https://lakefs.io/ logo
Powered by
Title
c

Cristian Caloian

01/30/2023, 2:08 PM
Hi, I thought I should ask the question here before I open an issue. When I try to create a policy that already exists, a new policy gets created successfully (updated 
creation_date
and status 
201
). I am using same id and policy statement. This happens both when using the 
lakectl
api 
0.55.0
, the Golang api 
v0.89.0
, and 
curl
. I expected to get a 
409
status code, as described in the API. Is this intended behaviour? Thanks!
e

Elad Lachmi

01/30/2023, 2:14 PM
Hi @Cristian Caloian I remember coming across this issue a while back Give me a moment to look for it
:lakefs: 1
@Cristian Caloian I'm sorry for the delayed response I found several related issues (most recent) and took some time to read through them and parse all the related changes as well as try to repro the issue locally
When trying this locally using 
curl
, I get an HTTP status 409 with an "Already exists" message in the body, which would be the expected behavior 
$ curl -v '<http://127.0.0.1:8000/api/v1/auth/policies>' \                                                                                                                                                             
  -H 'Cookie: XXXX' \
  -H 'accept: application/json' \
  -H 'content-type: application/json' \
  --data-raw '{"statement":[{"action":["fs:List*","fs:Read*"],"effect":"allow","resource":"*"}],"id":"test"}' \
  --compressed
*   Trying 127.0.0.1:8000...
* Connected to 127.0.0.1 (127.0.0.1) port 8000 (#0)
> POST /api/v1/auth/policies HTTP/1.1
> Host: 127.0.0.1:8000
> User-Agent: curl/7.79.1
> Accept-Encoding: deflate, gzip
> Cookie: XXXX
> accept: application/json
> content-type: application/json
> Content-Length: 94
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 409 Conflict
< Content-Type: application/json
< X-Content-Type-Options: nosniff
< X-Request-Id: f38f22b0-d6d8-4905-8d66-a33ecc4ba136
< Date: Mon, 30 Jan 2023 16:44:20 GMT
< Content-Length: 29
<
{"message":"Already exists"}
lakeFS 
0.89.0
was released recently I'd suspect maybe the version of 
lakectl
doesn't support the separation between endpoints for create/update, but if you're seeing the same behavior with using 
curl
directly, that probably rules that out
Are you able to share details re your specific setup and perhaps the 
curl
command you tried so I can further investigate?
c

Cristian Caloian

01/31/2023, 2:41 PM
Hi @Elad Lachmi I am using a similar 
curl
command as you pasted above. Do you think I get this behaviour because our version of LakeFS is 
0.61.0
?
e

Elad Lachmi

01/31/2023, 2:44 PM
Hi Oh, you're on version 
0.61.0
? For some reason I thought you wrote you were on version 
0.89.0
Let me check when that was released vs. when the fix commit was done One moment
Sorry for the confusion
c

Cristian Caloian

01/31/2023, 2:45 PM
It was the LakeFS Golang API that was on version 
0.89.0
. It is my bad, I should’ve make it clear. The deployed LakeFS server is 
0.61.0
.
e

Elad Lachmi

01/31/2023, 2:46 PM
Yeah, so 
0.61.0
was released before this fix
The fix was first included in 
0.83.3
:dancing_lakefs: 1
c

Cristian Caloian

01/31/2023, 2:48 PM
Okay, that explains it. I am looking at the code for that version now and it seems that it was the intended behaviour.
Okay. In this case I am handling it manually by checking if the policy exists. I will test it out on the new deployment, but it seems that it will work as expected (fail with Conflict status code if policy exists).
I have one more question regarding the Golang API. I see there are two directories 
api
and 
auth
. But 
api
contains all the functionality for 
/auth
endpoints. Is it okay to use only code from 
api
?
e

Elad Lachmi

01/31/2023, 2:52 PM
I think that's the logical behavior I feel that's what I'd expect the result to be, once create and update were separated, while having create and update on the same endpoint and HTTP verb is looking for trouble 🙂
I believe using 
api
is the way to go, but I'm not in all of the details of this area of the code base, so let me check that for you I'll reach out to a colleague, so it may take a few minutes I'll let you know as soon as I have an update
👍 1
c

Cristian Caloian

01/31/2023, 2:58 PM
Here are the specifications I am talking about, just in case.
e

Elad Lachmi

01/31/2023, 3:08 PM
Ok, so the 
auth
spec is for use with an external API It only defines the contract and leaves to the API all of the implementation details - would be very hard to implement an API that will provide the built-in functionality The mirrored endpoints in the lakeFS spec are what's implemented inside of lakeFS, so that would probably be the way to go
c

Cristian Caloian

01/31/2023, 6:17 PM
Great! Thanks for clarification!
e

Elad Lachmi

01/31/2023, 6:28 PM
Sure, np Feel free to reach out if you have any other questions
🙌 1
#helpJoin Slack
Powered by