flatcar
Return proper status code when attempting to upload a duplicate package
Current situation
When testing the package metadata upload via the API, We receive 500 Internal Server Error. Initially it was assumed this was due to an invalid token, but eventually discovered the error was caused by attempting to upload a package that already exists.
Currently, this results in a 500 response due to a database constraint violation:
ERROR: duplicate key value violates unique constraint "package_appid_version_arch_unique" (SQLSTATE 23505)
Impact
The current behavior is misleading. A 500 error suggests a server-side issue, but in reality, it's a client-side mistake (duplicate package upload). This can lead to confusion, unnecessary debugging, and delays in troubleshooting.
Ideal future situation
Instead of returning a 500, the API should return a more appropriate status code, such as:
409 Conflict— to indicate that the request could not be completed due to a conflict with the current state of the resource.- Or a custom error message that clearly states the cause (e.g., "Package with the same AppID, version, and arch already exists").
This would make it easier for users to understand what went wrong and take appropriate action.
Implementation options
- Catch the specific database error for duplicate key violation and return a
409 Conflictresponse with a meaningful error message. - Add a check before attempting to insert the package, to validate if it already exists, and return an appropriate response.
Additional information
Sample log entry:
{"level":"error","username":"tormath1","error":"ERROR: duplicate key value violates unique constraint \"package_appid_version_arch_unique\" (SQLSTATE 23505)","time":"2025-04-15T08:26:42Z","context":"nebraska","message":"addPackage - adding package {e96281a6-d1af-4bde-9a0a-97b76e56dc57 1 [] Flatcar Linux 9.9.9 0xc0074e57a0 flatcar_production_update.gz 0xc007d17ed0 2jmj7l5rSw0yVb/vlWAYkK/YBwk= 0 1 https://update.release.flatcar-linux.net/amd64-usr/9.9.9/ 9.9.9}"}
