This is an automated email from the ASF dual-hosted git repository.
shamrick pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficcontrol.git
The following commit(s) were added to refs/heads/master by this push:
new 1e39991285 Fix status code and alert structure for sslkeys endpoint,
when no ssl keys are present. (#7595)
1e39991285 is described below
commit 1e399912855f9a96b26aa51e5a9a7ad3cd62e3a1
Author: Srijeet Chatterjee <[email protected]>
AuthorDate: Wed Jun 28 09:30:55 2023 -0600
Fix status code and alert structure for sslkeys endpoint, when no ssl keys
are present. (#7595)
* Fix status code and alert structure for sslkeys endpoint, when no ssl
keys are present
* fix tests
* fix v4 test
* fix v4 test
* adding debug
* debug
* fix v5 test
---
CHANGELOG.md | 1 +
.../testing/api/v5/deliveryservices_keys_test.go | 1 -
.../traffic_ops_golang/deliveryservice/keys.go | 25 ++++++++++++++++++----
.../traffic_ops_golang/deliveryservice/sslkeys.go | 4 +++-
.../trafficvault/backends/postgres/postgres.go | 2 +-
5 files changed, 26 insertions(+), 7 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 55d1e64a1b..0464ff5933 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -118,6 +118,7 @@ The format is based on [Keep a
Changelog](http://keepachangelog.com/en/1.0.0/).
- [#7425](https://github.com/apache/trafficcontrol/pull/7425) *Traffic Control
Cache Config (t3c)* Fixed issue with layered profile iteration being done in
the wrong order.
- [#6385](https://github.com/apache/trafficcontrol/issues/6385) *Traffic Ops*
Reserved consistentHashQueryParameters cause internal server error
- [#7471](https://github.com/apache/trafficcontrol/pull/7471) *Traffic Control
Cache Config (t3c)* Fixed issue with MSO non topo origins from multiple cache
groups.
+- [#4393](https://github.com/apache/trafficcontrol/issues/4393) *Traffic Ops*
Fixed the error code and alert structure when TO is queried for a delivery
service with no ssl keys.
### Removed
- [#7271](https://github.com/apache/trafficcontrol/pull/7271) Remove
components in `infrastructre/docker/`, not in use as cdn-in-a-box performs the
same functionality.
diff --git a/traffic_ops/testing/api/v5/deliveryservices_keys_test.go
b/traffic_ops/testing/api/v5/deliveryservices_keys_test.go
index 54b0775d5b..47b1d9cc50 100644
--- a/traffic_ops/testing/api/v5/deliveryservices_keys_test.go
+++ b/traffic_ops/testing/api/v5/deliveryservices_keys_test.go
@@ -380,7 +380,6 @@ func VerifySSLKeysOnDsCreationTest(t *testing.T) {
break
}
}
-
if err != nil || dsSSLKey == nil {
t.Fatalf("unable to get DS %s SSL key: %v", ds.XMLID,
err)
}
diff --git a/traffic_ops/traffic_ops_golang/deliveryservice/keys.go
b/traffic_ops/traffic_ops_golang/deliveryservice/keys.go
index ef02ebb683..65dce07d05 100644
--- a/traffic_ops/traffic_ops_golang/deliveryservice/keys.go
+++ b/traffic_ops/traffic_ops_golang/deliveryservice/keys.go
@@ -187,12 +187,26 @@ func GetSSLKeysByXMLID(w http.ResponseWriter, r
*http.Request) {
return
}
+ var userError error
+ sc := http.StatusInternalServerError
+ logAlert := true
keyObjV4, err := getSslKeys(inf, r.Context())
if err != nil {
- userErr := api.LogErr(r, http.StatusInternalServerError, nil,
err)
- alerts.AddNewAlert(tc.ErrorLevel, userErr.Error())
- api.WriteAlerts(w, r, http.StatusInternalServerError, alerts)
- return
+ userError = api.LogErr(r, sc, nil, err)
+ if err == sql.ErrNoRows {
+ if inf.Version.GreaterThanOrEqualTo(&api.Version{Major:
5, Minor: 0}) {
+ sc = http.StatusNotFound
+ userError = api.LogErr(r, sc, errors.New("no
ssl keys for XML ID "+xmlID), nil)
+ } else {
+ // For versions lesser than 5.0, don't log an
alert if the error is ErrNoRows. This is for backward compatibility reasons.
+ logAlert = false
+ }
+ }
+ if logAlert {
+ alerts.AddNewAlert(tc.ErrorLevel, userError.Error())
+ api.WriteAlerts(w, r, sc, alerts)
+ return
+ }
}
var keyObj interface{}
@@ -216,6 +230,9 @@ func getSslKeys(inf *api.APIInfo, ctx context.Context)
(tc.DeliveryServiceSSLKey
keyObjFromTv, ok, err := inf.Vault.GetDeliveryServiceSSLKeys(xmlID,
version, inf.Tx.Tx, ctx)
if err != nil {
+ if err == sql.ErrNoRows {
+ return tc.DeliveryServiceSSLKeysV4{}, err
+ }
return tc.DeliveryServiceSSLKeysV4{}, errors.New("getting ssl
keys: " + err.Error())
}
keyObj := tc.DeliveryServiceSSLKeysV4{}
diff --git a/traffic_ops/traffic_ops_golang/deliveryservice/sslkeys.go
b/traffic_ops/traffic_ops_golang/deliveryservice/sslkeys.go
index f3a133c066..38402e9cf0 100644
--- a/traffic_ops/traffic_ops_golang/deliveryservice/sslkeys.go
+++ b/traffic_ops/traffic_ops_golang/deliveryservice/sslkeys.go
@@ -122,7 +122,9 @@ func GeneratePlaceholderSelfSignedCert(ds
tc.DeliveryServiceV5, inf *api.APIInfo
tv := inf.Vault
_, ok, err := tv.GetDeliveryServiceSSLKeys(ds.XMLID, "", tx, context)
if err != nil {
- return fmt.Errorf("getting latest ssl keys for XMLID '%s': %w",
ds.XMLID, err), http.StatusInternalServerError
+ if err != sql.ErrNoRows {
+ return fmt.Errorf("getting latest ssl keys for XMLID
'%s': %w", ds.XMLID, err), http.StatusInternalServerError
+ }
}
if ok {
return nil, http.StatusOK
diff --git
a/traffic_ops/traffic_ops_golang/trafficvault/backends/postgres/postgres.go
b/traffic_ops/traffic_ops_golang/trafficvault/backends/postgres/postgres.go
index b1bdc1b394..1499882d30 100644
--- a/traffic_ops/traffic_ops_golang/trafficvault/backends/postgres/postgres.go
+++ b/traffic_ops/traffic_ops_golang/trafficvault/backends/postgres/postgres.go
@@ -138,7 +138,7 @@ func (p *Postgres) GetDeliveryServiceSSLKeys(xmlID string,
version string, tx *s
err = tvTx.QueryRow(query, xmlID, version).Scan(&encryptedSslKeys)
if err != nil {
if err == sql.ErrNoRows {
- return tc.DeliveryServiceSSLKeysV15{}, false, nil
+ return tc.DeliveryServiceSSLKeysV15{}, false, err
}
e := checkErrWithContext("Traffic Vault PostgreSQL: executing
SELECT SSL Keys query", err, ctx.Err())
return tc.DeliveryServiceSSLKeysV15{}, false, e
