Invalid warning when AT-TLS is used

[JirkaAichler]

Describe the bug The onboarding enabler generates the following warning even when the AT-TLS is used. This is very confusing for admins since it looks like they are doing something unsecure.

Steps to Reproduce

Use plain Java enabler in AT-TLS enabled service.

Expected behavior If the service knows that AT-TLS is used, it should not display this message.

Logs

2021-03-12 16:37:53.525 <SDKATJ:main:393579> SDKSERV (org.zowe.apiml.security.HttpsFactory:118) WARN ZWEAM501W Service is connecting
 to Discovery service using the non-secure HTTP protocol.

[anton-brezina]

The service can't know that it is connecting to a DS with AT-TLS. It is unaware of it. The awareness has been implemented only for core components.

[JirkaAichler]

I think that the enabler can be aware of this situation. But I would happy if the message would be simply removed to not claim incorrect information.

[balhar-jakub]

The issue with removing the message is that it is relevant in case HTTP is used. I don't think there is a general way for any service, including one running off-platform, to verify whether the service is using AT-TLS. Of course, unless you know of one?

[JirkaAichler]

You can check it on Z and in case AT-TLS is used, remove the message, Off Z, it can stay displayed. But it requires the native code and it is probably too complicated. Can you just make it configurable? Service developers can switch it off when they don't want it. Or even tight it to the configuration of service AT-TLS.

[balhar-jakub]

@achmelo @CarsonCook Don't we already have some way how to remove specific messages via configuration from the enablers?

[CarsonCook]

I'm not aware of the ability to remove specific messages via config we provide, they could create some custom functionality based on their logging framework, e.g. TurboFilter in the Logback framework.

We do have our own custom log filters, but they aren't exposed to end users via config.