lactose opened a new pull request #4072: Prevent Assigning Servers to Delivery Services Without Required Capabilities URL: https://github.com/apache/trafficcontrol/pull/4072 <!-- ************ STOP!! ************ If this Pull Request is intended to fix a security vulnerability, DO NOT submit it! Instead, contact the Apache Software Foundation Security Team at secur...@trafficcontrol.apache.org and follow the guidelines at https://www.apache.org/security/ regarding vulnerability disclosure. --> ## What does this PR (Pull Request) do? This PR adds in extra validation in associating a server to a delivery service. If the user attempts to assign a server to a DS that requires a server capability the server does not have, an error will be returned. In addition, the endpoint /deliveryservices/{id}/servers/eligible will now only return those servers which meet the required capabilities (unless the DS does not have any). - [x] This PR is not related to any Issue ## Which Traffic Control components are affected by this PR? - Documentation - Traffic Ops ## What is the best way to verify this PR? API Tests or: Regression: 1. Create a delivery service 2. Create a server, do not assign it the capability 3. Assign server to DS (without required capabilities this should still pass) 1. Create a delivery service 2. Create a delivery service required capability for this delivery service 3. Create a server, do not assign it the capability 4. Check the /deliveryservice/{id}/servers/eligible endpoint. The server should be returned in the results. Feature: 1. Create a delivery service 2. Create a delivery service required capability for this delivery service 3. Create a server, do not assign it the capability 4. Attempt to assign the server to the DS, and vice versa. Should receive an error. 5. Create a server server capability that matches the required capability 6. Attempt to assign the server to the DS, and vice versa. Should pass. 1. Create a delivery service 2. Create a delivery service required capability for this delivery service 3. Create a server, do not assign it the capability 4. Check the /deliveryservice/{id}/servers/eligible endpoint. The server should not be returned in the results. ## If this is a bug fix, what versions of Traffic Control are affected? ## The following criteria are ALL met by this PR - [x] This PR includes tests OR I have explained why tests are unnecessary - [x] This PR includes documentation OR I have explained why documentation is unnecessary - [x] This PR includes an update to CHANGELOG.md OR such an update is not necessary - [x] This PR includes any and all required license headers - [x] This PR ensures that database migration sequence is correct OR this PR does not include a database migration - [x] This PR **DOES NOT FIX A SERIOUS SECURITY VULNERABILITY** (see [the Apache Software Foundation's security guidelines](https://www.apache.org/security/) for details) ## Additional Information
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services