You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficcontrol.apache.org by GitBox <gi...@apache.org> on 2018/09/18 18:27:24 UTC
[GitHub] moltzaum opened a new pull request #2834: User cruder
moltzaum opened a new pull request #2834: User cruder
URL: https://github.com/apache/trafficcontrol/pull/2834
#### What does this PR do?
This is the acceptance criteria:
- [x] Write handlers using CRUDer
- get /api/1.1/users/
- get /api/1.1/users/:id
- put /api/1.1/users/:id
- post /api/1.1/users/
- delete /api/1.1/users/:id (reverted; no longer in use)
- [x] Written the client
- [x] Written general tests
- [x] Enforce tenancy for GET
- [x] Enforce tenancy for PUT, DELETE, CREATE
- [x] Documentation
- Updated documentation to include query parameters
- Marked uid and gid as deprecated
- Fixed formatting
- Updated tenant id to be required (has not null constraint and perl currently returns raw error)
- Double check documentation for correct information
- [x] Password Security
- Convert to SCYRPT
- Don't keep in response
- Password validation
- [x] Returns correct HTTP error codes
- Little bit lax on distinction between query and path parameters (both return empty response)
- Followed convention for things I was familiar with
- New?: Returns 404 if role or tenant id not found
i) Perl returned a 400 for one and 500 for another (think it was 'role')
ii) Not sure if this is being done by other golang endpoints
- [ ] Follows logic from perl
- This is a little iffy. Things should be compatible, though minor differences exist (see this checklist for examples)
Notes:
I changed `api.ParseDBError` a little bit.
The user shouldn't be able to update their own role.
Follow ups:
Delete will be implemented later (see #2017)
uid, gid, and confirmLocalPasswd will need to be removed from the database
#### Which TC components are affected by this PR?
- [x] Documentation
- [ ] Grove
- [ ] Traffic Analytics
- [ ] Traffic Monitor
- [x] Traffic Ops
- [ ] Traffic Ops ORT
- [ ] Traffic Portal
- [ ] Traffic Router
- [ ] Traffic Stats
- [ ] Traffic Vault
- [ ] Other _________
#### What is the best way to verify this PR?
Run the tests.
The tests do not check tenancy or validations, so those would be checked manually.
Password validation is the most important to verify.
The reviewer should be able to reproduce errors that originate from api.ParseDBErr.
Look over the documentation.
#### Check all that apply
- [x] This PR includes tests
- [x] This PR includes documentation updates
- [ ] This PR includes an update to CHANGELOG.md
- [x] This PR includes all required license headers
- [ ] This PR includes a database migration (ensure that migration sequence is correct)
- [ ] This PR fixes a serious security flaw. Read more: [www.apache.org/security](http://www.apache.org/security/)
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services