authorization.endpoint.enabled=${ZWE_configs_apiml_security_authorization_endpoint_enabled:-false} \ - -Dapiml.security.authorization.endpoint.url=${ZWE_configs_apiml_security_authorization_endpoint_url:-${ZWE_components_gateway_apiml_security_authorization_endpoint_url:-"${internalProtocol:-https}://${ZWE_haInstance_hostname:-localhost}:${ZWE_components_gateway_port:-7554}/zss/api/v1/saf-auth"}} \ + -Dapiml.security.authorization.endpoint.url=${ZWE_configs_apiml_security_authorization_endpoint_url:-"${internalProtocol:-https}://${ZWE_haInstance_hostname:-localhost}:${ZWE_components_gateway_port:-7554}/zss/api/v1/saf-auth"} \ -Dapiml.security.authorization.provider=${ZWE_configs_apiml_security_authorization_provider:-"native"} \ -Dapiml.security.forwardHeader.trustedProxies=${ZWE_configs_apiml_security_forwardHeader_trustedProxies:-} \ -Dapiml.security.ssl.nonStrictVerifySslCertificatesOfServices=${nonStrictVerifySslCertificatesOfServices:-false} \ diff --git a/gateway-package/src/main/resources/schemas/gateway-config.json b/gateway-package/src/main/resources/schemas/gateway-config.json index 4d2cd66753..5f297593d1 100644 --- a/gateway-package/src/main/resources/schemas/gateway-config.json +++ b/gateway-package/src/main/resources/schemas/gateway-config.json @@ -39,104 +39,6 @@ "pattern": "^[a-z0-9]{1,64}$", "description": "Specifies identifier of the domain gateway for routing purpose in the central Gateway." }, - "certificate": { - "type": "object", - "description": "Network encryption for gateway service connections.", - "properties": { - "enabled": { - "type": "boolean", - "description": "Should gateway use encrypted communication?", - "default": true - }, - "keystore": { - "type": "object", - "properties": { - "alias": { - "type": "string", - "description": "Specifies the alias used to address the private key in the keystore." - }, - "key": { - "type": "object", - "properties": { - "password": { - "type": "string", - "description": "Specifies the password associated with the private key." - } - } - }, - "file": { - "type": "string", - "description": "Specifies the keystore file used to store the private key. When using keyring, the value should be set to the SAF keyring location. For information about required certificates." - }, - "password": { - "type": "string", - "description": "Specifies the password used to unlock the keystore." - }, - "type": { - "type": "string", - "pattern": "^((PKCS12)|(JCE.*RACFKS))$", - "description": "Specifies the type of the keystore.", - "default": "PKCS12" - } - }, - "allOf": [ - { - "if": { - "properties": { - "type": { - "pattern": "^JCE.*RACFKS$" - } - } - }, - "then": { - "properties": { - "file": { - "pattern": "^safkeyring[^:]*://" - } - } - } - } - ] - }, - "truststore": { - "type": "object", - "properties": { - "file": { - "type": "string", - "description": "Specifies the truststore file used to keep other parties public keys and certificates. When using keyring, this value should be set to the SAF keyring location. For information about required certificates." - }, - "password": { - "type": "string", - "description": "Specifies the password used to unlock the truststore." - }, - "type": { - "type": "string", - "pattern": "^((PKCS12)|(JCE.*RACFKS))$", - "description": "Specifies the truststore type. The default for this parameter is PKCS12.", - "default": "PKCS12" - } - }, - "allOf": [ - { - "if": { - "properties": { - "type": { - "pattern": "^JCE.*RACFKS$" - } - } - }, - "then": { - "properties": { - "file": { - "pattern": "^safkeyring[^:]*://" - } - } - } - } - ] - } - } - }, "apiml": { "type": "object", "description": "Zowe API ML specific properties.", @@ -157,46 +59,42 @@ "timeToLive": { "type": "integer", "description": "Specifies a timeout limit how long to keep open connection to be reused, in milliseconds.", - "default": 60000 + "default": 10000 } } }, "gateway": { "type": "object", "properties": { - "routing": { - "properties": { - "rateLimiterCapacity":{ - "type": "integer", - "description": "Defines the total number of requests that can be allowed at one time.", - "default": 20 - }, - "rateLimiterTokens":{ - "type": "integer", - "description": "Defines the number of requests that are added to the service’s allowance at regular intervals.", - "default": 20 - }, - "rateLimiterRefillDuration":{ - "type": "integer", - "description": "Sets the time interval (in minutes) at which new requests (or tokens) are added.", - "default": 1 - }, - "servicesToLimitRequestRate":{ - "type": "array", - "description": "Array of services which the rate limiter will be applied to.", - "items": { - "type": "string", - "description": "The name of the service." - } - }, - "servicesToDisableRetry":{ - "type": "array", - "description": "Array of services which the retry filter will be disabled for.", - "items": { - "type": "string", - "description": "The name of the service." - } - } + "rateLimiterCapacity":{ + "type": "integer", + "description": "Defines the total number of requests that can be allowed at one time.", + "default": 20 + }, + "rateLimiterTokens":{ + "type": "integer", + "description": "Defines the number of requests that are added to the service’s allowance at regular intervals.", + "default": 20 + }, + "rateLimiterRefillDuration":{ + "type": "integer", + "description": "Sets the time interval (in minutes) at which new requests (or tokens) are added.", + "default": 1 + }, + "servicesToLimitRequestRate":{ + "type": "array", + "description": "Array of services which the rate limiter will be applied to.", + "items": { + "type": "string", + "description": "The name of the service." + } + }, + "servicesToDisableRetry":{ + "type": "array", + "description": "Array of services which the retry filter will be disabled for.", + "items": { + "type": "string", + "description": "The name of the service." } }, "registry": { @@ -246,6 +144,11 @@ "type": "object", "description": "Security configuration of the Gateway", "properties": { + "useInternalMapper": { + "type": "boolean", + "description": "Enables direct native calls to z/OS to query distributed identity mappings and client certificate mappings. Use only if APIML is running on z/OS.", + "default": true + }, "auth": { "type": "object", "description": "Detail configuration of authentication schemes.", @@ -274,6 +177,29 @@ } } }, + "provider": { + "type": "string", + "description": "Which provider should be used to verify user credentials.", + "enum": ["zosmf","saf"], + "default": "saf" + }, + "zosmf": { + "type": "object", + "description": "When zosmf is set as authentication provider, this section can be used to provide more details.", + "properties": { + "jwtAutoconfiguration": { + "type": "string", + "description": "Type of the token that is returned from zOSMF after login.", + "enum": ["JWT","jwt","LTPA","ltpa"], + "default": "jwt" + }, + "serviceId": { + "type": "string", + "description": "Service ID of zOSMF from discovery service. Under this ID is zOSMF registered", + "default": "ibmzosmf" + } + } + }, "uniqueCookie": { "type": "boolean", "default": false @@ -296,7 +222,7 @@ "url": { "type": "string", "format": "uri", - "pattern": "^(https?)://", + "pattern": "^(https?):\/\/", "description": "URL of endpoint to verify SAF resource. Ie. https://<zss hostname>:<zss port>/saf-auth" } }, @@ -322,6 +248,16 @@ "enum": ["endpoint", "native", "dummy"], "default": "native", "description": "Specifies security provider to be used by the Gateway." + }, + "resourceClass": { + "type": "string", + "description": "zOS resource to verify access.", + "default": "ZOWE" + }, + "resourceNamePrefix": { + "type": "string", + "description": "Prefix of the resource.", + "default": "APIML." } }, "allOf": [ @@ -341,6 +277,16 @@ } ] }, + "forwardHeader": { + "type": "object", + "description": "Forward header configuration.", + "properties": { + "trustedProxies": { + "type": "string", + "description": "IP address regular expression pattern used to identify trusted proxies from which X-Forwarded-* headers are accepted and forwarded." + } + } + }, "x509": { "type": "object", "description": "Client certificate configuration.", @@ -353,14 +299,30 @@ "certificatesUrl": { "type": "string", "format": "uri", - "pattern": "^(https?)://", + "pattern": "^(https?):\/\/", "description": "URL of the trusted caller to obtain used certificate. Request signed by this certificate are authorized to accept client certificate provided in the header." }, + "certificatesUrls": { + "type": "string", + "format": "uri", + "pattern": "https?:\/\/[^\\s,]+", + "description": "List of URLs of the trusted callers to obtain used certificate. Request signed by this certificate are authorized to accept client certificate provided in the header." + }, "enabled": { "type": "boolean", "default": false, "description": "To enable accepting client certificate in the Gateway." }, + "externalMapperUrl": { + "type": "string", + "format": "uri", + "pattern": "^(https?):\/\/", + "description": "URL of the service where certificate will be mapped to user. ZSS is used if no value is provided." + }, + "externalMapperUser": { + "type": "string", + "description": "User that has permission to do such mapping. Zowe user is used if no value is provided." + }, "registry": { "type": "object", "description": "Security configuration of /registry endpoint.", @@ -383,8 +345,9 @@ } }, "then": { - "required": [ - "certificatesUrl" + "anyOf": [ + { "required": [ "certificatesUrl" ] }, + { "required": [ "certificatesUrls" ] } ] } } @@ -403,6 +366,18 @@ "type": "string", "description": "Registry name." }, + "identityMapperUrl": { + "type": "string", + "deprecated": true, + "format": "uri", + "pattern": "^(https?):\/\/", + "description": "URL where the Gateway can query the mapping of the distributed user ID to the mainframe user ID. ZSS is used if no value is provided." + }, + "identityMapperUser": { + "type": "string", + "deprecated": true, + "description": "User with access to external user identity mapper specified in identityMapperUrl. Zowe user is used if no value is provided." + }, "jwks": { "type": "object", "description": "JWKS configuration", @@ -418,9 +393,14 @@ } } }, + "userIdField": { + "type": "string", + "description": "OIDC token field used for user mapping in SAF.", + "default": "sub" + }, "userInfo": { "type": "object", - "description": "OIDC user info endpoint configuration", + "description": "OIDC user info endpoint configuration.", "properties": { "uri": { "type": "string", @@ -440,6 +420,68 @@ "type": "boolean", "description": "Allow JWT to refresh.", "default": false + }, + "jwtInitializerTimeout": { + "type": "integer", + "description": "Timeout for initialization of JWT in minutes.", + "default": 5 + }, + "personalAccessToken": { + "type": "object", + "description": "Personal Access Tokens configuration.", + "properties": { + "enabled": { + "type": "boolean", + "description": "To enable Personal Access Tokens.", + "default": false + } + } + }, + "saf": { + "type": "object", + "description": "SAF IDT provider.", + "properties": { + "provider": { + "type": "string", + "description": "Method of communication used by the SAF IDT provider implementation. REST is used if no value is provided.", + "enum": ["rest"], + "default": "rest" + }, + "urls": { + "type": "string", + "description": "URLs of the SAF IDT provider used for the token generation and verification.", + "properties": { + "authenticate": { + "type": "string", + "format": "uri", + "pattern": "^(https?):\/\/", + "description": "URL of the SAF IDT provider used to generate the SAF token on behalf of the specified user." + }, + "verify": { + "type": "string", + "format": "uri", + "pattern": "^(https?):\/\/", + "description": "URL of the SAF IDT provider used to validate the SAF token." + } + } + } + } + }, + "rauditx": { + "type": "object", + "description": "Configuration for issuing SMF records.", + "properties": { + "onOidcUserIsMapped": { + "type": "boolean", + "description": "To enable cutting SMF record on mapping distributed user from OIDC token to mainframe one.", + "default": false + }, + "oidcSourceUserPaths": { + "type": "string", + "description": "Comma separated JSON paths to find source user in the OIDC token to be cut in the SMF record.", + "default": "sub" + } + } } } }, @@ -476,10 +518,32 @@ "description": "Allow CORS on gateway.", "default": false }, - "forwardClientCertEnabled": { - "type": "boolean", - "description": "Enable forwarding client certificate to the next service or APIML.", - "default": false + "corsAllowedMethods": { + "type": "string", + "description": "List of allowed HTTP methods when CORS is enabled.", + "default": "GET,HEAD,POST,PATCH,DELETE,PUT,OPTIONS" + } + } + }, + "httpclient" : { + "type": "object", + "description": "HTTP client network settings", + "properties": { + "ssl": { + "type": "object", + "description": "SSL/TLS configuration for HTTP client", + "properties": { + "enabled": { + "type": "object", + "properties": { + "protocols": { + "type": "string", + "description": "List of enabled SSL/TLS protocols.", + "pattern": "^TLSv\\d+(\\.\\d+)?(,TLSv\\d+(\\.\\d+)?)*$" + } + } + } + } } } } @@ -635,6 +699,18 @@ } } } + }, + "logging": { + "type": "string", + "description": "Logging configuration for Gateway service.", + "properties": { + "config": { + "type": "string", + "description": "Path to custom logback configuration file.", + "minLength": 1, + "maxLength": 1024 + } + } } }, "$defs": { @@ -661,11 +737,6 @@ }, "required": ["gatewayUrl","serviceUrl"] } - }, - "tlsType": { - "type": "string", - "description": "List of supported SSL/TLS protocols", - "enum": ["TLSv1.2", "TLSv1.3", "TLSv1.4"] } } } diff --git a/zaas-package/src/main/resources/bin/start.sh b/zaas-package/src/main/resources/bin/start.sh index 7d3b884cb0..577e288685 100755 --- a/zaas-package/src/main/resources/bin/start.sh +++ b/zaas-package/src/main/resources/bin/start.sh @@ -45,7 +45,7 @@ # - ZWE_configs_apiml_security_x509_externalMapperUser # - ZWE_configs_apiml_security_x509_acceptForwardedCert # - ZWE_configs_apiml_security_x509_certificatesUrl -# - ZWE_configs_apiml_security_zosmf_applid +# - ZWE_zosmf_applId # - ZWE_configs_apiml_security_oidc_enabled # - ZWE_configs_apiml_security_oidc_clientId # - ZWE_configs_apiml_security_oidc_clientSecret @@ -378,7 +378,7 @@ _BPX_JOBNAME=${ZWE_zowe_job_prefix}${ZAAS_CODE} ${JAVA_BIN_DIR}java \ -Dapiml.security.saf.urls.verify=${ZWE_configs_apiml_security_saf_urls_verify:-${ZWE_components_gateway_apiml_security_saf_urls_verify:-"${internalProtocol:-https}://${ZWE_haInstance_hostname:-localhost}:${ZWE_components_gateway_port:-7554}/zss/api/v1/saf/verify"}} \ -Dapiml.security.authorization.resourceClass=${ZWE_configs_apiml_security_authorization_resourceClass:-${ZWE_components_gateway_apiml_security_authorization_resourceClass:-ZOWE}} \ -Dapiml.security.authorization.resourceNamePrefix=${ZWE_configs_apiml_security_authorization_resourceNamePrefix:-${ZWE_components_gateway_apiml_security_authorization_resourceNamePrefix:-APIML.}} \ - -Dapiml.security.zosmf.applid=${ZWE_configs_apiml_security_zosmf_applid:-${ZWE_components_gateway_apiml_security_zosmf_applid:-IZUDFLT}} \ + -Dapiml.security.zosmf.applid=${ZWE_zosmf_applId:-IZUDFLT} \ -Dapiml.security.oidc.enabled=${ZWE_configs_apiml_security_oidc_enabled:-${ZWE_components_gateway_apiml_security_oidc_enabled:-false}} \ -Dapiml.security.oidc.registry=${ZWE_configs_apiml_security_oidc_registry:-${ZWE_components_gateway_apiml_security_oidc_registry:-}} \ -Dapiml.security.oidc.identityMapperUrl=${ZWE_configs_apiml_security_oidc_identityMapperUrl:-${ZWE_components_gateway_apiml_security_oidc_identityMapperUrl:-"${internalProtocol:-https}://${ZWE_haInstance_hostname:-localhost}:${ZWE_components_gateway_port:-7554}/zss/api/v1/certificate/dn"}} \ diff --git a/zaas-package/src/main/resources/schemas/zaas-config.json b/zaas-package/src/main/resources/schemas/zaas-config.json index f66ed0aa95..ad5e6889c4 100644 --- a/zaas-package/src/main/resources/schemas/zaas-config.json +++ b/zaas-package/src/main/resources/schemas/zaas-config.json @@ -14,6 +14,10 @@ "description": "Enable debug logs in ZAAS service", "default": false }, + "sslDebug": { + "type": "string", + "description": "Configure attributes fro SSL config, see java property javax.net.debug." + }, "heap": { "type": "object", "description": "Configure JVM parameters for heap size", @@ -34,6 +38,36 @@ "type": "object", "description": "Zowe API ML specific properties.", "properties": { + "connection": { + "type": "object", + "properties": { + "idleConnectionTimeoutSeconds" : { + "type": "integer", + "description": "Specifies a timeout limit for idle client connections, in seconds.", + "default": 5 + }, + "timeout": { + "type": "integer", + "description": "Specifies a timeout limit for a connection, in milliseconds.", + "default": 60000 + }, + "timeToLive": { + "type": "integer", + "description": "Specifies a timeout limit how long to keep open connection to be reused, in milliseconds.", + "default": 60000 + } + } + }, + "health": { + "type": "object", + "properties": { + "protected": { + "type": "boolean", + "description": "Specifies if the /application/health endpoint is protected or accessible without any credentials.", + "default": true + } + } + }, "security": { "type": "object", "description": "Authentication and authorization options", @@ -58,6 +92,7 @@ "description": "When zosmf is set as authentication provider, this section can be used to provide more details.", "properties": { "jwtAutoconfiguration": { + "deprecated": true, "type": "string", "description": "Type of the token that is returned from zOSMF after login.", "enum": ["JWT","jwt","LTPA","ltpa"], @@ -66,9 +101,13 @@ "serviceId": { "type": "string", "description": "Service ID of zOSMF from discovery service. Under this ID is zOSMF registered", - "default": "zosmf" + "default": "ibmzosmf" } } + }, + "uniqueCookie": { + "type": "boolean", + "default": false } } }, @@ -79,7 +118,8 @@ "provider": { "type": "string", "description": "Which provider will be used to validate access authorization.", - "enum": ["endpoint","native","dummy"] + "enum": ["endpoint","native","dummy"], + "default": "native" }, "endpoint": { "type": "object", @@ -117,14 +157,17 @@ "description": "Enable if client certificate should be considered as a source of authentication.", "default": false }, - "acceptForwardedCert": { - "type": "boolean", - "description": "Enable if the the Client Certificate forwarded in a dedicated header should be accepted", - "default": false - }, "certificatesUrl": { "type": "string", - "description": "URL of the Central ZAAS and its endpoint where it provides its public certificates." + "format": "uri", + "pattern": "^(https?):\/\/", + "description": "URL of the trusted caller to obtain used certificate. Request signed by this certificate are authorized to accept client certificate provided in the header." + }, + "certificatesUrls": { + "type": "string", + "format": "uri", + "pattern": "https?:\/\/[^\\s,]+", + "description": "List of URLs of the trusted callers to obtain used certificate. Request signed by this certificate are authorized to accept client certificate provided in the header." }, "externalMapperUrl": { "type": "string", @@ -134,6 +177,107 @@ "type": "string", "description": "User that has permission to do such mapping. Zowe user is used if no value is provided." } + }, + "allOf": [ + { + "if": { + "properties": { + "enabled": { + "const": true + } + } + }, + "then": { + "anyOf": [ + { "required": [ "certificatesUrl" ] }, + { "required": [ "certificatesUrls" ] } + ] + } + } + ] + }, + "oidc": { + "type": "object", + "description": "OIDC configuration.", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable authentication with OIDC token.", + "default": false + }, + "registry": { + "type": "string", + "description": "Registry name." + }, + "identityMapperUrl": { + "type": "string", + "deprecated": true, + "format": "uri", + "pattern": "^(https?):\/\/", + "description": "URL where the Gateway can query the mapping of the distributed user ID to the mainframe user ID. ZSS is used if no value is provided." + }, + "identityMapperUser": { + "type": "string", + "deprecated": true, + "description": "User with access to external user identity mapper specified in identityMapperUrl. Zowe user is used if no value is provided." + }, + "jwks": { + "type": "object", + "description": "JWKS configuration", + "properties": { + "uri": { + "type": "string", + "description": "JWK set URL for OIDC token validation." + }, + "refreshInternalHours": { + "type": "integer", + "description": "How often are JWKs renewed.", + "default": 1 + } + } + }, + "userIdField": { + "type": "string", + "description": "OIDC token field used for user mapping in SAF.", + "default": "sub" + }, + "userInfo": { + "type": "object", + "description": "OIDC user info endpoint configuration.", + "properties": { + "uri": { + "type": "string", + "description": "OIDC user info endpoint URL." + } + } + }, + "validationType": { + "type": "string", + "description": "How OIDC token is validated.", + "enum": ["JWK","endpoint"], + "default": "JWK" + } + } + }, + "allowtokenrefresh": { + "type": "boolean", + "description": "Allow JWT to refresh.", + "default": false + }, + "jwtInitializerTimeout": { + "type": "integer", + "description": "Timeout for initialization of JWT in minutes.", + "default": 5 + }, + "personalAccessToken": { + "type": "object", + "description": "Personal Access Tokens configuration.", + "properties": { + "enabled": { + "type": "boolean", + "description": "To enable Personal Access Tokens.", + "default": false + } } }, "saf": { @@ -194,11 +338,24 @@ "properties": { "active": { "type": "string", - "description": "List of the active configuration profiles." + "description": "List of the active configuration profiles.", + "pattern": "^[a-zA-Z0-9]+(,[a-zA-Z0-9]+)*$" } } } } + }, + "logging": { + "type": "string", + "description": "Logging configuration for Gateway service.", + "properties": { + "config": { + "type": "string", + "description": "Path to custom logback configuration file.", + "minLength": 1, + "maxLength": 1024 + } + } } }, "$defs": { From d4e6ea31d352fb41db0ff6ec84a19adccf5f60ff Mon Sep 17 00:00:00 2001 From: Elena Kubantseva Date: Tue, 3 Feb 2026 17:13:46 +0100 Subject: [PATCH 6/7] addressed comments Signed-off-by: Elena Kubantseva --- .../src/main/resources/schemas/api-catalog-config.json | 2 +- apiml-package/src/main/resources/schemas/apiml-config.json | 3 +-- .../src/main/resources/schemas/caching-service-config.json | 2 +- .../src/main/resources/schemas/discovery-config.json | 6 +++--- .../src/main/resources/schemas/gateway-config.json | 4 ++-- zaas-package/src/main/resources/schemas/zaas-config.json | 2 +- 6 files changed, 9 insertions(+), 10 deletions(-) diff --git a/api-catalog-package/src/main/resources/schemas/api-catalog-config.json b/api-catalog-package/src/main/resources/schemas/api-catalog-config.json index fca34e5ee4..2ec7d4ab6b 100644 --- a/api-catalog-package/src/main/resources/schemas/api-catalog-config.json +++ b/api-catalog-package/src/main/resources/schemas/api-catalog-config.json @@ -16,7 +16,7 @@ }, "sslDebug": { "type": "string", - "description": "Configure attributes fro SSL config, see java property javax.net.debug." + "description": "Configure attributes for SSL config, see java property javax.net.debug." }, "heap": { "type": "object", diff --git a/apiml-package/src/main/resources/schemas/apiml-config.json b/apiml-package/src/main/resources/schemas/apiml-config.json index e6aeb0e170..4949de52fb 100644 --- a/apiml-package/src/main/resources/schemas/apiml-config.json +++ b/apiml-package/src/main/resources/schemas/apiml-config.json @@ -16,7 +16,7 @@ }, "sslDebug": { "type": "string", - "description": "Configure attributes fro SSL config, see java property javax.net.debug." + "description": "Configure attributes for SSL config, see java property javax.net.debug." }, "heap": { "type": "object", @@ -505,7 +505,6 @@ "provider": { "type": "string", "description": "Method of communication used by the SAF IDT provider implementation. REST is used if no value is provided.", - "enum": ["rest"], "default": "rest" }, "urls": { diff --git a/caching-service-package/src/main/resources/schemas/caching-service-config.json b/caching-service-package/src/main/resources/schemas/caching-service-config.json index 824e2f9685..647281ec28 100644 --- a/caching-service-package/src/main/resources/schemas/caching-service-config.json +++ b/caching-service-package/src/main/resources/schemas/caching-service-config.json @@ -16,7 +16,7 @@ }, "sslDebug": { "type": "string", - "description": "Configure attributes fro SSL config, see java property javax.net.debug." + "description": "Configure attributes for SSL config, see java property javax.net.debug." }, "heap": { "type": "object", diff --git a/discovery-package/src/main/resources/schemas/discovery-config.json b/discovery-package/src/main/resources/schemas/discovery-config.json index 96641a80f3..c7e0e70bcf 100644 --- a/discovery-package/src/main/resources/schemas/discovery-config.json +++ b/discovery-package/src/main/resources/schemas/discovery-config.json @@ -7,7 +7,7 @@ "properties": { "port": { "$ref": "#/$defs/port", - "default": 7552 + "default": 7553 }, "debug": { "type": "boolean", @@ -16,7 +16,7 @@ }, "sslDebug": { "type": "string", - "description": "Configure attributes fro SSL config, see java property javax.net.debug." + "description": "Configure attributes for SSL config, see java property javax.net.debug." }, "heap": { "type": "object", @@ -68,7 +68,7 @@ "properties": { "enabled": { "type": "boolean", - "description": "To enable SSL/tls layer.", + "description": "To enable SSL/TLS layer.", "default": true } } diff --git a/gateway-package/src/main/resources/schemas/gateway-config.json b/gateway-package/src/main/resources/schemas/gateway-config.json index 5f297593d1..790d6c2d63 100644 --- a/gateway-package/src/main/resources/schemas/gateway-config.json +++ b/gateway-package/src/main/resources/schemas/gateway-config.json @@ -7,7 +7,7 @@ "properties": { "port": { "$ref": "#/$defs/port", - "default": 7553 + "default": 7554 }, "debug": { "type": "boolean", @@ -16,7 +16,7 @@ }, "sslDebug": { "type": "string", - "description": "Configure attributes fro SSL config, see java property javax.net.debug." + "description": "Configure attributes for SSL config, see java property javax.net.debug." }, "heap": { "type": "object", diff --git a/zaas-package/src/main/resources/schemas/zaas-config.json b/zaas-package/src/main/resources/schemas/zaas-config.json index ad5e6889c4..c707adf603 100644 --- a/zaas-package/src/main/resources/schemas/zaas-config.json +++ b/zaas-package/src/main/resources/schemas/zaas-config.json @@ -16,7 +16,7 @@ }, "sslDebug": { "type": "string", - "description": "Configure attributes fro SSL config, see java property javax.net.debug." + "description": "Configure attributes for SSL config, see java property javax.net.debug." }, "heap": { "type": "object", From 229d534e5a449e7a4e304f587adbdf84f532f6fc Mon Sep 17 00:00:00 2001 From: Elena Kubantseva Date: Thu, 5 Feb 2026 16:49:23 +0100 Subject: [PATCH 7/7] deprecate certificatesUrl Signed-off-by: Elena Kubantseva --- apiml-package/src/main/resources/schemas/apiml-config.json | 1 + gateway-package/src/main/resources/schemas/gateway-config.json | 1 + zaas-package/src/main/resources/schemas/zaas-config.json | 1 + 3 files changed, 3 insertions(+) diff --git a/apiml-package/src/main/resources/schemas/apiml-config.json b/apiml-package/src/main/resources/schemas/apiml-config.json index 4949de52fb..94eeed963a 100644 --- a/apiml-package/src/main/resources/schemas/apiml-config.json +++ b/apiml-package/src/main/resources/schemas/apiml-config.json @@ -359,6 +359,7 @@ }, "certificatesUrl": { "type": "string", + "deprecated": true, "format": "uri", "pattern": "^(https?):\/\/", "description": "URL of the trusted caller to obtain used certificate. Request signed by this certificate are authorized to accept client certificate provided in the header." diff --git a/gateway-package/src/main/resources/schemas/gateway-config.json b/gateway-package/src/main/resources/schemas/gateway-config.json index 790d6c2d63..457ac60cff 100644 --- a/gateway-package/src/main/resources/schemas/gateway-config.json +++ b/gateway-package/src/main/resources/schemas/gateway-config.json @@ -298,6 +298,7 @@ }, "certificatesUrl": { "type": "string", + "deprecated": true, "format": "uri", "pattern": "^(https?):\/\/", "description": "URL of the trusted caller to obtain used certificate. Request signed by this certificate are authorized to accept client certificate provided in the header." diff --git a/zaas-package/src/main/resources/schemas/zaas-config.json b/zaas-package/src/main/resources/schemas/zaas-config.json index c707adf603..fa9b9b772b 100644 --- a/zaas-package/src/main/resources/schemas/zaas-config.json +++ b/zaas-package/src/main/resources/schemas/zaas-config.json @@ -159,6 +159,7 @@ }, "certificatesUrl": { "type": "string", + "deprecated": true, "format": "uri", "pattern": "^(https?):\/\/", "description": "URL of the trusted caller to obtain used certificate. Request signed by this certificate are authorized to accept client certificate provided in the header."