-
Notifications
You must be signed in to change notification settings - Fork 581
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Downtime: enforce positive duration #9773
base: master
Are you sure you want to change the base?
Conversation
What level of breaking are we talking about here? What happens with existing downtimes? Will they prevent Icinga from starting and require manual cleanup? Or will the magically disappear due to Anyways, a flexible downtime with duration<=0 didn't do anything useful, did it? At best it would be treated as ending immediately and have little effect, at worst, it would even trigger some bugs I guess. What about fixed downtimes? Could you create those in a way that persisted a negative duration? As fixed downtimes basically ignore the duration, these should work fine but this change would break them.
When trying to schedule such a downtime, this should result in some 4xx error (probably bad request). Apart from that: |
A negative duration would crash Icinga DB and doesn't make sense. Existing Downtimes with a so small duration disappear immediately - can't be broken.
Every problematic object will magically disappear in case of ignore_on_error. Otherwise yes, stuff will prevent Icinga from starting. Before this change everything created by API will disappear sooner or later permanently as Icinga can manage _api files. The only real problem are the ones in _etc the user created explicitly with a negative duration, but w/o ignore_on_error.
Well, the only bug I know of:
Exactly.
This is a general problem. E.g. start_time=-14000 already gets rejected this way. |
c7b5b21
to
de543a8
Compare
So this change would remove downtimes that would work perfectly fine (apart from in Icinga DB) as an ignored attribute is set to a strange value? That doesn't sound good, those should survive. |
The user must explicitly set that strange value – what for? As you already said: it's pointless. |
Oh, and we have already broken less pointless things for less benefit: |
Well that was an edge-case that broke the IDO, so it actually sounds quite similar to this issue here. For that issue, I considered it quite unlikely to affect any real config as it required group names that can be represented as an integer (or another non-string type) and a real-world group name should probably contain some textual name. Now for this issue, we have to guess how likely this happens in practice. In #9774, you can see that |
Our options are:
I, however, prefer this solution. For me negative durations aren’t real-world config either. Such automation errors shall be 500/400-ed at early stage as I do here IMAO. |
Shouldn't be real-world config but you wouldn't have noticed if you did this accidentally, because well, until now it's accepted.
There's definitely no reason to store The thing with enforcing this for all downtimes is that this will just delete existing downtimes. For flexible ones that might be acceptable because they wouldn't have done anything useful anyways as they'd end immediately. But fixed ones would have worked perfectly fine (apart from syncing to Icinga DB). So if someone had such existing downtimes, an upgrade would just delete them, the user wouldn't even see an error and have a chance to fix this and if they were important, they would have to be restored from a backup (if it exists 🙈). We don't have a way to tell if this would affect someone, so I'd opt for the safe path, i.e. validate new downtimes where they are created and fix existing existing ones automatically (maybe even in
No, negative values are obviously unintended/broken here, so we should not propagate them (which would just result in Icinga DB Web having to deal with strange values instead). |
A negative duration would crash Icinga DB and doesn't make sense. Existing Downtimes with a so small duration disappear immediately - can't be broken.
refs #9774
@julianbrost Shall we v2.14ify it as a "breaking" change?
Before
curl -fvku root:123456 -X POST -H 'Accept: application/json' 'https://127.0.0.1:5665/v1/actions/schedule-downtime?type=Host&filter=true&start_time=14000&end_time=2000000000&author=ak&comment=-&fixed=0&duration=-14'
Icinga accepted Downtime with negative duration, but Icinga DB crashed.
After
Icinga prevents such: