Project

General

Profile

Actions

Bug #15938

open

[API] requesting collections via POST with _method=GET returns one result

Added by Lucas Di Pentima about 5 years ago. Updated 10 months ago.

Status:
New
Priority:
Normal
Assigned To:
-
Category:
API
Target version:
Story points:
-
Release:
Release relationship:
Auto

Description

While working on #15672, I realized that WB2 when asking for favorite objects uses POST with _method=GET because to overcome some cases when there's a lot of filter data.

When doing this to fetch favorite collections, the result it gets from the API server isn't a resource list but a single (and seemingly random) collection object. The other kinds of objects work fine: links, container requests, etc.

I've been able to get a minimal test case using curl against my local arvbox, removing all the filtering the problem keeps happening:

$ curl 'https://192.168.1.125:8000/arvados/v1/collections' -H 'Authorization: Bearer <arvados_token>' -H 'Content-Type: multipart/form-data' --data-binary $'Content-Disposition: form-data; name="_method"\r\n\r\nGET\r\n'

...which results in:

{"created_at":"2019-12-17T14:04:47.628389607Z","delete_at":null,"etag":"9whksbxjumb7wzsrxn7kygal7","is_trashed":false,"kind":"arvados#collection","manifest_text":"","modified_at":"2019-12-17T14:04:47.628648000Z","modified_by_client_uuid":"xzky2-ozdt8-bz5croxbsshueoi","modified_by_user_uuid":"xzky2-tpzed-x8ebto05d30uwzv","name":"","owner_uuid":"xzky2-tpzed-x8ebto05d30uwzv","portable_data_hash":"d41d8cd98f00b204e9800998ecf8427e+0","properties":{},"replication_confirmed":null,"replication_confirmed_at":null,"replication_desired":null,"storage_classes_confirmed":[],"storage_classes_confirmed_at":"0001-01-01T00:00:00.000000000Z","storage_classes_desired":["default"],"trash_at":null,"unsigned_manifest_text":"","uuid":"xzky2-4zz18-4fv6i2lo4c0r8xv"}
Actions #1

Updated by Lucas Di Pentima about 5 years ago

I've connected to the arvbox instance's shell to repeat the curl command but pointing to the RailsAPI URL directly and it seems that we can rule out the controller, as I'm getting the same kind of answer.

Actions #2

Updated by Lucas Di Pentima about 5 years ago

From chat with Tom: It seems that's a controller issue. The previous curl command wasn't working right, the following works OK when directed to RailsAPI but doesn't when directed to the controller:

$ curl 'https://192.168.1.125:8000/arvados/v1/collections' -H 'Authorization: Bearer <arvados_token>' -X POST --form _method=GET
{"created_at":"2019-12-17T15:05:39.799414569Z","delete_at":null,"etag":"5oczjccml48kmdefga4wwckpi","is_trashed":false,"kind":"arvados#collection","manifest_text":"","modified_at":"2019-12-17T15:05:39.799746000Z","modified_by_client_uuid":"xzky2-ozdt8-bz5croxbsshueoi","modified_by_user_uuid":"xzky2-tpzed-x8ebto05d30uwzv","name":"","owner_uuid":"xzky2-tpzed-x8ebto05d30uwzv","portable_data_hash":"d41d8cd98f00b204e9800998ecf8427e+0","properties":{},"replication_confirmed":null,"replication_confirmed_at":null,"replication_desired":null,"storage_classes_confirmed":[],"storage_classes_confirmed_at":"0001-01-01T00:00:00.000000000Z","storage_classes_desired":["default"],"trash_at":null,"unsigned_manifest_text":"","uuid":"xzky2-4zz18-ycw0esohlc09yqd"}
Actions #3

Updated by Lucas Di Pentima about 5 years ago

The arvbox instance is running from 8eda8735d7a36f3752f1d426cad1fb0002b30cca

Actions #4

Updated by Tom Clegg about 5 years ago

According to https://doc.arvados.org/master/api/requests.html: "As a special case, a POST with the query parameter _method=GET will be treated as a GET request." Setting _method=GET in a form in the request body isn't documented/supported. It seems like RailsAPI accepts it, but controller doesn't. If wb2 is the first client to rely on this (which seems to be the case) I'd prefer to fix wb2 rather than add support in controller.

Actions #5

Updated by Lucas Di Pentima about 5 years ago

I'm fixing WB2 to use POST only when necessary, and testing it with _method=GET on the query string I'm seeing that workflows and groups (and maybe others) behave just like the case of collections with _method=GET passed as form data. OTOH, collections works OK when passing _method=GET on the query string.
Update: Tried both groups and collections directly against RailsAPI passing _method=GET by query string and both behaved incorrectly:

root@4e64c83a032c:/# curl 'http://localhost:8004/arvados/v1/groups?_method=GET' -H 'Authorization: Bearer <arvados_token>' -X POST | jq .
{
  "href": "/groups/xzky2-j7d0g-7klhj19sj4ge3vc",
  "kind": "arvados#group",
  "etag": "dwic0qvb99sggga1hpkpj9uvd",
  "uuid": "xzky2-j7d0g-7klhj19sj4ge3vc",
  "owner_uuid": "xzky2-tpzed-x8ebto05d30uwzv",
  "created_at": "2019-12-17T17:51:29.298287957Z",
...
}

Then, I tried both collections and groups passing _method=GET via form directly to RailsAPI, both behaved correctly:

root@4e64c83a032c:/# curl 'http://localhost:8004/arvados/v1/groups' -H 'Authorization: Bearer <arvados_token>' -X POST --form _method=GET | jq .
{
  "kind": "arvados#groupList",
  "etag": "",
  "self_link": "",
  "offset": 0,
  "limit": 100,
  "items": [
    {
      "href": "/groups/xzky2-j7d0g-dvervkeoynqhj2i",
      "kind": "arvados#group",
      "etag": "4t3tgop246205ddlw6b5gljbo",
      "uuid": "xzky2-j7d0g-dvervkeoynqhj2i",
      "owner_uuid": "xzky2-tpzed-x8ebto05d30uwzv",
      "created_at": "2019-12-17T17:53:32.277488000Z",
      "modified_by_client_uuid": "xzky2-ozdt8-bz5croxbsshueoi",
      "modified_by_user_uuid": "xzky2-tpzed-x8ebto05d30uwzv",
...
}
Actions #6

Updated by Peter Amstutz almost 2 years ago

  • Release set to 60
Actions #7

Updated by Peter Amstutz 10 months ago

  • Target version set to Future
Actions

Also available in: Atom PDF