Allow CAs to be passed into callService, or default #462
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Allow cas to be passed through by a caller of callService via callService options.ca = [ array of ca as in https://nodejs.org/api/https.html#httpsrequesturl-options-callback ] Signed-off-by: 1000TurquoisePogs <sgrady@rocketsoftware.com>
Signed-off-by: 1000TurquoisePogs <sgrady@rocketsoftware.com>
Signed-off-by: 1000TurquoisePogs <sgrady@rocketsoftware.com>
sakshibobade21
approved these changes
Apr 10, 2023
There was a problem hiding this comment.
We later reset the request's CA with your default case (this.environment.agentRequestOptions.ca)
if !(this.isAgentService || (this.service && (this.service.type === 'external' || this.service.type === 'service'))) anyway down at:
https://github.com/zowe/zlux-server-framework/pull/462/files#diff-eaecb33c0e784a4fb1b89c027e9b17fcdcd349e386abcbb4584f187927794598R971
so just making sure this order of operations/conditionals is how you wanted it to be
|
that is done because if the destination is agent, we know that the ca which should be used is the agent ca. attempts by the user to choose a different ca would invite user error. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR allows a dataservice that issues a call() to provide CAs to associate with that call, overriding the default.
The default CAs will be sufficient for calls that occur within servers known to zowe's core via keystore configuration. This is generally the servers under the apiml gateway sphere. If your service needs to contact a server elsewhere, and needs its CA for verification, then you can override the CA list on the call() when you provide the call() options object.
The CAs will only be used if certificate verification is enabled, which is determined at the server config level.