Repository: incubator-trafficcontrol Updated Branches: refs/heads/master 7af61e8cb -> 595297a91
Fix regression issues caused by TC-187: 1. revert: replace xml_id with ds_<ds-id> as riak key for ssl certificate 2. revert: decode base64 for ssl csr, crt, key in restful api Add missing code for update ssl keystore when hostname changes Project: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/commit/8f238f38 Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/tree/8f238f38 Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/diff/8f238f38 Branch: refs/heads/master Commit: 8f238f3883bde6580bc8dfb4b26ba99f1e43edf4 Parents: 7af61e8 Author: Zhilin Huang <zhilh...@cisco.com> Authored: Wed Aug 23 11:03:03 2017 +0800 Committer: Jeremy Mitchell <mitchell...@gmail.com> Committed: Wed Aug 23 11:18:51 2017 -0600 ---------------------------------------------------------------------- .../traffic_ops_api/v12/deliveryservice.rst | 32 ++++++++--------- .../app/lib/API/DeliveryService/SslKeys.pm | 36 ++++++-------------- traffic_ops/app/lib/API/Deliveryservice.pm | 7 ++++ traffic_ops/app/lib/UI/DeliveryService.pm | 3 +- traffic_ops/app/lib/UI/SslKeys.pm | 9 +++-- .../app/script/update_riak_for_search.pl | 3 ++ .../app/t/api/1.1/deliveryservice/ssl_keys.t | 4 +-- 7 files changed, 45 insertions(+), 49 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/8f238f38/docs/source/development/traffic_ops_api/v12/deliveryservice.rst ---------------------------------------------------------------------- diff --git a/docs/source/development/traffic_ops_api/v12/deliveryservice.rst b/docs/source/development/traffic_ops_api/v12/deliveryservice.rst index b26d30e..da3e044 100644 --- a/docs/source/development/traffic_ops_api/v12/deliveryservice.rst +++ b/docs/source/development/traffic_ops_api/v12/deliveryservice.rst @@ -1630,7 +1630,7 @@ SSL Keys +--------------+---------+-------------------------------------------------+ | Parameter | Type | Description | +==============+=========+=================================================+ - | ``key`` | string | ds_<id> where <id> is integer id of ds | + | ``key`` | string | xml_id of the delivery service | +--------------+---------+-------------------------------------------------+ | ``version`` | string | version of the keys being generated | +--------------+---------+-------------------------------------------------+ @@ -1650,7 +1650,7 @@ SSL Keys **Request Example** :: { - "key": "ds_1", + "key": "ds-01", "businessUnit": "CDN Engineering", "version": "3", "hostname": "tr.ds-01.ott.kabletown.com", @@ -1695,24 +1695,24 @@ SSL Keys **Request Properties** - +-------------+--------+---------------------------------------+ - | Parameter | Type | Description | - +=============+========+=======================================+ - | ``key`` | string | ds_<id> where <id> is integer id of ds| - +-------------+--------+---------------------------------------+ - | ``version`` | string | version of the keys being generated | - +-------------+--------+---------------------------------------+ - | ``csr`` | string | | - +-------------+--------+---------------------------------------+ - | ``crt`` | string | | - +-------------+--------+---------------------------------------+ - | ``key`` | string | | - +-------------+--------+---------------------------------------+ + +-------------+--------+-------------------------------------+ + | Parameter | Type | Description | + +=============+========+=====================================+ + | ``key`` | string | xml_id of the delivery service | + +-------------+--------+-------------------------------------+ + | ``version`` | string | version of the keys being generated | + +-------------+--------+-------------------------------------+ + | ``csr`` | string | | + +-------------+--------+-------------------------------------+ + | ``crt`` | string | | + +-------------+--------+-------------------------------------+ + | ``key`` | string | | + +-------------+--------+-------------------------------------+ **Request Example** :: { - "key": "ds_1", + "key": "ds-01", "version": "1", "certificate": { "key": "some_key", http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/8f238f38/traffic_ops/app/lib/API/DeliveryService/SslKeys.pm ---------------------------------------------------------------------- diff --git a/traffic_ops/app/lib/API/DeliveryService/SslKeys.pm b/traffic_ops/app/lib/API/DeliveryService/SslKeys.pm index 8550a41..e3aedfa 100644 --- a/traffic_ops/app/lib/API/DeliveryService/SslKeys.pm +++ b/traffic_ops/app/lib/API/DeliveryService/SslKeys.pm @@ -143,6 +143,7 @@ sub view_by_xml_id { if ( !$version ) { $version = 'latest'; } + my $key = "$xml_id-$version"; my $ds = $self->db->resultset('Deliveryservice')->search( { xml_id => $xml_id })->single(); if (!$ds) { return $self->alert( { Error => " - Could not found delivery service with xml_id=$xml_id!" } ); @@ -152,19 +153,11 @@ sub view_by_xml_id { if (!$tenant_utils->is_ds_resource_accessible($tenants_data, $ds->tenant_id)) { return $self->forbidden("Forbidden. Delivery-service tenant is not available to the user."); } - my $ds_id = $ds->id; - my $key = "ds_$ds_id-$version"; my $response_container = $self->riak_get( "ssl", $key ); my $response = $response_container->{"response"}; - if ($response->is_success()) { - my $ssl_keys = decode_json( $response->content ); - $ssl_keys->{certificate}->{csr} = decode_base64($ssl_keys->{certificate}->{csr}), - $ssl_keys->{certificate}->{crt} = decode_base64($ssl_keys->{certificate}->{crt}), - $ssl_keys->{certificate}->{key} = decode_base64($ssl_keys->{certificate}->{key}), - $self->success( $ssl_keys ) - } else { - $self->alert( { Error => " - A record for ssl key $key could not be found. Response was: " . $response->content } ); - } + $response->is_success() + ? $self->success( decode_json( $response->content ) ) + : $self->alert( { Error => " - A record for ssl key $key could not be found. Response was: " . $response->content } ); } } @@ -204,23 +197,17 @@ sub view_by_hostname { if (!$tenant_utils->is_ds_resource_accessible($tenants_data, $ds->tenant_id)) { return $self->forbidden("Forbidden. Delivery-service tenant is not available to the user."); } - my $ds_id = $ds->id; + my $xml_id = $ds->xml_id; if ( !$version ) { $version = 'latest'; } - $key = "ds_$ds_id-$version"; + $key = "$xml_id-$version"; my $response_container = $self->riak_get( "ssl", $key ); my $response = $response_container->{"response"}; - if ($response->is_success()) { - my $ssl_keys = decode_json( $response->content ); - $ssl_keys->{certificate}->{csr} = decode_base64($ssl_keys->{certificate}->{csr}), - $ssl_keys->{certificate}->{crt} = decode_base64($ssl_keys->{certificate}->{crt}), - $ssl_keys->{certificate}->{key} = decode_base64($ssl_keys->{certificate}->{key}), - $self->success( $ssl_keys ) - } else { - $self->alert( { Error => " - A record for ssl key $key could not be found. Response was: " . $response->content } ); - } + $response->is_success() + ? $self->success( decode_json( $response->content ) ) + : $self->alert( { Error => " - A record for ssl key $key could not be found. Response was: " . $response->content } ); } } @@ -243,8 +230,7 @@ sub delete { if (!$tenant_utils->is_ds_resource_accessible($tenants_data, $ds->tenant_id)) { return $self->forbidden("Forbidden. Delivery-service tenant is not available to the user."); } - my $ds_id = $ds->id; - my $key = "ds_$ds_id"; + my $key = $xml_id; if ($version) { $key = $key . "-" . $version; $self->app->log->info("deleting key_type = ssl, key = $key"); @@ -262,7 +248,7 @@ sub delete { # $self->app->log->info("delete rc = $rc"); if ( $response->is_success() ) { &log( $self, "Deleted ssl keys for Delivery Service $xml_id", "APICHANGE" ); - return $self->success("Successfully deleted ssl keys for $xml_id"); + return $self->success("Successfully deleted ssl keys for $key"); } else { return $self->alert( $response->content ); http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/8f238f38/traffic_ops/app/lib/API/Deliveryservice.pm ---------------------------------------------------------------------- diff --git a/traffic_ops/app/lib/API/Deliveryservice.pm b/traffic_ops/app/lib/API/Deliveryservice.pm index 845aac7..c71b1fa 100644 --- a/traffic_ops/app/lib/API/Deliveryservice.pm +++ b/traffic_ops/app/lib/API/Deliveryservice.pm @@ -312,6 +312,9 @@ sub update { return $self->alert("Invalid tenant. This tenant is not available to you for assignment."); } + my $upd_ssl = 0; + my $old_hostname = UI::SslKeys::get_hostname($self, $id, $ds); + my $values = { active => $params->{active}, cacheurl => $params->{cacheurl}, @@ -453,6 +456,10 @@ sub update { &log( $self, "Updated deliveryservice [ '" . $rs->xml_id . "' ] with id: " . $rs->id, "APICHANGE" ); + my $new_hostname = UI::SslKeys::get_hostname($self, $id, $ds); + $upd_ssl = 1 if $old_hostname ne $new_hostname; + UI::SslKeys::update_sslkey($self, $params->{xmlId}, $new_hostname) if $upd_ssl; + return $self->success( \@response, "Deliveryservice update was successful." ); } else { http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/8f238f38/traffic_ops/app/lib/UI/DeliveryService.pm ---------------------------------------------------------------------- diff --git a/traffic_ops/app/lib/UI/DeliveryService.pm b/traffic_ops/app/lib/UI/DeliveryService.pm index 0ac269d..304d4e5 100644 --- a/traffic_ops/app/lib/UI/DeliveryService.pm +++ b/traffic_ops/app/lib/UI/DeliveryService.pm @@ -921,7 +921,7 @@ sub update { my $new_hostname = UI::SslKeys::get_hostname($self, $id, $update); $upd_ssl = 1 if $old_hostname ne $new_hostname; - UI::SslKeys::update_sslkey($self, $id, $hash{xml_id}, $new_hostname) if $upd_ssl; + UI::SslKeys::update_sslkey($self, $hash{xml_id}, $new_hostname) if $upd_ssl; my $type = $self->db->resultset('Type')->search( { id => $self->paramAsScalar('ds.type') } )->get_column('name')->single(); $self->header_rewrite( @@ -938,6 +938,7 @@ sub update { $self->param('ds.mid_header_rewrite'), "mid", $type ); + $self->regex_remap( $self->param('id'), $self->param('ds.profile'), $self->param('ds.xml_id'), $self->param('ds.regex_remap') ); $self->cacheurl( $self->param('id'), $self->param('ds.profile'), $self->param('ds.xml_id'), $self->param('ds.cacheurl') ); $self->url_sig( $self->param('id'), $self->param('ds.profile'), $self->param('ds.xml_id'), $self->param('ds.signed') ); http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/8f238f38/traffic_ops/app/lib/UI/SslKeys.pm ---------------------------------------------------------------------- diff --git a/traffic_ops/app/lib/UI/SslKeys.pm b/traffic_ops/app/lib/UI/SslKeys.pm index d747899..8789a98 100644 --- a/traffic_ops/app/lib/UI/SslKeys.pm +++ b/traffic_ops/app/lib/UI/SslKeys.pm @@ -34,7 +34,7 @@ sub add { &stash_role($self); #get key data from keystore - my $response_container = $self->riak_get( 'ssl', "ds_$ds_id-latest"); + my $response_container = $self->riak_get( 'ssl', "$xml_id-latest"); my $get_keys = $response_container->{'response'}; if ( $get_keys->is_success() ) { my $keys = decode_json( $get_keys->content ); @@ -77,17 +77,16 @@ sub add { sub update_sslkey { my $self = shift; - my $ds_id = shift; my $xml_id = shift; my $hostname = shift; - my $response_container = $self->riak_get( 'ssl', "ds_$ds_id-latest"); + my $response_container = $self->riak_get( 'ssl', "$xml_id-latest"); my $response = $response_container->{'response'}; if ( $response->is_success() ) { my $record = decode_json( $response->content ); $record->{deliveryservice} = $xml_id; $record->{hostname} = $hostname; - my $key = "ds_$ds_id"; + my $key = $xml_id; my $version = $record->{version}; $response_container = $self->riak_put( 'ssl', "$key-$version", encode_json($record) ); @@ -156,7 +155,7 @@ sub create { if ( $self->is_valid() ) { my $response_container; my $record = { - key => "ds_$id", + key => $xml_id, version => $version, hostname => defined($hostname) ? $hostname : $self->get_hostname($id, $data), cdn => defined($cdn) ? $cdn : $data->cdn->name, http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/8f238f38/traffic_ops/app/script/update_riak_for_search.pl ---------------------------------------------------------------------- diff --git a/traffic_ops/app/script/update_riak_for_search.pl b/traffic_ops/app/script/update_riak_for_search.pl index 651286a..6cfe6d5 100755 --- a/traffic_ops/app/script/update_riak_for_search.pl +++ b/traffic_ops/app/script/update_riak_for_search.pl @@ -46,6 +46,9 @@ foreach my $ds (@$dss) { } $record->{deliveryservice} = $xml_id; $record->{cdn} = $cdn; + $record->{certificate}->{crt} = decode_base64($record->{certificate}->{crt}); + $record->{certificate}->{csr} = decode_base64($record->{certificate}->{csr}); + $record->{certificate}->{key} = decode_base64($record->{certificate}->{key}); if (!defined($record->{hostname})) { #add the hostname if it's not there my $hostname = $ds->{exampleURLs}[0]; $hostname =~ /(https?:\/\/)(.*)/; http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/8f238f38/traffic_ops/app/t/api/1.1/deliveryservice/ssl_keys.t ---------------------------------------------------------------------- diff --git a/traffic_ops/app/t/api/1.1/deliveryservice/ssl_keys.t b/traffic_ops/app/t/api/1.1/deliveryservice/ssl_keys.t index 11b71ca..40d1ab5 100644 --- a/traffic_ops/app/t/api/1.1/deliveryservice/ssl_keys.t +++ b/traffic_ops/app/t/api/1.1/deliveryservice/ssl_keys.t @@ -166,13 +166,13 @@ ok $t->get_ok("/api/1.1/deliveryservices/xmlId/test-ds1-root/sslkeys/delete.json # #delete ssl key # #delete version ok $t->get_ok("/api/1.1/deliveryservices/xmlId/$key/sslkeys/delete.json?version=$version") - ->json_is( "/response" => "Successfully deleted ssl keys for $key" ) + ->json_is( "/response" => "Successfully deleted ssl keys for $key-$version" ) # ->json_has( "Successfully deleted" ) ->status_is(200)->or( sub { diag $t->tx->res->content->asset->{content}; } ); #delete latest -ok $t->get_ok("/api/1.1/deliveryservices/xmlId/$key/sslkeys/delete.json")->json_is( "/response" => "Successfully deleted ssl keys for $key" ) +ok $t->get_ok("/api/1.1/deliveryservices/xmlId/$key/sslkeys/delete.json")->json_is( "/response" => "Successfully deleted ssl keys for $key-latest" ) # ->json_has( "Successfully deleted" ) ->status_is(200)->or( sub { diag $t->tx->res->content->asset->{content}; } );