Skip to content
This repository was archived by the owner on Nov 24, 2025. It is now read-only.
This repository was archived by the owner on Nov 24, 2025. It is now read-only.

TO /api/4.0/servers/:hostname/update should allow setting config_apply_time and revalidate_apply_time even if user doesn't have the lock #7047

Closed
#7065
Closed
TO /api/4.0/servers/:hostname/update should allow setting config_apply_time and revalidate_apply_time even if user doesn't have the lock#7047
#7065
Assignees
shamrickus
Labels
Traffic Opsrelated to Traffic Opsbugsomething isn't working as intended
@rawlinp

Description

@rawlinp
rawlinp
opened on Aug 30, 2022

This Bug Report affects these Traffic Control components:

  • Traffic Ops

Current behavior:

If a CDN is locked and a user tries to call POST /api/4.0/servers/:hostname/update with the query parameters config_apply_time or revalidate_apply_time for a server in that CDN but the user doesn't hold the lock, TO denies the request with a 403.

Expected behavior:

The aforementioned call should not return a 403 if the query parameters config_apply_time or revalidate_apply_time are used. This would allow caches to un-queue themselves after applying updates/revalidations even if the CDN is locked.

Steps to reproduce:

As user A, lock the CDN. As user B, attempt to make the aforementioned request and observe the 403.

Metadata

Metadata

Assignees

Labels

Traffic Opsrelated to Traffic Opsbugsomething isn't working as intended

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions