Use env vars to lookup state of client attls for gateway in order to …

…send eureka message with compatible http/https information Signed-off-by: 1000TurquoisePogs <[email protected]>
zowe · Jan 13, 2025 · 45a8953 · 45a8953
1 parent 1aad7ce
commit 45a8953
Showing 1 changed file with 21 additions and 2 deletions.
diff --git a/lib/apiml.js b/lib/apiml.js
@@ -82,6 +82,19 @@ function ApimlConnector({ hostName, port, discoveryUrls,
                           discoveryPort, tlsOptions, eurekaOverrides, isClientAttls }) {
   Object.assign(this, { hostName, port, discoveryUrls,
                         discoveryPort, tlsOptions, eurekaOverrides, isClientAttls });
+  //TODO config should never be checked through env var, but is temporarily needed to temporarily read gateway's ATTLS state to provide it with Eureka info it can work with.
+  const clientGlobalAttls = process.env['ZWE_zowe_network_client_tls_attls'] == 'true';
+  const clientGatewayAttls = process.env['ZWE_components_gateway_zowe_network_client_tls_attls'] == 'true';
+  const clientAttls = clientGlobalAttls || clientGatewayAttls;
+  this.isGatewayClientAttls = false;
+  if ((clientGlobalAttls !== false) && (clientLocalAttls !== false) && (!clientAttls)) {
+    // If client attls not explicitly false OR truthy, have client follow server attls variable. it simplifies common case in which users want both.
+    const serverGlobalAttls = process.env['ZWE_zowe_network_server_tls_attls'] == 'true';
+    const serverGatewayAttls = process.env['ZWE_components_gateway_zowe_network_server_tls_attls'] == 'true';
+    this.isGatewayClientAttls = serverGlobalAttls || serverGatewayAttls;
+  } else {
+    this.isGatewayClientAttls = clientAttls;
+  }
   this.vipAddress = hostName;
 }
 
@@ -168,8 +181,14 @@ ApimlConnector.prototype = {
       // If the HTTP port is set to 0 then the API ML doesn't load zlux
       httpPort: Number(this.port),
       httpsPort: Number(this.port),
-      httpEnabled: false,
-      httpsEnabled: true
+      // TODO while the server should always be HTTPS for security,
+      // When AT-TLS is used, programs need to know when AT-TLS will add TLS to their traffic
+      // To align with the correct amount of TLS (Avoid no TLS and double TLS)
+      // It seems the gateway wants to be told app-server is 'http' when client TLS is set on it
+      // So this eureka object will be based upon that setting.
+      // This may change in the future, revisit.
+      httpEnabled: this.isGatewayClientAttls,
+      httpsEnabled: !this.isGatewayClientAttls
     };
 
     log.debug("ZWED0141I", 'https', this.port); //"Protocol:", proto, "Port", port);