Use gateway client attls status in eureka object to determine http vs…

… https Signed-off-by: 1000TurquoisePogs <[email protected]>
zowe · Jan 10, 2025 · 0be3a83 · 0be3a83
1 parent 1aad7ce
commit 0be3a83
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 9 deletions.
diff --git a/lib/apiml.js b/lib/apiml.js
@@ -79,9 +79,11 @@ const MEDIATION_LAYER_INSTANCE_DEFAULTS = (zluxProto, zluxHostname, zluxPort) =>
 }};
 
 function ApimlConnector({ hostName, port, discoveryUrls,
-                          discoveryPort, tlsOptions, eurekaOverrides, isClientAttls }) {
+                          discoveryPort, tlsOptions, eurekaOverrides,
+                          isClientAttls, isGatewayClientAttls }) {
   Object.assign(this, { hostName, port, discoveryUrls,
-                        discoveryPort, tlsOptions, eurekaOverrides, isClientAttls });
+                        discoveryPort, tlsOptions, eurekaOverrides,
+                        isClientAttls, isGatewayClientAttls });
   this.vipAddress = hostName;
 }
 
@@ -168,8 +170,14 @@ ApimlConnector.prototype = {
       // If the HTTP port is set to 0 then the API ML doesn't load zlux
       httpPort: Number(this.port),
       httpsPort: Number(this.port),
-      httpEnabled: false,
-      httpsEnabled: true
+      // TODO while the server should always be HTTPS for security,
+      // When AT-TLS is used, programs need to know when AT-TLS will add TLS to their traffic
+      // To align with the correct amount of TLS (Avoid no TLS and double TLS)
+      // It seems the gateway wants to be told app-server is 'http' when client TLS is set on it
+      // So this eureka object will be based upon that setting.
+      // This may change in the future, revisit.
+      httpEnabled: this.isGatewayClientAttls,
+      httpsEnabled: !this.isGatewayClientAttls
     };
 
     log.debug("ZWED0141I", 'https', this.port); //"Protocol:", proto, "Port", port);

diff --git a/lib/index.js b/lib/index.js
@@ -221,7 +221,8 @@ Server.prototype = {
           discoveryUrls: apimlConfig.server.discoveryUrls || [`https://${apimlConfig.server.hostname}:${apimlConfig.server.port}/eureka/`],
           tlsOptions: this.tlsOptions,
           eurekaOverrides: apimlConfig.eureka,
-          isClientAttls: util.isClientAttls(this.zoweConfig)
+          isClientAttls: util.isClientAttls(this.zoweConfig),
+          isGatewayClientAttls: util.isComponentClientAttls(this.zoweConfig, 'gateway')
         });
         yield this.apiml.setBestIpFromConfig(this.componentConfig.node);
         yield this.apiml.registerMainServerInstance();

diff --git a/lib/util.js b/lib/util.js
@@ -507,16 +507,21 @@ module.exports.isServerHttps = function(zoweConfig) {
   return Number.isInteger(zoweConfig.components['app-server'].node.https?.port);
 }
 
-function isClientAttls(zoweConfig) {
+function isComponentClientAttls(zoweConfig, componentName) {
   let clientGlobalAttls = zoweConfig.zowe.network?.client?.tls?.attls;
-  let clientLocalAttls = zoweConfig.components['app-server'].zowe?.network?.client?.tls?.attls;
+  let clientLocalAttls = zoweConfig.components[componentName].zowe?.network?.client?.tls?.attls;
   let clientAttls = clientGlobalAttls || clientLocalAttls;
   if ((clientGlobalAttls !== false) && (clientLocalAttls !== false) && (!clientAttls)) {
     // If client attls not explicitly false OR truthy, have client follow server attls variable. it simplifies common case in which users want both.
-    return zoweConfig.zowe.network?.server?.tls?.attls || zoweConfig.components['app-server'].zowe?.network?.server?.tls?.attls;
+    return zoweConfig.zowe.network?.server?.tls?.attls || zoweConfig.components[componentName].zowe?.network?.server?.tls?.attls;
   } else {
     return clientAttls;
-  }
+  }  
+}
+module.exports.isComponentClient = isComponentClientAttls;
+
+function isClientAttls(zoweConfig) {
+  return isComponentClientAttls(zoweConfig, 'app-server');
 }
 module.exports.isClientAttls = isClientAttls;