Generating DNSSEC keys for a brand new CDN thru the API creates DNSSEC keys for potentially the wrong delivery services and then results in a 500 internal server error

[mitchell852]

The following API results in a 500 ISE when you try to generate DNSSEC keys for a brand-spanking new CDN:

$r->post("/api/$version/cdns/dnsseckeys/generate

Here is the error:

[2017-09-21 15:50:00,413] [ERROR] DBIx::Class::Storage::DBI::_dbh_execute(): DBI Exception: DBD::Pg::st execute failed: ERROR: null value in column "profile" violates not-null constraint
DETAIL: Failing row contains (null, 3399, 2017-09-21 15:50:00.391382-06). [for Statement "INSERT INTO profile_parameter ( parameter, profile) VALUES ( ?, ? ) RETURNING profile" with ParamValues: 1='3399', 2=undef] at /code/src/github.com/apache/incubator-trafficcontrol/traffic_ops/app/lib/MojoPlugins/DnssecKeys.pm line 165

This is because on this line:

https://github.com/apache/incubator-trafficcontrol/blob/master/traffic_ops/app/lib/MojoPlugins/DnssecKeys.pm#L91

If $profile_id is undef (which it will be because I have setup no traffic router servers for this CDN yet and therefore there is no profile to fetch), it will cause the following problems:

1. DNSSEC keys are created for all delivery services that have no profile regardless of CDN because of the result of this query when profile = undef

https://github.com/apache/incubator-trafficcontrol/blob/master/traffic_ops/app/lib/MojoPlugins/DnssecKeys.pm#L95

2. The error stated above because you can't create a profileparameter record with profile = undef

https://github.com/apache/incubator-trafficcontrol/blob/master/traffic_ops/app/lib/MojoPlugins/DnssecKeys.pm#L165

TLDR;

There is a problem when profile can't be found on this line:

https://github.com/apache/incubator-trafficcontrol/blob/master/traffic_ops/app/lib/MojoPlugins/DnssecKeys.pm#L91

1. why is profile being used to decide which delivery services to create dnssec keys for?

https://github.com/apache/incubator-trafficcontrol/blob/master/traffic_ops/app/lib/MojoPlugins/DnssecKeys.pm#L94

Each DS has a CDN so why not figure out the DS's like this

my @ds_rs = $self->db->resultset('Deliveryservice')->search( { cdn_id => cdn.id } , { prefetch => [ { 'cdn' => undef }]});

2. Can we skip the profile parameter part if no profile was ever found?

[mitchell852]

TLDR; TLDR;

Basically you can't (or shouldn't?) generate DNSSEC keys for a cdn that doesn't have a traffic router server setup with a profile that starts with CCR or TR...