Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

httptransport: GET vuln report returns 404 when indexing in-progress #1963

Merged
merged 1 commit into from
Mar 12, 2024
Merged

httptransport: GET vuln report returns 404 when indexing in-progress #1963

merged 1 commit into from
Mar 12, 2024

Conversation

frostmar
Copy link
Contributor

For issue #1962

GET /matcher/api/v1/vulnerability_report/<digest> returns HTTP404 when the index report is not complete, instead of a partial vulnerability report based on whatever is present in the index

This doesn't distinguish between in-progress states (a later request will likely be successful) and the final error state IndexError (a later request will likely still be unsuccessful). I'm not sure what would be preferred - HTTP404? HTTP500 with some error body?

@frostmar frostmar requested a review from a team as a code owner January 29, 2024 16:41
@frostmar frostmar requested review from crozzy and removed request for a team January 29, 2024 16:41
@app-sre-bot
Copy link
Collaborator

Can one of the admins verify this patch?

@frostmar
Copy link
Contributor Author

@crozzy sorry for the bump - just checking if this PR has been overlooked?

crozzy
crozzy reviewed Feb 16, 2024
View reviewed changes
Copy link
Collaborator

@crozzy crozzy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is a good idea. Thinking through re-indexing, will there be a situation where the report is 200OK then is being re-indexed so will be 404Not Found the 200OK again?

httptransport/matcher_v1.go
@@ -12,6 +12,7 @@ import (

"github.com/google/uuid"
"github.com/quay/claircore"
indexerController "github.com/quay/claircore/indexer/controller"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wouldn't bother with the alias here.

httptransport/matcher_v1.go
// now check bool only after confirming no err
if !ok {
// now check present and finished only after confirming no err
if !ok || indexReport.State != indexerController.IndexFinished.String() {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit but it might be nicer to compare the state types as opposed to the strings:

var state controller.State
state.FromString(indexReport.State)
if !ok || state != controller.IndexFinished {
...

@crozzy
Copy link
Collaborator

crozzy commented Feb 16, 2024

@crozzy sorry for the bump - just checking if this PR has been overlooked?

Sorry @frostmar it had indeed fallen through the cracks

@frostmar frostmar requested a review from crozzy February 20, 2024 11:58
@frostmar
Copy link
Contributor Author

frostmar commented Feb 20, 2024
edited
Loading

Thinking through re-indexing, will there be a situation where the report is 200OK then is being re-indexed so will be 404Not Found the 200OK again?

I think that will happen, from the user's point of view the vuln report seems to be unavailable for a brief period.

That's pretty much true, however. While (re-)indexing is in progress, there is no valid index report to base a vuln report on, so better to say it's unavailable than give an incorrect one?

As a future extension, there could be a new response instead of HTTP404, to communicate "come back shortly", used when we know we ought to have a completed vuln report available shortly (as indexing is in progress, but hasn't completed) .... but this seems like an edge case that few will benefit from.

@frostmar frostmar force-pushed the 1962-incomplete-index-rpt branch from 5bf85e1 to 43282ce Compare February 20, 2024 12:04
@crozzy
Copy link
Collaborator

crozzy commented Feb 20, 2024

Thanks for the updates, I think it seems like an improvement, @hdonnay is there a situation with clients where you could see this being a problem?

@frostmar looks like you checked in a .vscode file

@frostmar frostmar force-pushed the 1962-incomplete-index-rpt branch from 43282ce to e24c65d Compare February 21, 2024 09:47
@frostmar
Copy link
Contributor Author

... checked in a .vscode file

Sorry, sorted now

@frostmar frostmar force-pushed the 1962-incomplete-index-rpt branch from 429b560 to 7e4648d Compare February 21, 2024 11:16
@frostmar
Copy link
Contributor Author

@crozzy / @hdonnay I'm hoping this can make the next release of Clair, if it looks OK to you now?

@frostmar
Copy link
Contributor Author

@crozzy / @hdonnay bump - can I do anything to progress this please?

crozzy
crozzy previously approved these changes Mar 12, 2024
View reviewed changes
@crozzy crozzy force-pushed the 1962-incomplete-index-rpt branch from 7e4648d to 546fedc Compare March 12, 2024 17:17
@crozzy crozzy self-requested a review March 12, 2024 17:21
crozzy
crozzy approved these changes Mar 12, 2024
View reviewed changes
Copy link
Collaborator

@crozzy crozzy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@crozzy crozzy merged commit df348dc into quay:main Mar 12, 2024
7 checks passed
@frostmar frostmar deleted the 1962-incomplete-index-rpt branch March 12, 2024 17:25
@frostmar frostmar mentioned this pull request Nov 14, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@crozzy crozzy crozzy approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@frostmar @app-sre-bot @crozzy