Skip to content

Commit d3d771b

Browse files
zowe-robotzowe-robot
authored
Zowe Suite v3.1.0-RC1
2 parents 0727998 + b5af35b commit d3d771b

File tree

1 file changed

+21
-2
lines changed

1 file changed

+21
-2
lines changed

lib/apiml.js

Lines changed: 21 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -82,6 +82,19 @@ function ApimlConnector({ hostName, port, discoveryUrls,
8282
discoveryPort, tlsOptions, eurekaOverrides, isClientAttls }) {
8383
Object.assign(this, { hostName, port, discoveryUrls,
8484
discoveryPort, tlsOptions, eurekaOverrides, isClientAttls });
85+
//TODO config should never be checked through env var, but is temporarily needed to temporarily read gateway's ATTLS state to provide it with Eureka info it can work with.
86+
const clientGlobalAttls = process.env['ZWE_zowe_network_client_tls_attls'];
87+
const clientGatewayAttls = process.env['ZWE_components_gateway_zowe_network_client_tls_attls'];
88+
const clientAttls = (clientGlobalAttls == 'true') || (clientGatewayAttls == 'true');
89+
this.isGatewayClientAttls = false;
90+
if ((clientGlobalAttls === undefined) && (clientGatewayAttls === undefined)) {
91+
// If client attls env vars are not set, have client follow server attls variable. it simplifies common case in which users want both.
92+
const serverGlobalAttls = process.env['ZWE_zowe_network_server_tls_attls'] == 'true';
93+
const serverGatewayAttls = process.env['ZWE_components_gateway_zowe_network_server_tls_attls'] == 'true';
94+
this.isGatewayClientAttls = serverGlobalAttls || serverGatewayAttls;
95+
} else {
96+
this.isGatewayClientAttls = clientAttls;
97+
}
8598
this.vipAddress = hostName;
8699
}
87100

@@ -168,8 +181,14 @@ ApimlConnector.prototype = {
168181
// If the HTTP port is set to 0 then the API ML doesn't load zlux
169182
httpPort: Number(this.port),
170183
httpsPort: Number(this.port),
171-
httpEnabled: false,
172-
httpsEnabled: true
184+
// TODO while the server should always be HTTPS for security,
185+
// When AT-TLS is used, programs need to know when AT-TLS will add TLS to their traffic
186+
// To align with the correct amount of TLS (Avoid no TLS and double TLS)
187+
// It seems the gateway wants to be told app-server is 'http' when client TLS is set on it
188+
// So this eureka object will be based upon that setting.
189+
// This may change in the future, revisit.
190+
httpEnabled: this.isGatewayClientAttls,
191+
httpsEnabled: !this.isGatewayClientAttls
173192
};
174193

175194
log.debug("ZWED0141I", 'https', this.port); //"Protocol:", proto, "Port", port);

0 commit comments

Comments
 (0)