mitchell852 closed pull request #2400: To go cdns sslkeys
URL: https://github.com/apache/trafficcontrol/pull/2400
This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:
As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):
diff --git a/lib/go-tc/deliveryservice_ssl_keys.go
b/lib/go-tc/deliveryservice_ssl_keys.go
index 1a1a9f1c0..e366bbc81 100644
--- a/lib/go-tc/deliveryservice_ssl_keys.go
+++ b/lib/go-tc/deliveryservice_ssl_keys.go
@@ -187,3 +187,16 @@ func (r CDNDNSSECGenerateReq) Validate(tx *sql.Tx) error {
}
type URLSigKeys map[string]string
+
+type CDNSSLKeysResp []CDNSSLKey
+
+type CDNSSLKey struct {
+ DeliveryService string `json:"deliveryservice"`
+ HostName string `json:"hostname"`
+ Certificate CDNSSLKeyCert `json:"certificate"`
+}
+
+type CDNSSLKeyCert struct {
+ Crt string `json:"crt"`
+ Key string `json:"key"`
+}
diff --git a/traffic_ops/traffic_ops_golang/cdn/sslkeys.go
b/traffic_ops/traffic_ops_golang/cdn/sslkeys.go
new file mode 100644
index 000000000..b8147c653
--- /dev/null
+++ b/traffic_ops/traffic_ops_golang/cdn/sslkeys.go
@@ -0,0 +1,56 @@
+package cdn
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import (
+ "database/sql"
+ "errors"
+ "net/http"
+
+ "github.com/apache/trafficcontrol/lib/go-tc"
+ "github.com/apache/trafficcontrol/traffic_ops/traffic_ops_golang/api"
+
"github.com/apache/trafficcontrol/traffic_ops/traffic_ops_golang/riaksvc"
+
+ "github.com/basho/riak-go-client"
+)
+
+func GetSSLKeys(w http.ResponseWriter, r *http.Request) {
+ inf, userErr, sysErr, errCode := api.NewInfo(r, []string{"name"}, nil)
+ if userErr != nil || sysErr != nil {
+ api.HandleErr(w, r, errCode, userErr, sysErr)
+ return
+ }
+ defer inf.Close()
+ keys, err := getSSLKeys(inf.Tx.Tx, inf.Config.RiakAuthOptions,
inf.Params["name"])
+ if err != nil {
+ api.HandleErr(w, r, http.StatusInternalServerError, nil,
errors.New("getting cdn ssl keys: "+err.Error()))
+ return
+ }
+ *inf.CommitTx = true
+ api.WriteResp(w, r, keys)
+}
+
+func getSSLKeys(tx *sql.Tx, authOpts *riak.AuthOptions, cdnName string)
([]tc.CDNSSLKey, error) {
+ keys, err := riaksvc.GetCDNSSLKeysObj(tx, authOpts, cdnName)
+ if err != nil {
+ return nil, errors.New("getting cdn ssl keys from Riak: " +
err.Error())
+ }
+ return keys, nil
+}
diff --git a/traffic_ops/traffic_ops_golang/riaksvc/dsutil.go
b/traffic_ops/traffic_ops_golang/riaksvc/dsutil.go
index 7c543a413..c6f36ce5c 100644
--- a/traffic_ops/traffic_ops_golang/riaksvc/dsutil.go
+++ b/traffic_ops/traffic_ops_golang/riaksvc/dsutil.go
@@ -309,3 +309,50 @@ func PutURLSigKeys(tx *sql.Tx, authOpts *riak.AuthOptions,
ds tc.DeliveryService
})
return err
}
+
+const SSLKeysIndex = "sslkeys"
+const CDNSSLKeysLimit = 1000 // TODO: emulates Perl; reevaluate?
+
+func GetCDNSSLKeysObj(tx *sql.Tx, authOpts *riak.AuthOptions, cdnName string)
([]tc.CDNSSLKey, error) {
+ keys := []tc.CDNSSLKey{}
+ err := WithClusterTx(tx, authOpts, func(cluster StorageCluster) error {
+ // get the deliveryservice ssl keys by xmlID and version
+ query := `cdn:` + cdnName
+ filterQuery := `_yz_rk:*latest`
+ searchDocs, err := Search(cluster, SSLKeysIndex, query,
filterQuery, CDNSSLKeysLimit)
+ if err != nil {
+ return errors.New("riak search error: " + err.Error())
+ }
+ if len(searchDocs) == 0 {
+ return nil // no error, and leave keys empty
+ }
+ keys = SearchDocsToCDNSSLKeys(searchDocs)
+ return nil
+ })
+ if err != nil {
+ return nil, errors.New("with cluster error: " + err.Error())
+ }
+ return keys, nil
+}
+
+// SearchDocsToCDNSSLKeys converts the SearchDoc array returned by Riak into a
CDNSSLKey slice. If a SearchDoc doesn't contain expected fields, it creates the
key with those fields defaulted to empty strings.
+func SearchDocsToCDNSSLKeys(docs []*riak.SearchDoc) []tc.CDNSSLKey {
+ keys := []tc.CDNSSLKey{}
+ for _, doc := range docs {
+ key := tc.CDNSSLKey{}
+ if dss := doc.Fields["deliveryservice"]; len(dss) > 0 {
+ key.DeliveryService = dss[0]
+ }
+ if hosts := doc.Fields["hostname"]; len(hosts) > 0 {
+ key.HostName = hosts[0]
+ }
+ if crts := doc.Fields["certificate.crt"]; len(crts) > 0 {
+ key.Certificate.Crt = crts[0]
+ }
+ if keys := doc.Fields["certificate.key"]; len(keys) > 0 {
+ key.Certificate.Key = keys[0]
+ }
+ keys = append(keys, key)
+ }
+ return keys
+}
diff --git a/traffic_ops/traffic_ops_golang/riaksvc/riak_services.go
b/traffic_ops/traffic_ops_golang/riaksvc/riak_services.go
index 08a3248ee..fed44796e 100644
--- a/traffic_ops/traffic_ops_golang/riaksvc/riak_services.go
+++ b/traffic_ops/traffic_ops_golang/riaksvc/riak_services.go
@@ -305,7 +305,6 @@ func GetRiakCluster(db *sql.DB, authOptions
*riak.AuthOptions) (StorageCluster,
}
func WithCluster(db *sql.DB, authOpts *riak.AuthOptions, f
func(StorageCluster) error) error {
- log.Errorf("DEBUG WithCluster authOps: %++v\n", authOpts)
cluster, err := GetRiakCluster(db, authOpts)
if err != nil {
return errors.New("getting riak cluster: " + err.Error())
@@ -322,7 +321,6 @@ func WithCluster(db *sql.DB, authOpts *riak.AuthOptions, f
func(StorageCluster)
}
func WithClusterX(db *sqlx.DB, authOpts *riak.AuthOptions, f
func(StorageCluster) error) error {
- log.Errorf("DEBUG WithCluster authOps: %++v\n", authOpts)
cluster, err := GetRiakCluster(db.DB, authOpts)
if err != nil {
return errors.New("getting riak cluster: " + err.Error())
@@ -351,7 +349,6 @@ func GetRiakClusterTx(tx *sql.Tx, authOptions
*riak.AuthOptions) (StorageCluster
}
func WithClusterTx(tx *sql.Tx, authOpts *riak.AuthOptions, f
func(StorageCluster) error) error {
- log.Errorf("DEBUG WithCluster authOps: %++v\n", authOpts)
cluster, err := GetRiakClusterTx(tx, authOpts)
if err != nil {
return errors.New("getting riak cluster: " + err.Error())
@@ -385,3 +382,27 @@ func StopCluster(c StorageCluster) {
log.Errorln("stopping riak cluster: " + err.Error())
}
}
+
+// Search searches Riak for the given query. Returns nil and a nil error if no
object was found.
+func Search(cluster StorageCluster, index string, query string, filterQuery
string, numRows int) ([]*riak.SearchDoc, error) {
+ iCmd, err := riak.NewSearchCommandBuilder().
+ WithIndexName(index).
+ WithQuery(query).
+ WithFilterQuery(filterQuery).
+ WithNumRows(uint32(numRows)).
+ Build()
+ if err != nil {
+ return nil, errors.New("building Riak command: " + err.Error())
+ }
+ if err = cluster.Execute(iCmd); err != nil {
+ return nil, errors.New("executing Riak command index '" + index
+ "' query '" + query + "': " + err.Error())
+ }
+ cmd, ok := iCmd.(*riak.SearchCommand)
+ if !ok {
+ return nil, fmt.Errorf("Riak command unexpected type %T", iCmd)
+ }
+ if cmd.Response == nil || cmd.Response.NumFound == 0 {
+ return nil, nil
+ }
+ return cmd.Response.Docs, nil
+}
diff --git a/traffic_ops/traffic_ops_golang/routes.go
b/traffic_ops/traffic_ops_golang/routes.go
index 7f869bd9c..ffffdaa82 100644
--- a/traffic_ops/traffic_ops_golang/routes.go
+++ b/traffic_ops/traffic_ops_golang/routes.go
@@ -108,6 +108,7 @@ func Routes(d ServerData) ([]Route, []RawRoute,
http.Handler, error) {
{1.1, http.MethodPost, `cachegroups/{id}/queue_update$`,
cachegroup.QueueUpdates(d.DB.DB), auth.PrivLevelOperations, Authenticated, nil},
//CDN
+ {1.1, http.MethodGet, `cdns/name/{name}/sslkeys/?(\.json)?$`,
cdn.GetSSLKeys, auth.PrivLevelAdmin, Authenticated, nil},
{1.1, http.MethodGet, `cdns/metric_types`,
notImplementedHandler, 0, NoAuth, nil}, // MUST NOT end in $, because the 1.x
route is longer
{1.1, http.MethodGet, `cdns/capacity$`,
handlerToFunc(proxyHandler), 0, NoAuth, []Middleware{}},
{1.1, http.MethodGet, `cdns/configs/?(\.json)?$`,
cdn.GetConfigs(d.DB.DB), auth.PrivLevelReadOnly, Authenticated, nil},
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
