-
Notifications
You must be signed in to change notification settings - Fork 339
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[TC-516] Deleting a DS thru the TO API should also delete all SSL keys (if applicable) #882
Comments
I don't believe this will be backported to 2.1. Moving to 2.2 |
During some of my testing, I've had a few issues with the API call related to getting certificate for a CDN. I have a few questions here.
|
"On delete, should we keep the version of certificates around and only remove -latest? This way there is a recovery path, but what would happen if we recreate the delivery service?" IMO, on DS delete thru the API all related SSL keys in riak should just go away. No recovery path. Too messy to think about recovery paths. I like to keep it simple if possible. If you end up recreating the DS, you're going to have to regenerate or enter the keys. Thoughts? |
"Is the wanted behavior to delete certs for both API and UI? (This issue is only for API)." in the old UI, this bug has been around for quite sometime i guess so IMO it stays there. Our time is better served IMO tightening up the future (the API) but if you disagree @smalenfant maybe another issue would make sense for the "UI side". after thinking about this more, you're probably right...if you delete thru api or UI then riak ssl keys should be deleted... |
"The API GET /api/1.2/cdns/name/:name/sslkeys brings up all certificates from Riak for a CDN no matter if the delivery service is configured or not in Traffic Ops. I believe this impacts both ORT and Traffic Router and can lead to some issues hard to resolve. If this is implemented, this might help with this situation." maybe that warrents a different issue @smalenfant. if you agree, you want to create one? I kinda feel like this issue should just stick to deleting riak ssl keys when a ds is deleted... |
This should happen on the CRConfig Snapshot, rather than the DS deletion. Because it's valid for an operator to delete a DS still receiving traffic, and not expect the "live" change to apply, and at some point the future to Snapshot the CRConfig to actually deploy the deletion. |
There are currently 4 protocols for a DS:
0 - HTTP
1 - HTTPS
2 - HTTP AND HTTPS
3 - HTTP TO HTTPS
Currently, if you delete a DS thru the API, SSL keys are not deleted. This should occur if ds.protocol > 0.
Author: Jeremy Mitchell
JIRA Link: https://issues.apache.org/jira/browse/TC-516
Found Version: 2.1.0
The text was updated successfully, but these errors were encountered: