https://lakefs.io/ logo
#help
Title
# help
c

Cristian Caloian

01/30/2023, 2:08 PM
Hi, I thought I should ask the question here before I open an issue. When I try to create a policy that already exists, a new policy gets created successfully (updated
creation_date
and status
201
). I am using same id and policy statement. This happens both when using the
lakectl
api
0.55.0
, the Golang api
v0.89.0
, and
curl
. I expected to get a
409
status code, as described in the API. Is this intended behaviour? Thanks!
e

Elad Lachmi

01/30/2023, 2:14 PM
Hi @Cristian Caloian I remember coming across this issue a while back Give me a moment to look for it
lakefs 1
@Cristian Caloian I'm sorry for the delayed response I found several related issues (most recent) and took some time to read through them and parse all the related changes as well as try to repro the issue locally
When trying this locally using
curl
, I get an HTTP status 409 with an "Already exists" message in the body, which would be the expected behavior
Copy code
$ curl -v '<http://127.0.0.1:8000/api/v1/auth/policies>' \                                                                                                                                                             
  -H 'Cookie: XXXX' \
  -H 'accept: application/json' \
  -H 'content-type: application/json' \
  --data-raw '{"statement":[{"action":["fs:List*","fs:Read*"],"effect":"allow","resource":"*"}],"id":"test"}' \
  --compressed
*   Trying 127.0.0.1:8000...
* Connected to 127.0.0.1 (127.0.0.1) port 8000 (#0)
> POST /api/v1/auth/policies HTTP/1.1
> Host: 127.0.0.1:8000
> User-Agent: curl/7.79.1
> Accept-Encoding: deflate, gzip
> Cookie: XXXX
> accept: application/json
> content-type: application/json
> Content-Length: 94
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 409 Conflict
< Content-Type: application/json
< X-Content-Type-Options: nosniff
< X-Request-Id: f38f22b0-d6d8-4905-8d66-a33ecc4ba136
< Date: Mon, 30 Jan 2023 16:44:20 GMT
< Content-Length: 29
<
{"message":"Already exists"}
lakeFS
0.89.0
was released recently I'd suspect maybe the version of
lakectl
doesn't support the separation between endpoints for create/update, but if you're seeing the same behavior with using
curl
directly, that probably rules that out
Are you able to share details re your specific setup and perhaps the
curl
command you tried so I can further investigate?
c

Cristian Caloian

01/31/2023, 2:41 PM
Hi @Elad Lachmi I am using a similar
curl
command as you pasted above. Do you think I get this behaviour because our version of LakeFS is
0.61.0
?
e

Elad Lachmi

01/31/2023, 2:44 PM
Hi Oh, you're on version
0.61.0
? For some reason I thought you wrote you were on version
0.89.0
Let me check when that was released vs. when the fix commit was done One moment
Sorry for the confusion
c

Cristian Caloian

01/31/2023, 2:45 PM
It was the LakeFS Golang API that was on version
0.89.0
. It is my bad, I should’ve make it clear. The deployed LakeFS server is
0.61.0
.
e

Elad Lachmi

01/31/2023, 2:46 PM
Yeah, so
0.61.0
was released before this fix
The fix was first included in
0.83.3
dancing lakefs 1
c

Cristian Caloian

01/31/2023, 2:48 PM
Okay, that explains it. I am looking at the code for that version now and it seems that it was the intended behaviour.
Okay. In this case I am handling it manually by checking if the policy exists. I will test it out on the new deployment, but it seems that it will work as expected (fail with Conflict status code if policy exists).
I have one more question regarding the Golang API. I see there are two directories
api
and
auth
. But
api
contains all the functionality for
/auth
endpoints. Is it okay to use only code from
api
?
e

Elad Lachmi

01/31/2023, 2:52 PM
I think that's the logical behavior I feel that's what I'd expect the result to be, once create and update were separated, while having create and update on the same endpoint and HTTP verb is looking for trouble 🙂
I believe using
api
is the way to go, but I'm not in all of the details of this area of the code base, so let me check that for you I'll reach out to a colleague, so it may take a few minutes I'll let you know as soon as I have an update
👍 1
c

Cristian Caloian

01/31/2023, 2:58 PM
Here are the specifications I am talking about, just in case.
e

Elad Lachmi

01/31/2023, 3:08 PM
Ok, so the
auth
spec is for use with an external API It only defines the contract and leaves to the API all of the implementation details - would be very hard to implement an API that will provide the built-in functionality The mirrored endpoints in the lakeFS spec are what's implemented inside of lakeFS, so that would probably be the way to go
c

Cristian Caloian

01/31/2023, 6:17 PM
Great! Thanks for clarification!
e

Elad Lachmi

01/31/2023, 6:28 PM
Sure, np Feel free to reach out if you have any other questions
🙌 1