Fix Internal server error in Get Profiles by invalid Params

[dmohan001c]

What does this PR (Pull Request) do?

• This PR fixes Unverified query parameter causes Internal Server Error #5510

This updates the Error message in GET profiles?param=test and profiles?cdn=test

Which Traffic Control components are affected by this PR?

• CDN in a Box
• Traffic Control Client
• Traffic Ops
• CI tests

What is the best way to verify this PR?

Execute all the Integration tests and make sure the tests are passed.

If this is a bug fix, what versions of Traffic Control are affected?

• Master

The following criteria are ALL met by this PR

• This PR includes tests OR I have explained why tests are unnecessary
• This PR includes documentation OR I have explained why documentation is unnecessary
• This PR includes an update to CHANGELOG.md OR such an update is not necessary
• This PR includes any and all required license headers
• This PR DOES NOT FIX A SERIOUS SECURITY VULNERABILITY (see the Apache Software Foundation's security guidelines for details)

[srijeet0406]

This is an internal database error and should probably remain as an internal server error.
Instead, what you can do is add another validation for the param query parameter to make sure it's an integer.
Also, you can add the JOIN clause for the profile_parameter to the main select query (just like the cdn join part), instead of checking for it separately.

Additionally, as mentioned in the GH issue, there are a lot of client methods that use the profile param as a string(name), instead of an int(id). We should probably fix those in this PR as well.

[dmohan001c]

added another validation for the param and cdn to make sure it's an integer.

[srijeet0406]

As I mentioned in the previous comment, this should just stay the same as it was before.
You could add another validation for the param being an int.

[dmohan001c]

done.

[srijeet0406]

Instead of checking for individual query parameters like this, we should just add them as part of the checkers on lines 116-120.
You should also add the checker for the ParamQueryParam in there, something like this:

queryParamsToQueryCols := map[string]dbhelpers.WhereColumnInfo{		
CDNQueryParam:  dbhelpers.WhereColumnInfo{Column: "c.id", Checker: api.IsInt},
NameQueryParam: dbhelpers.WhereColumnInfo{Column: "prof.name"},
IDQueryParam:   dbhelpers.WhereColumnInfo{Column: "prof.id", Checker: api.IsInt},
ParamQueryParam: dbhelpers.WhereColumnInfo{Column: "pp.parameter", Checker: api.IsInt},
}

Then, on line 126, if ParamQueryParam is present, you add the Left Join... subquery to the main select query.
This way, we can have one single place where we check for all the query params.

The API v2 and v3 tests currently fail because they are passing in a param name as an ID to the client methods. These will need to be fixed. Also, there is this section of code in the v4 tests, which can be uncommented after the fix:

		// passing it to this is supposed to work.
		// resp, _, err = TOSession.GetProfileByParameter(pr.Parameter)
		// if err != nil {
		// 	t.Errorf("cannot GET Profile by param: %v - %v", err, resp)
		// }```

[dmohan001c]

updated the DB Query to support params in GET profiles.

[srijeet0406]

Once you add the ParamQueryParam to the queryParamsToQueryCols, the BuildWhereAndOrderByAndPagination function will automatically add the WHERE clause to the query, you don't need to modify the where variable above. Instead, what you can do is add just the LEFT JOIN profile_parameter pp ON prof.id = pp.profile part if the parameter_id param is present.

With the current changes, the query comes out to be this:
SELECT prof.description, prof.id, prof.last_updated, prof.name, prof.routing_disabled, prof.type, c.id as cdn, c.name as cdn_name FROM profile prof LEFT JOIN cdn c ON prof.cdn = c.id LEFT JOIN profile_parameter pp ON prof.id = pp.profile WHERE pp.parameter=:param AND pp.parameter=:parameter_id
We don't need the two WHERE clauses in our query. Also, I think the tests are still failing for API v2 and v3.

[dmohan001c]

If I didn't change the WHERE as per above statement, the query looks incorrect.
SELECT prof.description, prof.id, prof.last_updated, prof.name, prof.routing_disabled, prof.type, c.id as cdn, c.name as cdn_name FROM profile prof LEFT JOIN cdn c ON prof.cdn = c.id WHERE pp.parameter=:param LEFT JOIN profile_parameter pp ON prof.id = pp.profile.

getting internal server error. So, the above changes look good to me.

[dmohan001c]

V2 AND V3 profiles tests are failing. I am taking a look on it.

[srijeet0406]

No, the WHERE clause will be created by the BuildWhereAndOrderByAndPagination function and you dont need to account for it, if you're passing in all the right query params into it.

[dmohan001c]

Fixed.

[srijeet0406]

You can't actually change the existing client signatures because that breaks the clients that are using them. I suggest creating a new method that takes in the parameterID, instead of the parameter name, and then using that method in the tests. You can leave the GetProfileByParameterWithHdr method as it is.

[dmohan001c]

reverted the method signature

[srijeet0406]

You can't change the signatures of these methods, if this code is not a part of a major release. There might be other client scripts using these methods, which will break if you change the signature. Instead, I would suggest doing something like you did in the v2 client method above. That way, the method signature stays the same.

[srijeet0406]

We should probably check for the error here.

[srijeet0406]

Also, as I suggested earlier, instead of breaking the way pre existing client methods work, why not create a new client method that takes in a param ID instead of a param name, and then make the GET call? Something like this:

func (to *Session) GetProfileByParameterID(paramID string, header http.Header) ([]tc.Profile, ReqInf, error) {
         uri := fmt.Sprintf("%s?param=%d", APIProfiles, paramID)
	var data tc.ProfilesResponse
	reqInf, err := to.get(uri, header, &data)
	return data.Response, reqInf, err
}

[dmohan001c]

I don't want to create a new method, since the bug fixes require the API to accept int parameters(there is no change in method signature), If we keep the existing methods as per your advice, if someone accidentally calls the method, it will throw an error since that API is not anymore supporting string.

[dmohan001c]

Created a new client method

[srijeet0406]

Same comment as above here.

[dmohan001c]

Fixed.

[srijeet0406]

You can probably remove these commented lines now.

[dmohan001c]

Fixed.

[srijeet0406]

Any reason to keep that first line in there still?

[dmohan001c]

I removed this line.

[srijeet0406]

We should probably check for the returned error here.

[dmohan001c]

added error checks

[srijeet0406]

We should probably check for the returned error here.

[dmohan001c]

added error checks.

[srijeet0406]

We should probably check for the returned error here.

[dmohan001c]

added error checks

[srijeet0406]

@dmohan001c It looks like the go format checks are failing. Once that is fixed, I can test this and approve.

[srijeet0406]

This resp is the wrong response here. Also, I don't think you need to print the response here, just the error is fine.

[dmohan001c]

removed the response in error statement

[srijeet0406]

Same comment here, no need to print the response.

[dmohan001c]

removed the response from print statement

[srijeet0406]

Same.

[dmohan001c]

Removed.

[srijeet0406]

same

[dmohan001c]

removed

[srijeet0406]

You should be checking the error here, as you are doing in the v2 and v3 tests.

[dmohan001c]

added error checks

[srijeet0406]

Godoc is missing.

[dmohan001c]

Added godoc.

[srijeet0406]

Godoc is missing.

[dmohan001c]

Added godoc,.

[srijeet0406]

Code changes look good.
All tests pass.
Manual testing looks good as well.
LGTM!