easy access to version information for the virtual desktop

Define a File Explorer Interface

translate the workflow plugin

The webClient's package.json requests @angular-devkit/build-angular which requests webpack-dev-server which requests internal-ip which recently implemented a whitelist of OSs omitting os390, this causes the npm install to fail.

Same as issue zowe/explorer-uss#9 in explorer-mvs.

As an App user, I want to be notified of transfer interruptions, so that I am aware if something failed.

Acceptance criteria: user is aware that interruption has occurred - notification should be issued via notification manager, and modal popup that uses Error Widget should be seen on App. Console log should also indicate that a failure occurred
Acceptance criteria: notification, modal error widget, and console log all needs to be informative about the error to the point that the user or support can understand what happened.
Acceptance criteria: notification should occur as a result of a download or upload being interrupted for any reason, such as network disruption or session expiration.

A user should be able to collapse the JES tree in order to see a full screen spool output file
A user should be able to go from a full screen spool output file back to the JES tree and apply filters only to show that job

A user should be able to drag and shrink side panel

REST calls should be versioned

The env var for finding the webpack and typescript config files has a misleading name. It should perhaps be "ZLUX_UI_SCRIPTS_DIR"

Users should be able to control the encoding from within the code editor

Multi-Window support for apps

The jump list seen when right-clicking each icon on the launchbar makes use of the context menu object in Zowe which allows for a name to be associated with an action.
I think it would be easy to populate this list with App-custom entries, to do some short list of operations.

Ways to populate:

1. Runtime: Have an App context object that it receives allow it to populate its jump list
2. Startup: Have the Desktop load files from the configuration dataservice for each App.
   2a. Saving: provide some way for Apps to request the Desktop to preserve what it set at runtime for next time around.

Valid actions:

1. Start an instance of the App with some launchContext info.
2. Open a link (new tab??? in-desktop???)

If you could have hotkeys to take all open windows and position them equally as tiles on the screen, or hotkeys to take one window and put it on the left 50% of the screen and another to put on the right 50% of the screen, these would be great productivity additions to the virtual desktop.

Symlinks are shown in the navigator tree with the same icon as plain files, but when you click on one, nothing happens. Therefore you can't do anything with symlinks. There needs to be a different icon and behaviour for symlinks.

Sometimes z Systems developers may need access to source code that is in an SCM (so - neither in MVS nor Unix) - for example, to view the code in the editor. It would be nice to have a common way in Zowe to access these resources.

What I have in mind is a URI resolver component (perhaps implemented as a Node module?), where Zowe-based tooling in zLux can simply refer to source files using a URI, and the URI resolver component can do things like get the contents of the resource so that it can be opened in the editor. SCM providers can then extend Zowe to resolve URI's that are particular to their SCM.

Cannot select text from popup error dialog

Due to angular/angular#15613, injectors that are defined in namespaces are not declared in the usual way.

e.g., Instead of:

constructor(	constructor(
    public windowManager: WindowManagerService,
    private http: Http,
    @Inject(MVDHosting.Tokens.AuthenticationManagerToken)
  ) {

We have to use

constructor(
    public windowManager: WindowManagerService,
    private http: Http,
    private injector: Injector
  ) {
    this.authenticationManager = this.injector.get(MVDHosting.Tokens.AuthenticationManagerToken);

If the angular issue gets fixed, or if we find a better solution, there are several places that can be cleaned up.

As an App user, I want to be notified and visualize progress of transfer, so that I know when my download or upload is complete.

Visualize transfer progress through progress bar on App UI, but also use notification manager to alert when a transfer has completed

Acceptance criteria: Have a progress bar that is shown during a download or upload where the activity of the bar corresponds to the percent complete of the download or upload
Acceptance criteria: Alert the user via notification manager that the download has completed.

Architectural requirement: progress bar is a component that is informed of progress of actions whether its

git clone --recurse-submodules https://github.com/zowe/zlux.git

Fails with :

Cloning into 'zlux'...
remote: Enumerating objects: 21, done.
remote: Counting objects: 100% (21/21), done.
remote: Compressing objects: 100% (18/18), done.
remote: Total 21 (delta 7), reused 13 (delta 3), pack-reused 0
Unpacking objects: 100% (21/21), done.
Submodule 'explorer-server-auth' ([email protected]:zowe/explorer-server-auth.git) registered for path 'explorer-server-auth'
Submodule 'sample-app' ([email protected]:zowe/sample-app.git) registered for path 'sample-app'
Submodule 'sample-iframe-app' ([email protected]:zowe/sample-iframe-app.git) registered for path 'sample-iframe-app'
Submodule 'tn3270-ng2' ([email protected]:zowe/tn3270-ng2.git) registered for path 'tn3270-ng2'
Submodule 'vt-ng2' ([email protected]:zowe/vt-ng2.git) registered for path 'vt-ng2'
Submodule 'zlux-app-manager' ([email protected]:zowe/zlux-app-manager.git) registered for path 'zlux-app-manager'
Submodule 'zlux-build' ([email protected]:zowe/zlux-build.git) registered for path 'zlux-build'
Submodule 'zlux-example-server' ([email protected]:zowe/zlux-example-server.git) registered for path 'zlux-example-server'
Submodule 'zlux-ng2' ([email protected]:zowe/zlux-ng2.git) registered for path 'zlux-ng2'
Submodule 'zlux-platform' ([email protected]:zowe/zlux-platform.git) registered for path 'zlux-platform'
Submodule 'zlux-proxy-server' ([email protected]:zowe/zlux-proxy-server.git) registered for path 'zlux-proxy-server'
Submodule 'zlux-shared' ([email protected]:zowe/zlux-shared.git) registered for path 'zlux-shared'
Submodule 'zlux-workflow' ([email protected]:zowe/zlux-workflow.git) registered for path 'zlux-workflow'
Submodule 'zos-subsystems' ([email protected]:zowe/zos-subsystems.git) registered for path 'zos-subsystems'
Submodule 'zosmf-auth' ([email protected]:zowe/zosmf-auth.git) registered for path 'zosmf-auth'
Submodule 'zss-auth' ([email protected]:zowe/zss-auth.git) registered for path 'zss-auth'
Cloning into '/Users/wallin/Docker/z/zlux/explorer-server-auth'...
Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
fatal: clone of '[email protected]:zowe/explorer-server-auth.git' into submodule path '/Users/wallin/Docker/z/zlux/explorer-server-auth' failed
Failed to clone 'explorer-server-auth'. Retry scheduled
Cloning into '/Users/wallin/Docker/z/zlux/sample-app'...
Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
fatal: clone of '[email protected]:zowe/sample-app.git' into submodule path '/Users/wallin/Docker/z/zlux/sample-app' failed
Failed to clone 'sample-app'. Retry scheduled
Cloning into '/Users/wallin/Docker/z/zlux/sample-iframe-app'...
Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
fatal: clone of '[email protected]:zowe/sample-iframe-app.git' into submodule path '/Users/wallin/Docker/z/zlux/sample-iframe-app' failed
Failed to clone 'sample-iframe-app'. Retry scheduled
Cloning into '/Users/wallin/Docker/z/zlux/tn3270-ng2'...
Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
fatal: clone of '[email protected]:zowe/tn3270-ng2.git' into submodule path '/Users/wallin/Docker/z/zlux/tn3270-ng2' failed
Failed to clone 'tn3270-ng2'. Retry scheduled
Cloning into '/Users/wallin/Docker/z/zlux/vt-ng2'...
Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
fatal: clone of '[email protected]:zowe/vt-ng2.git' into submodule path '/Users/wallin/Docker/z/zlux/vt-ng2' failed
Failed to clone 'vt-ng2'. Retry scheduled
Cloning into '/Users/wallin/Docker/z/zlux/zlux-app-manager'...
Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
fatal: clone of '[email protected]:zowe/zlux-app-manager.git' into submodule path '/Users/wallin/Docker/z/zlux/zlux-app-manager' failed
Failed to clone 'zlux-app-manager'. Retry scheduled
Cloning into '/Users/wallin/Docker/z/zlux/zlux-build'...
Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
fatal: clone of '[email protected]:zowe/zlux-build.git' into submodule path '/Users/wallin/Docker/z/zlux/zlux-build' failed
Failed to clone 'zlux-build'. Retry scheduled
Cloning into '/Users/wallin/Docker/z/zlux/zlux-example-server'...
Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
fatal: clone of '[email protected]:zowe/zlux-example-server.git' into submodule path '/Users/wallin/Docker/z/zlux/zlux-example-server' failed
Failed to clone 'zlux-example-server'. Retry scheduled
Cloning into '/Users/wallin/Docker/z/zlux/zlux-ng2'...
Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
fatal: clone of '[email protected]:zowe/zlux-ng2.git' into submodule path '/Users/wallin/Docker/z/zlux/zlux-ng2' failed
Failed to clone 'zlux-ng2'. Retry scheduled
Cloning into '/Users/wallin/Docker/z/zlux/zlux-platform'...
Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
fatal: clone of '[email protected]:zowe/zlux-platform.git' into submodule path '/Users/wallin/Docker/z/zlux/zlux-platform' failed
Failed to clone 'zlux-platform'. Retry scheduled
Cloning into '/Users/wallin/Docker/z/zlux/zlux-proxy-server'...
Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
fatal: clone of '[email protected]:zowe/zlux-proxy-server.git' into submodule path '/Users/wallin/Docker/z/zlux/zlux-proxy-server' failed
Failed to clone 'zlux-proxy-server'. Retry scheduled
Cloning into '/Users/wallin/Docker/z/zlux/zlux-shared'...
Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
fatal: clone of '[email protected]:zowe/zlux-shared.git' into submodule path '/Users/wallin/Docker/z/zlux/zlux-shared' failed
Failed to clone 'zlux-shared'. Retry scheduled
Cloning into '/Users/wallin/Docker/z/zlux/zlux-workflow'...
Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
fatal: clone of '[email protected]:zowe/zlux-workflow.git' into submodule path '/Users/wallin/Docker/z/zlux/zlux-workflow' failed
Failed to clone 'zlux-workflow'. Retry scheduled
Cloning into '/Users/wallin/Docker/z/zlux/zos-subsystems'...
Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
fatal: clone of '[email protected]:zowe/zos-subsystems.git' into submodule path '/Users/wallin/Docker/z/zlux/zos-subsystems' failed
Failed to clone 'zos-subsystems'. Retry scheduled
Cloning into '/Users/wallin/Docker/z/zlux/zosmf-auth'...
Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
fatal: clone of '[email protected]:zowe/zosmf-auth.git' into submodule path '/Users/wallin/Docker/z/zlux/zosmf-auth' failed
Failed to clone 'zosmf-auth'. Retry scheduled
Cloning into '/Users/wallin/Docker/z/zlux/zss-auth'...
Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
fatal: clone of '[email protected]:zowe/zss-auth.git' into submodule path '/Users/wallin/Docker/z/zlux/zss-auth' failed
Failed to clone 'zss-auth'. Retry scheduled
Cloning into '/Users/wallin/Docker/z/zlux/explorer-server-auth'...
Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
fatal: clone of '[email protected]:zowe/explorer-server-auth.git' into submodule path '/Users/wallin/Docker/z/zlux/explorer-server-auth' failed
Failed to clone 'explorer-server-auth' a second time, aborting

.gitmodules needs updating with urls https://github.com/zowe/<module>.git

If there are problems with loading a plugin, the server should "note" (at least output a message to the log) that a specific plugin failed to load, but the remainder of plugins should be loaded, and server startup should complete.

Example: if there is circular dependency between the services of two different plugins, those plugins should fail to load, but the server should complete its startup.

Current behavior:

The error is logged and startup does not continue. The nodeServer process does not stop, but the nodeServer is not fully initialized to server Zowe ZLUX (desktop)
Server Log:

could not start the server:  Error: Cyclic dependency, node was:{"identifier":"org.zowe.zlux.sample.iframe","apiVersion":"1.0.0","pluginVersion":"1.0.0","pluginType":"application","webContent":{"framework":"iframe","launchDefinition":{"pluginShortNameKey":"sampleiframe","pluginShortNameDefault":"IFrame Sample","imageSrc":"assets/icon.png"},"descriptionKey":"Sample App Showcasing IFrame Adapter","descriptionDefault":"Sample App Showcasing IFrame Adapter","startingPage":"html/index.html","isSingleWindowApp":true,"defaultWindowStyle":{"width":800,"height":445,"x":200,"y":50},"path":"..\\..\\sample-iframe-app\\web"},"dataServices":[{"type":"import","sourcePlugin":"org.zowe.zlux.sample.angular","sourceName":"hello","localName":"hello"}],"configuration":{"contents":{}},"location":"../../sample-iframe-app","dataServicesGrouped":{"router":[],"import":[{"configuration":{"contents":{}},"type":"import","sourcePlugin":"org.zowe.zlux.sample.angular","sourceName":"hello","localName":"hello"}],"node":[],"proxy":[],"external":[]}}
    at visit (C:\repos\zowe\zlux\zlux-proxy-server\js\node_modules\toposort\index.js:45:13)
    at visit (C:\repos\zowe\zlux\zlux-proxy-server\js\node_modules\toposort\index.js:62:9)
etc.

Client presentation: ZLUX: unknown resource requested

Proposed behavior:

Problem is logged, offending plugin(s) do not finish loading, or are removed if they are already loaded.
Additional NOTE: If the server cannot come "all the way up" it should exit, rather than stop partway.

Error reporting API in the node server

As part of CII Badge requirement:

At least one static code analysis tool (beyond compiler warnings and "safe" language modes) MUST be applied to any proposed major production release of the software before its release, if there is at least one FLOSS tool that implements this criterion in the selected language. [static_analysis]
A static code analysis tool examines the software code (as source code, intermediate code, or executable) without executing it with specific inputs. For purposes of this criterion, compiler warnings and "safe" language modes do not count as static code analysis tools (these typically avoid deep analysis because speed is vital). Some static analysis tools focus on detecting generic defects, others focus on finding specific kinds of defects (such as vulnerabilities), and some do a combination. Examples of such static code analysis tools include cppcheck (C, C++), clang static analyzer (C, C++), SpotBugs (Java), FindBugs (Java) (including FindSecurityBugs), PMD (Java), Brakeman (Ruby on Rails), lintr (R), goodpractice (R), Coverity Quality Analyzer, SonarQube, Codacy, and HP Enterprise Fortify Static Code Analyzer. Larger lists of tools can be found in places such as the Wikipedia list of tools for static code analysis, OWASP information on static code analysis, NIST list of source code security analyzers, and Wheeler's list of static analysis tools. The SWAMP is a no-cost platform for assessing vulnerabilities in software using a variety of tools. If there are no FLOSS static analysis tools available for the implementation language(s) used, select 'N/A'.

It is SUGGESTED that at least one of the static analysis tools used for the static_analysis criterion include rules or approaches to look for common vulnerabilities in the analyzed language or environment. [static_analysis_common_vulnerabilities]
Static analysis tools that are specifically designed to look for common vulnerabilities are more likely to find them. That said, using any static tools will typically help find some problems, so we are suggesting but not requiring this for the 'passing' level badge.

All medium and high severity exploitable vulnerabilities discovered with static code analysis MUST be fixed in a timely way after they are confirmed. [static_analysis_fixed]

It is SUGGESTED that static source code analysis occur on every commit or at least daily. [static_analysis_often]

Hardcoding, wrong scopes, wrong aggregation types, user instead of internal configuration... check that our core plugins are doing the right things.

Make sure remote and local streams closed correctly after copying file all directions

RBAC (Role Based Access Control) Mapping and Integration

Progress column is center-aligned, and doesn't show numerical values

Change MVD login screen from ZLUX to Zowe

The navigator pane cannot be resized (Mac w/ Chrome) which leads to some ugly presentation (see attached screenshot) when dataset names are long. The panes should be resizeable so that both the navigator and the editor can be enlarged. A nice feature would be, if the navigator can be collapsed to leave the rest of the window for the editor.

As part of CII Badge requirement:

The project MUST enable one or more compiler warning flags, a "safe" language mode, or use a separate "linter" tool to look for code quality errors or common simple mistakes, if there is at least one FLOSS tool that can implement this criterion in the selected language. [warnings]
Examples of compiler warning flags include gcc/clang "-Wall". Examples of a "safe" language mode include JavaScript "use strict" and perl5's "use warnings". A separate "linter" tool is simply a tool that examines the source code to look for code quality errors or common simple mistakes. These are typically enabled within the source code or build instructions.

As part of CII Badge requirement:

It is SUGGESTED that at least one dynamic analysis tool be applied to any proposed major production release of the software before its release. [dynamic_analysis]
A dynamic analysis tool examines the software by executing it with specific inputs. For example, the project MAY use a fuzzing tool (e.g., American Fuzzy Lop) or a web application scanner (e.g., OWASP ZAP or w3af). In some cases the OSS-Fuzz project may be willing to apply fuzz testing to your project. For purposes of this criterion the dynamic analysis tool needs to vary the inputs in some way to look for various kinds of problems or be an automated test suite with at least 80% branch coverage. The Wikipedia page on dynamic analysis and the OWASP page on fuzzing identify some dynamic analysis tools. The analysis tool(s) MAY be focused on looking for security vulnerabilities, but this is not required.

It is SUGGESTED that if the software produced by the project includes software written using a memory-unsafe language (e.g., C or C++), then at least one dynamic tool (e.g., a fuzzer or web application scanner) be routinely used in combination with a mechanism to detect memory safety problems such as buffer overwrites. If the project does not produce software written in a memory-unsafe language, choose "not applicable" (N/A). [dynamic_analysis_unsafe]

It is SUGGESTED that the software produced by the project include many run-time assertions that are checked during dynamic analysis. [dynamic_analysis_enable_assertions]

All medium and high severity exploitable vulnerabilities discovered with dynamic code analysis MUST be fixed in a timely way after they are confirmed. [dynamic_analysis_fixed]

As an App user, I want to be notified of permission issues, so I know what I cant do or what needs to be fixed

Acceptance criteria: user is aware that interruption has occurred - notification should be issued via notification manager, and modal popup that uses Error Widget should be seen on App. Console log should also indicate that a failure occurred
Acceptance criteria: notification, modal error widget, and console log all needs to be informative about the error to the point that the user or support can understand what happened.
Acceptance criteria: notification should occur as a result of being unable to do a user-requested action on the local mainframe or remote host.

As a mainframe user, I need to be able to delete fiies, so I can manage data remotely

Acceptance criteria: content is deleted, but only if you have the permission to do so

Can leave workflow config tab when there are changes

As a mainframe user, I want to control the encoding when sending & receiving data, so that I get data that is useful on both workstation & mainframe.

Acceptance criteria: ability to choose encoding for download & upload. For download from mainframe to workstation, utf8 or binary(no encoding change) are the minimum required choices. For workstation to mainframe, the content can either be transferred as binary (no encoding change), or you can choose to have a conversion to utf8, ebcdic-1047, ebcdic-931, or iso-8859-1.
Acceptance criteria: ability to choose whether to tag on upload to mainframe, or not. Default=yes
Acceptance criteria: download from mainframe is assumed ebcdic unless content is tagged
Nice to have: be able to view the tagged encoding of a file on the mainframe as a detail column

Explorers don't fetch information while working standalone.
(Fetch Datasets failed for A99904)
messages.log in explorer-server has some error for java classes:
java.util.MissingResourceException: Can't find bundle for base name com.ibm.atlas.webservice.messages, locale en_US
SRVE0777E: Exception thrown by application class 'java.lang.J9VMInternals.ensureError:146'

Three explorers don't work via zLUX:
This message has been issued:
Content was blocked because it was not signed by a valid security certificate

Cancel
Delete
Archive
Stop Automation
Reactivate

Create a sample application to demonstrate the new File Browser control

Node server tracing

Define the requirements and recommendations for building a Zowe compliant app for zlux.

Error loading BBGZSAFM module during startup after installation. All installation activities completed.

STDERR shows...
CEE3250C The system or user abend SEC3 R=20000005 was issued.
From entry point ntv_registerServer at compile unit offset +0000000028046602 at entry offset +0000000000083B2A at address 0000000028046602

SYSLOG shows...
BPXP011I THREAD 1B2E78000000000D, IN PROCESS 50397976, WAS 138
TERMINATED DUE TO A PTHREAD QUIESCE OF TYPE 2.
IEF450I ZOWESVR3 STEP1 - ABEND=SEC3 U0000 REASON=20000005

Verification shows zowe destop logon at http://ip:port/ZLUX/plugins/com.rs.mvd/web/index.html, but authorization fails (as expected). All other verifications fail.

Server stderr, stdout and zssServer log attached.

zowesvr.stdout.txt
zssServer-2018-10-23-18-36.log
zowesvr.stderr.txt

support lang-LOCALE and ability to fall back to lang if lang-LOCALE is not found

Accept
Skip
Perform
Override Complete
Assignment

dataService "types" formality: valid types read via enum
plugindefinition files should be fully validated according to plugin type, such as application.
unique ID checking to prevent namespace overlap

Add Swagger Documentation for Unix File & Dataset API

File Transfer Application Drop Box Support

Wiki omits what import and external dataservices are supposed to be here: https://github.com/zowe/zlux/wiki/ZLUX-Plugin-Definition-&-Structure

FTP application refactoring

What this Epic Is:

Support secure file and dataset transfer between zOS & your PC
Act like FTP, but does not have to be FTP (could be HTTP)
You should be able to list files, datasets and Directories on the zOS system
Queue up downloads of these files and datasets to your PC
Browse your PC to upload files as files or datasets
Set the transfer mode to either char set conversion or binary
One secure protocol that the team will decide
The UI should follow Craig's mockup - contact @NolanRogers for the Mock Up
Browsers that Zowe supports can be found on the Zowe.org website
https://zowe.github.io/docs-site/v1-2-x/user-guide/systemrequirements.html#common-system-requirements

What this Epic isn't:

Would be great, but not required for this Epic:

Create a convenient UI for performing an XMIT on datasets
Convenient UI for creating a PAX or TAR for files
Maybe DropBox and WindowsFS, too: copy your content to/from dropbox to Z
Be able to change file permissions like chmod in Unix
These could lead to future Epics.