Fix Eureka Registration when ATTLS (v2)

CHANGELOG.md

@@ -4,6 +4,7 @@ All notable changes to the Zlux Server Framework package will be documented in t
 This repo is part of the app-server Zowe Component, and the change logs here may appear on Zowe.org in that section.
 
 ## 2.18.1
+- Bugfix: App-server could not register with discovery server when AT-TLS was enabled for app-server. (#581)
 - Bugfix: App-server /server/environment endpoint was missing the "agent" object, causing the Desktop to choose an indirect route to accessing ZSS. This fix improves latency and high availability behavior of ZSS APIs in the Desktop. (#589)
 
 ## 2.17.0

lib/apiml.js

@@ -82,6 +82,19 @@ function ApimlConnector({ hostName, port, discoveryUrls,
                           discoveryPort, tlsOptions, eurekaOverrides, isClientAttls }) {
   Object.assign(this, { hostName, port, discoveryUrls,
                         discoveryPort, tlsOptions, eurekaOverrides, isClientAttls });
+  //TODO config should never be checked through env var, but is temporarily needed to temporarily read gateway's ATTLS state to provide it with Eureka info it can work with.
+  const clientGlobalAttls = process.env['ZWE_zowe_network_client_tls_attls'];
+  const clientGatewayAttls = process.env['ZWE_components_gateway_zowe_network_client_tls_attls'];
+  const clientAttls = (clientGlobalAttls == 'true') || (clientGatewayAttls == 'true');
+  this.isGatewayClientAttls = false;
+  if ((clientGlobalAttls === undefined) && (clientGatewayAttls === undefined)) {
+    // If client attls env vars are not set, have client follow server attls variable. it simplifies common case in which users want both.
+    const serverGlobalAttls = process.env['ZWE_zowe_network_server_tls_attls'] == 'true';
+    const serverGatewayAttls = process.env['ZWE_components_gateway_zowe_network_server_tls_attls'] == 'true';
+    this.isGatewayClientAttls = serverGlobalAttls || serverGatewayAttls;
+  } else {
+    this.isGatewayClientAttls = clientAttls;
+  }
   this.vipAddress = hostName;
 }
 
@@ -168,24 +181,29 @@ ApimlConnector.prototype = {
       // If the HTTP port is set to 0 then the API ML doesn't load zlux
       httpPort: Number(this.port),
       httpsPort: Number(this.port),
-      httpEnabled: false,
-      httpsEnabled: true
+      // TODO while the server should always be HTTPS for security,
+      // When AT-TLS is used, programs need to know when AT-TLS will add TLS to their traffic
+      // To align with the correct amount of TLS (Avoid no TLS and double TLS)
+      // It seems the gateway wants to be told app-server is 'http' when client TLS is set on it
+      // So this eureka object will be based upon that setting.
+      // This may change in the future, revisit.
+      httpEnabled: this.isGatewayClientAttls,
+      httpsEnabled: !this.isGatewayClientAttls
     };
-    const proto = 'https';
 
-    log.debug("ZWED0141I", proto, this.port); //"Protocol:", proto, "Port", port);
+    log.debug("ZWED0141I", 'https', this.port); //"Protocol:", proto, "Port", port);
     log.debug("ZWED0142I", JSON.stringify(protocolObject)); //"Protocol Object:", JSON.stringify(protocolObject));
 
-    const instance = Object.assign({}, MEDIATION_LAYER_INSTANCE_DEFAULTS(proto, this.hostName, this.port));
+    const instance = Object.assign({}, MEDIATION_LAYER_INSTANCE_DEFAULTS('https', this.hostName, this.port));
     Object.assign(instance, overrides);
     Object.assign(instance,  {
        instanceId: `${this.hostName}:zlux:${this.port}`,
        hostName:  this.hostName,
        ipAddr: this.ipAddr,
        vipAddress: "zlux",//this.vipAddress,
-       statusPageUrl: `${proto}://${this.hostName}:${this.port}/server/eureka/info`,
-       healthCheckUrl: `${proto}://${this.hostName}:${this.port}/server/eureka/health`,
-       homePageUrl: `${proto}://${this.hostName}:${this.port}/`,
+       statusPageUrl: `https://${this.hostName}:${this.port}/server/eureka/info`,
+       healthCheckUrl: `https://${this.hostName}:${this.port}/server/eureka/health`,
+       homePageUrl: `https://${this.hostName}:${this.port}/`,
        port: {
          "$": protocolObject.httpPort, // This is a workaround for the mediation layer
          "@enabled": ''+protocolObject.httpEnabled
@@ -228,7 +246,7 @@ ApimlConnector.prototype = {
   },*/
 
   registerMainServerInstance() {
-    const overrideOptions = Object.assign({},this.tlsOptions);
+    const overrideOptions = this.isClientAttls ? {} : Object.assign({},this.tlsOptions)
     if (!this.tlsOptions.rejectUnauthorized) {
       //Keeping these certs causes an openssl error 46, unknown cert error in a dev environment
       delete overrideOptions.cert;
@@ -240,7 +258,8 @@ ApimlConnector.prototype = {
       eureka: Object.assign({}, MEDIATION_LAYER_EUREKA_DEFAULTS, this.eurekaOverrides),
       requestMiddleware: function (requestOpts, done) {
         done(Object.assign(requestOpts, overrideOptions));
-      }
+      },
+      ssl: !this.isClientAttls
     }
     log.debug("ZWED0144I", JSON.stringify(zluxProxyServerInstanceConfig, null, 2)); //log.debug("zluxProxyServerInstanceConfig: " 
         //+ JSON.stringify(zluxProxyServerInstanceConfig, null, 2))
@@ -280,7 +299,12 @@ ApimlConnector.prototype = {
   },
 
   getServiceUrls() {
-    return this.discoveryUrls.map(url => url + (url.endsWith('/') ? '' : '/') + 'apps');
+    let urls = this.discoveryUrls.map(url => url + (url.endsWith('/') ? '' : '/') + 'apps');
+    if (this.isClientAttls) {
+      return urls.map(url => url.replaceAll('https', 'http'));
+    } else {
+      return urls;
+    }
   },
 
   getRequestOptionsArray(method, path) {