Page MenuHomePhabricator
Create Task
Maniphest T293157

Toolhub API requests with PATCH verbs blocked by CDN
Closed, ResolvedPublic
Actions

Description

Toolhub's API has multiple routes like PATCH /api/lists/{id}/feature/ to make partial changes to resources. The production deployment of the app in the eqiad Kubernetes cluster is behind the CDN which is blocking the PATCH verb in the wm_recv_early sub because PATCH is not in the configured "allowed_methods" regex from hieradata/role/common/cache/text.yaml.

  • Option 1: Add PATCH to the regex in hiera
  • Option 2: Add a host specific carve out in the VCL to pass more/all verbs to toolhub.wikimedia.org
  • Option 3: rewrite Toolhub's API to avoid the PATCH verb

Details

SubjectRepoBranchLines +/-
varnish: test allowed HTTP methodsoperations/puppetproduction+71 -0
cache: Allow PATCH method to be passed to backend servicesoperations/puppetproduction+2 -2
Customize query in gerrit

Related Objects
Search...

Event Timeline

bd808 triaged this task as High priority.Oct 12 2021, 10:43 PM
bd808 created this task.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 12 2021, 10:43 PM
Maintenance_bot added a project: SRE.Oct 12 2021, 10:45 PM
bd808 added a comment.EditedOct 12 2021, 10:47 PM

The timing of this is on me, but I just found the block of PATCH today and the app is planned to be announced to the community tomorrow (2021-10-13). We can hold the announce if necessary, but really option 3 is not realistic for any rational timeline.

Dzahn subscribed.Oct 12 2021, 10:59 PM
bd808 added a parent task: T271483: Complete and announce initial production deployment of Toolhub.Oct 12 2021, 11:22 PM
gerritbot added a comment.Oct 12 2021, 11:34 PM

Change 730363 had a related patch set uploaded (by BryanDavis; author: Bryan Davis):

[operations/puppet@production] cache: Allow PATCH method to be passed to backend services

https://gerrit.wikimedia.org/r/730363

gerritbot added a project: Patch-For-Review.Oct 12 2021, 11:34 PM
gerritbot added a comment.Oct 13 2021, 8:21 AM

Change 730363 merged by Ema:

[operations/puppet@production] cache: Allow PATCH method to be passed to backend services

https://gerrit.wikimedia.org/r/730363

gerritbot added a comment.Oct 13 2021, 8:26 AM

Change 730415 had a related patch set uploaded (by Ema; author: Ema):

[operations/puppet@production] varnish: test allowed HTTP methods

https://gerrit.wikimedia.org/r/730415

gerritbot added a comment.Oct 13 2021, 8:54 AM

Change 730415 merged by Ema:

[operations/puppet@production] varnish: test allowed HTTP methods

https://gerrit.wikimedia.org/r/730415

ema subscribed.Oct 13 2021, 9:01 AM

@bd808: looks like we're all set!

$ curl -sv -X PATCH https://phabricator.wikimedia.org/T293157 2>&1 | grep '< HTTP/2'
< HTTP/2 200
Maintenance_bot removed a project: Patch-For-Review.Oct 13 2021, 9:10 AM
ema added a project: User-ema.Oct 13 2021, 11:35 AM
ema moved this task from Backlog to Radar on the User-ema board.
bd808 closed this task as Resolved.Oct 13 2021, 1:49 PM
bd808 claimed this task.

Confirmed to be working, Thank you for the quick attention @ema.

Restricted Application added a project: User-bd808. · View Herald TranscriptOct 13 2021, 1:49 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL