You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficcontrol.apache.org by de...@apache.org on 2018/07/02 20:31:40 UTC
[trafficcontrol] 01/02: Add TO Go delete deliveryservice_server
This is an automated email from the ASF dual-hosted git repository.
dewrich pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficcontrol.git
commit 1ed0651956bbb3683d866a93aeb81fd08664e7e5
Author: Robert Butts <ro...@apache.org>
AuthorDate: Wed Jun 20 21:41:23 2018 -0600
Add TO Go delete deliveryservice_server
---
.../deliveryservice/servers/delete.go | 72 ++++++++++++++++++++++
traffic_ops/traffic_ops_golang/routes.go | 2 +
traffic_ops/traffic_ops_golang/tenant/tenancy.go | 54 ++++++++++++++++
3 files changed, 128 insertions(+)
diff --git a/traffic_ops/traffic_ops_golang/deliveryservice/servers/delete.go b/traffic_ops/traffic_ops_golang/deliveryservice/servers/delete.go
new file mode 100644
index 0000000..77234ca
--- /dev/null
+++ b/traffic_ops/traffic_ops_golang/deliveryservice/servers/delete.go
@@ -0,0 +1,72 @@
+package servers
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import (
+ "database/sql"
+ "errors"
+ "net/http"
+
+ "github.com/apache/trafficcontrol/lib/go-tc"
+ "github.com/apache/trafficcontrol/traffic_ops/traffic_ops_golang/api"
+ "github.com/apache/trafficcontrol/traffic_ops/traffic_ops_golang/tenant"
+)
+
+func Delete(w http.ResponseWriter, r *http.Request) {
+ inf, userErr, sysErr, errCode := api.NewInfo(r, []string{"serverid", "dsid"}, []string{"serverid", "dsid"})
+ if userErr != nil || sysErr != nil {
+ api.HandleErr(w, r, errCode, userErr, sysErr)
+ return
+ }
+ defer inf.Close()
+
+ dsID := inf.IntParams["dsid"]
+ serverID := inf.IntParams["serverid"]
+
+ userErr, sysErr, errCode = tenant.CheckID(inf.Tx.Tx, inf.User, dsID)
+ if userErr != nil || sysErr != nil {
+ api.HandleErr(w, r, errCode, userErr, sysErr)
+ return
+ }
+
+ ok, err := deleteDSServer(inf.Tx.Tx, dsID, serverID)
+ if err != nil {
+ api.HandleErr(w, r, http.StatusInternalServerError, nil, errors.New("deleting delivery service server: "+err.Error()))
+ return
+ }
+ if !ok {
+ api.HandleErr(w, r, http.StatusNotFound, nil, nil)
+ return
+ }
+ *inf.CommitTx = true
+ api.WriteRespAlert(w, r, tc.SuccessLevel, "Server unlinked from delivery service.")
+}
+
+// deleteDSServer deletes the given deliveryservice_server. Returns whether the server existed, and any error.
+func deleteDSServer(tx *sql.Tx, dsID int, serverID int) (bool, error) {
+ deletedServerID := 0
+ if err := tx.QueryRow(`DELETE FROM deliveryservice_server WHERE deliveryservice = $1 AND server = $2 RETURNING server`, dsID, serverID).Scan(&deletedServerID); err != nil {
+ if err == sql.ErrNoRows {
+ return false, nil
+ }
+ return false, errors.New("deleting delivery service server: " + err.Error())
+ }
+ return true, nil
+}
diff --git a/traffic_ops/traffic_ops_golang/routes.go b/traffic_ops/traffic_ops_golang/routes.go
index 2af1464..91d847c 100644
--- a/traffic_ops/traffic_ops_golang/routes.go
+++ b/traffic_ops/traffic_ops_golang/routes.go
@@ -169,6 +169,8 @@ func Routes(d ServerData) ([]Route, []RawRoute, http.Handler, error) {
{1.1, http.MethodPost, `regions/?$`, api.CreateHandler(region.GetRefType(), d.DB), auth.PrivLevelOperations, Authenticated, nil},
{1.1, http.MethodDelete, `regions/{id}$`, api.DeleteHandler(region.GetRefType(), d.DB), auth.PrivLevelOperations, Authenticated, nil},
+ {1.1, http.MethodDelete, `deliveryservice_server/{dsid}/{serverid}`, dsserver.Delete, auth.PrivLevelReadOnly, Authenticated, nil},
+
// get all edge servers associated with a delivery service (from deliveryservice_server table)
{1.1, http.MethodGet, `deliveryserviceserver$`, dsserver.ReadDSSHandler(d.DB), auth.PrivLevelReadOnly, Authenticated, nil},
{1.1, http.MethodPost, `deliveryserviceserver$`, dsserver.GetReplaceHandler(d.DB), auth.PrivLevelOperations, Authenticated, nil},
diff --git a/traffic_ops/traffic_ops_golang/tenant/tenancy.go b/traffic_ops/traffic_ops_golang/tenant/tenancy.go
index 44f1363..b2c5319 100644
--- a/traffic_ops/traffic_ops_golang/tenant/tenancy.go
+++ b/traffic_ops/traffic_ops_golang/tenant/tenancy.go
@@ -85,6 +85,37 @@ func Check(user *auth.CurrentUser, XMLID string, tx *sql.Tx) (error, error, int)
return nil, nil, http.StatusOK
}
+// Check checks that the given user has access to the given delivery service. Returns a user error, a system error, and an HTTP error code. If both the user and system error are nil, the error code should be ignored.
+func CheckID(tx *sql.Tx, user *auth.CurrentUser, dsID int) (error, error, int) {
+ ok, err := IsTenancyEnabledTx(tx)
+ if err != nil {
+ return nil, errors.New("checking tenancy enabled: " + err.Error()), http.StatusInternalServerError
+ }
+ if !ok {
+ return nil, nil, http.StatusOK
+ }
+
+ dsTenantID, ok, err := getDSTenantIDByIDTx(tx, dsID)
+ if err != nil {
+ return nil, errors.New("checking tenant: " + err.Error()), http.StatusInternalServerError
+ }
+ if !ok {
+ return errors.New("delivery service " + strconv.Itoa(dsID) + " not found"), nil, http.StatusNotFound
+ }
+ if dsTenantID == nil {
+ return nil, nil, http.StatusOK
+ }
+
+ authorized, err := IsResourceAuthorizedToUserTx(*dsTenantID, user, tx)
+ if err != nil {
+ return nil, errors.New("checking tenant: " + err.Error()), http.StatusInternalServerError
+ }
+ if !authorized {
+ return errors.New("not authorized on this tenant"), nil, http.StatusForbidden
+ }
+ return nil, nil, http.StatusOK
+}
+
// returns a Tenant list that the specified user has access too.
// NOTE: This method does not use the use_tenancy parameter and if this method is being used
// to control tenancy the parameter must be checked. The method IsResourceAuthorizedToUser checks the use_tenancy parameter
@@ -164,6 +195,15 @@ func IsTenancyEnabled(db *sqlx.DB) bool {
return useTenancy
}
+func IsTenancyEnabledTx(tx *sql.Tx) (bool, error) {
+ query := `SELECT COALESCE(value::boolean,FALSE) AS value FROM parameter WHERE name = 'use_tenancy' AND config_file = 'global' UNION ALL SELECT FALSE FETCH FIRST 1 ROW ONLY`
+ useTenancy := false
+ if err := tx.QueryRow(query).Scan(&useTenancy); err != nil {
+ return false, errors.New("checking if tenancy is enabled: " + err.Error())
+ }
+ return useTenancy, nil
+}
+
// returns a boolean value describing if the user has access to the provided resource tenant id and an error
// if use_tenancy is set to false (0 in the db) this method will return true allowing access.
func IsResourceAuthorizedToUser(resourceTenantID int, user auth.CurrentUser, db *sqlx.DB) (bool, error) {
@@ -581,3 +621,17 @@ func deleteQuery() string {
WHERE id=:id`
return query
}
+
+// getDSTenantIDByIDTx returns the tenant ID, whether the delivery service exists, and any error.
+// Note the id may be nil, even if true is returned, if the delivery service exists but its tenant_id field is null.
+// TODO move somewhere generic
+func getDSTenantIDByIDTx(tx *sql.Tx, id int) (*int, bool, error) {
+ tenantID := (*int)(nil)
+ if err := tx.QueryRow(`SELECT tenant_id FROM deliveryservice where id = $1`, id).Scan(&tenantID); err != nil {
+ if err == sql.ErrNoRows {
+ return nil, false, nil
+ }
+ return nil, false, fmt.Errorf("querying tenant ID for delivery service ID '%v': %v", id, err)
+ }
+ return tenantID, true, nil
+}