This is an automated email from the ASF dual-hosted git repository. mitchell852 pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficcontrol.git
commit 810816f3a18f380f1dc0779d62c9b5b7db430446 Author: Robert Butts <r...@apache.org> AuthorDate: Tue Jun 19 21:55:45 2018 -0600 Add TO Go deliveryservices/xmlId/copyFromXmlId --- .../traffic_ops_golang/deliveryservice/urlkey.go | 81 ++++++++++++++++++++++ traffic_ops/traffic_ops_golang/riaksvc/dsutil.go | 21 ++++++ traffic_ops/traffic_ops_golang/routes.go | 1 + 3 files changed, 103 insertions(+) diff --git a/traffic_ops/traffic_ops_golang/deliveryservice/urlkey.go b/traffic_ops/traffic_ops_golang/deliveryservice/urlkey.go index aae1cbb..4f9f4e2 100644 --- a/traffic_ops/traffic_ops_golang/deliveryservice/urlkey.go +++ b/traffic_ops/traffic_ops_golang/deliveryservice/urlkey.go @@ -147,6 +147,87 @@ func GetURLKeysByName(w http.ResponseWriter, r *http.Request) { api.WriteResp(w, r, keys) } +func CopyURLKeys(w http.ResponseWriter, r *http.Request) { + inf, userErr, sysErr, errCode := api.NewInfo(r, []string{"name", "copy-name"}, nil) + if userErr != nil || sysErr != nil { + api.HandleErr(w, r, errCode, userErr, sysErr) + return + } + defer inf.Close() + + if inf.Config.RiakEnabled == false { + api.HandleErr(w, r, http.StatusInternalServerError, userErr, errors.New("deliveryservice.DeleteSSLKeys: Riak is not configured!")) + return + } + + ds := tc.DeliveryServiceName(inf.Params["name"]) + copyDS := tc.DeliveryServiceName(inf.Params["copy-name"]) + + // TODO create a helper function to check all this in a single line. + ok, err := tenant.IsTenancyEnabledTx(inf.Tx.Tx) + if err != nil { + api.HandleErr(w, r, http.StatusInternalServerError, nil, errors.New("checking tenancy enabled: "+err.Error())) + return + } + if ok { + dsTenantID, ok, err := GetDSTenantIDByNameTx(inf.Tx.Tx, ds) + if err != nil { + api.HandleErr(w, r, http.StatusInternalServerError, nil, errors.New("checking tenant: "+err.Error())) + return + } + if !ok { + api.HandleErr(w, r, http.StatusNotFound, errors.New("delivery service "+string(ds)+" not found"), nil) + return + } + if dsTenantID != nil { + if authorized, err := tenant.IsResourceAuthorizedToUserTx(*dsTenantID, inf.User, inf.Tx.Tx); err != nil { + api.HandleErr(w, r, http.StatusInternalServerError, nil, errors.New("checking tenant: "+err.Error())) + return + } else if !authorized { + api.HandleErr(w, r, http.StatusForbidden, errors.New("not authorized on this tenant"), nil) + return + } + } + + { + copyDSTenantID, ok, err := GetDSTenantIDByNameTx(inf.Tx.Tx, copyDS) + if err != nil { + api.HandleErr(w, r, http.StatusInternalServerError, nil, errors.New("checking tenant: "+err.Error())) + return + } + if !ok { + api.HandleErr(w, r, http.StatusNotFound, errors.New("delivery service "+string(ds)+" not found"), nil) + return + } + if copyDSTenantID != nil { + if authorized, err := tenant.IsResourceAuthorizedToUserTx(*copyDSTenantID, inf.User, inf.Tx.Tx); err != nil { + api.HandleErr(w, r, http.StatusInternalServerError, nil, errors.New("checking tenant: "+err.Error())) + return + } else if !authorized { + api.HandleErr(w, r, http.StatusForbidden, errors.New("not authorized on this copy tenant"), nil) + return + } + } + } + } + + keys, ok, err := riaksvc.GetURLSigKeys(inf.Tx.Tx, inf.Config.RiakAuthOptions, copyDS) + if err != nil { + api.HandleErr(w, r, http.StatusInternalServerError, nil, errors.New("getting URL Sig keys from riak: "+err.Error())) + return + } + if !ok { + api.HandleErr(w, r, http.StatusBadRequest, errors.New("Unable to retrieve keys from Delivery Service '"+string(copyDS)+"'"), nil) + return + } + + if err := riaksvc.PutURLSigKeys(inf.Tx.Tx, inf.Config.RiakAuthOptions, ds, keys); err != nil { + api.HandleErr(w, r, http.StatusInternalServerError, nil, errors.New("setting URL Sig keys for '"+string(ds)+" copied from "+string(copyDS)+": "+err.Error())) + return + } + api.WriteRespAlert(w, r, tc.SuccessLevel, "Successfully copied and stored keys") +} + // GetDSNameFromID loads the DeliveryService's xml_id from the database, from the ID. Returns whether the delivery service was found, and any error. // TODO move somewhere generic func GetDSNameFromID(tx *sql.Tx, id int) (tc.DeliveryServiceName, bool, error) { diff --git a/traffic_ops/traffic_ops_golang/riaksvc/dsutil.go b/traffic_ops/traffic_ops_golang/riaksvc/dsutil.go index 81b5377..7c543a4 100644 --- a/traffic_ops/traffic_ops_golang/riaksvc/dsutil.go +++ b/traffic_ops/traffic_ops_golang/riaksvc/dsutil.go @@ -288,3 +288,24 @@ func GetURLSigKeys(tx *sql.Tx, authOpts *riak.AuthOptions, ds tc.DeliveryService } return val, found, nil } + +func PutURLSigKeys(tx *sql.Tx, authOpts *riak.AuthOptions, ds tc.DeliveryServiceName, keys tc.URLSigKeys) error { + keyJSON, err := json.Marshal(&keys) + if err != nil { + return errors.New("marshalling keys: " + err.Error()) + } + err = WithClusterTx(tx, authOpts, func(cluster StorageCluster) error { + obj := &riak.Object{ + ContentType: "application/json", + Charset: "utf-8", + ContentEncoding: "utf-8", + Key: GetURLSigConfigFileName(ds), + Value: []byte(keyJSON), + } + if err = SaveObject(obj, URLSigKeysBucket, cluster); err != nil { + return errors.New("saving Riak object: " + err.Error()) + } + return nil + }) + return err +} diff --git a/traffic_ops/traffic_ops_golang/routes.go b/traffic_ops/traffic_ops_golang/routes.go index 3af2c25..3298441 100644 --- a/traffic_ops/traffic_ops_golang/routes.go +++ b/traffic_ops/traffic_ops_golang/routes.go @@ -369,6 +369,7 @@ func Routes(d ServerData) ([]Route, []RawRoute, http.Handler, error) { {1.1, http.MethodGet, `deliveryservices/{id}/servers/eligible/?(\.json)?$`, deliveryservice.GetServersEligible, auth.PrivLevelReadOnly, Authenticated, nil}, {1.1, http.MethodPost, `deliveryservices/sslkeys/generate/?(\.json)?$`, deliveryservice.GenerateSSLKeys, auth.PrivLevelOperations, Authenticated, nil}, + {1.1, http.MethodPost, `deliveryservices/xmlId/{name}/urlkeys/copyFromXmlId/{copy-name}/?(\.json)?$`, deliveryservice.CopyURLKeys, auth.PrivLevelOperations, Authenticated, nil}, {1.1, http.MethodGet, `deliveryservices/xmlId/{name}/urlkeys/?(\.json)?$`, deliveryservice.GetURLKeysByName, auth.PrivLevelReadOnly, Authenticated, nil}, {1.1, http.MethodGet, `deliveryservices/{id}/urlkeys/?(\.json)?$`, deliveryservice.GetURLKeysByID, auth.PrivLevelReadOnly, Authenticated, nil}, {1.1, http.MethodGet, `riak/bucket/{bucket}/key/{key}/values/?(\.json)?$`, apiriak.GetBucketKey, auth.PrivLevelAdmin, Authenticated, nil},