hip between each zone and RR type. There are
> two sites I use for this:
>
> http://dnsviz.net/
> http://dnssec-debugger.verisignlabs.com/
>
> ..these sites will help you identify why DNSSEC validation might be
> failing, which manifests only as a SERVFAIL at the client side,
Hello dev list.
To avoid DNS cache pollusion, I would like to use DNSSEC, so that TR sign
cdn- domain A records.
The docs say that this feafure is only available for DNS based delivery
services.
My delivery services are HTTP.
I would like to understand what are the gaps to fill in order to have
Hi,
I am trying to install TC 2.1 on Centos 6.7.
The RPM was built from master using the Vagrant build framework.
I had some dependency issues around cpanm and carton and I had to manually
install cpanm and upgrade Parse::CPAN::Meta before I managed to
successfully run Carton and install Perl depe
2. I may have missed it, but how is the route from the Gateway to TO
> > > secured?
> > >
> > > On Fri, May 12, 2017 at 8:41 AM David Neuman >
> > > wrote:
> > >
> > >> +1 on keeping in on the mailing list
> > >>
> > >
> https://cwiki.apache.org/confluence/display/TC/API+Gateway
> >
> > Jeremy
> >
> > On Thu, May 11, 2017 at 2:14 PM, Amir Yeshurun wrote:
> >
> > > Hi Jeremy,
> > > Note that attachments seems to be stripped off on this list and the
> image
gt; > > accepted
>> > > > > >> by
>> > > > > >>>> all Traffic Ops microservices, with no database
>> authentication.
>> > > > > >>>>
>> > > > > >>>> It's a common misconception that JWT allows you aut
te:
>
> $r->get("/internal/api/$version/cdns/dnsseckeys/refresh")->to(
> 'Cdn#dnssec_keys_refresh', namespace => $namespace );
>
> 2 unauthenticated traffic stats routes:
>
> $r->get("internal/api/$version/daily_summary")->to(
>
t; >> checks the token against the auth service (which may also be proxied),
> > and
> > >> redirects unauthorized requests to a login endpoint (which may also be
> > >> proxied).
> > >>
> > >> The TO service (and any other s
keys","auth": { "GET":
["cdn-security-keys-read"] }},
{ "match": "/cdns/name/[^\/]+/dnsseckeys/delete", "auth": { "GET":
["cdn-security-keys-write"] }},
{ "match": "/cdns/[^\/]+
Attached please find examples for forwarding rules file (rules.json) and
the authorization rules file (traffic-ops-routes.json)
On Sun, May 7, 2017 at 10:39 AM Amir Yeshurun wrote:
> Hi all,
>
> I am about to submit a PR with a first operational version of the API GW,
> to the &
Hi all,
I am about to submit a PR with a first operational version of the API GW,
to the "experimental" code base.
The API GW forwarding logic is as follow:
1. Find host to forward the request: Prefix match on the request path
against a list of forwarding rules. The matched forwarding rule
It seems that with Nir's approach there is no problem to enforce a size
limit on historical data
On Fri, Apr 14, 2017 at 4:07 PM Eric Friedrich (efriedri) <
efrie...@cisco.com> wrote:
> I think this sounds good Nir.
>
> Its not so much the size that is the main concern. Rather, people tend to
> h
Re documentation - yes, there is no problem to share the JWT structure. The
list of capability names is also part of TO API
On Mon, Apr 3, 2017, 6:43 PM Eric Friedrich (efriedri)
wrote:
> Thanks Amir-
> > On Apr 3, 2017, at 11:03 AM, Amir Yeshurun wrote:
> >
> > Hi Eric
party service should return a JWT that contains the user's capabilities.
>
>
> —Eric
>
>
>
> > On Apr 2, 2017, at 8:44 AM, Amir Yeshurun wrote:
> >
> > Hi,
> >
> > This email relates to an the API GW and to the new AAA model that are
>
Hi,
This email relates to an the API GW and to the new AAA model that are under
development for post 2.0 TC.
The purpose is to explain how new AAA model and existing AAA model live
together then using the new API GW.
Currently TO handles Authentication and Authorization.
Authentication is handle
+1 for choosing a versioning philosophy
On Mon, Mar 27, 2017 at 5:15 PM Dewayne Richardson
wrote:
> Yes, the versioning wasn't consistent because we switched out the database
> to Postgres which had several impacts to the API. The issue with API routes
> being too granular in the versioning is t
With the API GW, such duplications, or modifications can be defined in the
GW, if required, instead of in TO
On Thu, Mar 16, 2017, 5:52 PM Jan van Doorn wrote:
> We should also think about the API gateway future I think with that, we
> don't need these special routes at all anymore, right Am
ave some internal tools floating around to do some of that, but
> nothing available publicly (or ready for public consumption). I would
> definitely be in favor of adding some of those things to the project.
>
> On Fri, Jan 27, 2017 at 6:25 AM, Amir Yeshurun wrote:
>
> > Thanks
ccontrol/blob/master/traffic_monitor/etc/ats_sim.js
> which you can use with a Traffic Monitor to simulate traffic monitor
> polling caches and sending responses.
> Hopefully that helps.
>
> Thanks,
> Dave
>
> On Thu, Jan 26, 2017 at 7:37 AM, Amir Yeshurun wrote:
>
> > Hi,
>
Hi,
I'm running a local instance of TO, and debugging the CDN health API route
/api/1.2/cdns/health
In order to report the CDN health, TO need to read cache status from
Traffic Monitor, which in turn, has to collect status from the caches.
I am looking for a way to create a dev setup on which I
20 matches
Mail list logo