HowTo: profile usage for ChangeMan ZMF plugin for zowe CLI and VSCode ZMF Explorer

The ChangeMan ZMF plugin for zowe cli and the VSCode based ZMF Explorer both share the common zowe 2 'Teams' profile. 

However, if you are a VSCode ZMF Explorer user, you do not have to have the zowe cli and the ZMF cli plugin installed. 

It will mean however, that whoever administers the Teams profile does require the zowe cli plugin to be installed in order to generate the Teams profile that can then be distributed.

The recommended format of the Teams profile is that you specify the userid and password as secure arguments. These should not be stored in the profile in clear text and that itself cannot happen without each user modifying the supplied Teams profile for his/her own individual credentials. That clearly goes against the intent of the Teams profile and security of credentials.  

The Teams profile is essentially comprised of 2 separate elements - System profiles and the Base profile. The filename of the Teams profile is zowe.config.json and resides in the <homedir>/.zowe folder

Examples of System profiles are the z/OSMF profile and individual ChangeMan ZMF profiles for each ZMF subsystem.

The Base profile defines those default attributes that are applied to each System profile if not supplied at the System profile level. This is the recommended method to supply and use only the default base credentials.

 An example simple Teams profile might look like this - for brevity, this only includes ZMF system profiles

 

{
    "$schema": "./zowe.schema.json",
    "profiles": {
        "zmf1": {
            "type": "zmf",
            "properties": {
                "basePath": "/zmfrest",
                "port": 9992,
                "protocol": "https",
                "zosmfProfile": "zosmf"
            }
        },
        "zmf2": {
            "type": "zmf",
            "properties": {
                "basePath": "/u820dp",
                "port": 9992,
                "protocol": "https",
                "zosmfProfile": "zosmf"
            }
        },
        "zmf3": {
            "type": "zmf",
            "properties": {
                "host": "csimvs.myhost.com",
                "basePath": "/zmfrest",
                "port": 8181,
                "protocol": "http"
            },
            "secure": [
                "user",
                "password"
            ]
        },
        "default": {
            "type": "base",
            "properties": {
                "host": "myhost.com",
                "rejectUnauthorized": false
            },
            "secure": [
                "user",
                "password"
            ]
        }
    },
     "defaults": {
        "zmf": "zmf1",
        "base": "default"
    },
    "autoStore": true
}

In this example, the default secure args for 'user' and 'password' being used by the ZMF system profile for zmf1 and zmf2.
System zmf3 has a specific requirement to use a separate user and password for all users and so the presence of the secure parameter is required here. 
No changes to this Teams profile are required. 

Now suppose the situation where one particular user has a need to logon to zmf2 with something other than the user and password supplied in the default base profile. 

In this case, that user should create a new json configuration file with the name 'zowe.config.user.json'  located in the same <homeDir>/.zowe folder
This file would contain these overrides:

{
    "$schema": "./zowe.schema.json",
    "profiles": {
        "zmf2": {
            "properties": {
                "host": "myhost.com",
                "rejectUnauthorized": false
            },
            "secure": [
                "user",
                "password"
            ]
        }
    }
}


One additional item worth noting is that to remove all credentials should the need arise to start over with new credentials,  you can delete the secure args from the operating system secure credentials store.
To do this on Windows for example, open the Windows Credentials Manager, click   "Windows Credentials" and then taking care to only" click the item "Zowe/scure_config_props" and select remove

By following this approach, you should never need to modify the supplied Teams profile provided by your Admin.

Sr R&D Manager, Mainframe Products

Open Text

Labels:

Changeman ZMF