This is an automated email from the ASF dual-hosted git repository.

mitchell852 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficcontrol.git


The following commit(s) were added to refs/heads/master by this push:
     new 31b9b97  Add TO Go cdns/name/sslkeys
31b9b97 is described below

commit 31b9b971b5aa04d28c32c39f1fff5c3aad47d93b
Author: Robert Butts <r...@apache.org>
AuthorDate: Tue Jun 12 13:28:21 2018 -0600

    Add TO Go cdns/name/sslkeys
---
 lib/go-tc/deliveryservice_ssl_keys.go              | 13 +++++
 traffic_ops/traffic_ops_golang/cdn/sslkeys.go      | 56 ++++++++++++++++++++++
 traffic_ops/traffic_ops_golang/riaksvc/dsutil.go   | 47 ++++++++++++++++++
 .../traffic_ops_golang/riaksvc/riak_services.go    | 27 +++++++++--
 traffic_ops/traffic_ops_golang/routes.go           |  1 +
 5 files changed, 141 insertions(+), 3 deletions(-)

diff --git a/lib/go-tc/deliveryservice_ssl_keys.go 
b/lib/go-tc/deliveryservice_ssl_keys.go
index 1a1a9f1..e366bbc 100644
--- a/lib/go-tc/deliveryservice_ssl_keys.go
+++ b/lib/go-tc/deliveryservice_ssl_keys.go
@@ -187,3 +187,16 @@ func (r CDNDNSSECGenerateReq) Validate(tx *sql.Tx) error {
 }
 
 type URLSigKeys map[string]string
+
+type CDNSSLKeysResp []CDNSSLKey
+
+type CDNSSLKey struct {
+       DeliveryService string        `json:"deliveryservice"`
+       HostName        string        `json:"hostname"`
+       Certificate     CDNSSLKeyCert `json:"certificate"`
+}
+
+type CDNSSLKeyCert struct {
+       Crt string `json:"crt"`
+       Key string `json:"key"`
+}
diff --git a/traffic_ops/traffic_ops_golang/cdn/sslkeys.go 
b/traffic_ops/traffic_ops_golang/cdn/sslkeys.go
new file mode 100644
index 0000000..b8147c6
--- /dev/null
+++ b/traffic_ops/traffic_ops_golang/cdn/sslkeys.go
@@ -0,0 +1,56 @@
+package cdn
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import (
+       "database/sql"
+       "errors"
+       "net/http"
+
+       "github.com/apache/trafficcontrol/lib/go-tc"
+       "github.com/apache/trafficcontrol/traffic_ops/traffic_ops_golang/api"
+       
"github.com/apache/trafficcontrol/traffic_ops/traffic_ops_golang/riaksvc"
+
+       "github.com/basho/riak-go-client"
+)
+
+func GetSSLKeys(w http.ResponseWriter, r *http.Request) {
+       inf, userErr, sysErr, errCode := api.NewInfo(r, []string{"name"}, nil)
+       if userErr != nil || sysErr != nil {
+               api.HandleErr(w, r, errCode, userErr, sysErr)
+               return
+       }
+       defer inf.Close()
+       keys, err := getSSLKeys(inf.Tx.Tx, inf.Config.RiakAuthOptions, 
inf.Params["name"])
+       if err != nil {
+               api.HandleErr(w, r, http.StatusInternalServerError, nil, 
errors.New("getting cdn ssl keys: "+err.Error()))
+               return
+       }
+       *inf.CommitTx = true
+       api.WriteResp(w, r, keys)
+}
+
+func getSSLKeys(tx *sql.Tx, authOpts *riak.AuthOptions, cdnName string) 
([]tc.CDNSSLKey, error) {
+       keys, err := riaksvc.GetCDNSSLKeysObj(tx, authOpts, cdnName)
+       if err != nil {
+               return nil, errors.New("getting cdn ssl keys from Riak: " + 
err.Error())
+       }
+       return keys, nil
+}
diff --git a/traffic_ops/traffic_ops_golang/riaksvc/dsutil.go 
b/traffic_ops/traffic_ops_golang/riaksvc/dsutil.go
index 7c543a4..c6f36ce 100644
--- a/traffic_ops/traffic_ops_golang/riaksvc/dsutil.go
+++ b/traffic_ops/traffic_ops_golang/riaksvc/dsutil.go
@@ -309,3 +309,50 @@ func PutURLSigKeys(tx *sql.Tx, authOpts *riak.AuthOptions, 
ds tc.DeliveryService
        })
        return err
 }
+
+const SSLKeysIndex = "sslkeys"
+const CDNSSLKeysLimit = 1000 // TODO: emulates Perl; reevaluate?
+
+func GetCDNSSLKeysObj(tx *sql.Tx, authOpts *riak.AuthOptions, cdnName string) 
([]tc.CDNSSLKey, error) {
+       keys := []tc.CDNSSLKey{}
+       err := WithClusterTx(tx, authOpts, func(cluster StorageCluster) error {
+               // get the deliveryservice ssl keys by xmlID and version
+               query := `cdn:` + cdnName
+               filterQuery := `_yz_rk:*latest`
+               searchDocs, err := Search(cluster, SSLKeysIndex, query, 
filterQuery, CDNSSLKeysLimit)
+               if err != nil {
+                       return errors.New("riak search error: " + err.Error())
+               }
+               if len(searchDocs) == 0 {
+                       return nil // no error, and leave keys empty
+               }
+               keys = SearchDocsToCDNSSLKeys(searchDocs)
+               return nil
+       })
+       if err != nil {
+               return nil, errors.New("with cluster error: " + err.Error())
+       }
+       return keys, nil
+}
+
+// SearchDocsToCDNSSLKeys converts the SearchDoc array returned by Riak into a 
CDNSSLKey slice. If a SearchDoc doesn't contain expected fields, it creates the 
key with those fields defaulted to empty strings.
+func SearchDocsToCDNSSLKeys(docs []*riak.SearchDoc) []tc.CDNSSLKey {
+       keys := []tc.CDNSSLKey{}
+       for _, doc := range docs {
+               key := tc.CDNSSLKey{}
+               if dss := doc.Fields["deliveryservice"]; len(dss) > 0 {
+                       key.DeliveryService = dss[0]
+               }
+               if hosts := doc.Fields["hostname"]; len(hosts) > 0 {
+                       key.HostName = hosts[0]
+               }
+               if crts := doc.Fields["certificate.crt"]; len(crts) > 0 {
+                       key.Certificate.Crt = crts[0]
+               }
+               if keys := doc.Fields["certificate.key"]; len(keys) > 0 {
+                       key.Certificate.Key = keys[0]
+               }
+               keys = append(keys, key)
+       }
+       return keys
+}
diff --git a/traffic_ops/traffic_ops_golang/riaksvc/riak_services.go 
b/traffic_ops/traffic_ops_golang/riaksvc/riak_services.go
index 08a3248..fed4479 100644
--- a/traffic_ops/traffic_ops_golang/riaksvc/riak_services.go
+++ b/traffic_ops/traffic_ops_golang/riaksvc/riak_services.go
@@ -305,7 +305,6 @@ func GetRiakCluster(db *sql.DB, authOptions 
*riak.AuthOptions) (StorageCluster,
 }
 
 func WithCluster(db *sql.DB, authOpts *riak.AuthOptions, f 
func(StorageCluster) error) error {
-       log.Errorf("DEBUG WithCluster authOps: %++v\n", authOpts)
        cluster, err := GetRiakCluster(db, authOpts)
        if err != nil {
                return errors.New("getting riak cluster: " + err.Error())
@@ -322,7 +321,6 @@ func WithCluster(db *sql.DB, authOpts *riak.AuthOptions, f 
func(StorageCluster)
 }
 
 func WithClusterX(db *sqlx.DB, authOpts *riak.AuthOptions, f 
func(StorageCluster) error) error {
-       log.Errorf("DEBUG WithCluster authOps: %++v\n", authOpts)
        cluster, err := GetRiakCluster(db.DB, authOpts)
        if err != nil {
                return errors.New("getting riak cluster: " + err.Error())
@@ -351,7 +349,6 @@ func GetRiakClusterTx(tx *sql.Tx, authOptions 
*riak.AuthOptions) (StorageCluster
 }
 
 func WithClusterTx(tx *sql.Tx, authOpts *riak.AuthOptions, f 
func(StorageCluster) error) error {
-       log.Errorf("DEBUG WithCluster authOps: %++v\n", authOpts)
        cluster, err := GetRiakClusterTx(tx, authOpts)
        if err != nil {
                return errors.New("getting riak cluster: " + err.Error())
@@ -385,3 +382,27 @@ func StopCluster(c StorageCluster) {
                log.Errorln("stopping riak cluster: " + err.Error())
        }
 }
+
+// Search searches Riak for the given query. Returns nil and a nil error if no 
object was found.
+func Search(cluster StorageCluster, index string, query string, filterQuery 
string, numRows int) ([]*riak.SearchDoc, error) {
+       iCmd, err := riak.NewSearchCommandBuilder().
+               WithIndexName(index).
+               WithQuery(query).
+               WithFilterQuery(filterQuery).
+               WithNumRows(uint32(numRows)).
+               Build()
+       if err != nil {
+               return nil, errors.New("building Riak command: " + err.Error())
+       }
+       if err = cluster.Execute(iCmd); err != nil {
+               return nil, errors.New("executing Riak command index '" + index 
+ "' query '" + query + "': " + err.Error())
+       }
+       cmd, ok := iCmd.(*riak.SearchCommand)
+       if !ok {
+               return nil, fmt.Errorf("Riak command unexpected type %T", iCmd)
+       }
+       if cmd.Response == nil || cmd.Response.NumFound == 0 {
+               return nil, nil
+       }
+       return cmd.Response.Docs, nil
+}
diff --git a/traffic_ops/traffic_ops_golang/routes.go 
b/traffic_ops/traffic_ops_golang/routes.go
index 7f869bd..ffffdaa 100644
--- a/traffic_ops/traffic_ops_golang/routes.go
+++ b/traffic_ops/traffic_ops_golang/routes.go
@@ -108,6 +108,7 @@ func Routes(d ServerData) ([]Route, []RawRoute, 
http.Handler, error) {
                {1.1, http.MethodPost, `cachegroups/{id}/queue_update$`, 
cachegroup.QueueUpdates(d.DB.DB), auth.PrivLevelOperations, Authenticated, nil},
 
                //CDN
+               {1.1, http.MethodGet, `cdns/name/{name}/sslkeys/?(\.json)?$`, 
cdn.GetSSLKeys, auth.PrivLevelAdmin, Authenticated, nil},
                {1.1, http.MethodGet, `cdns/metric_types`, 
notImplementedHandler, 0, NoAuth, nil}, // MUST NOT end in $, because the 1.x 
route is longer
                {1.1, http.MethodGet, `cdns/capacity$`, 
handlerToFunc(proxyHandler), 0, NoAuth, []Middleware{}},
                {1.1, http.MethodGet, `cdns/configs/?(\.json)?$`, 
cdn.GetConfigs(d.DB.DB), auth.PrivLevelReadOnly, Authenticated, nil},

Reply via email to