[GitHub] [trafficcontrol] ocket8888 commented on a change in pull request #3534: TP Delivery Service Generate SSL update, new letsencrypt generate and…

Fri, 25 Oct 2019 11:39:55 -0700 

ocket8888 commented on a change in pull request #3534: TP Delivery Service 
Generate SSL update, new letsencrypt generate and…
URL: https://github.com/apache/trafficcontrol/pull/3534#discussion_r339182810
 
 

 ##########
 File path: traffic_ops/traffic_ops_golang/routing/routes.go
 ##########
 @@ -479,11 +479,18 @@ func Routes(d ServerData) ([]Route, []RawRoute, 
http.Handler, error) {
 
                {1.1, http.MethodGet, 
`deliveryservices/{id}/servers/eligible/?(\.json)?$`, 
deliveryservice.GetServersEligible, auth.PrivLevelReadOnly, Authenticated, nil},
 
+               {1.4, http.MethodGet, 
`deliveryservices/xmlId/{xmlid}/sslkeys$`, 
deliveryservice.GetSSLKeysByXMLIDV14, auth.PrivLevelAdmin, Authenticated, nil},
                {1.1, http.MethodGet, 
`deliveryservices/xmlId/{xmlid}/sslkeys$`, deliveryservice.GetSSLKeysByXMLID, 
auth.PrivLevelAdmin, Authenticated, nil},
                {1.1, http.MethodGet, 
`deliveryservices/hostname/{hostname}/sslkeys$`, 
deliveryservice.GetSSLKeysByHostName, auth.PrivLevelAdmin, Authenticated, nil},
                {1.1, http.MethodPost, `deliveryservices/sslkeys/add$`, 
deliveryservice.AddSSLKeys, auth.PrivLevelAdmin, Authenticated, nil},
                {1.1, http.MethodGet, 
`deliveryservices/xmlId/{xmlid}/sslkeys/delete$`, 
deliveryservice.DeleteSSLKeys, auth.PrivLevelOperations, Authenticated, nil},
                {1.1, http.MethodPost, 
`deliveryservices/sslkeys/generate/?(\.json)?$`, 
deliveryservice.GenerateSSLKeys, auth.PrivLevelOperations, Authenticated, nil},
+
+               //Delivery service LetsEncrypt
+               {1.4, http.MethodPost, 
`deliveryservices/sslkeys/generate/letsencrypt/?(\.json)?$`, 
deliveryservice.GenerateLetsEncryptCertificates, auth.PrivLevelReadOnly, 
Authenticated, nil},
+               {1.4, http.MethodGet, `letsencrypt/dnsrecords/?(\.json)?$`, 
deliveryservice.GetDnsChallengeRecords, auth.PrivLevelReadOnly, Authenticated, 
nil},
+               {1.4, http.MethodPost, `letsencrypt/autorenew/?(\.json)?$`, 
deliveryservice.RenewCertificates, auth.PrivLevelReadOnly, Authenticated, nil},
 
 Review comment:
   I don't think "Read Only" is the appropriate permission level for generating 
and re-generating SSL keys for a delivery service. Maybe it doesn't need to be 
higher than, say, Portal, but the idea of Read Only is that it can *only* read 
data.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

Reply via email to