Merge branch 'master' into secure-params-fix

apache · Aug 9, 2023 · a26618c · a26618c
2 parents 8138372 + 849d166
commit a26618c
Show file tree

Hide file tree

Showing 57 changed files with 12,715 additions and 109 deletions.
diff --git a/.env b/.env
@@ -1,2 +1,2 @@
 ATS_VERSION=9.1.2
-GO_VERSION=1.19.11
+GO_VERSION=1.19.12
diff --git a/.github/actions/repo-info/README.md b/.github/actions/repo-info/README.md
@@ -56,5 +56,5 @@ jobs:
           with:
             - owner: apache
             - repo: trafficserver
-            - branch: 9.1.x
+            - branch: 9.2.x
 ```
diff --git a/.github/workflows/cache-config-tests.yml b/.github/workflows/cache-config-tests.yml
@@ -18,7 +18,7 @@
 name: T3C Integration Tests
 
 env:
-  ATS_VERSION: 9.1.x
+  ATS_VERSION: 9.2.x
   RHEL_VERSION: 8
   TARGET_ARCH: x86_64
 

diff --git a/.github/workflows/ciab.yaml b/.github/workflows/ciab.yaml
@@ -275,7 +275,7 @@ jobs:
         with:
           owner: apache
           repo: trafficserver
-          branch: 9.1.x
+          branch: 9.2.x
         id: repo-info
       - name: Check Cache
         id: ats-rpm-cache

diff --git a/.github/workflows/health-client-tests.yml b/.github/workflows/health-client-tests.yml
@@ -18,7 +18,7 @@
 name: TC Health Client Integration Tests
 
 env:
-  ATS_VERSION: 9.1.x
+  ATS_VERSION: 9.2.x
   RHEL_VERSION: 8
   TARGET_ARCH: x86_64
 

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,7 +4,9 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
 
 ## [unreleased]
+- [#7665](https://github.com/apache/trafficcontrol/pull/7665) *Automation* Changes to Ansible role dataset_loader to add ATS 9 support
 ### Added
+- [#7672](https://github.com/apache/trafficcontrol/pull/7672) *Traffic Control Health Client* Added peer monitor flag while using `strategies.yaml`
 - [#7609](https://github.com/apache/trafficcontrol/pull/7609) *Traffic Portal* Added Scope Query Param to SSO login. 
 - [#7450](https://github.com/apache/trafficcontrol/pull/7450) *Traffic Ops* Removed hypnotoad section and added listen field to traffic_ops_golang section in order to simplify cdn config.
 - [#7290](https://github.com/apache/trafficcontrol/pull/7302) *Traffic Monitor* Update TM results with hostname from via header, syncronize health on caches with same service address
@@ -68,9 +70,11 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
 - [#7600](https://github.com/apache/trafficcontrol/pull/7600) *t3c* changed default go-direct command line arg to be old to avoid unexpected config changes upon upgrade.
 - [##7605](https://github.com/apache/trafficcontrol/pull/#7605) *Traffic Ops* Fixes `cachegroups_request_comments` v5 apis to respond with `RFC3339` date/time Format.
 - [#7621](https://github.com/apache/trafficcontrol/pull/7621) *Traffic Ops* Use ID token for OAuth authentication, not Access Token
+- [#7694](https://github.com/apache/trafficcontrol/pull/7694) *t3c*, *Traffic Control Health Client* Upgrade to ATS 9.2
 
 ### Fixed
 - [#4393](https://github.com/apache/trafficcontrol/issues/4393) *Traffic Ops* Fixed the error code and alert structure when TO is queried for a delivery service with no ssl keys.
+- [#7690](https://github.com/apache/trafficcontrol/pull/7690) *Traffic Ops* Fixes Logs V5 apis to respond with RFC3339 tiestamps.
 - [#7631] (https://github.com/apache/trafficcontrol/pull/7631) *Traffic Ops* Fixes Phys_Location V5 apis to respond with RFC3339 date/time Format
 - [#7623] (https://github.com/apache/trafficcontrol/pull/7623) *Traffic Ops* Removed TryIfModifiedSinceQuery from servicecategories.go and reused from ims.go
 - [#7608](https://github.com/apache/trafficcontrol/pull/7608) *Traffic Monitor* Use stats_over_http(plugin.system_stats.timestamp_ms) timestamp field to calculate bandwidth for TM's caches.
@@ -142,6 +146,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
 - [#7596](https://github.com/apache/trafficcontrol/pull/7596) *Traffic Ops* Fixes `federation_resolvers` v5 apis to respond with `RFC3339` date/time Format.
 - [#7660](https://github.com/apache/trafficcontrol/pull/7660) *Traffic Ops* Fixes `deliveryServices` v5 apis to respond with `RFC3339` date/time Format.
 - [#7686](https://github.com/apache/trafficcontrol/pull/7686) *Traffic Ops* Fixes secured parameters being visible when role has proper permissions.
+- [#7697](https://github.com/apache/trafficcontrol/pull/7697) *Traffic Ops* Fixes `iloPassword` and `xmppPassword` checking for priv-level instead of using permissions.
 
 ### Removed
 - [#7271](https://github.com/apache/trafficcontrol/pull/7271) Remove components in `infrastructre/docker/`, not in use as cdn-in-a-box performs the same functionality.

diff --git a/GO_VERSION b/GO_VERSION
@@ -1 +1 @@
-1.19.11
+1.19.12
diff --git a/LICENSE b/LICENSE
@@ -356,6 +356,11 @@ This product bundles yaml, which is available under an Apache-2.0 license.
 ./vendor/gopkg.in/yaml.v2/LICENSE.libyaml
 Refer to the above license for the full text.
 
+This product bundles yaml, which is available under a MIT license.
+@vendor/gopkg.in/yaml.v3/*
+./vendor/gopkg.in/yaml.v3/LICENSE
+Refer to the above license for the full text.
+
 This product bundles pq, which is available under an MIT license.
 @vendor/github.com/lib/pq/*
 ./vendor/github.com/lib/pq/LICENSE.md

diff --git a/cache-config/testing/docker/variables.env b/cache-config/testing/docker/variables.env
@@ -57,7 +57,7 @@ TV_USER_PASS=twelve
 X509_CA_PERSIST_DIR=/ca
 X509_CA_PERSIST_ENV_FILE=/ca/environment
 # trafficserver build variables
-ATS_VERSION=9.1.x
+ATS_VERSION=9.2.x
 CJOSE_URL=https://github.com/cisco/cjose
 CJOSE_TAG=latest
 JANSSON_URL=https://github.com/akheron/jansson

diff --git a/docs/source/api/v5/logs.rst b/docs/source/api/v5/logs.rst
@@ -63,7 +63,7 @@ Request Structure
 Response Structure
 ------------------
 :id:          Integral, unique identifier for the Log entry
-:lastUpdated: Date and time at which the change was made, in :ref:`non-rfc-datetime`
+:lastUpdated: Date and time at which the change was made, in :rfc:`3339` format
 :level:       Log categories for each entry, e.g. 'UICHANGE', 'OPER', 'APICHANGE'
 :message:     Log detail about what occurred
 :ticketNum:   Optional field to cross reference with any bug tracking systems
@@ -91,15 +91,15 @@ Response Structure
 		{
 			"ticketNum": null,
 			"level": "APICHANGE",
-			"lastUpdated": "2018-11-14 21:40:06.493975+00",
+			"lastUpdated": "2018-11-14T21:40:06-06:00",
 			"user": "admin",
 			"id": 444,
 			"message": "User [ test ] unlinked from deliveryservice [ 1 | demo1 ]."
 		},
 		{
 			"ticketNum": null,
 			"level": "APICHANGE",
-			"lastUpdated": "2018-11-14 21:37:30.707571+00",
+			"lastUpdated": "2018-11-14T21:37:30-06:00",
 			"user": "admin",
 			"id": 443,
 			"message": "1 delivery services were assigned to test"

diff --git a/docs/source/api/v5/servers.rst b/docs/source/api/v5/servers.rst
@@ -98,7 +98,7 @@ Response Structure
 :iloIpAddress: The IPv4 address of the server's :abbr:`ILO (Integrated Lights-Out)` service\ [#ilo]_
 :iloIpGateway: The IPv4 gateway address of the server's :abbr:`ILO (Integrated Lights-Out)` service\ [#ilo]_
 :iloIpNetmask: The IPv4 subnet mask of the server's :abbr:`ILO (Integrated Lights-Out)` service\ [#ilo]_
-:iloPassword:  The password of the of the server's :abbr:`ILO (Integrated Lights-Out)` service user\ [#ilo]_ - displays as simply ``******`` if the currently logged-in user does not have the 'admin' or 'operations' :term:`Role(s) <Role>`
+:iloPassword:  The password of the of the server's :abbr:`ILO (Integrated Lights-Out)` service user\ [#ilo]_ - displays as simply ``******`` if the currently logged-in user does not have the SECURE-SERVER:READ permission.
 :iloUsername:  The user name for the server's :abbr:`ILO (Integrated Lights-Out)` service\ [#ilo]_
 :interfaces:   A set of the network interfaces in use by the server. In most scenarios, only one will be present, but it is illegal for this set to be an empty collection.
 
@@ -158,7 +158,7 @@ Response Structure
 :typeId:     The integral, unique identifier of the 'type' of this server
 :updPending: A boolean value which, if ``true``, indicates that the server has updates of some kind pending, typically to be acted upon by Traffic Control Cache Config (:term:`t3c`, formerly ORT)
 :xmppId:     A system-generated UUID used to generate a server hashId for use in Traffic Router's consistent hashing algorithm. This value is set when a server is created and cannot be changed afterwards.
-:xmppPasswd: The password used in XMPP communications with the server
+:xmppPasswd: The password used in XMPP communications with the server - displays as simply ``******`` if the currently logged-in user does not have the SECURE-SERVER:READ permission.
 
 .. code-block:: http
 	:caption: Response Example
@@ -254,7 +254,7 @@ Request Structure
 :iloIpAddress: An optional IPv4 address of the server's :abbr:`ILO (Integrated Lights-Out)` service\ [#ilo]_
 :iloIpGateway: An optional IPv4 gateway address of the server's :abbr:`ILO (Integrated Lights-Out)` service\ [#ilo]_
 :iloIpNetmask: An optional IPv4 subnet mask of the server's :abbr:`ILO (Integrated Lights-Out)` service\ [#ilo]_
-:iloPassword:  An optional string containing the password of the of the server's :abbr:`ILO (Integrated Lights-Out)` service user\ [#ilo]_ - displays as simply ``******`` if the currently logged-in user does not have the 'admin' or 'operations' :term:`Role(s) <Role>`
+:iloPassword:  An optional string containing the password of the of the server's :abbr:`ILO (Integrated Lights-Out)` service user\ [#ilo]_ - displays as simply ``******`` if the currently logged-in user does not have the SECURE-SERVER:READ permission.
 :iloUsername:  An optional string containing the user name for the server's :abbr:`ILO (Integrated Lights-Out)` service\ [#ilo]_
 :interfaces:   A set of the network interfaces in use by the server. In most scenarios, only one will be necessary, but it is illegal for this set to be an empty collection.
 
@@ -302,7 +302,7 @@ Request Structure
 
 :typeId:     The integral, unique identifier of the 'type' of this server
 :xmppId:     A system-generated UUID used to generate a server hashId for use in Traffic Router's consistent hashing algorithm. This value is set when a server is created and cannot be changed afterwards.
-:xmppPasswd: An optional password used in XMPP communications with the server
+:xmppPasswd: An optional password used in XMPP communications with the server - displays as simply ``******`` if the currently logged-in user does not have the SECURE-SERVER:READ permission.
 
 .. code-block:: http
 	:caption: Request Example
@@ -385,7 +385,7 @@ Response Structure
 :iloIpAddress: The IPv4 address of the server's :abbr:`ILO (Integrated Lights-Out)` service\ [#ilo]_
 :iloIpGateway: The IPv4 gateway address of the server's :abbr:`ILO (Integrated Lights-Out)` service\ [#ilo]_
 :iloIpNetmask: The IPv4 subnet mask of the server's :abbr:`ILO (Integrated Lights-Out)` service\ [#ilo]_
-:iloPassword:  The password of the of the server's :abbr:`ILO (Integrated Lights-Out)` service user\ [#ilo]_ - displays as simply ``******`` if the currently logged-in user does not have the 'admin' or 'operations' :abbr:`Role(s) <Role>`
+:iloPassword:  The password of the of the server's :abbr:`ILO (Integrated Lights-Out)` service user\ [#ilo]_ - displays as simply ``******`` if the currently logged-in user does not have the SECURE-SERVER:READ permission.
 :iloUsername:  The user name for the server's :abbr:`ILO (Integrated Lights-Out)` service\ [#ilo]_
 :interfaces:   A set of the network interfaces in use by the server. In most scenarios, only one will be present, but it is illegal for this set to be an empty collection.
 
@@ -445,7 +445,7 @@ Response Structure
 :typeId:     The integral, unique identifier of the 'type' of this server
 :updPending: A boolean value which, if ``true``, indicates that the server has updates of some kind pending, typically to be acted upon by Traffic Control Cache Config (T3C, formerly ORT)
 :xmppId:     A system-generated UUID used to generate a server hashId for use in Traffic Router's consistent hashing algorithm. This value is set when a server is created and cannot be changed afterwards.
-:xmppPasswd: The password used in XMPP communications with the server
+:xmppPasswd: The password used in XMPP communications with the server - displays as simply ``******`` if the currently logged-in user does not have the SECURE-SERVER:READ permission.
 
 .. code-block:: http
 	:caption: Response Example

diff --git a/docs/source/overview/delivery_services.rst b/docs/source/overview/delivery_services.rst
@@ -1036,7 +1036,7 @@ parent.config
 """""""""""""
 The following :term:`Parameters` must have the :ref:`Config File <parameter-config-file>` ``parent.config`` to take effect - even if, strictly speaking, they aren't used to modify the contents of the :abbr:`ATS (Apache Traffic Server)` ``parent.config`` configuration file.
 
-.. seealso:: See the `Apache Traffic Server documentation for parent.config <https://docs.trafficserver.apache.org/en/9.1.x/admin-guide/files/parent.config.en.html>`_ and `their documentation for strategies.yaml <https://docs.trafficserver.apache.org/en/9.1.x/admin-guide/files/strategies.yaml.en.html>`_ for more information on its implementation of parent selection (and in particular Multi-Site Origins).
+.. seealso:: See the `Apache Traffic Server documentation for parent.config <https://docs.trafficserver.apache.org/en/9.2.x/admin-guide/files/parent.config.en.html>`_ and `their documentation for strategies.yaml <https://docs.trafficserver.apache.org/en/9.2.x/admin-guide/files/strategies.yaml.en.html>`_ for more information on its implementation of parent selection (and in particular Multi-Site Origins).
 
 
 - ``try_all_primaries_before_secondary`` - on a Delivery Service :term:`Profile`, if this exists, try all "primary parents" before "failing over" to "secondary parents", which may be ideal if objects are unlikely to be in cache. The default behavior is to immediately fail to a secondary, which is ideal if objects are likely to be in cache, as the first consistent-hashed "secondary parent" will be the "primary parent" in its own :term:`Cache Group` and therefore receive requests for that object from clients near its own :term:`Cache Group`.
@@ -1066,17 +1066,17 @@ The following :term:`Parameters` must have the :ref:`Config File <parameter-conf
 
 Parameters that Affect Multi-Site Origin and Parent Down Behavior
 '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
-Each :term:`Parameter` directly corresponds to a field in a line of the :abbr:`ATS (Apache Traffic Server)` `parent.config file <https://docs.trafficserver.apache.org/en/9.1.x/admin-guide/files/parent.config.en.html>`_ (usually by almost the same name), and documentation for these fields is provided in the form of links to their entries in the :abbr:`ATS (Apache Traffic Server)` documentation.
-
-.. _round_robin: https://docs.trafficserver.apache.org/en/9.1.x/admin-guide/files/parent.config.en.html#parent-config-format-round-robin
-.. _max_simple_retries: https://docs.trafficserver.apache.org/en/9.1.x/admin-guide/files/parent.config.en.html#parent-config-format-max-simple-retries
-.. _max_unavailable_server_retries: https://docs.trafficserver.apache.org/en/9.1.x/admin-guide/files/parent.config.en.html#parent-config-format-max-unavailable-server-retries
-.. _parent_retry: https://docs.trafficserver.apache.org/en/9.1.x/admin-guide/files/parent.config.en.html#parent-config-format-parent-retry
-.. _unavailable_server_retry_responses: https://docs.trafficserver.apache.org/en/9.1.x/admin-guide/files/parent.config.en.html#parent-config-format-unavailable-server-retry-responses
-.. _simple_server_retry_responses: https://docs.trafficserver.apache.org/en/9.1.x/admin-guide/files/parent.config.en.html#parent-config-format-simple-server-retry-responses
-.. _parent.config: https://docs.trafficserver.apache.org/en/9.1.x/admin-guide/files/parent.config.en.html
-.. _parent: https://docs.trafficserver.apache.org/en/9.1.x/admin-guide/files/parent.config.en.html#parent-config-format-parent
-.. _secondary_parent: https://docs.trafficserver.apache.org/en/9.1.x/admin-guide/files/parent.config.en.html#parent-config-format-secondary-parent
+Each :term:`Parameter` directly corresponds to a field in a line of the :abbr:`ATS (Apache Traffic Server)` `parent.config file <https://docs.trafficserver.apache.org/en/9.2.x/admin-guide/files/parent.config.en.html>`_ (usually by almost the same name), and documentation for these fields is provided in the form of links to their entries in the :abbr:`ATS (Apache Traffic Server)` documentation.
+
+.. _round_robin: https://docs.trafficserver.apache.org/en/9.2.x/admin-guide/files/parent.config.en.html#parent-config-format-round-robin
+.. _max_simple_retries: https://docs.trafficserver.apache.org/en/9.2.x/admin-guide/files/parent.config.en.html#parent-config-format-max-simple-retries
+.. _max_unavailable_server_retries: https://docs.trafficserver.apache.org/en/9.2.x/admin-guide/files/parent.config.en.html#parent-config-format-max-unavailable-server-retries
+.. _parent_retry: https://docs.trafficserver.apache.org/en/9.2.x/admin-guide/files/parent.config.en.html#parent-config-format-parent-retry
+.. _unavailable_server_retry_responses: https://docs.trafficserver.apache.org/en/9.2.x/admin-guide/files/parent.config.en.html#parent-config-format-unavailable-server-retry-responses
+.. _simple_server_retry_responses: https://docs.trafficserver.apache.org/en/9.2.x/admin-guide/files/parent.config.en.html#parent-config-format-simple-server-retry-responses
+.. _parent.config: https://docs.trafficserver.apache.org/en/9.2.x/admin-guide/files/parent.config.en.html
+.. _parent: https://docs.trafficserver.apache.org/en/9.2.x/admin-guide/files/parent.config.en.html#parent-config-format-parent
+.. _secondary_parent: https://docs.trafficserver.apache.org/en/9.2.x/admin-guide/files/parent.config.en.html#parent-config-format-secondary-parent
 
 .. _ds-mso-parameters:
 
@@ -1113,7 +1113,7 @@ The above :term:`Parameters` are supported for ``first``, ``inner`` and ``last``
 	The `parent_retry` parameters are now inferred from the `simple retry` and `unavailable server retry` parameters. To disable "simple retries" for a :term:`Profile`, set the Value of its ``max_simple_retries`` :term:`Parameter` to ``0``, and the Value of its ``max_simple_retry_responses`` :term:`Parameter` to an empty string. "Unavailable server retries" may disabled in much the same way, using the analogous :term:`Parameters`.
 
 .. impl-detail:: With Apache Traffic Server 8.1.x the ``simple_retry_response_codes`` setting is not available.
-.. impl-detail:: With Apache Traffic Server 9.1.x ``unavailable_server_retry_response_codes`` are limited to 5xx responses and ``simple_retry_response_codes`` are limited to 4xx.
+.. impl-detail:: With Apache Traffic Server 9.2.x ``unavailable_server_retry_response_codes`` are limited to 5xx responses and ``simple_retry_response_codes`` are limited to 4xx.
 .. impl-detail:: Apache Traffic Server 9.2.x allows more flexibility with 4xx and 5xx codes available for use with ``simple_retry_response_codes``.
 
 .. seealso:: To see how the :ref:`Values <parameter-value>` of these Parameters are interpreted, refer to the `Apache Traffic Server documentation on the parent.config configuration file <https://docs.trafficserver.apache.org/en/7.1.x/admin-guide/files/parent.config.en.html>`_

diff --git a/go.mod b/go.mod
@@ -53,6 +53,7 @@ require (
 	golang.org/x/sys v0.8.0
 	gopkg.in/DATA-DOG/go-sqlmock.v1 v1.3.0
 	gopkg.in/yaml.v2 v2.4.0
+	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (