[GitHub] [trafficcontrol] ocket8888 commented on a change in pull request #4015: Rewrite /federations to Go - POST/PUT/DELETE
ocket commented on a change in pull request #4015: Rewrite /federations to Go - POST/PUT/DELETE URL: https://github.com/apache/trafficcontrol/pull/4015#discussion_r340247925 ## File path: traffic_ops/app/conf/cdn.conf ## @@ -1,7 +1,7 @@ { "hypnotoad" : { "listen" : [ - "https://[::]:60443?cert=/etc/pki/tls/certs/localhost.crt=/etc/pki/tls/private/localhost.key=0x00=AES128-GCM-SHA256:HIGH:!RC4:!MD5:!aNULL:!EDH:!ED; + "https://[::]:60443?cert=/home/bwilli415/src/localhost.crt=/home/bwilli415/src/localhost.key=0x00=AES128-GCM-SHA256:HIGH:!RC4:!MD5:!aNULL:!EDH:!ED; Review comment: whoops. Must've popped that for running tests - should look for others like that This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [trafficcontrol] ocket8888 commented on a change in pull request #4015: Rewrite /federations to Go - POST/PUT/DELETE
ocket commented on a change in pull request #4015: Rewrite /federations to Go - POST/PUT/DELETE URL: https://github.com/apache/trafficcontrol/pull/4015#discussion_r340233091 ## File path: docs/source/api/federations.rst ## @@ -150,82 +173,122 @@ Request Structure - No parameters available +.. code-block:: http + :caption: Request Example + + DELETE /api/1.4/federations HTTP/1.1 + Host: trafficops.infra.ciab.test + User-Agent: curl/7.47.0 + Accept: */* + Cookie: mojolicious=... + Response Structure -- .. code-block:: http :caption: Response Example HTTP/1.1 200 OK Access-Control-Allow-Credentials: true - Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept + Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Set-Cookie, Cookie Access-Control-Allow-Methods: POST,GET,OPTIONS,PUT,DELETE Access-Control-Allow-Origin: * - Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Type: application/json - Date: Mon, 03 Dec 2018 17:55:10 GMT - Server: Mojolicious (Perl) - Set-Cookie: mojolicious=...; expires=Mon, 03 Dec 2018 21:55:10 GMT; path=/; HttpOnly - Vary: Accept-Encoding - Whole-Content-Sha512: b84HraJH6Kiqrz7i1L1juDBJWdkdYbbClnWM0lZDljvpSkVT9adFTTrHiv7Mjtt2RKquGdzFZ6tqt9s+ODxqsw== - Content-Length: 93 - - { "response": "admin successfully deleted all federation resolvers: [ 0.0.0.0/32, ::/128 ]." } + Set-Cookie: mojolicious=...; Path=/; HttpOnly + Whole-Content-Sha512: fd7P45mIiHuYqZZW6+8K+YjY1Pe504Aaw4J4Zp9AhrqLX72ERytTqWtAp1msutzNSRUdUSC72+odNPtpv3O8uw== + X-Server-Name: traffic_ops_golang/ + Date: Wed, 23 Oct 2019 23:34:53 GMT + Content-Length: 184 + { "alerts": [ + { + "text": "admin successfully deleted all federation resolvers: [ 8.8.8.8 ]", + "level": "success" + } + ], + "response": "admin successfully deleted all federation resolvers: [ 8.8.8.8 ]" + } ``PUT`` === -Replaces **all** federations associated with a user's :term:`Delivery Service`\ (s) with those defined inside the request payload. +Replaces **all** :term:`Federations` associated with a user's :term:`Delivery Service`\ (s) with those defined inside the request payload. :Auth. Required: Yes :Roles Required: "admin", "Federation", "operations", "Portal", or "Steering" :Response Type: Object (string) Request Structure - -:federations: The top-level key that must exist - an array of objects that each describe a set of resolvers for a :term:`Delivery Service`'s federation +.. versionchanged:: 1.4 + Prior to API version 1.4, the request body had to be wrapped in a top-level ``federations`` key, as can be seen in the :ref:`legacy-put-request` example. That behavior is still supported but no longer necessary. - :deliveryService: The 'xml_id' of the :term:`Delivery Service` which will use the federation resolvers specified in ``mappings`` - :mappings:An object containing two arrays of IP addresses to use as federation resolvers +.. _legacy-put-request: +.. code-block:: json + :caption: Legacy Request - :resolve4: An array of IPv4 addresses that can resolve the :term:`Delivery Service`'s federation - :resolve6: An array of IPv6 addresses that can resolve the :term:`Delivery Service`'s federation + { + "federations": [{ + "deliveryService": "demo1", + "mappings": { + "resolve4": ["0.0.0.0"], + "resolve6": ["::1"] + } + }] + } + +The request payload is an array of objects that describe Delivery Service :term:`Federation` Resolver mappings. Each object in the array must be in the following format. + +:deliveryService: The :ref:`ds-xmlid` of the :term:`Delivery Service` which will use the :term:`Federation` Resolvers specified in ``mappings`` +:mappings:An object containing two arrays of IP addresses (or subnets in :abbr:`CIDR (Classless Inter-Domain Routing)` notation) to use as :term:`Federation` Resolvers + + :resolve4: An array of IPv4 addresses (or subnets in :abbr:`CIDR (Classless Inter-Domain Routing)` notation) that can resolve the :term:`Delivery Service`'s :term:`Federation` + :resolve6: An array of IPv6 addresses (or subnets in :abbr:`CIDR (Classless Inter-Domain Routing)` notation) that can resolve the :term:`Delivery Service`'s :term:`Federation` .. code-block:: http :caption: Request Example PUT /api/1.4/federations HTTP/1.1 Host: trafficops.infra.ciab.test - User-Agent: curl/7.62.0 +
[GitHub] [trafficcontrol] ocket8888 commented on a change in pull request #4015: Rewrite /federations to Go - POST/PUT/DELETE
ocket commented on a change in pull request #4015: Rewrite /federations to Go - POST/PUT/DELETE URL: https://github.com/apache/trafficcontrol/pull/4015#discussion_r340198521 ## File path: docs/source/api/federations.rst ## @@ -150,82 +173,122 @@ Request Structure - No parameters available +.. code-block:: http + :caption: Request Example + + DELETE /api/1.4/federations HTTP/1.1 + Host: trafficops.infra.ciab.test + User-Agent: curl/7.47.0 + Accept: */* + Cookie: mojolicious=... + Response Structure -- .. code-block:: http :caption: Response Example HTTP/1.1 200 OK Access-Control-Allow-Credentials: true - Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept + Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Set-Cookie, Cookie Access-Control-Allow-Methods: POST,GET,OPTIONS,PUT,DELETE Access-Control-Allow-Origin: * - Cache-Control: no-cache, no-store, max-age=0, must-revalidate Content-Type: application/json - Date: Mon, 03 Dec 2018 17:55:10 GMT - Server: Mojolicious (Perl) - Set-Cookie: mojolicious=...; expires=Mon, 03 Dec 2018 21:55:10 GMT; path=/; HttpOnly - Vary: Accept-Encoding - Whole-Content-Sha512: b84HraJH6Kiqrz7i1L1juDBJWdkdYbbClnWM0lZDljvpSkVT9adFTTrHiv7Mjtt2RKquGdzFZ6tqt9s+ODxqsw== - Content-Length: 93 - - { "response": "admin successfully deleted all federation resolvers: [ 0.0.0.0/32, ::/128 ]." } + Set-Cookie: mojolicious=...; Path=/; HttpOnly + Whole-Content-Sha512: fd7P45mIiHuYqZZW6+8K+YjY1Pe504Aaw4J4Zp9AhrqLX72ERytTqWtAp1msutzNSRUdUSC72+odNPtpv3O8uw== + X-Server-Name: traffic_ops_golang/ + Date: Wed, 23 Oct 2019 23:34:53 GMT + Content-Length: 184 + { "alerts": [ + { + "text": "admin successfully deleted all federation resolvers: [ 8.8.8.8 ]", + "level": "success" + } + ], + "response": "admin successfully deleted all federation resolvers: [ 8.8.8.8 ]" + } ``PUT`` === -Replaces **all** federations associated with a user's :term:`Delivery Service`\ (s) with those defined inside the request payload. +Replaces **all** :term:`Federations` associated with a user's :term:`Delivery Service`\ (s) with those defined inside the request payload. :Auth. Required: Yes :Roles Required: "admin", "Federation", "operations", "Portal", or "Steering" :Response Type: Object (string) Request Structure - -:federations: The top-level key that must exist - an array of objects that each describe a set of resolvers for a :term:`Delivery Service`'s federation +.. versionchanged:: 1.4 + Prior to API version 1.4, the request body had to be wrapped in a top-level ``federations`` key, as can be seen in the :ref:`legacy-put-request` example. That behavior is still supported but no longer necessary. - :deliveryService: The 'xml_id' of the :term:`Delivery Service` which will use the federation resolvers specified in ``mappings`` - :mappings:An object containing two arrays of IP addresses to use as federation resolvers +.. _legacy-put-request: +.. code-block:: json + :caption: Legacy Request - :resolve4: An array of IPv4 addresses that can resolve the :term:`Delivery Service`'s federation - :resolve6: An array of IPv6 addresses that can resolve the :term:`Delivery Service`'s federation + { + "federations": [{ + "deliveryService": "demo1", + "mappings": { + "resolve4": ["0.0.0.0"], + "resolve6": ["::1"] + } + }] + } + +The request payload is an array of objects that describe Delivery Service :term:`Federation` Resolver mappings. Each object in the array must be in the following format. + +:deliveryService: The :ref:`ds-xmlid` of the :term:`Delivery Service` which will use the :term:`Federation` Resolvers specified in ``mappings`` +:mappings:An object containing two arrays of IP addresses (or subnets in :abbr:`CIDR (Classless Inter-Domain Routing)` notation) to use as :term:`Federation` Resolvers + + :resolve4: An array of IPv4 addresses (or subnets in :abbr:`CIDR (Classless Inter-Domain Routing)` notation) that can resolve the :term:`Delivery Service`'s :term:`Federation` + :resolve6: An array of IPv6 addresses (or subnets in :abbr:`CIDR (Classless Inter-Domain Routing)` notation) that can resolve the :term:`Delivery Service`'s :term:`Federation` .. code-block:: http :caption: Request Example PUT /api/1.4/federations HTTP/1.1 Host: trafficops.infra.ciab.test - User-Agent: curl/7.62.0 +
[GitHub] [trafficcontrol] ocket8888 commented on a change in pull request #4015: Rewrite /federations to Go - POST/PUT/DELETE
ocket commented on a change in pull request #4015: Rewrite /federations to Go - POST/PUT/DELETE URL: https://github.com/apache/trafficcontrol/pull/4015#discussion_r339835934 ## File path: traffic_ops/traffic_ops_golang/api/api.go ## @@ -86,7 +86,7 @@ func WriteRespRaw(w http.ResponseWriter, r *http.Request, v interface{}) { return } w.Header().Set("Content-Type", "application/json") - w.Write(bts) + w.Write(append(bts, '\n')) Review comment: whoops :P This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [trafficcontrol] ocket8888 commented on a change in pull request #4015: Rewrite /federations to Go - POST/PUT/DELETE
ocket commented on a change in pull request #4015: Rewrite /federations to Go - POST/PUT/DELETE URL: https://github.com/apache/trafficcontrol/pull/4015#discussion_r339835857 ## File path: traffic_ops/traffic_ops_golang/federations/federations.go ## @@ -167,3 +206,296 @@ ORDER BY } return feds, nil } + +// AddFederationResorverMappingsForCurrentUser is the handler for a POST request to /federations. +// Confusingly, it does not create a federation, but is instead used to manipulate the resolvers +// used by one or more particular Delivery Services for one or more particular Federations. +func AddFederationResolverMappingsForCurrentUser(w http.ResponseWriter, r *http.Request) { + inf, userErr, sysErr, errCode := api.NewInfo(r, nil, nil) + tx := inf.Tx.Tx + if userErr != nil || sysErr != nil { + api.HandleErr(w, r, tx, errCode, userErr, sysErr) + return + } + defer inf.Close() + + mappings, userErr, sysErr := getMappingsFromRequestBody(*inf.Version, r.Body) + if userErr != nil || sysErr != nil { + api.HandleErr(w, r, tx, http.StatusBadRequest, userErr, sysErr) + return + } + + if err := mappings.Validate(tx); err != nil { + errCode = http.StatusBadRequest + userErr = fmt.Errorf("validating request: %v", err) + api.HandleErr(w, r, tx, errCode, userErr, nil) + return + } + + userErr, sysErr, errCode = addFederationResolverMappingsForCurrentUser(inf.User, tx, mappings) + if userErr != nil || sysErr != nil { + api.HandleErr(w, r, tx, errCode, userErr, sysErr) + return + } + + msg := fmt.Sprintf("%s successfully created federation resolvers.", inf.User.UserName) + if inf.Version.Minor <= 3 { + api.WriteResp(w, r, msg) + } else { + api.WriteRespAlertObj(w, r, tc.SuccessLevel, msg, msg) + } +} + +// handles the main logic of the POST handler, separated out for convenience +func addFederationResolverMappingsForCurrentUser(u *auth.CurrentUser, tx *sql.Tx, mappings []tc.DeliveryServiceFederationResolverMapping) (error, error, int) { + for _, fed := range mappings { + dsTenant, ok, err := dbhelpers.GetDSTenantIDFromXMLID(tx, fed.DeliveryService) + if err != nil { + return nil, err, http.StatusInternalServerError + } else if !ok { + return fmt.Errorf("'%s' - no such Delivery Service", fed.DeliveryService), nil, http.StatusConflict + } + + if ok, err = tenant.IsResourceAuthorizedToUserTx(dsTenant, u, tx); err != nil { + err = fmt.Errorf("Checking user #%d tenancy permissions on DS '%s' (tenant #%d)", u.ID, fed.DeliveryService, dsTenant) + return nil, err, http.StatusInternalServerError + } else if !ok { + userErr := fmt.Errorf("'%s' - no such Delivery Service", fed.DeliveryService) + sysErr := fmt.Errorf("User '%s' requested unauthorized federation resolver mapping modification on the '%s' Delivery Service", u.UserName, fed.DeliveryService) + return userErr, sysErr, http.StatusConflict + } + + fedID, ok, err := dbhelpers.GetFederationIDForUserIDByXMLID(tx, u.ID, fed.DeliveryService) + if err != nil { + return nil, fmt.Errorf("Getting Federation ID: %v", err), http.StatusInternalServerError + } else if !ok { + err = fmt.Errorf("No federation(s) found for user %s on delivery service '%s'.", u.UserName, fed.DeliveryService) + return err, nil, http.StatusConflict + } + + inserted, err := addFederationResolverMappingsToFederation(fed.Mappings, fed.DeliveryService, fedID, tx) + if err != nil { + err = fmt.Errorf("Adding federation resolver mapping(s) to federation: %v", err) + return nil, err, http.StatusInternalServerError + } + + changelogMsg := "FEDERATION DELIVERY SERVICE: %s, ID: %d, ACTION: User %s successfully added federation resolvers [ %s ]" + changelogMsg = fmt.Sprintf(changelogMsg, fed.DeliveryService, fedID, u.UserName, inserted) + api.CreateChangeLogRawTx(api.ApiChange, changelogMsg, u, tx) + } + return nil, nil, http.StatusOK +} + +// adds federation resolver mappings for a particular delivery service to a given federation, creating said resolvers if +// they don't already exist. +func addFederationResolverMappingsToFederation(res tc.ResolverMapping, xmlid string, fed uint, tx *sql.Tx) (string, error) { + var resp string + if len(res.Resolve4) > 0 { +
[GitHub] [trafficcontrol] ocket8888 commented on a change in pull request #4015: Rewrite /federations to Go - POST/PUT/DELETE
ocket commented on a change in pull request #4015: Rewrite /federations to Go - POST/PUT/DELETE URL: https://github.com/apache/trafficcontrol/pull/4015#discussion_r339835100 ## File path: traffic_ops/traffic_ops_golang/dbhelpers/db_helpers.go ## @@ -346,3 +430,17 @@ func GetCacheGroupNameFromID(tx *sql.Tx, id int64) (tc.CacheGroupName, bool, err } return tc.CacheGroupName(name), true, nil } + +// GetFederationIDForUserIDByXMLID retrieves the ID of the Federation assigned to the user defined by +// userID on the Delivery Service identified by xmlid. If no such federation exists, the boolean +// returned will be 'false', while the error indicates unexpected errors that occurred when querying. +func GetFederationIDForUserIDByXMLID(tx *sql.Tx, userID int, xmlid string) (uint, bool, error) { + var id uint Review comment: because IDs can't be negative, and that's about it. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [trafficcontrol] ocket8888 commented on a change in pull request #4015: Rewrite /federations to Go - POST/PUT/DELETE
ocket commented on a change in pull request #4015: Rewrite /federations to Go - POST/PUT/DELETE URL: https://github.com/apache/trafficcontrol/pull/4015#discussion_r339834865 ## File path: traffic_ops/traffic_ops_golang/dbhelpers/db_helpers.go ## @@ -42,6 +42,75 @@ const BaseOrderBy = "\nORDER BY" const BaseLimit = "\nLIMIT" const BaseOffset = "\nOFFSET" +const UserIDHasAccessToDeliveryServiceXMLIDQuery = ` Review comment: You know it might not. I think that's a remnant from the old way I wanted to do it, but I couldn't figure out the query for it (that one doesn't work). I'll remove it. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
[GitHub] [trafficcontrol] ocket8888 commented on a change in pull request #4015: Rewrite /federations to Go - POST/PUT/DELETE
ocket commented on a change in pull request #4015: Rewrite /federations to Go - POST/PUT/DELETE URL: https://github.com/apache/trafficcontrol/pull/4015#discussion_r339834661 ## File path: lib/go-tc/federation.go ## @@ -67,36 +80,85 @@ type FederationMapping struct { TTL int`json:"ttl"` } -// AllFederation is the JSON object returned by /api/1.x/federations?all -type AllFederation struct { - Mappings[]AllFederationMapping `json:"mappings"` - DeliveryService DeliveryServiceName`json:"deliveryService"` +// AllDeliveryServiceFederationsMapping is a structure that contains identifying information for a +// Delivery Service as well as any and all Federation Resolver mapping assigned to it (or all those +// getting assigned to it). +type AllDeliveryServiceFederationsMapping struct { + Mappings[]FederationResolverMapping `json:"mappings"` + DeliveryService DeliveryServiceName `json:"deliveryService"` } -func (a AllFederation) IsAllFederations() bool { return true } +// IsAllFederations implements the IAllFederation interface. Always returns true. +func (a AllDeliveryServiceFederationsMapping) IsAllFederations() bool { return true } // AllFederation is the JSON object returned by /api/1.x/federations?all=my-cdn-name type AllFederationCDN struct { CDNName *CDNName `json:"cdnName"` } +// IsAllFederations implements the IAllFederation interface. Always returns true. func (a AllFederationCDN) IsAllFederations() bool { return true } -type AllFederationMapping struct { - TTL *int `json:"ttl"` - CName*string `json:"cname"` +type ResolverMapping struct { Resolve4 []string `json:"resolve4,omitempty"` Resolve6 []string `json:"resolve6,omitempty"` } +func (r *ResolverMapping) Validate(tx *sql.Tx) error { + errs := []error{} + for _, res := range r.Resolve4 { Review comment: They do but it doesn't cover CIDRs This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services