[GitHub] [trafficcontrol] rimashah25 opened a new pull request #5307: Validate ORG server for topology based DS

[GitBox <gi...@apache.org>]

rimashah25 opened a new pull request #5307:
URL: https://github.com/apache/trafficcontrol/pull/5307


   <!--
   ************ STOP!! ************
   If this Pull Request is intended to fix a security vulnerability, DO NOT submit it! Instead, contact
   the Apache Software Foundation Security Team at security@trafficcontrol.apache.org and follow the
   guidelines at https://www.apache.org/security/ regarding vulnerability disclosure.
   -->
   ## What does this PR (Pull Request) do?
   <!-- Explain the changes you made here. If this fixes an Issue, identify it by
   replacing the text in the checkbox item with the Issue number e.g.
   
   - [x] This PR fixes #9001 OR is not related to any Issue
   
   ^ This will automatically close Issue number 9001 when the Pull Request is
   merged (The '#' is important).
   
   Be sure you check the box properly, see the "The following criteria are ALL
   met by this PR" section for details.
   -->
   
   - [x] This PR is not related to any Issue <!-- You can check for an issue here: https://github.com/apache/trafficcontrol/issues -->
   
   
   ## Which Traffic Control components are affected by this PR?
   <!-- Please delete all components from this list that are NOT affected by this
   Pull Request. Also, feel free to add the name of a tool or script that is
   affected but not on the list.
   
   Additionally, if this Pull Request does NOT affect documentation, please
   explain why documentation is not required. -->
   
   - Traffic Ops
   
   ## What is the best way to verify this PR?
   <!-- Please include here ALL the steps necessary to test your Pull Request. If
   it includes tests (and most should), outline here the steps needed to run the
   tests. If not, lay out the manual testing procedure and please explain why
   tests are unnecessary for this Pull Request. -->
   
   ## If this is a bug fix, what versions of Traffic Control are affected?
   <!-- If this PR fixes a bug, please list here all of the affected versions - to
   the best of your knowledge. It's also pretty helpful to include a commit hash
   of where 'master' is at the time this PR is opened (if it affects master),
   because what 'master' means will change over time. For example, if this PR
   fixes a bug that's present in master (at commit hash '1df853c8'), in v4.0.0,
   and in the current 4.0.1 Release candidate (e.g. RC1), then this list would
   look like:
   
   - master (1df853c8)
   - 4.0.0
   - 4.0.1 (RC1)
   
   If you don't know what other versions might have this bug, AND don't know how
   to find the commit hash of 'master', then feel free to leave this section
   blank (or, preferably, delete it entirely).
    -->
   
   -master (6635c68)
   
   ## The following criteria are ALL met by this PR
   <!-- Check the boxes to signify that the associated statement is true. To
   "check a box", replace the space inside of the square brackets with an 'x'.
   e.g.
   
   - [ x] <- Wrong
   - [x ] <- Wrong
   - [] <- Wrong
   - [*] <- Wrong
   - [x] <- Correct!
   
   -->
   
   - [x] This PR includes tests
   - [x] I have explained why documentation is unnecessary
   - [x] This PR includes an update to CHANGELOG.md OR such an update is not necessary
   - [x] This PR includes any and all required license headers
   - [x] This PR **DOES NOT FIX A SERIOUS SECURITY VULNERABILITY** (see [the Apache Software Foundation's security guidelines](https://www.apache.org/security/) for details)
   
   
   ## Additional Information
   <!-- If you would like to include any additional information on the PR for
   potential reviewers please put it here.
   
   Some examples of this would be:
   
   - Before and after screenshots/gifs of the Traffic Portal if it is affected
   - Links to other dependent Pull Requests
   - References to relevant context (e.g. new/updates to dependent libraries,
   mailing list records, blueprints)
   
   Feel free to leave this section blank (or, preferably, delete it entirely).
   -->
   
   <!--
   Licensed to the Apache Software Foundation (ASF) under one
   or more contributor license agreements.  See the NOTICE file
   distributed with this work for additional information
   regarding copyright ownership.  The ASF licenses this file
   to you under the Apache License, Version 2.0 (the
   "License"); you may not use this file except in compliance
   with the License.  You may obtain a copy of the License at
   
       http://www.apache.org/licenses/LICENSE-2.0
   
   Unless required by applicable law or agreed to in writing,
   software distributed under the License is distributed on an
   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
   KIND, either express or implied.  See the License for the
   specific language governing permissions and limitations
   under the License.
   -->
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [trafficcontrol] rawlinp commented on a change in pull request #5307: Validate ORG server for topology based DS

[GitBox <gi...@apache.org>]

rawlinp commented on a change in pull request #5307:
URL: https://github.com/apache/trafficcontrol/pull/5307#discussion_r527815228



##########
File path: traffic_ops/traffic_ops_golang/dbhelpers/db_helpers.go
##########
@@ -1009,3 +1010,49 @@ GROUP BY t.name, ds.topology
 	}
 	return dsType, reqCap, topology, true, nil
 }
+
+// CheckOriginServerInCacheGroupTopology checks if a DS has ORG server and if it does, to make sure the cachegroup is part of DS
+func CheckOriginServerInCacheGroupTopology(tx *sql.Tx, dsID int, dsTopology string) (error, error, int) {
+	// get servers and respective cachegroup name that have ORG type in a delivery service
+	q := `
+		SELECT s2.host_name, c.name 
+		FROM server s2
+			INNER JOIN deliveryservice_server ds ON ds.server = s2.id
+			inner join type t on t.id = s2.type
+			INNER JOIN cachegroup c ON c.id = s2.cachegroup
+		WHERE ds.deliveryservice=$1 and t.name='ORG'
+		GROUP BY s2.host_name, c.name

Review comment:
       What is the error exactly? When I run this query without the group by, I get no errors:
   ```
   to_development=# SELECT s2.host_name, c.name
   FROM server s2
       INNER JOIN deliveryservice_server ds ON ds.server = s2.id
       inner join type t on t.id = s2.type
       INNER JOIN cachegroup c ON c.id = s2.cachegroup
   WHERE ds.deliveryservice=10276 and t.name='ORG';
    host_name |        name
   -----------+---------------------
    cfg2      | multi-site-org-west
   (1 row)
   ```




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [trafficcontrol] rimashah25 commented on a change in pull request #5307: Validate ORG server for topology based DS

[GitBox <gi...@apache.org>]

rimashah25 commented on a change in pull request #5307:
URL: https://github.com/apache/trafficcontrol/pull/5307#discussion_r532957158



##########
File path: traffic_ops/testing/api/v3/deliveryservices_test.go
##########
@@ -855,6 +856,83 @@ func UpdateDeliveryServiceWithInvalidSliceRangeRequest(t *testing.T) {
 
 }
 
+// UpdateValidateORGServerCacheGroup validates ORG server's cachegroup are part of topology's cachegroup
+func UpdateValidateORGServerCacheGroup(t *testing.T) {
+	msoDS := testData.DeliveryServices[7]
+
+	//Get the correct DS
+	dses, _, err := TOSession.GetDeliveryServicesV30WithHdr(nil, nil)
+	if err != nil {
+		t.Errorf("cannot GET Delivery Services: %v", err)
+	}
+	remoteDS := tc.DeliveryServiceNullableV30{}
+	found := false
+	for _, ds := range dses {
+		if *ds.XMLID == *msoDS.XMLID {
+			found = true
+			remoteDS = ds
+			break
+		}
+	}
+	if !found {
+		t.Errorf("GET Delivery Services missing: %v", *msoDS.XMLID)
+	}
+
+	//Assign ORG server to DS
+	assignServer := []string{"denver-mso-org-01"}
+	_, _, err = TOSession.AssignServersToDeliveryService(assignServer, *msoDS.XMLID)
+	if err != nil {
+		t.Errorf("cannot assign server to Delivery Services: %v", err)
+	}
+
+	//Get Topology node to update and remove ORG server nodes
+	resp, _, err := TOSession.GetTopologyWithHdr(*remoteDS.Topology, nil)
+	if err != nil {
+		t.Fatalf("couldn't find any topologies: %v", err)
+	}
+	var p []int
+	var origNodes []tc.TopologyNode
+	newNodes := []tc.TopologyNode{{Id: 0, Cachegroup: "topology-edge-cg-01", Parents: p, LastUpdated: nil}}
+	if *msoDS.Topology == resp.Name {
+		origNodes = resp.Nodes
+		resp.Nodes = newNodes
+	}
+	_, _, err = TOSession.UpdateTopology(*msoDS.Topology, *resp)

Review comment:
       ok.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [trafficcontrol] rimashah25 commented on a change in pull request #5307: Validate ORG server for topology based DS

[GitBox <gi...@apache.org>]

rimashah25 commented on a change in pull request #5307:
URL: https://github.com/apache/trafficcontrol/pull/5307#discussion_r527874619



##########
File path: traffic_ops/traffic_ops_golang/dbhelpers/db_helpers.go
##########
@@ -1009,3 +1010,49 @@ GROUP BY t.name, ds.topology
 	}
 	return dsType, reqCap, topology, true, nil
 }
+
+// CheckOriginServerInCacheGroupTopology checks if a DS has ORG server and if it does, to make sure the cachegroup is part of DS
+func CheckOriginServerInCacheGroupTopology(tx *sql.Tx, dsID int, dsTopology string) (error, error, int) {
+	// get servers and respective cachegroup name that have ORG type in a delivery service
+	q := `
+		SELECT s2.host_name, c.name 
+		FROM server s2
+			INNER JOIN deliveryservice_server ds ON ds.server = s2.id
+			inner join type t on t.id = s2.type
+			INNER JOIN cachegroup c ON c.id = s2.cachegroup
+		WHERE ds.deliveryservice=$1 and t.name='ORG'
+		GROUP BY s2.host_name, c.name
+	`
+
+	serverName := ""
+	cacheGroupName := ""
+	rows, err := tx.Query(q, dsID)
+	if err != nil {
+		return nil, fmt.Errorf("querying deliveryservice origin server: %s", err), http.StatusInternalServerError
+	}
+	for rows.Next() {
+		if err := rows.Scan(&serverName, &cacheGroupName); err != nil {
+			return nil, fmt.Errorf("querying deliveryservice origin server: %s", err), http.StatusInternalServerError
+		}
+	}
+	fmt.Println("CacheName:", cacheGroupName)
+
+	servers := make(map[string]string)
+	servers[cacheGroupName] = serverName
+	fmt.Println(servers)
+
+	if len(servers) > 0 {
+		cachegroups, sysErr := GetTopologyCachegroups(tx, dsTopology)
+		if sysErr != nil {
+			return nil, fmt.Errorf("validating %s servers in topology: %v", tc.OriginTypeName, sysErr), http.StatusInternalServerError
+		}
+		for _, cg := range cachegroups {
+			if _, ok := servers[cg]; ok {

Review comment:
       Ok.. Updated the logic.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [trafficcontrol] rimashah25 commented on a change in pull request #5307: Validate ORG server for topology based DS

[GitBox <gi...@apache.org>]

rimashah25 commented on a change in pull request #5307:
URL: https://github.com/apache/trafficcontrol/pull/5307#discussion_r532859260



##########
File path: traffic_ops/traffic_ops_golang/dbhelpers/db_helpers.go
##########
@@ -1090,3 +1090,53 @@ GROUP BY t.name, ds.topology
 	}
 	return dsType, reqCap, topology, true, nil
 }
+
+// CheckOriginServerInCacheGroupTopology checks if a DS has ORG server and if it does, to make sure the cachegroup is part of DS
+func CheckOriginServerInCacheGroupTopology(tx *sql.Tx, dsID int, dsTopology string) (error, error, int) {
+	// get servers and respective cachegroup name that have ORG type in a delivery service
+	q := `
+		SELECT s.host_name, c.name 
+		FROM server s
+			INNER JOIN deliveryservice_server ds ON ds.server = s.id
+			INNER JOIN type t ON t.id = s.type
+			INNER JOIN cachegroup c ON c.id = s.cachegroup
+		WHERE ds.deliveryservice=$1 AND t.name=$2
+	`
+
+	serverName := ""
+	cacheGroupName := ""
+	servers := make(map[string]string)
+	var offendingSCG []string
+	rows, err := tx.Query(q, dsID, tc.OriginTypeName)
+	if err != nil {
+		return nil, fmt.Errorf("querying deliveryservice origin server: %s", err), http.StatusInternalServerError
+	}
+	for rows.Next() {
+		if err := rows.Scan(&serverName, &cacheGroupName); err != nil {
+			return nil, fmt.Errorf("querying deliveryservice origin server: %s", err), http.StatusInternalServerError
+		}
+		servers[cacheGroupName] = serverName
+	}
+
+	if len(servers) > 0 {
+		_, cachegroups, sysErr := GetTopologyCachegroups(tx, dsTopology)
+		if sysErr != nil {
+			return nil, fmt.Errorf("validating %s servers in topology: %v", tc.OriginTypeName, sysErr), http.StatusInternalServerError
+		}
+		// put slice values into map
+		topoCachegroups := make(map[string]string)
+		for _, cg := range cachegroups {
+			topoCachegroups[cg] = ""
+		}
+		for cg, s := range servers {
+			_, ok := topoCachegroups[cg]
+			if !ok {
+				offendingSCG = append(offendingSCG, fmt.Sprintf("%s-%s", s, cg))
+			}
+		}
+	}
+	if len(offendingSCG) > 0 {
+		return errors.New("list of server-cachegroup: " + strings.Join(offendingSCG, ", ") + " not present in this DS"), nil, http.StatusBadRequest

Review comment:
       Sure, changed.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [trafficcontrol] rimashah25 commented on pull request #5307: Validate ORG server for topology based DS

[GitBox <gi...@apache.org>]

rimashah25 commented on pull request #5307:
URL: https://github.com/apache/trafficcontrol/pull/5307#issuecomment-737540598


   > just for my own understanding, if a DS has 3 org servers directly assigned then it can have a topology assigned that includes those 3 org servers.....but if you remove any of those org servers from the topology, the ds cannot be saved as it has an _invalid_ topology, right? you would basically have to either:
   > a. remove the topology from the ds or
   > b. go fix the topology to include all 3 org servers
   
   Yes, I believe so.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [trafficcontrol] rimashah25 commented on a change in pull request #5307: Validate ORG server for topology based DS

[GitBox <gi...@apache.org>]

rimashah25 commented on a change in pull request #5307:
URL: https://github.com/apache/trafficcontrol/pull/5307#discussion_r532865039



##########
File path: traffic_ops/traffic_ops_golang/dbhelpers/db_helpers.go
##########
@@ -1090,3 +1090,53 @@ GROUP BY t.name, ds.topology
 	}
 	return dsType, reqCap, topology, true, nil
 }
+
+// CheckOriginServerInCacheGroupTopology checks if a DS has ORG server and if it does, to make sure the cachegroup is part of DS
+func CheckOriginServerInCacheGroupTopology(tx *sql.Tx, dsID int, dsTopology string) (error, error, int) {
+	// get servers and respective cachegroup name that have ORG type in a delivery service
+	q := `
+		SELECT s.host_name, c.name 
+		FROM server s
+			INNER JOIN deliveryservice_server ds ON ds.server = s.id
+			INNER JOIN type t ON t.id = s.type
+			INNER JOIN cachegroup c ON c.id = s.cachegroup
+		WHERE ds.deliveryservice=$1 AND t.name=$2
+	`
+
+	serverName := ""
+	cacheGroupName := ""
+	servers := make(map[string]string)
+	var offendingSCG []string
+	rows, err := tx.Query(q, dsID, tc.OriginTypeName)
+	if err != nil {
+		return nil, fmt.Errorf("querying deliveryservice origin server: %s", err), http.StatusInternalServerError
+	}
+	for rows.Next() {
+		if err := rows.Scan(&serverName, &cacheGroupName); err != nil {
+			return nil, fmt.Errorf("querying deliveryservice origin server: %s", err), http.StatusInternalServerError
+		}
+		servers[cacheGroupName] = serverName
+	}
+
+	if len(servers) > 0 {
+		_, cachegroups, sysErr := GetTopologyCachegroups(tx, dsTopology)
+		if sysErr != nil {
+			return nil, fmt.Errorf("validating %s servers in topology: %v", tc.OriginTypeName, sysErr), http.StatusInternalServerError
+		}
+		// put slice values into map
+		topoCachegroups := make(map[string]string)
+		for _, cg := range cachegroups {
+			topoCachegroups[cg] = ""
+		}
+		for cg, s := range servers {
+			_, ok := topoCachegroups[cg]
+			if !ok {
+				offendingSCG = append(offendingSCG, fmt.Sprintf("%s-%s", s, cg))

Review comment:
       ok, changed.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [trafficcontrol] mitchell852 edited a comment on pull request #5307: Validate ORG server for topology based DS

[GitBox <gi...@apache.org>]

mitchell852 edited a comment on pull request #5307:
URL: https://github.com/apache/trafficcontrol/pull/5307#issuecomment-737535831


   just for my own understanding, if a DS has 3 org servers directly assigned then it can have a topology assigned that includes those 3 org servers.....but if you remove any of those org servers from the topology, the ds cannot be saved as it has an _invalid_ topology, right? you would basically have to either:
   a. remove the topology from the ds or
   b. go fix the topology to include all 3 org servers


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [trafficcontrol] rawlinp commented on a change in pull request #5307: Validate ORG server for topology based DS

[GitBox <gi...@apache.org>]

rawlinp commented on a change in pull request #5307:
URL: https://github.com/apache/trafficcontrol/pull/5307#discussion_r529986449



##########
File path: traffic_ops/traffic_ops_golang/dbhelpers/db_helpers.go
##########
@@ -1090,3 +1090,53 @@ GROUP BY t.name, ds.topology
 	}
 	return dsType, reqCap, topology, true, nil
 }
+
+// CheckOriginServerInCacheGroupTopology checks if a DS has ORG server and if it does, to make sure the cachegroup is part of DS
+func CheckOriginServerInCacheGroupTopology(tx *sql.Tx, dsID int, dsTopology string) (error, error, int) {
+	// get servers and respective cachegroup name that have ORG type in a delivery service
+	q := `
+		SELECT s.host_name, c.name 
+		FROM server s
+			INNER JOIN deliveryservice_server ds ON ds.server = s.id
+			INNER JOIN type t ON t.id = s.type
+			INNER JOIN cachegroup c ON c.id = s.cachegroup
+		WHERE ds.deliveryservice=$1 AND t.name=$2
+	`
+
+	serverName := ""
+	cacheGroupName := ""
+	servers := make(map[string]string)
+	var offendingSCG []string
+	rows, err := tx.Query(q, dsID, tc.OriginTypeName)
+	if err != nil {
+		return nil, fmt.Errorf("querying deliveryservice origin server: %s", err), http.StatusInternalServerError
+	}

Review comment:
       After checking `err != nil`, we always need to `defer rows.Close()` or even better `defer log.Close(rows, "some error message prefix")` in order to prevent resource leaks.

##########
File path: traffic_ops/traffic_ops_golang/dbhelpers/db_helpers.go
##########
@@ -1090,3 +1090,53 @@ GROUP BY t.name, ds.topology
 	}
 	return dsType, reqCap, topology, true, nil
 }
+
+// CheckOriginServerInCacheGroupTopology checks if a DS has ORG server and if it does, to make sure the cachegroup is part of DS
+func CheckOriginServerInCacheGroupTopology(tx *sql.Tx, dsID int, dsTopology string) (error, error, int) {
+	// get servers and respective cachegroup name that have ORG type in a delivery service
+	q := `
+		SELECT s.host_name, c.name 
+		FROM server s
+			INNER JOIN deliveryservice_server ds ON ds.server = s.id
+			INNER JOIN type t ON t.id = s.type
+			INNER JOIN cachegroup c ON c.id = s.cachegroup
+		WHERE ds.deliveryservice=$1 AND t.name=$2
+	`
+
+	serverName := ""
+	cacheGroupName := ""
+	servers := make(map[string]string)
+	var offendingSCG []string
+	rows, err := tx.Query(q, dsID, tc.OriginTypeName)
+	if err != nil {
+		return nil, fmt.Errorf("querying deliveryservice origin server: %s", err), http.StatusInternalServerError
+	}
+	for rows.Next() {
+		if err := rows.Scan(&serverName, &cacheGroupName); err != nil {
+			return nil, fmt.Errorf("querying deliveryservice origin server: %s", err), http.StatusInternalServerError
+		}
+		servers[cacheGroupName] = serverName
+	}
+
+	if len(servers) > 0 {
+		_, cachegroups, sysErr := GetTopologyCachegroups(tx, dsTopology)
+		if sysErr != nil {
+			return nil, fmt.Errorf("validating %s servers in topology: %v", tc.OriginTypeName, sysErr), http.StatusInternalServerError
+		}
+		// put slice values into map
+		topoCachegroups := make(map[string]string)
+		for _, cg := range cachegroups {
+			topoCachegroups[cg] = ""
+		}
+		for cg, s := range servers {
+			_, ok := topoCachegroups[cg]
+			if !ok {
+				offendingSCG = append(offendingSCG, fmt.Sprintf("%s-%s", s, cg))
+			}
+		}
+	}
+	if len(offendingSCG) > 0 {
+		return errors.New("list of server-cachegroup: " + strings.Join(offendingSCG, ", ") + " not present in this DS"), nil, http.StatusBadRequest

Review comment:
       How about `"the following ORG server cachegroups are not in the delivery service's topology ("+dsTopology+"): " + strings.Join(offendingSCG, ", ")"`?

##########
File path: traffic_ops/testing/api/v3/deliveryservices_test.go
##########
@@ -855,6 +856,83 @@ func UpdateDeliveryServiceWithInvalidSliceRangeRequest(t *testing.T) {
 
 }
 
+// UpdateValidateORGServerCacheGroup validates ORG server's cachegroup are part of topology's cachegroup
+func UpdateValidateORGServerCacheGroup(t *testing.T) {
+	msoDS := testData.DeliveryServices[7]
+
+	//Get the correct DS
+	dses, _, err := TOSession.GetDeliveryServicesV30WithHdr(nil, nil)
+	if err != nil {
+		t.Errorf("cannot GET Delivery Services: %v", err)
+	}
+	remoteDS := tc.DeliveryServiceNullableV30{}
+	found := false
+	for _, ds := range dses {
+		if *ds.XMLID == *msoDS.XMLID {
+			found = true
+			remoteDS = ds
+			break
+		}
+	}
+	if !found {
+		t.Errorf("GET Delivery Services missing: %v", *msoDS.XMLID)
+	}
+
+	//Assign ORG server to DS
+	assignServer := []string{"denver-mso-org-01"}
+	_, _, err = TOSession.AssignServersToDeliveryService(assignServer, *msoDS.XMLID)
+	if err != nil {
+		t.Errorf("cannot assign server to Delivery Services: %v", err)
+	}
+
+	//Get Topology node to update and remove ORG server nodes
+	resp, _, err := TOSession.GetTopologyWithHdr(*remoteDS.Topology, nil)
+	if err != nil {
+		t.Fatalf("couldn't find any topologies: %v", err)
+	}
+	var p []int
+	var origNodes []tc.TopologyNode
+	newNodes := []tc.TopologyNode{{Id: 0, Cachegroup: "topology-edge-cg-01", Parents: p, LastUpdated: nil}}
+	if *msoDS.Topology == resp.Name {
+		origNodes = resp.Nodes
+		resp.Nodes = newNodes
+	}
+	_, _, err = TOSession.UpdateTopology(*msoDS.Topology, *resp)

Review comment:
       So with the part 3 of this validation, topology updates will fail if any assigned DSes have ORG servers assigned that would no longer be in the topology. So this test will fail once that validation is added.
   
   It would probably be better to take a valid DS (with ORG servers assigned), with or without a valid topology already assigned, and attempt to update the DS to use an invalid topology per this new validation.

##########
File path: traffic_ops/testing/api/v3/deliveryservices_test.go
##########
@@ -855,6 +856,83 @@ func UpdateDeliveryServiceWithInvalidSliceRangeRequest(t *testing.T) {
 
 }
 
+// UpdateValidateORGServerCacheGroup validates ORG server's cachegroup are part of topology's cachegroup
+func UpdateValidateORGServerCacheGroup(t *testing.T) {
+	msoDS := testData.DeliveryServices[7]

Review comment:
       Rather than relying upon the exact index in the json, it is usually safer to just use the xmlID from the json and get that exact DS from TO. Then you also wouldn't have to iterate over all the DSes to find the one you're looking for.

##########
File path: traffic_ops/traffic_ops_golang/dbhelpers/db_helpers.go
##########
@@ -1090,3 +1090,53 @@ GROUP BY t.name, ds.topology
 	}
 	return dsType, reqCap, topology, true, nil
 }
+
+// CheckOriginServerInCacheGroupTopology checks if a DS has ORG server and if it does, to make sure the cachegroup is part of DS
+func CheckOriginServerInCacheGroupTopology(tx *sql.Tx, dsID int, dsTopology string) (error, error, int) {
+	// get servers and respective cachegroup name that have ORG type in a delivery service
+	q := `
+		SELECT s.host_name, c.name 
+		FROM server s
+			INNER JOIN deliveryservice_server ds ON ds.server = s.id
+			INNER JOIN type t ON t.id = s.type
+			INNER JOIN cachegroup c ON c.id = s.cachegroup
+		WHERE ds.deliveryservice=$1 AND t.name=$2
+	`
+
+	serverName := ""
+	cacheGroupName := ""
+	servers := make(map[string]string)
+	var offendingSCG []string
+	rows, err := tx.Query(q, dsID, tc.OriginTypeName)
+	if err != nil {
+		return nil, fmt.Errorf("querying deliveryservice origin server: %s", err), http.StatusInternalServerError
+	}
+	for rows.Next() {
+		if err := rows.Scan(&serverName, &cacheGroupName); err != nil {
+			return nil, fmt.Errorf("querying deliveryservice origin server: %s", err), http.StatusInternalServerError
+		}
+		servers[cacheGroupName] = serverName
+	}
+
+	if len(servers) > 0 {
+		_, cachegroups, sysErr := GetTopologyCachegroups(tx, dsTopology)
+		if sysErr != nil {
+			return nil, fmt.Errorf("validating %s servers in topology: %v", tc.OriginTypeName, sysErr), http.StatusInternalServerError
+		}
+		// put slice values into map
+		topoCachegroups := make(map[string]string)
+		for _, cg := range cachegroups {
+			topoCachegroups[cg] = ""
+		}
+		for cg, s := range servers {
+			_, ok := topoCachegroups[cg]
+			if !ok {
+				offendingSCG = append(offendingSCG, fmt.Sprintf("%s-%s", s, cg))

Review comment:
       In addition to my review comment on L1139, I think we should format it as `"%s (%s)", cg, s`, since cachegroup names might contain hyphens, so it looks like `mycachegroup (myserver)`.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [trafficcontrol] mitchell852 commented on pull request #5307: Validate ORG server for topology based DS

[GitBox <gi...@apache.org>]

mitchell852 commented on pull request #5307:
URL: https://github.com/apache/trafficcontrol/pull/5307#issuecomment-737535831


   just for my own understanding, if a DS has 3 org servers directly assigned then it can have a topology assigned that includes those 3 org servers.....but if you remove any of those org servers from the topology, the ds cannot be saved as it has an _invalid_ topology, right?


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [trafficcontrol] rimashah25 commented on a change in pull request #5307: Validate ORG server for topology based DS

[GitBox <gi...@apache.org>]

rimashah25 commented on a change in pull request #5307:
URL: https://github.com/apache/trafficcontrol/pull/5307#discussion_r527904271



##########
File path: traffic_ops/traffic_ops_golang/dbhelpers/db_helpers.go
##########
@@ -1009,3 +1010,49 @@ GROUP BY t.name, ds.topology
 	}
 	return dsType, reqCap, topology, true, nil
 }
+
+// CheckOriginServerInCacheGroupTopology checks if a DS has ORG server and if it does, to make sure the cachegroup is part of DS
+func CheckOriginServerInCacheGroupTopology(tx *sql.Tx, dsID int, dsTopology string) (error, error, int) {
+	// get servers and respective cachegroup name that have ORG type in a delivery service
+	q := `
+		SELECT s2.host_name, c.name 
+		FROM server s2
+			INNER JOIN deliveryservice_server ds ON ds.server = s2.id
+			inner join type t on t.id = s2.type
+			INNER JOIN cachegroup c ON c.id = s2.cachegroup
+		WHERE ds.deliveryservice=$1 and t.name='ORG'
+		GROUP BY s2.host_name, c.name

Review comment:
       This was the error I used to get 
   trafficops_1       | ERROR: api.go:209: 2020-11-17T22:26:29.8697024Z: 172.16.239.1:47762 querying deliveryservice origin server: pq: column "c.name" must appear in the GROUP BY clause or be used in an aggregate function
   trafficops_1       | DEBUG: api.go:214: 2020-11-17T22:26:29.869793Z: Internal Server Error
   
   but now i see none.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [trafficcontrol] rimashah25 commented on a change in pull request #5307: Validate ORG server for topology based DS

[GitBox <gi...@apache.org>]

rimashah25 commented on a change in pull request #5307:
URL: https://github.com/apache/trafficcontrol/pull/5307#discussion_r532869687



##########
File path: traffic_ops/testing/api/v3/deliveryservices_test.go
##########
@@ -855,6 +856,83 @@ func UpdateDeliveryServiceWithInvalidSliceRangeRequest(t *testing.T) {
 
 }
 
+// UpdateValidateORGServerCacheGroup validates ORG server's cachegroup are part of topology's cachegroup
+func UpdateValidateORGServerCacheGroup(t *testing.T) {
+	msoDS := testData.DeliveryServices[7]

Review comment:
       Understood and corrected.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [trafficcontrol] rawlinp commented on pull request #5307: Validate ORG server for topology based DS

[GitBox <gi...@apache.org>]

rawlinp commented on pull request #5307:
URL: https://github.com/apache/trafficcontrol/pull/5307#issuecomment-737541806


   > but if you remove any of those org servers from the topology
   
   With the next (and final) part of this ORG server-based validation, removing those ORG server cachegroups from the topology would be prohibited.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [trafficcontrol] rimashah25 commented on a change in pull request #5307: Validate ORG server for topology based DS

[GitBox <gi...@apache.org>]

rimashah25 commented on a change in pull request #5307:
URL: https://github.com/apache/trafficcontrol/pull/5307#discussion_r527792548



##########
File path: traffic_ops/traffic_ops_golang/dbhelpers/db_helpers.go
##########
@@ -1009,3 +1010,49 @@ GROUP BY t.name, ds.topology
 	}
 	return dsType, reqCap, topology, true, nil
 }
+
+// CheckOriginServerInCacheGroupTopology checks if a DS has ORG server and if it does, to make sure the cachegroup is part of DS
+func CheckOriginServerInCacheGroupTopology(tx *sql.Tx, dsID int, dsTopology string) (error, error, int) {
+	// get servers and respective cachegroup name that have ORG type in a delivery service
+	q := `
+		SELECT s2.host_name, c.name 
+		FROM server s2
+			INNER JOIN deliveryservice_server ds ON ds.server = s2.id
+			inner join type t on t.id = s2.type
+			INNER JOIN cachegroup c ON c.id = s2.cachegroup
+		WHERE ds.deliveryservice=$1 and t.name='ORG'
+		GROUP BY s2.host_name, c.name
+	`
+
+	serverName := ""
+	cacheGroupName := ""
+	rows, err := tx.Query(q, dsID)
+	if err != nil {
+		return nil, fmt.Errorf("querying deliveryservice origin server: %s", err), http.StatusInternalServerError
+	}
+	for rows.Next() {
+		if err := rows.Scan(&serverName, &cacheGroupName); err != nil {
+			return nil, fmt.Errorf("querying deliveryservice origin server: %s", err), http.StatusInternalServerError
+		}
+	}
+	fmt.Println("CacheName:", cacheGroupName)

Review comment:
       Yes, those are for debugging purpose. I will remove it, when I convert to an actual PR




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [trafficcontrol] rimashah25 commented on a change in pull request #5307: Validate ORG server for topology based DS

[GitBox <gi...@apache.org>]

rimashah25 commented on a change in pull request #5307:
URL: https://github.com/apache/trafficcontrol/pull/5307#discussion_r527806756



##########
File path: traffic_ops/traffic_ops_golang/dbhelpers/db_helpers.go
##########
@@ -1009,3 +1010,49 @@ GROUP BY t.name, ds.topology
 	}
 	return dsType, reqCap, topology, true, nil
 }
+
+// CheckOriginServerInCacheGroupTopology checks if a DS has ORG server and if it does, to make sure the cachegroup is part of DS
+func CheckOriginServerInCacheGroupTopology(tx *sql.Tx, dsID int, dsTopology string) (error, error, int) {
+	// get servers and respective cachegroup name that have ORG type in a delivery service
+	q := `
+		SELECT s2.host_name, c.name 
+		FROM server s2
+			INNER JOIN deliveryservice_server ds ON ds.server = s2.id
+			inner join type t on t.id = s2.type
+			INNER JOIN cachegroup c ON c.id = s2.cachegroup
+		WHERE ds.deliveryservice=$1 and t.name='ORG'
+		GROUP BY s2.host_name, c.name

Review comment:
       Without the GROUP BY clause, I get errors and unable to update DS.
   https://dba.stackexchange.com/questions/88988/postgres-error-column-must-appear-in-the-group-by-clause-or-be-used-in-an-aggre




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [trafficcontrol] rawlinp merged pull request #5307: Validate ORG server for topology based DS

[GitBox <gi...@apache.org>]

rawlinp merged pull request #5307:
URL: https://github.com/apache/trafficcontrol/pull/5307


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [trafficcontrol] rimashah25 commented on a change in pull request #5307: Validate ORG server for topology based DS

[GitBox <gi...@apache.org>]

rimashah25 commented on a change in pull request #5307:
URL: https://github.com/apache/trafficcontrol/pull/5307#discussion_r527802249



##########
File path: traffic_ops/traffic_ops_golang/dbhelpers/db_helpers.go
##########
@@ -1009,3 +1010,49 @@ GROUP BY t.name, ds.topology
 	}
 	return dsType, reqCap, topology, true, nil
 }
+
+// CheckOriginServerInCacheGroupTopology checks if a DS has ORG server and if it does, to make sure the cachegroup is part of DS
+func CheckOriginServerInCacheGroupTopology(tx *sql.Tx, dsID int, dsTopology string) (error, error, int) {
+	// get servers and respective cachegroup name that have ORG type in a delivery service
+	q := `
+		SELECT s2.host_name, c.name 
+		FROM server s2
+			INNER JOIN deliveryservice_server ds ON ds.server = s2.id
+			inner join type t on t.id = s2.type
+			INNER JOIN cachegroup c ON c.id = s2.cachegroup
+		WHERE ds.deliveryservice=$1 and t.name='ORG'

Review comment:
       Done




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [trafficcontrol] rimashah25 commented on a change in pull request #5307: Validate ORG server for topology based DS

[GitBox <gi...@apache.org>]

rimashah25 commented on a change in pull request #5307:
URL: https://github.com/apache/trafficcontrol/pull/5307#discussion_r527790240



##########
File path: traffic_ops/traffic_ops_golang/dbhelpers/db_helpers.go
##########
@@ -1009,3 +1010,49 @@ GROUP BY t.name, ds.topology
 	}
 	return dsType, reqCap, topology, true, nil
 }
+
+// CheckOriginServerInCacheGroupTopology checks if a DS has ORG server and if it does, to make sure the cachegroup is part of DS
+func CheckOriginServerInCacheGroupTopology(tx *sql.Tx, dsID int, dsTopology string) (error, error, int) {
+	// get servers and respective cachegroup name that have ORG type in a delivery service
+	q := `
+		SELECT s2.host_name, c.name 
+		FROM server s2
+			INNER JOIN deliveryservice_server ds ON ds.server = s2.id
+			inner join type t on t.id = s2.type

Review comment:
       Done

##########
File path: traffic_ops/traffic_ops_golang/dbhelpers/db_helpers.go
##########
@@ -1009,3 +1010,49 @@ GROUP BY t.name, ds.topology
 	}
 	return dsType, reqCap, topology, true, nil
 }
+
+// CheckOriginServerInCacheGroupTopology checks if a DS has ORG server and if it does, to make sure the cachegroup is part of DS
+func CheckOriginServerInCacheGroupTopology(tx *sql.Tx, dsID int, dsTopology string) (error, error, int) {
+	// get servers and respective cachegroup name that have ORG type in a delivery service
+	q := `
+		SELECT s2.host_name, c.name 

Review comment:
       Done




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [trafficcontrol] rimashah25 commented on a change in pull request #5307: Validate ORG server for topology based DS

[GitBox <gi...@apache.org>]

rimashah25 commented on a change in pull request #5307:
URL: https://github.com/apache/trafficcontrol/pull/5307#discussion_r532858883



##########
File path: traffic_ops/traffic_ops_golang/dbhelpers/db_helpers.go
##########
@@ -1090,3 +1090,53 @@ GROUP BY t.name, ds.topology
 	}
 	return dsType, reqCap, topology, true, nil
 }
+
+// CheckOriginServerInCacheGroupTopology checks if a DS has ORG server and if it does, to make sure the cachegroup is part of DS
+func CheckOriginServerInCacheGroupTopology(tx *sql.Tx, dsID int, dsTopology string) (error, error, int) {
+	// get servers and respective cachegroup name that have ORG type in a delivery service
+	q := `
+		SELECT s.host_name, c.name 
+		FROM server s
+			INNER JOIN deliveryservice_server ds ON ds.server = s.id
+			INNER JOIN type t ON t.id = s.type
+			INNER JOIN cachegroup c ON c.id = s.cachegroup
+		WHERE ds.deliveryservice=$1 AND t.name=$2
+	`
+
+	serverName := ""
+	cacheGroupName := ""
+	servers := make(map[string]string)
+	var offendingSCG []string
+	rows, err := tx.Query(q, dsID, tc.OriginTypeName)
+	if err != nil {
+		return nil, fmt.Errorf("querying deliveryservice origin server: %s", err), http.StatusInternalServerError
+	}

Review comment:
       Done.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [trafficcontrol] rawlinp commented on a change in pull request #5307: Validate ORG server for topology based DS

[GitBox <gi...@apache.org>]

rawlinp commented on a change in pull request #5307:
URL: https://github.com/apache/trafficcontrol/pull/5307#discussion_r527192806



##########
File path: traffic_ops/traffic_ops_golang/dbhelpers/db_helpers.go
##########
@@ -1009,3 +1010,49 @@ GROUP BY t.name, ds.topology
 	}
 	return dsType, reqCap, topology, true, nil
 }
+
+// CheckOriginServerInCacheGroupTopology checks if a DS has ORG server and if it does, to make sure the cachegroup is part of DS
+func CheckOriginServerInCacheGroupTopology(tx *sql.Tx, dsID int, dsTopology string) (error, error, int) {
+	// get servers and respective cachegroup name that have ORG type in a delivery service
+	q := `
+		SELECT s2.host_name, c.name 
+		FROM server s2
+			INNER JOIN deliveryservice_server ds ON ds.server = s2.id
+			inner join type t on t.id = s2.type

Review comment:
       for consistency we should capitalize INNER JOIN, ON, and AND in this query

##########
File path: traffic_ops/traffic_ops_golang/dbhelpers/db_helpers.go
##########
@@ -1009,3 +1010,49 @@ GROUP BY t.name, ds.topology
 	}
 	return dsType, reqCap, topology, true, nil
 }
+
+// CheckOriginServerInCacheGroupTopology checks if a DS has ORG server and if it does, to make sure the cachegroup is part of DS
+func CheckOriginServerInCacheGroupTopology(tx *sql.Tx, dsID int, dsTopology string) (error, error, int) {
+	// get servers and respective cachegroup name that have ORG type in a delivery service
+	q := `
+		SELECT s2.host_name, c.name 
+		FROM server s2
+			INNER JOIN deliveryservice_server ds ON ds.server = s2.id
+			inner join type t on t.id = s2.type
+			INNER JOIN cachegroup c ON c.id = s2.cachegroup
+		WHERE ds.deliveryservice=$1 and t.name='ORG'
+		GROUP BY s2.host_name, c.name

Review comment:
       the `GROUP BY` is unnecessary here since this isn't doing an aggregate query

##########
File path: traffic_ops/traffic_ops_golang/dbhelpers/db_helpers.go
##########
@@ -1009,3 +1010,49 @@ GROUP BY t.name, ds.topology
 	}
 	return dsType, reqCap, topology, true, nil
 }
+
+// CheckOriginServerInCacheGroupTopology checks if a DS has ORG server and if it does, to make sure the cachegroup is part of DS
+func CheckOriginServerInCacheGroupTopology(tx *sql.Tx, dsID int, dsTopology string) (error, error, int) {
+	// get servers and respective cachegroup name that have ORG type in a delivery service
+	q := `
+		SELECT s2.host_name, c.name 
+		FROM server s2
+			INNER JOIN deliveryservice_server ds ON ds.server = s2.id
+			inner join type t on t.id = s2.type
+			INNER JOIN cachegroup c ON c.id = s2.cachegroup
+		WHERE ds.deliveryservice=$1 and t.name='ORG'

Review comment:
       we should use `tc.OriginTypeName` in this query

##########
File path: traffic_ops/traffic_ops_golang/dbhelpers/db_helpers.go
##########
@@ -1009,3 +1010,49 @@ GROUP BY t.name, ds.topology
 	}
 	return dsType, reqCap, topology, true, nil
 }
+
+// CheckOriginServerInCacheGroupTopology checks if a DS has ORG server and if it does, to make sure the cachegroup is part of DS
+func CheckOriginServerInCacheGroupTopology(tx *sql.Tx, dsID int, dsTopology string) (error, error, int) {
+	// get servers and respective cachegroup name that have ORG type in a delivery service
+	q := `
+		SELECT s2.host_name, c.name 

Review comment:
       instead of `s2` we should just alias it to `s` -- the `2` is confusing

##########
File path: traffic_ops/traffic_ops_golang/dbhelpers/db_helpers.go
##########
@@ -1009,3 +1010,49 @@ GROUP BY t.name, ds.topology
 	}
 	return dsType, reqCap, topology, true, nil
 }
+
+// CheckOriginServerInCacheGroupTopology checks if a DS has ORG server and if it does, to make sure the cachegroup is part of DS
+func CheckOriginServerInCacheGroupTopology(tx *sql.Tx, dsID int, dsTopology string) (error, error, int) {
+	// get servers and respective cachegroup name that have ORG type in a delivery service
+	q := `
+		SELECT s2.host_name, c.name 
+		FROM server s2
+			INNER JOIN deliveryservice_server ds ON ds.server = s2.id
+			inner join type t on t.id = s2.type
+			INNER JOIN cachegroup c ON c.id = s2.cachegroup
+		WHERE ds.deliveryservice=$1 and t.name='ORG'
+		GROUP BY s2.host_name, c.name
+	`
+
+	serverName := ""
+	cacheGroupName := ""
+	rows, err := tx.Query(q, dsID)
+	if err != nil {
+		return nil, fmt.Errorf("querying deliveryservice origin server: %s", err), http.StatusInternalServerError
+	}
+	for rows.Next() {
+		if err := rows.Scan(&serverName, &cacheGroupName); err != nil {
+			return nil, fmt.Errorf("querying deliveryservice origin server: %s", err), http.StatusInternalServerError
+		}
+	}
+	fmt.Println("CacheName:", cacheGroupName)

Review comment:
       I know this is a draft, but these `fmt.Println` statements should be removed before we merge

##########
File path: traffic_ops/traffic_ops_golang/dbhelpers/db_helpers.go
##########
@@ -1009,3 +1010,49 @@ GROUP BY t.name, ds.topology
 	}
 	return dsType, reqCap, topology, true, nil
 }
+
+// CheckOriginServerInCacheGroupTopology checks if a DS has ORG server and if it does, to make sure the cachegroup is part of DS
+func CheckOriginServerInCacheGroupTopology(tx *sql.Tx, dsID int, dsTopology string) (error, error, int) {
+	// get servers and respective cachegroup name that have ORG type in a delivery service
+	q := `
+		SELECT s2.host_name, c.name 
+		FROM server s2
+			INNER JOIN deliveryservice_server ds ON ds.server = s2.id
+			inner join type t on t.id = s2.type
+			INNER JOIN cachegroup c ON c.id = s2.cachegroup
+		WHERE ds.deliveryservice=$1 and t.name='ORG'
+		GROUP BY s2.host_name, c.name
+	`
+
+	serverName := ""
+	cacheGroupName := ""
+	rows, err := tx.Query(q, dsID)
+	if err != nil {
+		return nil, fmt.Errorf("querying deliveryservice origin server: %s", err), http.StatusInternalServerError
+	}
+	for rows.Next() {
+		if err := rows.Scan(&serverName, &cacheGroupName); err != nil {
+			return nil, fmt.Errorf("querying deliveryservice origin server: %s", err), http.StatusInternalServerError
+		}
+	}
+	fmt.Println("CacheName:", cacheGroupName)
+
+	servers := make(map[string]string)
+	servers[cacheGroupName] = serverName
+	fmt.Println(servers)
+
+	if len(servers) > 0 {
+		cachegroups, sysErr := GetTopologyCachegroups(tx, dsTopology)
+		if sysErr != nil {
+			return nil, fmt.Errorf("validating %s servers in topology: %v", tc.OriginTypeName, sysErr), http.StatusInternalServerError
+		}
+		for _, cg := range cachegroups {
+			if _, ok := servers[cg]; ok {

Review comment:
       This logic is slightly off. We need to iterate over all the ORG server cachegroups to make sure they're all in the topology cachegroups. If any of them are not, we should return an error message that includes _all_ the offending ORG servers/cachegroups.
   
   I would recommend converting `cachegroups` into a `map[string]struct{}` (essentially a set), then:
   ```
   for cg, s := range servers {
       if _, ok := cachegroups[cg]; !ok {
           // add to list of offending servers/cachegroups
       }
   }
   // use strings.Join() to merge the offending servers/cachegroups into a single error message
   ```




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org