Storage batch API returns 404 for unauthorized records
Use-case: Reindex Kind API is called.
Noted in the logs there were 404s returned. Record Fetch on some of the impacted records, 403s were returned. Investigation shows Batch Record fetch returned 404s instead.
Issue identified from this workflow:
- Storage batch API responds unauthorized records (403) as not found (404)
ADR: Storage batch API responds unauthorized records (403) as not found (404)
Status
-
Proposed -
Trialing -
Under review -
Approved -
Retired
Context & Scope
The current behavior of Storage batch API: if a record is not authorized, it is put in the notFound field of the response body along with other not found records. The response body in this case looks like this:
{
"records": [],
"notFound": [
"opendes:facet:unauthorizedrecord1",
"opendes:facet:unauthorizedrecord2",
//other not found records...
],
"conversionStatuses": []
}
Solution
To fix this behavior of the Storage batch API we can introduce a new field to the response body. The proposed solution is to add a new field (unauthorized) to the response body, so we can distinguish between unauthorized and actual not found records. Sample response body:
{
"records": [],
"notFound": [
//not found records...
],
"unauthorized": [
"opendes:facet:unauthorizedrecord1",
"opendes:facet:unauthorizedrecord2"
],
"conversionStatuses": []
}
Сonsequence
This solution is a breaking change as it implies changing API contract. It will include a change in the core library, a change in Storage, and then a change in the Indexer service to handle batch API response.