Add server capabilities API #3966
Conversation
rawlinp
added
new feature
|
Refer to this link for build results (access rights to CI server needed): |
|
Refer to this link for build results (access rights to CI server needed): |
traffic_ops/traffic_ops_golang/servercapability/servercapability.go
Outdated
Show resolved
Hide resolved
traffic_ops/traffic_ops_golang/servercapability/servercapability.go
Outdated
Show resolved
Hide resolved
|
Refer to this link for build results (access rights to CI server needed): |
|
Was this new endpoint brought to the mailing list's attention? Not that I think anyone will have a problem with it, just seems like something important enough to bother with. |
|
I think Rob is working on a blueprint. |
|
Refer to this link for build results (access rights to CI server needed): |
|
Since there are no docs with this PR, can you add to your PR description what that routes are and the expected request payloads for each? Or simply an example? |
|
Updated the description with routes and expected payloads. |
GET /server_capabilities[?name=] right? |
|
right, updated to include that |
There was a problem hiding this comment.
Looks great! Tested, works as expected. API tests pass, unit tests pass.
All my comments are nitpicks; additional PRs for them would be great, but not necessary.
But, this shouldn't be merged into master until there's consensus on the list.
Also, this either needs docs added to this PR, or a Github Issue to make docs for it, before merging.
traffic_ops/traffic_ops_golang/servercapability/servercapability.go
Outdated
Show resolved
Hide resolved
traffic_ops/traffic_ops_golang/servercapability/servercapability.go
Outdated
Show resolved
Hide resolved
|
Opened placeholder draft PR for adding documentation: #3971 |
|
without reading thru the code, does DELETE validate that the "server capability" is: a. not being used by any server and with some sort of alert error like "server capability failed. server capability used by X servers/delivery services" sorry, i should just read the code :) |
Server-Capabilities and DS-Required-Capabilities don't exist in this PR, that'll have to be added in a subsequent PR. But, I'd vote we don't add custom Go logic to handle that - rather, if we make them proper Foreign Keys that don't CASCADE DELETE, the DB will automatically prevent it. Then, all we have to do is parse the Postgres error to return a useful message to the user (we already have a func for that |
FWIW Did add that constraint to my PR per @rawlinp feedback https://github.com/apache/trafficcontrol/pull/3964/files#diff-7d3547a278b38f437ab01966666c94a8R26 |
|
i don't suppose you happened to add entries to seeds.sql for creating a "capability" (i'm talking about a user capability here) like the following: server-capabilities-read (for the GET) seems a bit silly since we don't use "user capabilities" yet but i feel like it will make our lives easier (if/when roles/capabilities is every enabled) if every time we add new api endpoints we keep the "user capabilities" current. |
|
@mitchell852 I didn't add seeds.sql entries yet. @mhoppa probably needs those for his API endpoints as well. Should POST/DELETE only be admin? Right now I have it set to Operations. |
probably a question for @rob05c |
|
Refer to this link for build results (access rights to CI server needed): |
I think Ops is right. Admin vs Ops is somewhat nebulous, but I think in general, Operations can do pretty much everything except see password and security stuff. So I think Operations is right for these endpoints. |
|
Are there any restrictions on server capability name? I.e. no spaces, alphanumeric only, etc... |
|
|
||
| // GetServerCapability returns the given server capability by name. | ||
| func (to *Session) GetServerCapability(name string) (*tc.ServerCapability, ReqInf, error) { | ||
| url := fmt.Sprintf("%s?name=%s", APIServerCapabilities, name) |
There was a problem hiding this comment.
Non blocking as we dont do it anywhere but for here and below, on query parameters, we should use the net/url package to build them out so they are correctly url encoded.
There was a problem hiding this comment.
Good call. I'll add that into this one.
The design reqs don't, I was originally thinking we'd let people put anything, but now that I think more about it, I think we should limit it to URI path chars, I.e. digit/alpha/_/-. That lets us put it in a path or query easier later, and I can't imagine why someone would need any other chars. Someone might want, for example, Chinese characters for their names. And then, we could extend the feature to require/do punycode/urlencoding of high Unicode in paths. But that's adding a good bit of work to this feature, and it's much easier to allow more characters in the future without breaking people, than it is to remove things previously allowed. Thoughts? If no one objects, I'll put that in the blueprint (but not hold up this PR for it, we can easily add that in another) |
|
Just a thought. What about a GET response like: We do something similar with GET /parameters where we have a []profiles property. It gives me the ability in the UI to show a "server count" and a "delivery service count" which seems like interesting info to the user. But not a big deal if not included. I can get that info calling the join tables directly. It just makes the UI a bit less friendly. |
|
+1 on restricting the name to alphanumeric/-/_. Could the "server count" and "ds count" information be answered by just including links to pages which are backed by the server_server_capabilities API? E.g. click into the RAM capability, then click the "show servers" link to see all the servers with this capability or "show DSes" to see all the DSes with this capability. |
yep. i think that's fine. |
}``` message here needs to be corrected. we are deleting server_capabilities only by name. |
Yep, looks like an artifact of Looks like either
Trimming whitespace should be fine. It should be documented, but the extra safety seems like a good thing to me.
The API shouldn't do this. Unknown parameters should be ignored. This follows the Robustness Principle. See This makes our API easier to use, and less likely to break users, and more forward-compatible. For example, someone could be using a client with a newer version, or newer code within the same version, but knowingly double-checking their filtering params (atstccfg does this); or posting some kind of debug information that helps themselves; or simply making a simple mistake that doesn't need to break things. I know some other APIs do this. It is a gross violation of the Robustness Principle, and I strongly disapprove. It makes servers brittle and fragile, and complicates integration and forward-compatibility. |
agree |
unknown query params that is. agree. plus this is how our api has always behaved. |
Yeah, I noticed that as well and just kind of figured "name" is really the "id" of the resource, so I just left it as it was. I'll change the
I'm not intentionally trimming the name, but about to submit a fix that validates the name is alphanumeric/dash/underscore.
I also agree unknown API parameters should be ignored.
This seems like a problem with our entire API rather than just this PR. We should fix that holistically and separately IMO.
I suspect that is also a larger problem with the majority of our API, since we share the common code for unmarshalling JSON and returning errors across multiple endpoints. We should fix that separately. |
|
Refer to this link for build results (access rights to CI server needed): |
|
Refer to this link for build results (access rights to CI server needed): |
what to create a separate issue for that @lbathina as it sounds like this is a problem with all our POSTs |
What does this PR (Pull Request) do?
Add a new API for creating, reading, and deleting (not updating) server capabilities:
Which Traffic Control components are affected by this PR?
Documentation will be done in a follow-up PR.
What is the best way to verify this PR?
Read the added TO API tests to verify they're sufficient, then run the TO API tests.
The following criteria are ALL met by this PR