Merge branch 'v3.x/staging' into v3.x/bugfix/zosmfValidate

zowe · Sep 12, 2024 · b80e564 · b80e564
2 parents 3ac08d5 + 4a0859f
commit b80e564
Show file tree

Hide file tree

Showing 6 changed files with 103 additions and 82 deletions.
diff --git a/files/sca/zowe_base_server.json → files/sca/zowe_base_sca.json b/files/sca/zowe_base_server.json → files/sca/zowe_base_sca.json
@@ -1,21 +1,21 @@
 {
-  "ServiceId": "AZWE001BASE0S",
+  "ServiceId": "AZWE003BASE0S",
   "ServiceName": "Zowe Configuration - Server",
-  "MetaValidationItemVersion": 1.0,
+  "MetaValidationItemVersion": 2.0,
   "Vendor": "OPEN MAINFRAME PROJECT",
   "SecurityValidationItems": [
     {
-      "ItemID": "AZWE001BASE0SI00001000",
+      "ItemID": "AZWE003BASE0SI00001000",
       "ItemType": "PROGRAMMABLE",
       "ItemCategory": "SERVER",
       "ResourceProfile": "ZWES.IS",
       "ResourceClass": "FACILITY",
       "WhoNeedsAccess": "ZWESVUSR",
       "LevelOfAccessRequired": "READ",
-      "ItemDescription": "To allow Zowe ZWESVSTC processes to access the Zowe ZIS cross memory server."
+      "ItemDescription": "To allow Zowe ZWESVSTC processes to access the Zowe ZIS cross-memory server."
     },
     {
-      "ItemID": "AZWE001BASE0SI00002000",
+      "ItemID": "AZWE003BASE0SI00002000",
       "ItemType": "PROGRAMMABLE",
       "ItemCategory": "SERVER",
       "ResourceProfile": "BPX.SERVER",
@@ -25,7 +25,7 @@
       "ItemDescription": "To allow the Zowe Desktop ZLUX server to run code on behalf of the API requester's TSO user ID."
     },
     {
-      "ItemID": "AZWE001BASE0SI00003000",
+      "ItemID": "AZWE003BASE0SI00003000",
       "ItemType": "PROGRAMMABLE",
       "ItemCategory": "SERVER",
       "ResourceProfile": "BPX.DAEMON",
@@ -35,7 +35,7 @@
       "ItemDescription": "To allow the Zowe Desktop ZLUX server to run code on behalf of the API requester's TSO user ID."
     },
     {
-      "ItemID": "AZWE001BASE0SI00004000",
+      "ItemID": "AZWE003BASE0SI00004000",
       "ItemType": "PROGRAMMABLE",
       "ItemCategory": "SERVER",
       "ResourceProfile": "BPX.JOBNAME",
@@ -45,7 +45,7 @@
       "ItemDescription": "To allow z/OS address spaces for unix processes to be renamed for ease of identification."
     },
     {
-      "ItemID": "AZWE001BASE0SI00005000",
+      "ItemID": "AZWE003BASE0SI00005000",
       "ItemType": "PROGRAMMABLE",
       "ItemCategory": "SERVER",
       "ResourceProfile": "CSFRNGL",
@@ -55,7 +55,17 @@
       "ItemDescription": "To generate symmetric keys using ICSF that is used by Zowe Desktop cookies."
     },
     {
-      "ItemID": "AZWE001BASE0SI00006000",
+      "ItemID": "AZWE003BASE0SI00006000",
+      "ItemType": "PROGRAMMABLE",
+      "ItemCategory": "SERVER",
+      "ResourceProfile": "IRR.RAUDITX",
+      "ResourceClass": "FACILITY",
+      "WhoNeedsAccess": "ZWESVUSR",
+      "LevelOfAccessRequired": "READ",
+      "ItemDescription": "To allow Zowe Zowe main server to cut SMF records."
+    },
+    {
+      "ItemID": "AZWE003BASE0SI00007000",
       "ItemType": "PROGRAMMABLE",
       "ItemCategory": "SERVER",
       "ResourceProfile": "IRR.RUSERMAP",
@@ -65,7 +75,7 @@
       "ItemDescription": "To allow Zowe to map an X.509 client certificate to a z/OS identity."
     },
     {
-      "ItemID": "AZWE001BASE0SI00007000",
+      "ItemID": "AZWE003BASE0SI00008000",
       "ItemType": "PROGRAMMABLE",
       "ItemCategory": "SERVER",
       "ResourceProfile": "IRR.RADMIN.LISTUSER",
@@ -75,7 +85,7 @@
       "ItemDescription": "To allow Zowe to obtain information about OMVS segment of the user profile using LISTUSER TSO command."
     },
     {
-      "ItemID": "AZWE001BASE0SI00008000",
+      "ItemID": "AZWE003BASE0SI00009000",
       "ItemType": "PROGRAMMABLE",
       "ItemCategory": "SERVER",
       "ResourceProfile": "OMVSAPPL",
@@ -85,7 +95,7 @@
       "ItemDescription": "To allow Zowe Desktop vendor extensions the ability to use single-sign on."
     },
     {
-      "ItemID": "AZWE001BASE0SI00009000",
+      "ItemID": "AZWE003BASE0SI00010000",
       "ItemType": "PROGRAMMABLE",
       "ItemCategory": "SERVER",
       "ResourceProfile": "SUPERUSER.FILESYS",
@@ -95,44 +105,64 @@
       "ItemDescription": "An alternative option to allow Zowe user ID to write persistent data in the Zowe directory structure."
     },
     {
-      "ItemID": "AZWE001BASE0SI00010000",
-      "ItemType": "SEMI-PROGRAMMABLE",
-      "ItemCategory": "SERVER",
-      "ResourceProfile": "IRRPTAUTH.<applname>.ANYUSER",
-      "ResourceClass": "PTKTDATA",
+      "ItemID": "AZWE003BASE0SI00011000",
+      "ItemType": "PROGRAMMABLE",
+      "ItemCategory": "CERTIFICATE",
+      "ResourceProfile": "IRR.DIGTCERT.LISTRING",
+      "ResourceClass": "FACILITY",
       "WhoNeedsAccess": "ZWESVUSR",
-      "LevelOfAccessRequired": "UPDATE",
-      "ItemDescription": "To allow Zowe APIML to generate passtickets for <applname> application. Used for SSO and client certificate authentication."
+      "LevelOfAccessRequired": "READ",
+      "ItemDescription": "Permit the Zowe SERVER ID to access the key ring."
+    },
+    {
+      "ItemID": "AZWE003BASE0SI00012000",
+      "ItemType": "PROGRAMMABLE",
+      "ItemCategory": "CERTIFICATE",
+      "ResourceProfile": "IRR.DIGTCERT.GENCERT",
+      "ResourceClass": "FACILITY",
+      "WhoNeedsAccess": "ZWESVUSR",
+      "LevelOfAccessRequired": "CONTROL",
+      "ItemDescription": "Permit the Zowe SERVER ID to access the private key."
     },
     {
-      "ItemID": "AZWE001BASE0SI00011000",
+      "ItemID": "AZWE003BASE0SI00013000",
+      "ItemType": "PROGRAMMABLE",
+      "ItemCategory": "RDATALIB class",
+      "ResourceProfile": "<KEYRING_OWNER_USERID>.<KEYRING_NAME>.LST",
+      "ResourceClass": "RDATALIB",
+      "WhoNeedsAccess": "ZWESVUSR",
+      "LevelOfAccessRequired": "READ",
+      "ItemDescription": "To allow Zowe SERVER ID to access the key ring."
+    },
+    {
+      "ItemID": "AZWE003BASE0SI00014000",
       "ItemType": "SEMI-PROGRAMMABLE",
-      "ItemCategory": "SERVER",
-      "ResourceProfile": "IRRPTAUTH.<applname>.ANYUSER",
-      "ResourceClass": "PTKTDATA",
+      "ItemCategory": "PASS  TICKET",
+      "ResourceProfile": "<applname>",
+      "ResourceClass": "APPL",
       "WhoNeedsAccess": "ZWESVUSR",
       "LevelOfAccessRequired": "READ",
       "ItemDescription": "To allow Zowe APIML to evaluate passtickets for <applname> application. Used for SSO and client certificate authentication."
     },
     {
-      "ItemID": "AZWE001BASE0SI00012000",
-      "ItemType": "PROGRAMMABLE",
+      "ItemID": "AZWE003BASE0SI00015000",
+      "ItemType": "SEMI-PROGRAMMABLE",
       "ItemCategory": "SERVER",
-      "ResourceProfile": "IRR.DIGTCERT.LISTRING",
-      "ResourceClass": "FACILITY",
+      "ResourceProfile": "IRRPTAUTH.<applname>.ANYUSER",
+      "ResourceClass": "PTKTDATA",
       "WhoNeedsAccess": "ZWESVUSR",
-      "LevelOfAccessRequired": "READ",
-      "ItemDescription": "To allow Zowe user id to access his own keyring."
+      "LevelOfAccessRequired": "UPDATE",
+      "ItemDescription": "To allow Zowe APIML to evaluate passtickets for <applname> application. Used for SSO and client certificate authentication."
     },
     {
-      "ItemID": "AZWE001BASE0SI00013000",
+      "ItemID": "AZWE003BASE0SI00016000",
       "ItemType": "PROGRAMMABLE",
-      "ItemCategory": "SERVER",
-      "ResourceProfile": "IRR.DIGTCERT.GENCERT",
-      "ResourceClass": "FACILITY",
-      "WhoNeedsAccess": "ZWESVUSR",
-      "LevelOfAccessRequired": "CONTROL",
-      "ItemDescription": "To optionally allow Zowe user id to use SITE owned certificate as a server certificate."
+      "ItemCategory": "USER",
+      "ResourceProfile": "APIML.SERVICES",
+      "ResourceClass": "ZOWE",
+      "WhoNeedsAccess": "<User of the Services>",
+      "LevelOfAccessRequired": "READ",
+      "ItemDescription": "To allow Zowe user to use API Mediation Layer services."
     }
   ]
 }
diff --git a/files/sca/zowe_base_user.json b/files/sca/zowe_base_user.json
diff --git a/files/zlux/config/allowedPlugins.json b/files/zlux/config/allowedPlugins.json
@@ -52,6 +52,10 @@
       "identifier": "org.zowe.zlux.ng2desktop",
       "versions": ["*"]
     },
+    {
+      "identifier": "org.zowe.zlux.ivydesktop",
+      "versions": ["*"]
+    },
     {
       "identifier": "org.zowe.zlux.ng2desktop.settings",
       "versions": ["*"]

diff --git a/files/zlux/config/plugins/org.zowe.zlux.ivydesktop.json b/files/zlux/config/plugins/org.zowe.zlux.ivydesktop.json
@@ -0,0 +1,5 @@
+{
+  "identifier": "org.zowe.zlux.ivydesktop",
+  "pluginLocation": "zlux-app-manager/virtual-desktop",
+  "relativeTo": "$ZLUX_ROOT_DIR"
+}
diff --git a/files/zlux/config/plugins/org.zowe.zlux.ng2desktop.json b/files/zlux/config/plugins/org.zowe.zlux.ng2desktop.json
@@ -1,5 +1,5 @@
 {
   "identifier": "org.zowe.zlux.ng2desktop",
-  "pluginLocation": "zlux-app-manager/virtual-desktop",
+  "pluginLocation": "zlux-app-manager-v2/virtual-desktop",
   "relativeTo": "$ZLUX_ROOT_DIR"
 }
diff --git a/pswi/05_test.sh b/pswi/05_test.sh
@@ -15,10 +15,10 @@ echo "Test HLQ               :" $TEST_HLQ
 echo "Test mount point       :" $TEST_MOUNT
 echo "Job name               :" $JOBNAME
 echo "Deploy name            :" $DEPLOY_NAME
-echo "Software instance name :" $DEPLOY_NAME 
+echo "Software instance name :" $DEPLOY_NAME
 echo "Temporary directory    :" $TMP_MOUNT
 echo "Temporary zFS          :" $TMP_ZFS
-echo "Work zFS               :" $WORK_ZFS # For z/OSMF v2.3
+echo "Work zFS               :" $WORK_ZFS   # For z/OSMF v2.3
 echo "Work mount point       :" $WORK_MOUNT # For z/OSMF v2.3
 echo "Storage Class          :" $STORCLAS
 echo "Volume                 :" $VOLUME
@@ -31,10 +31,10 @@ NEW_PSWI_JSON='{"name":"'${PSWI}'","system":"'${ZOSMF_SYSTEM}'","description":"Z
 # Check if temp zFS for PSWI is mounted
 echo "Checking/mounting ${TMP_ZFS}"
 sh scripts/tmp_mounts.sh "${TMP_ZFS}" "${TMP_MOUNT}"
-if [ $? -gt 0 ];then exit -1;fi 
+if [ $? -gt 0 ]; then exit -1; fi
 
 cd ../.pax
-sshpass -p${ZOSMF_PASS} sftp -o HostKeyAlgorithms=+ssh-rsa -o BatchMode=no -o StrictHostKeyChecking=no -o PubkeyAuthentication=no -b - -P ${ZZOW_SSH_PORT} ${ZOSMF_USER}@${HOST} << EOF
+sshpass -p${ZOSMF_PASS} sftp -o HostKeyAlgorithms=+ssh-rsa -o BatchMode=no -o StrictHostKeyChecking=no -o PubkeyAuthentication=no -b - -P ${ZZOW_SSH_PORT} ${ZOSMF_USER}@${HOST} <<EOF
 cd ${TMP_MOUNT}
 put ${SWI_NAME}.pax.Z
 EOF
@@ -43,29 +43,29 @@ cd ../pswi
 # Unpax the directory (create directory for test_mount)
 echo "UnPAXing the final PSWI."
 
-echo ${JOBST1} > JCL
-echo ${JOBST2} >> JCL
-echo "//UNPAXDIR EXEC PGM=BPXBATCH" >> JCL
-echo "//STDOUT DD SYSOUT=*" >> JCL
-echo "//STDERR DD SYSOUT=*" >> JCL
-echo "//STDPARM  DD *" >> JCL
-echo "SH set -x;set -e;" >> JCL
-echo "mkdir -p ${EXPORT};" >> JCL
-echo "cd ${EXPORT};" >> JCL
-echo "pax -rv -f ${TMP_MOUNT}/${SWI_NAME}.pax.Z;" >> JCL
-echo "rm ${TMP_MOUNT}/${SWI_NAME}.pax.Z;" >> JCL
-echo "/*" >> JCL
+echo ${JOBST1} >JCL
+echo ${JOBST2} >>JCL
+echo "//UNPAXDIR EXEC PGM=BPXBATCH" >>JCL
+echo "//STDOUT DD SYSOUT=*" >>JCL
+echo "//STDERR DD SYSOUT=*" >>JCL
+echo "//STDPARM  DD *" >>JCL
+echo "SH set -x;set -e;" >>JCL
+echo "mkdir -p ${EXPORT};" >>JCL
+echo "cd ${EXPORT};" >>JCL
+echo "pax -rv -f ${TMP_MOUNT}/${SWI_NAME}.pax.Z;" >>JCL
+echo "rm ${TMP_MOUNT}/${SWI_NAME}.pax.Z;" >>JCL
+echo "/*" >>JCL
 
-sh scripts/submit_jcl.sh "`cat JCL`"
-if [ $? -gt 0 ];then exit -1;fi
+sh scripts/submit_jcl.sh "$(cat JCL)"
+if [ $? -gt 0 ]; then exit -1; fi
 rm JCL
 
 # z/OSMF 2.3
 
 # Check if work zFS for PSWI is mounted
 echo "Checking/mounting ${WORK_ZFS}"
 sh scripts/tmp_mounts.sh "${WORK_ZFS}" "${WORK_MOUNT}"
-if [ $? -gt 0 ];then exit -1;fi 
+if [ $? -gt 0 ]; then exit -1; fi
 
 # Run the deployment test
 echo " Running the deployment test for z/OSMF version 2.3"
@@ -75,12 +75,12 @@ python scripts/deploy_test_2_3.py
 
 echo "Mounting ${TEST_HLQ}.ZFS"
 sh scripts/tmp_mounts.sh "${TEST_HLQ}.ZFS" "${TEST_MOUNT}"
-if [ $? -gt 0 ];then exit -1;fi 
+if [ $? -gt 0 ]; then exit -1; fi
 
-echo "Registering/testing the configuration workflow ${TEST_HLQ}.WORKFLOW(ZWECONF)"
-sh scripts/wf_run_test.sh "${TEST_HLQ}.WORKFLOW(ZWECONF)"
-if [ $? -gt 0 ];then exit -1;fi
-
-echo "Registering/testing the configuration workflow ${TEST_MOUNT}/content/files/workflows/ZWECONF.xml"
-sh scripts/wf_run_test.sh "${TEST_MOUNT}/files/workflows/ZWECONF.xml"
-if [ $? -gt 0 ];then exit -1;fi
+# echo "Registering/testing the configuration workflow ${TEST_HLQ}.WORKFLOW(ZWECONF)"
+# sh scripts/wf_run_test.sh "${TEST_HLQ}.WORKFLOW(ZWECONF)"
+# if [ $? -gt 0 ];then exit -1;fi
+#
+# echo "Registering/testing the configuration workflow ${TEST_MOUNT}/content/files/workflows/ZWECONF.xml"
+# sh scripts/wf_run_test.sh "${TEST_MOUNT}/files/workflows/ZWECONF.xml"
+# if [ $? -gt 0 ];then exit -1;fi