[MXS-3970] Wrong HTTP status code returned on switchover failure Created: 2022-01-28 Updated: 2022-04-05 Resolved: 2022-01-31 |
|
| Status: | Closed |
| Project: | MariaDB MaxScale |
| Component/s: | REST-API |
| Affects Version/s: | 6.2.1 |
| Fix Version/s: | 22.08.0 |
| Type: | Bug | Priority: | Minor |
| Reporter: | Assen Totin (Inactive) | Assignee: | markus makela |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Description |
|
We attempted to run a switchover on a master/slave cluster via the mariadbmon. The cluster was in a bit of unexpected (to MaxScale at least) sate, so it rejected the switchover. However, when doing this, MaxScale returned HTTP code 403 Forbidden which is incorrect. The HTTP specs clearly say that 403 should only be used for authentication or authorisation failures that cannot be remedied. Since MaxScale rejected our command due to its state (andnot due to wrong credentials or insufficient access permissions), it should have replied probably with 409 "Conflict" ("Indicates that the request could not be processed because of conflict in the current state of the resource"). As a last resort, 400 "Bad request" could be used whenever a more suitable HTTP code does not exist. This issue may well affect other parts of MaxScale - we accidentally stumbled on this particular one and did not investigate its behaviour deeper. It should be noted that the short name of an HTTP code could be misleading. Always check the full description (e.g, 406 "Not acceptable" does not mean that the request cannot be accepted due to some general error, but specifically because it would be properly fulfilled, producing an output that does not match the Accept header of the request). Wikipedia has a good reference on HTTP codes: Error as printed by maxctrl:
After we fixed the cluster state to match MaxScale's expectations, the very same switchover command succeeded, once again confirming that 403 was inappropriate code to use. |
| Comments |
| Comment by markus makela [ 2022-01-31 ] |
|
The HTTP 403 error is currently the default error it returns whenever a more specific one is not provided. This could be swapped to HTTP 400 as it technically describes the situation better: an attempt to do an "illegal" switchover is a client error and could certainly be considered a Bad Request. I'd prefer using HTTP 400 over HTTP 409 for this as the former more accurately describes the situation. Here's an excerpt from the Mozilla documentation:
Since the request to promote the server in the current configuration (MaxScale + the cluster it uses) is always wrong and would never succeed as MaxScale actively refuses it. At least to me a conflict would indicate that it might have succeeded but didn't due to some, possibly external, reason. In addition to this, the way the monitor commands are currently called do not allow custom HTTP error codes to be returned as they outside of the whole REST API. This means that regardless of the real reason why a command failed, the response will always have the same code. This could be improved to at least indicate whether it is a client-side or a server-side error. |
| Comment by markus makela [ 2022-01-31 ] |
|
Switched from 403 to 400 responses for all generic errors. |