You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficcontrol.apache.org by GitBox <gi...@apache.org> on 2018/09/06 21:50:43 UTC
[GitHub] rob05c opened a new pull request #2791: Add Traffic Ops Golang
Enforcing Capabilities
rob05c opened a new pull request #2791: Add Traffic Ops Golang Enforcing Capabilities
URL: https://github.com/apache/trafficcontrol/pull/2791
#### What does this PR do?
Adds Traffic Ops Golang Enforcing Capabilities
#### Which TC components are affected by this PR?
- [ ] Documentation
- [ ] Grove
- [ ] Traffic Analytics
- [ ] Traffic Monitor
- [x] Traffic Ops
- [ ] Traffic Ops ORT
- [ ] Traffic Portal
- [ ] Traffic Router
- [ ] Traffic Stats
- [ ] Traffic Vault
- [ ] Other _________
#### What is the best way to verify this PR?
`go test`;
1. install TO
2. verify endpoints are accessible to an admin user as before (db migration should be automatic)
3. delete a capability from a role in the database, e.g. `delete from role_capability where role_id = (select id from role where name = 'admin') and cap_name = 'delivery-services-read';`
4. verify the endpoint is no longer accessible, e.g. that `/api/1.2/deliveryservices` returns Unauthorized.
5. Verify servers from an admin user have a visible `iloPassword` field which is not all asterisks.
5. Remove the `servers-read-secure` capability from a user, e.g. `delete from role_capability where role_id = 4 and cap_name = 'servers-read-secure';`
6. Verify servers returned to that user via the API have their `iloPassword` field as asterisks.
7. Create a `secure` Parameter, with a nonempty value
8. Verify that secure parameter's `value` is visible to an Admin user.
9. Delete a user's role's `parameters-read-secure` capability, e.g. `delete from role_capability where role_id = 4 and cap_name = 'parameters-read-secure';`
10. Verify a secure parameter's `value` is all asterisks.
#### Check all that apply
- [x] This PR includes tests
- [ ] This PR includes documentation updates
- [ ] This PR includes an update to CHANGELOG.md
- [ ] This PR includes all required license headers
- [x] This PR includes a database migration (ensure that migration sequence is correct)
- [ ] This PR fixes a serious security flaw. Read more: [www.apache.org/security](http://www.apache.org/security/)
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services