So, whether this is a Portal or API bug is a little ambiguous. The problem: 1. Riak DNSSEC keys `effectiveDate` must be a UNIX epoch. 2. The cdn/dnsseckeys/generate endpoint documentation is completely missing the `effectiveDate` field. 3. the Perl UI sends the `effectiveDate` as a string `2018-08-21+14:26:06`, and the Perl UI server side converts that to a UNIX epoch. 4. the Perl API accepts _whatever_ `effectiveDate` type and value is sent, and puts that in Riak. You can send `foo` and it shove that in Riak. 5. the Portal UI calls the Perl API with a string `2018-08-21 14:14:42`. The API, per #4, shoves this into Riak. The world subsequently breaks.
This is a problem today, in master, and has been since the Portal and API were written. This is a critical bug. Pressing the CDN DNSSEC "generate" button in the Portal will break all of DNSSEC for the given CDN. Again, where the bug lies and how to fix it are a big ambiguous. The API endpoint is currently being rewritten in Go. Per the Robustness Principle, I propose: 1. Making the API accept either an RFC3339 date string, a date string in the format that Perl currently sends, that the Portal currently sends, or a UNIX timestamp number. 2. Changing the Portal to send a UNIX epoch. 3. Documenting the long-existing API behavior of a UNIX epoch, but _not_ documenting the other formats. APIs should be well-defined, and there should be One Right Way. This will document the behavior that's always existed, but not encourage or formally support the API accepting the other string timestamp format (which we're only putting in to fix the critically dangerous bug as robustly as possible). This will: 1. Fix the Go endpoint to behave how the undocumented Perl did, for any users correctly using the API. 2. Fix the bug if a user deploys a new Traffic Ops, but not a new Portal 3. Fix the bug if a user deploys a new Portal, but not a new Traffic Ops Normally, users should always upgrade both TO and the Portal; but with a bug as critical as this, IMO it's worth the extra effort to make the bug fixable by just upgrading one of them. [ Full content available at: https://github.com/apache/trafficcontrol/issues/2723 ] This message was relayed via gitbox.apache.org for [email protected]
