You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficcontrol.apache.org by GitBox <gi...@apache.org> on 2022/07/12 16:57:39 UTC

[GitHub] [trafficcontrol] ericholguin commented on issue #4083: No Error when child tenant accesses parent tenant's delivery-services

ericholguin commented on issue #4083:
URL: https://github.com/apache/trafficcontrol/issues/4083#issuecomment-1182013938

   Requests where the `dsID` or `xmlID` pertains to a delivery service owned by the parent tenant of the child tenant requesting it:
   
   GET `/api/4.0/deliveryservices/32/regexes`
   ```http
   HTTP/1.1 200 OK
   Content-Type: application/json
   Transfer-Encoding: chunked
   
   {
       "response": []
   }
   ```
   
   GET `/api/4.0/deliveryservices/32/capacity`
   ```http
   HTTP/1.1 403 Forbidden
   Content-Type: application/json
   Transfer-Encoding: chunked
   
   {
       "alerts": [
           {
               "text": "not authorized on this tenant",
               "level": "error"
           }
       ]
   }
   ```
   
   GET `/api/4.0/deliveryservices/32/health`
   ```http
   HTTP/1.1 403 Forbidden
   Content-Type: application/json
   Transfer-Encoding: chunked
   
   {
       "alerts": [
           {
               "text": "not authorized on this tenant",
               "level": "error"
           }
       ]
   }
   ```
   
   GET `/api/4.0/deliveryservices/32/routing`
   ```http
   HTTP/1.1 403 Forbidden
   Content-Type: application/json
   Transfer-Encoding: chunked
   
   {
       "alerts": [
           {
               "text": "not authorized on this tenant",
               "level": "error"
           }
       ]
   }
   ```
   
   PUT `/api/4.0/deliveryservices/32/safe`
   ```http
   HTTP/1.1 403 Forbidden
   Content-Type: application/json
   Transfer-Encoding: chunked
   
   {
       "alerts": [
           {
               "text": "not authorized on this tenant",
               "level": "error"
           }
       ]
   }
   ```
   
   GET `/api/4.0/deliveryservices/32/servers`
   ```http
   HTTP/1.1 200 OK
   Content-Type: application/json
   Transfer-Encoding: chunked
   
   {
       "response": [
           {
              <server info here>
           }
       ]
   }
   ```
   
   GET `/api/4.0/deliveryservices/32/servers/eligible`
   ```http
   HTTP/1.1 403 Forbidden
   Content-Type: application/json
   Transfer-Encoding: chunked
   
   {
       "alerts": [
           {
               "text": "not authorized on this tenant",
               "level": "error"
           }
       ]
   }
   ```
   
   GET `/api/4.0/deliveryservices/32/urlkeys`
   ```http
   HTTP/1.1 403 Forbidden
   Content-Type: application/json
   Transfer-Encoding: chunked
   
   {
       "alerts": [
           {
               "text": "not authorized on this tenant",
               "level": "error"
           }
       ]
   }
   ```
   
   POST `/api/4.0/deliveryservices/ds1/servers`
   ```http
   HTTP/1.1 403 Forbidden
   Content-Type: application/json
   Transfer-Encoding: chunked
   
   {
       "alerts": [
           {
               "text": "Forbidden",
               "level": "error"
           }
       ]
   }
   ```
   
   GET, POST, PUT, DELETE `/api/4.0/deliveryservices/ds1/urisignkeys`
   ```http
   HTTP/1.1 403 Forbidden
   Content-Type: application/json
   Transfer-Encoding: chunked
   
   {
       "alerts": [
           {
               "text": "Forbidden",
               "level": "error"
           }
       ]
   }
   ```
   
   GET, DELETE `/api/4.0//deliveryservices/xmlId/ds1/sslkeys`
   ```http
   HTTP/1.1 403 Forbidden
   Content-Type: application/json
   Transfer-Encoding: chunked
   
   {
       "alerts": [
           {
               "text": "Forbidden",
               "level": "error"
           }
       ]
   }
   ```
   
   GET, DELETE `/api/4.0//deliveryservices/xmlId/ds1/urlkeys`
   ```http
   HTTP/1.1 403 Forbidden
   Content-Type: application/json
   Transfer-Encoding: chunked
   
   {
       "alerts": [
           {
               "text": "not authorized on this tenant",
               "level": "error"
           }
       ]
   }
   ```
   
   POST `deliveryservices/xmlId/ds1/urlkeys/generate`
   ```http
   HTTP/1.1 403 Forbidden
   Content-Type: application/json
   Transfer-Encoding: chunked
   
   {
       "alerts": [
           {
               "text": "not authorized on this tenant",
               "level": "error"
           }
       ]
   }
   ```
   
   GET `/staticdnsentries`
   ```http
   HTTP/1.1 200 OK
   Content-Type: application/json
   Transfer-Encoding: chunked
   
   {
       "response": [
           {
               "address": "test.",
               "cachegroup": null,
               "cachegroupId": null,
               "deliveryservice": "ds1",
               "deliveryserviceId": 32,
               "host": "test",
               "id": 1,
               "lastUpdated": "2022-07-12 16:01:19+00",
               "ttl": 10,
               "type": "CNAME_RECORD",
               "typeId": 41
           }
       ]
   }
   ```
   
   DELETE `/staticdnsentries?id=1`
   ```http
   HTTP/1.1 200 OK
   Content-Type: application/json
   Transfer-Encoding: chunked
   
   {
       "alerts": [
           {
               "text": "staticDNSEntry was deleted.",
               "level": "success"
           }
       ]
   }
   ```
   
   These same request/response apply to 3.0. The endpoints that seem to have issues are `deliveryservices/{dsID}/servers` and all the `/staticdnsentries` methods. Someone else would need to confirm that this is not the correct behavior. 
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@trafficcontrol.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org