#### What does this PR do?
This is the acceptance criteria:
- [x] Write handlers using CRUDer
- get /api/1.1/users/
- get /api/1.1/users/:id
- put /api/1.1/users/:id
- post /api/1.1/users/
- delete /api/1.1/users/:id (reverted; no longer in use)
- [x] Written the client
- [x] Written general tests
- [x] Enforce tenancy for GET
- [x] Enforce tenancy for PUT, DELETE, CREATE
- [x] Documentation
- Updated documentation to include query parameters
- Marked uid and gid as deprecated
- Fixed formatting
- Updated tenant id to be required (has not null constraint and perl
currently returns raw error)
- Double check documentation for correct information
- [x] Password Security
- Convert to SCYRPT
- Don't keep in response
- Password validation
- [x] Returns correct HTTP error codes
- Little bit lax on distinction between query and path parameters (both
return empty response)
- Followed convention for things I was familiar with
- New?: Returns 404 if role or tenant id not found
i) Perl returned a 400 for one and 500 for another (think it was
'role')
ii) Not sure if this is being done by other golang endpoints
- [ ] Follows logic from perl
- This is a little iffy. Things should be compatible, though minor
differences exist (see this checklist for examples)
Notes:
I changed `api.ParseDBError` a little bit.
The user shouldn't be able to update their own role.
Follow ups:
Delete will be implemented later (see #2017)
uid, gid, and confirmLocalPasswd will need to be removed from the database
#### Which TC components are affected by this PR?
- [x] Documentation
- [ ] Grove
- [ ] Traffic Analytics
- [ ] Traffic Monitor
- [x] Traffic Ops
- [ ] Traffic Ops ORT
- [ ] Traffic Portal
- [ ] Traffic Router
- [ ] Traffic Stats
- [ ] Traffic Vault
- [ ] Other _________
#### What is the best way to verify this PR?
Run the tests.
The tests do not check tenancy or validations, so those would be checked
manually.
Password validation is the most important to verify.
The reviewer should be able to reproduce errors that originate from
api.ParseDBErr.
Look over the documentation.
#### Check all that apply
- [x] This PR includes tests
- [x] This PR includes documentation updates
- [ ] This PR includes an update to CHANGELOG.md
- [x] This PR includes all required license headers
- [ ] This PR includes a database migration (ensure that migration sequence is
correct)
- [ ] This PR fixes a serious security flaw. Read more:
[www.apache.org/security](http://www.apache.org/security/)
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
[ Full content available at: https://github.com/apache/trafficcontrol/pull/2834
]
This message was relayed via gitbox.apache.org for [email protected]
