Page MenuHomePhabricator
Create Task
Maniphest T11473

harbormaster.build.search doesn't appear to constrain on 'buildables'
Closed, ResolvedPublic
Actions

Description

For example:

https://secure.phabricator.com/B13288 has two builds

I expected that https://secure.phabricator.com/conduit/method/harbormaster.build.search/ with {"buildables":["PHID-HMBB-q34gfg4ivtnmtdfaf4sw"]}
would return those two builds, but instead it returns many (all?) builds. What am I doing wrong?

Separately,

  1. it would be helpful for bug reports to be able to permalink to the Conduit API results page with parameters filled in. (the forms to explore/try the API are super useful!)
  1. I also think it might be a good idea to require a sentinel value for "unconstrained" if you pass in a constraints field in the query but its value list is empty. Current behavior is to treat this as if the constraint was not passed, but this seems like a bug that could happen easily (= I just wrote this bug): you write a method like get_revisions_for_ids(ids) which does an API call with {ids: ids} and gets back everything.

Revisions and Commits

rP Phabricator
D16396rP07082d28678c Don't allow empty list constraints in Conduit calls
D16395rP99889a6321a7 Execute Harbormaster buildable filtering properly from…

Related Objects

Event Timeline

venky created this task.Aug 14 2016, 8:41 AM
venky added projects: Conduit, Harbormaster.
Herald added a subscriber: eadler. · View Herald TranscriptAug 14 2016, 8:41 AM
venky added a comment.Aug 14 2016, 8:46 AM

slightly related: there's some confusing naming in the result for harbormaster.querybuildables:

{
    "id": "13288",
    "phid": "PHID-HMBB-q34gfg4ivtnmtdfaf4sw",
    "monogram": "B13288",
    "uri": "https://secure.phabricator.com/B13288",
    "buildableStatus": "building",
    "buildableStatusName": "Building",
    "buildablePHID": "PHID-DIFF-jvgtdlv2arsrztmgf3me",
    "containerPHID": "PHID-DREV-idtirhwjhzeum3btlryb",
    "isManualBuildable": false
  }

Here buildablePHID appears to be the diff that the buildable is attached to. Calling both of these "buildables" threw me off initially.

epriestley added subscribers: yelirekim, epriestley.EditedAug 14 2016, 1:41 PM

(@yelirekim, just a heads up since whatever comes of this might impact you somehow.)

It looks like passing this to the actual query was just overlooked in D16356, presumably because it was added to keep harbormaster.querybuilds compatible but isn't actually used for anything. In the short term I'll just fix that, since it's a couple lines of code.

I agree that the output from harbormaster.querybuildables is confusing, but I'd probably plan to just fix it in the upgrade to harbormaster.buildable.search (probably by calling the thing objectPHID, I guess). We can put a very basic version of this method into the upstream today if you want to start writing against it.

Prefilling Conduit seems sort-of-reasonable, although I wonder if the primary use case is basically just reporting Conduit issues upstream? I can't really recall cases where I would have used this which weren't discussing Conduit behavior in the context of upstream development. I'd also be very vaguely worried about social engineering attacks where you prefill whatever.edit with malicious changes and trick users into clicking the button to cause non-obvious effects ("Hey, does this button work for you? I'm seeing a weird error. https://phabricator.mycompany.com/conduit/user.edit?blahblahadmin=true"). I don't think this is really much of a risk, but if the utility of the feature is also pretty narrow maybe it's not worthwhile overall.

I agree that we should not treat "ids":[] over Conduit the same as omitting the key. A plausible interpretation of this is perhaps "return no results", but I think just treating the constraint as invalid is probably better: it's way more obvious what's happening, it's consistent with the underlying API when writing upstream code in PHP, and I believe most reasonable callers have a meaningful interest in performing the test for no possible results locally (either to save the call or behave differently, like showing the user a more tailored message). I'll check what's involved here and either fix if it's easy or file a task to fix it at some point if it's more involved.

epriestley added a revision: D16395: Execute Harbormaster buildable filtering properly from HarbormasterBuildSearchEngine.Aug 14 2016, 1:49 PM
epriestley added a comment.Aug 14 2016, 1:51 PM

I think fixing "ids":[] is trivial; it just works like that because we use the same Conduit type ("PHIDList") both for constraints and other things which can accept an empty array (like setting subscribers to [] to remove all the subscribers on an object).

I'll just split the types or add a flag so the constraint flavor knows that it shouldn't be empty.

epriestley added a revision: D16396: Don't allow empty list constraints in Conduit calls.Aug 14 2016, 2:31 PM
epriestley added a comment.Aug 14 2016, 2:32 PM

D16396 should make us raise a narrow error for "ids": [], "phids": [], "whateverPHIDs": [], etc., instructing you to pass a nonempty list.

epriestley claimed this task.Aug 14 2016, 2:54 PM
epriestley triaged this task as Normal priority.
epriestley added a commit: rP99889a6321a7: Execute Harbormaster buildable filtering properly from….Aug 14 2016, 3:31 PM
epriestley added a commit: rP07082d28678c: Don't allow empty list constraints in Conduit calls.
epriestley closed this task as Resolved.Aug 14 2016, 5:59 PM
  • This constraint should be fixed at HEAD of master. We just missed the deploy so it won't go until the cluster until next week (around August 20). Let me know if I missed anything.
  • Empty constraints should be fixed at HEAD of master (they now error instead of being ignored).
  • buildablePHID vs objectPHID confusion and inconsistencies should be fixed in the future by harbormaster.buildable.search. If you want a skeletal version of this now to reduce API tweaks later, let me know and we can get one in pretty easily.
  • Linking to pre-filled forms seems maybe not hugely useful in practice, with some small risk of social engineering attacks? Feel free to file a separate request if you have use cases I'm not thinking of or whatever.
venky added a comment.Aug 14 2016, 10:07 PM

Awesome! I appreciate the quick fixes!

Re: the new API, I am currently using harbormaster.querybuildables to get the buildables for a revision, so if this is changing to harbormaster.buildable.search it would be helpful to use that now instead of later -- but it's not a huge deal either.

Phabricator · Built by Phacility