Skip to content

Commit ae18477

Browse files
PSUdaemonPSUdaemon
committed
Add URI Signing
1 parent 3d55c94 commit ae18477

9 files changed

Lines changed: 210 additions & 60 deletions

File tree

docs/source/development/traffic_ops_api/v11/deliveryservice.rst

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -157,6 +157,10 @@ Delivery Service
157157
| ``signed`` | bool | - false: token based auth (see :ref:token-based-auth) is not enabled for this deliveryservice. |
158158
| | | - true: token based auth is enabled for this deliveryservice. |
159159
+--------------------------+--------+--------------------------------------------------------------------------------------------------------------------------------------+
160+
| ``signing_algorithm`` | string | - null: token based auth (see :ref:token-based-auth) is not enabled for this deliveryservice. |
161+
| | | - "url_sig": URL Sign token based auth is enabled for this deliveryservice. |
162+
| | | - "uri_signing": URI Signing token based auth is enabled for this deliveryservice. |
163+
+--------------------------+--------+--------------------------------------------------------------------------------------------------------------------------------------+
160164
| ``sslKeyVersion`` | string | |
161165
+--------------------------+--------+--------------------------------------------------------------------------------------------------------------------------------------+
162166
| ``trRequestHeaders`` | string | |
@@ -232,6 +236,7 @@ Delivery Service
232236
"regionalGeoBlocking": false,
233237
"remapText": null,
234238
"signed": false,
239+
"signing_algorithm": null,
235240
"sslKeyVersion": "0",
236241
"trRequestHeaders": null,
237242
"trResponseHeaders": "Access-Control-Allow-Origin: *",
@@ -384,6 +389,10 @@ Delivery Service
384389
| ``signed`` | bool | - false: token based auth (see :ref:token-based-auth) is not enabled for this deliveryservice. |
385390
| | | - true: token based auth is enabled for this deliveryservice. |
386391
+--------------------------+--------+--------------------------------------------------------------------------------------------------------------------------------------+
392+
| ``signing_algorithm`` | string | - null: token based auth (see :ref:token-based-auth) is not enabled for this deliveryservice. |
393+
| | | - "url_sig": URL Sign token based auth is enabled for this deliveryservice. |
394+
| | | - "uri_signing": URI Signing token based auth is enabled for this deliveryservice. |
395+
+--------------------------+--------+--------------------------------------------------------------------------------------------------------------------------------------+
387396
| ``sslKeyVersion`` | string | |
388397
+--------------------------+--------+--------------------------------------------------------------------------------------------------------------------------------------+
389398
| ``trRequestHeaders`` | string | |
@@ -459,6 +468,7 @@ Delivery Service
459468
"regionalGeoBlocking": false,
460469
"remapText": null,
461470
"signed": false,
471+
"signing_algorithm": null,
462472
"sslKeyVersion": "0",
463473
"trRequestHeaders": null,
464474
"trResponseHeaders": "Access-Control-Allow-Origin: *",

docs/source/development/traffic_ops_api/v12/deliveryservice.rst

Lines changed: 37 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -176,6 +176,10 @@ Delivery Service
176176
| ``signed`` | bool | - false: token based auth (see :ref:token-based-auth) is not enabled for this deliveryservice. |
177177
| | | - true: token based auth is enabled for this deliveryservice. |
178178
+--------------------------+--------+--------------------------------------------------------------------------------------------------------------------------------------+
179+
| ``signing_algorithm`` | string | - null: token based auth (see :ref:token-based-auth) is not enabled for this deliveryservice. |
180+
| | | - "url_sig": URL Sign token based auth is enabled for this deliveryservice. |
181+
| | | - "uri_signing": URI Signing token based auth is enabled for this deliveryservice. |
182+
+--------------------------+--------+--------------------------------------------------------------------------------------------------------------------------------------+
179183
| ``sslKeyVersion`` | int | |
180184
+--------------------------+--------+--------------------------------------------------------------------------------------------------------------------------------------+
181185
| ``tenant`` | string | Owning tenant name |
@@ -246,6 +250,7 @@ Delivery Service
246250
"remapText": null,
247251
"routingName": "foo",
248252
"signed": false,
253+
"signing_algorithm": null,
249254
"sslKeyVersion": "0",
250255
"tenant": "root",
251256
"tenantId": 1,
@@ -414,6 +419,10 @@ Delivery Service
414419
| ``signed`` | bool | - false: token based auth (see :ref:token-based-auth) is not enabled for this deliveryservice. |
415420
| | | - true: token based auth is enabled for this deliveryservice. |
416421
+--------------------------+--------+--------------------------------------------------------------------------------------------------------------------------------------+
422+
| ``signing_algorithm`` | string | - null: token based auth (see :ref:token-based-auth) is not enabled for this deliveryservice. |
423+
| | | - "url_sig": URL Sign token based auth is enabled for this deliveryservice. |
424+
| | | - "uri_signing": URI Signing token based auth is enabled for this deliveryservice. |
425+
+--------------------------+--------+--------------------------------------------------------------------------------------------------------------------------------------+
417426
| ``sslKeyVersion`` | int | |
418427
+--------------------------+--------+--------------------------------------------------------------------------------------------------------------------------------------+
419428
| ``tenant`` | string | Owning tenant name |
@@ -491,6 +500,7 @@ Delivery Service
491500
"remapText": null,
492501
"routingName": "foo",
493502
"signed": false,
503+
"signing_algorithm": null,
494504
"sslKeyVersion": "0",
495505
"tenant": "root",
496506
"tenantId": 1,
@@ -2158,6 +2168,10 @@ URL Sig Keys
21582168
| signed | no | - false: token based auth (see :ref:token-based-auth) is not enabled for this deliveryservice. |
21592169
| | | - true: token based auth is enabled for this deliveryservice. |
21602170
+------------------------+----------+---------------------------------------------------------------------------------------------------------+
2171+
| signing_algorithm | no | - null: token based auth (see :ref:token-based-auth) is not enabled for this deliveryservice. |
2172+
| | | - "url_sig": URL Sign token based auth is enabled for this deliveryservice. |
2173+
| | | - "uri_signing": URI Signing token based auth is enabled for this deliveryservice. |
2174+
+------------------------+----------+---------------------------------------------------------------------------------------------------------+
21612175
| sslKeyVersion | no | SSL key version |
21622176
+------------------------+----------+---------------------------------------------------------------------------------------------------------+
21632177
| trRequestHeaders | no | Traffic router log request headers |
@@ -2193,7 +2207,8 @@ URL Sig Keys
21932207
"qstringIgnore": 0,
21942208
"rangeRequestHandling": 0,
21952209
"regionalGeoBlocking": false,
2196-
"signed": false
2210+
"signed": false,
2211+
"signing_algorithm": null
21972212
}
21982213

21992214

@@ -2332,6 +2347,10 @@ URL Sig Keys
23322347
| ``signed`` | bool | - false: token based auth (see :ref:token-based-auth) is not enabled for this deliveryservice. |
23332348
| | | - true: token based auth is enabled for this deliveryservice. |
23342349
+--------------------------+--------+--------------------------------------------------------------------------------------------------------------------------------------+
2350+
| ``signing_algorithm`` | string | - null: token based auth (see :ref:token-based-auth) is not enabled for this deliveryservice. |
2351+
| | | - "url_sig": URL Sign token based auth is enabled for this deliveryservice. |
2352+
| | | - "uri_signing": URI Signing token based auth is enabled for this deliveryservice. |
2353+
+--------------------------+--------+--------------------------------------------------------------------------------------------------------------------------------------+
23352354
| ``sslKeyVersion`` | int | |
23362355
+--------------------------+--------+--------------------------------------------------------------------------------------------------------------------------------------+
23372356
| ``trRequestHeaders`` | string | |
@@ -2405,6 +2424,7 @@ URL Sig Keys
24052424
"remapText": null,
24062425
"routingName": "foo",
24072426
"signed": false,
2427+
"signing_algorithm": null,
24082428
"sslKeyVersion": "0",
24092429
"tenantId": 1,
24102430
"trRequestHeaders": null,
@@ -2554,6 +2574,10 @@ URL Sig Keys
25542574
| signed | no | - false: token based auth (see :ref:token-based-auth) is not enabled for this deliveryservice. |
25552575
| | | - true: token based auth is enabled for this deliveryservice. |
25562576
+------------------------+----------+---------------------------------------------------------------------------------------------------------+
2577+
| signing_algorithm | no | - null: token based auth (see :ref:token-based-auth) is not enabled for this deliveryservice. |
2578+
| | | - "url_sig": URL Sign token based auth is enabled for this deliveryservice. |
2579+
| | | - "uri_signing": URI Signing token based auth is enabled for this deliveryservice. |
2580+
+------------------------+----------+---------------------------------------------------------------------------------------------------------+
25572581
| sslKeyVersion | no | SSL key version |
25582582
+------------------------+----------+---------------------------------------------------------------------------------------------------------+
25592583
| trRequestHeaders | no | Traffic router log request headers |
@@ -2589,7 +2613,8 @@ URL Sig Keys
25892613
"qstringIgnore": 0,
25902614
"rangeRequestHandling": 0,
25912615
"regionalGeoBlocking": false,
2592-
"signed": false
2616+
"signed": false,
2617+
"signing_algorithm": null
25932618
}
25942619

25952620

@@ -2728,6 +2753,10 @@ URL Sig Keys
27282753
| ``signed`` | bool | - false: token based auth (see :ref:token-based-auth) is not enabled for this deliveryservice. |
27292754
| | | - true: token based auth is enabled for this deliveryservice. |
27302755
+--------------------------+--------+--------------------------------------------------------------------------------------------------------------------------------------+
2756+
| ``signing_algorithm`` | string | - null: token based auth (see :ref:token-based-auth) is not enabled for this deliveryservice. |
2757+
| | | - "url_sig": URL Sign token based auth is enabled for this deliveryservice. |
2758+
| | | - "uri_signing": URI Signing token based auth is enabled for this deliveryservice. |
2759+
+--------------------------+--------+--------------------------------------------------------------------------------------------------------------------------------------+
27312760
| ``sslKeyVersion`` | int | |
27322761
+--------------------------+--------+--------------------------------------------------------------------------------------------------------------------------------------+
27332762
| ``trRequestHeaders`` | string | |
@@ -2801,6 +2830,7 @@ URL Sig Keys
28012830
"remapText": null,
28022831
"routingName": "foo",
28032832
"signed": false,
2833+
"signing_algorithm": null,
28042834
"sslKeyVersion": "0",
28052835
"tenantId": 1,
28062836
"trRequestHeaders": null,
@@ -2992,6 +3022,10 @@ URL Sig Keys
29923022
| ``signed`` | bool | - false: token based auth (see :ref:token-based-auth) is not enabled for this deliveryservice. |
29933023
| | | - true: token based auth is enabled for this deliveryservice. |
29943024
+--------------------------+--------+--------------------------------------------------------------------------------------------------------------------------------------+
3025+
| ``signing_algorithm`` | string | - null: token based auth (see :ref:token-based-auth) is not enabled for this deliveryservice. |
3026+
| | | - "url_sig": URL Sign token based auth is enabled for this deliveryservice. |
3027+
| | | - "uri_signing": URI Signing token based auth is enabled for this deliveryservice. |
3028+
+--------------------------+--------+--------------------------------------------------------------------------------------------------------------------------------------+
29953029
| ``sslKeyVersion`` | int | |
29963030
+--------------------------+--------+--------------------------------------------------------------------------------------------------------------------------------------+
29973031
| ``trRequestHeaders`` | string | |
@@ -3065,6 +3099,7 @@ URL Sig Keys
30653099
"remapText": null,
30663100
"routingName": "foo",
30673101
"signed": false,
3102+
"signing_algorithm": null,
30683103
"sslKeyVersion": "0",
30693104
"tenantId": 1,
30703105
"trRequestHeaders": null,

traffic_ops/app/db/migrations/20171013000000_change_signing_type.sql

Lines changed: 49 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,49 @@
1+
/*
2+
3+
Licensed under the Apache License, Version 2.0 (the "License");
4+
you may not use this file except in compliance with the License.
5+
You may obtain a copy of the License at
6+
7+
http://www.apache.org/licenses/LICENSE-2.0
8+
9+
Unless required by applicable law or agreed to in writing, software
10+
distributed under the License is distributed on an "AS IS" BASIS,
11+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12+
See the License for the specific language governing permissions and
13+
limitations under the License.
14+
*/
15+
16+
-- +goose Up
17+
-- SQL in section 'Up' is executed when this migration is applied
18+
CREATE DOMAIN deliveryservice_signature_type AS TEXT
19+
CHECK(
20+
VALUE IN ('url_sig', 'uri_signing')
21+
);
22+
23+
ALTER TABLE IF EXISTS deliveryservice
24+
ALTER COLUMN signed
25+
SET DEFAULT NULL;
26+
27+
ALTER TABLE IF EXISTS deliveryservice
28+
ALTER COLUMN signed
29+
SET DATA TYPE deliveryservice_signature_type
30+
USING CASE WHEN signed THEN 'url_sig'::text::deliveryservice_signature_type ELSE NULL END;
31+
32+
ALTER TABLE IF EXISTS deliveryservice
33+
RENAME COLUMN signed TO signing_algorithm;
34+
35+
-- +goose Down
36+
-- SQL section 'Down' is executed when this migration is rolled back
37+
ALTER TABLE IF EXISTS deliveryservice
38+
RENAME COLUMN signing_algorithm TO signed;
39+
40+
ALTER TABLE deliveryservice
41+
ALTER COLUMN signed
42+
SET DATA TYPE boolean
43+
USING CASE WHEN signed='url_sig' THEN true ELSE false END;
44+
45+
ALTER TABLE IF EXISTS deliveryservice
46+
ALTER COLUMN signed
47+
SET DEFAULT false;
48+
49+
DROP DOMAIN IF EXISTS deliveryservice_signature_type RESTRICT;

0 commit comments

Comments
 (0)