clair
clair copied to clipboard
quay
httptransport: GET vuln report returns 404 when indexing in-progress
For issue https://github.com/quay/clair/issues/1962
GET /matcher/api/v1/vulnerability_report/<digest> returns HTTP404 when the index report is not complete, instead of a partial vulnerability report based on whatever is present in the index
This doesn't distinguish between in-progress states (a later request will likely be successful) and the final error state IndexError (a later request will likely still be unsuccessful). I'm not sure what would be preferred - HTTP404? HTTP500 with some error body?
@crozzy sorry for the bump - just checking if this PR has been overlooked?
@crozzy sorry for the bump - just checking if this PR has been overlooked?
Sorry @frostmar it had indeed fallen through the cracks
Thinking through re-indexing, will there be a situation where the report is 200OK then is being re-indexed so will be 404Not Found the 200OK again?
I think that will happen, from the user's point of view the vuln report seems to be unavailable for a brief period.
That's pretty much true, however. While (re-)indexing is in progress, there is no valid index report to base a vuln report on, so better to say it's unavailable than give an incorrect one?
As a future extension, there could be a new response instead of HTTP404, to communicate "come back shortly", used when we know we ought to have a completed vuln report available shortly (as indexing is in progress, but hasn't completed) .... but this seems like an edge case that few will benefit from.
Thanks for the updates, I think it seems like an improvement, @hdonnay is there a situation with clients where you could see this being a problem?
@frostmar looks like you checked in a .vscode file
@crozzy / @hdonnay I'm hoping this can make the next release of Clair, if it looks OK to you now?