Bug #8496
closedAPI server does handle the selection of nonexistent columns well
0%
Description
It appears that the API server will happily accept a "select" list containing columns that it has never heard of, provided that at least one of the selected columns exist, the record will be returned with NO ERROR.
This appears to be the underlying cause of the problem I am now having with datamanager. It appears that at some point the "replication" columns have been renamed "redundancy", but at present my API server is calling them "replication" whereas the datamanager is expecting "redundancy".
IMHO this should cause the API server to return an error to avoid huge problems due to spelling mistakes.
Example 1 (select two columns: "uuid" and "foo"):
$ curl -H "Authorization: OAuth2 ${ARVADOS_API_TOKEN}" 'https://api.arvados.sanger.ac.uk/arvados/v1/collections?limit=1&select=%5B%22uuid%22%2C%22foo%22%5D' {"kind":"arvados#collectionList","etag":"","self_link":"","offset":0,"limit":1,"items":[{"kind":"arvados#collection","uuid":"z8ta6-4zz18-000ef7aueg94wl1"}],"items_available":344619}
The API server returns an item with "uuid" but no "foo" and no error.
Example 2 (select one column: "foo"):
$ curl -H "Authorization: OAuth2 ${ARVADOS_API_TOKEN}" 'https://api.arvados.sanger.ac.uk/arvados/v1/collections?limit=1&select=%5B%22foo%22%5D' {"errors":["#<ActiveRecord::StatementInvalid: PG::SyntaxError: ERROR: syntax error at or near \"FROM\"\nLINE 1: SELECT FROM \"collections\" WHERE (expires_at IS NULL or ex...\n ^\n: SELECT FROM \"collections\" WHERE (expires_at IS NULL or expires_at > CURRENT_TIMESTAMP) LIMIT 1 OFFSET 0>"],"error_token":"1455884398+b0064a6b"}
FWIW, although this gives an error, in my opinion it is for the wrong reason (it tries to "SELECT FROM" without specifying any columns to select and then propagates the Postgres error back to the client).
I note that some of the client SDKs appear to "know" (I assume from the discovery doc) what the valid selections are and enforce the rules at that point (although the Go SDK does not appear to do that), but in any case regardless of what can be done on the client side, it would be most appropriate for the API server to indicate that it does not understand what the client is asking for and return an appropriate error.