shamrickus opened a new pull request #5924: URL: https://github.com/apache/trafficcontrol/pull/5924
<!-- ************ STOP!! ************ If this Pull Request is intended to fix a security vulnerability, DO NOT submit it! Instead, contact the Apache Software Foundation Security Team at [email protected] and follow the guidelines at https://www.apache.org/security/ regarding vulnerability disclosure. --> ## What does this PR (Pull Request) do? <!-- Explain the changes you made here. If this fixes an Issue, identify it by replacing the text in the checkbox item with the Issue number e.g. - [x] This PR fixes #9001 OR is not related to any Issue ^ This will automatically close Issue number 9001 when the Pull Request is merged (The '#' is important). Be sure you check the box properly, see the "The following criteria are ALL met by this PR" section for details. --> - [x] This PR is not related to any Issue <!-- You can check for an issue here: https://github.com/apache/trafficcontrol/issues --> It adds a new go tool in `tools/traffic_vault_migrate` which can be used to migrate TV data from different backends. It is intended to connect directly to the backends such that a running TO/TV service is not needed. It also moves the Postgres encryption functions to `lib/go-util` as well as adding godocs and tests. ## Which Traffic Control components are affected by this PR? <!-- Please delete all components from this list that are NOT affected by this Pull Request. Also, feel free to add the name of a tool or script that is affected but not on the list. Additionally, if this Pull Request does NOT affect documentation, please explain why documentation is not required. --> - Documentation - Traffic Ops - Traffic Vault ## What is the best way to verify this PR? Run the tool in both PSQL -> Riak and Riak -> PSQL mode. Verify that all the command line options work and return as intended. Also make sure the keys are actually migrated appropriately. Also make sure that this tool operates in a reasonable time frame when migrating a large amount of keys. Read the documentation and confirm it makes sense. Run the tests (for both the tool and `go-util/encrypt`) and confirm they pass. *NOTE* until #5914 is fixed, the PSQL -> Riak path will only bring half the SSL Keys as the objects are completely identical without the version change. <!-- Please include here ALL the steps necessary to test your Pull Request. If it includes tests (and most should), outline here the steps needed to run the tests. If not, lay out the manual testing procedure and please explain why tests are unnecessary for this Pull Request. --> <!-- If this PR fixes a bug, please list here all of the affected versions - to the best of your knowledge. It's also pretty helpful to include a commit hash of where 'master' is at the time this PR is opened (if it affects master), because what 'master' means will change over time. For example, if this PR fixes a bug that's present in master (at commit hash '1df853c8'), in v4.0.0, and in the current 4.0.1 Release candidate (e.g. RC1), then this list would look like: - master (1df853c8) - 4.0.0 - 4.0.1 (RC1) If you don't know what other versions might have this bug, AND don't know how to find the commit hash of 'master', then feel free to leave this section blank (or, preferably, delete it entirely). --> ## The following criteria are ALL met by this PR <!-- Check the boxes to signify that the associated statement is true. To "check a box", replace the space inside of the square brackets with an 'x'. e.g. - [ x] <- Wrong - [x ] <- Wrong - [] <- Wrong - [*] <- Wrong - [x] <- Correct! --> - [x] This PR includes tests OR I have explained why tests are unnecessary - [x] This PR includes documentation OR I have explained why documentation is unnecessary - [x] This PR includes an update to CHANGELOG.md OR such an update is not necessary - [x] This PR includes any and all required license headers - [x] This PR **DOES NOT FIX A SERIOUS SECURITY VULNERABILITY** (see [the Apache Software Foundation's security guidelines](https://www.apache.org/security/) for details) ## Additional Information If testing PSQL -> Riak, I suggest using CiaB as both are already setup. The AES key can be got by running `docker exec -it cdn-in-a-box_trafficops_1 /bin/cat /opt/traffic_ops/app/conf/aes.key` Riak -> PSQL, is a bit more work as it requires standing up your own psql db with the `app/db/admin` tool. <!-- If you would like to include any additional information on the PR for potential reviewers please put it here. Some examples of this would be: - Before and after screenshots/gifs of the Traffic Portal if it is affected - Links to other dependent Pull Requests - References to relevant context (e.g. new/updates to dependent libraries, mailing list records, blueprints) Feel free to leave this section blank (or, preferably, delete it entirely). --> <!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. --> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
