-
Notifications
You must be signed in to change notification settings - Fork 36
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix Eureka Registration when ATTLS (v2) #581
base: v2.x/staging
Are you sure you want to change the base?
Conversation
Signed-off-by: 1000TurquoisePogs <[email protected]>
Signed-off-by: 1000TurquoisePogs <[email protected]>
return urls.map(url => url.replaceAll('https', 'http')); | ||
} else { | ||
return urls; | ||
} | ||
}, | ||
|
||
getRequestOptionsArray(method, path) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi Sean, great to see that, yes i've come up to the same results, that app server is still trying to use https to contact Eureka in at-tls, was hoping to address that with different pagent rules, wouldn't be correct at-tls i just wanted to find a workaround.
Anyway, i'll be able to test this PR only after holidays, but there a few things that are pop up in my head from previous tests:
The function below (getRequestOptionsArray) uses hardcoded 8 characters to slice for "https://" and so it will cut one char from host name in case of "http://"
Also a minor schema thing, we allow using custom URL for discoveryUrls in zowe.yaml
app-server.node.mediationLayer.server.discoveryUrls
However schema will expect https there and will break if we use http url there.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
discoveryUrls comes from the discovery env var unless from this override of app-server.node.mediationLayer.server.discoveryUrls
in that env var, it's always "https://"
getServiceUrls()
is now returning URLs that could be https or http.
But getRequestOptionsArray()
isnt transforming the input, it's just extracting host & port. So I think it's okay that it's hardcoded to https://
still.
I also think app-server.node.mediationLayer.server.discoveryUrls
should never have "http", it should always be "https".
The code could be improved to guarantee these things?
Signed-off-by: 1000TurquoisePogs <[email protected]>
Signed-off-by: 1000TurquoisePogs <[email protected]>
app-server should use "utils.isClientAttls()" to determine if outbound network requests should be https (if not attls) or http (if attls, because then attls adds the tls, becoming https in the end).
It appears that apiml.js does not do these checks when doing eureka registration, so when attls is used, it does double-tls, resulting in the repeated error:
Eureka request failed to endpoint ..., next server retry...
This error can be seen under normal circumstances due to a timing issue, but eventually resolves to a message
" registered with eureka:..."
In the case of attls, due to the double-tls failure, success never occurs and the "eureka request failed to endpoint" continues forever.
In this PR, I use "isClientAttls" in a few places.
In my testing, it is only truly needed in "getServiceUrls()"
However, through reading documentation of https://www.npmjs.com/package/@rocketsoftware/eureka-js-client and checking other areas in this code, I identified 4 places where it would be best to be explicitly either http or https, rather than allowing the eureka-js-client library to do some implicit behavior that may change in the future.
Type of change
Please delete options that are not relevant.
PR Checklist
Please delete options that are not relevant.
Testing