Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Zowe - APIML - HTTPS south-bound edge - Discovery Service access is protected by HTTPS client certificates (in APIML) #74

Closed
10 tasks done
plavjanik opened this issue Oct 30, 2018 · 1 comment
Closed
10 tasks done

Zowe - APIML - HTTPS south-bound edge - Discovery Service access is protected by HTTPS client certificates (in APIML) #74

plavjanik opened this issue Oct 30, 2018 · 1 comment
Assignees
@plavjanik @taban03 @JirkaAichler

Comments

@plavjanik
Copy link
Contributor

plavjanik commented Oct 30, 2018
edited
Loading

Issue by plavjanik
Thursday Oct 25, 2018 at 13:23 GMT
Originally opened as https://github.com/gizafoundation/api-layer/issues/196

As the security administrator, I want only authorized services to be able to register into the APIML.

Acceptance criteria:

  1. Only services that have a certificate trusted by APIML can communicate with discovery service
  2. Internal APIML services (API Catalog, Gateway, Discoverable Client) provide correct client certificate to the discovery service
  3. The certificate generated by the CM script is usable for DS
  4. HTTPS for DS is on by default, can be switched off by using a different Spring profile
  5. Provides good error handling in the following situations:
    • Wrong configuration of services (missing certificate, an invalid path to the certificate, invalid protocol, password...)
      • Wrong key alias - expected behavior: Server stops and there is an exception that that clearly describes @taban03
      • Other were tested by @plavjanik and they result in failure (DS stops) and informative exceptions
      • Untrusted certificate of a service (reported once in the DS, reported nicely in the service) - moved to error handling story because of infrastructure dependency
  6. Keyrings on z/OS are read
  7. Zowe installation templates are updated

Notes:
@plavjanik plavjanik mentioned this issue Oct 30, 2018
Closed
@plavjanik plavjanik self-assigned this Oct 31, 2018
This was referenced Oct 31, 2018
Closed
Closed
Closed
Closed
@ghost ghost added in progress and removed Current Sprint labels Nov 5, 2018
@plavjanik plavjanik mentioned this issue Nov 8, 2018
Merged
@ghost ghost added review and removed in progress labels Nov 8, 2018
plavjanik added a commit that referenced this issue Nov 15, 2018
@plavjanik
Merge branch 'master' into https-discovery-service-#74
0cc3cca
@ghost ghost removed the in progress label Nov 16, 2018
@zowe-robot
Copy link
Contributor

The changes to the error code documentation are available in this PR: zowe/docs-site#2525

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@plavjanik plavjanik

@taban03 taban03

@JirkaAichler JirkaAichler

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@plavjanik @taban03 @JirkaAichler @zowe-robot