Generating UUIDs on the server can lead to duplicates
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ironic |
Won't Fix
|
Low
|
Unassigned |
Bug Description
Resource creation is done via "POST /v1/{type}" with a body containing some details about the resource. The resource identifier is generated on the server and returned to the client.
There are two potential problems:
If a POST request is received twice (eg, due to a network hiccup or a misconfigured proxy), multiple resources will be created instead of one, but the client is only expecting one response.
If a POST response is lost (eg, due to a network hiccup or the API service being killed), a resource will be created and the client will try again, generating a second resource.
In both cases, there are resources created for which the client does not receive a resource identifier.
Alternately, if the resource has a natural primary key (eg, a Port's MAC address), the client may get unexpected duplicate errors and need to search to find the identifier for the resource it was trying to create.
A solution to this is to require clients to generate the resource identifier (eg, UUID) and then "PUT /v1/{type}/{uuid}". This would make resource-
Changed in ironic: | |
status: | New → Triaged |
importance: | Undecided → High |
milestone: | none → icehouse-3 |
description: | updated |
Changed in ironic: | |
milestone: | icehouse-3 → none |
Changed in ironic: | |
status: | In Progress → Confirmed |
POSTs should not be assumed to be idempotent, so proxies shouldn't cache them by default
If true, your logic here would apply equally to all REST APIs and we'd never have non-idempotent, resource-creating POSTs