HTTP Status Codes for POST Actions URI | Redfish Specification Forum

ginugeorge
Minnow

Posts: 28

HTTP Status Codes for POST Actions URI Jun 11, 2021 12:14:58 GMT

Quote

Post by ginugeorge on Jun 11, 2021 12:14:58 GMT

I am having a clarification related to POST Actions URI across the Redfish Stack.

Consider that under the Systems Boot Certificates Collection, we have one instance , named "1".

 {{http_protocol}}://{{ip}}/redfish/v1/Systems/Self/Boot/Certificates


{

            "@odata.context": "/redfish/v1/$metadata#CertificateCollection.CertificateCollection",

            "@odata.etag": "\"1623409343\"",

            "@odata.id": "/redfish/v1/Systems/Self/Boot/Certificates",

            "@odata.type": "#CertificateCollection.CertificateCollection",

            "Description": "Collection of Certificates",

            "Members": [

                        {

                                    "@odata.id": "/redfish/v1/Systems/Self/Boot/Certificates/1"

                        }

            ],

            "Members@odata.count": 1,

            "Name": "Certificate Collection"

}

Based on the DMTF Spec and our understanding, we are throwing the status codes as mentioned below in case of Valid and Invalid POST Actions :

1. Valid POST Actions(Certificate.Renew, Certificate.Rekey) to Non Existent Instances

{{http_protocol}}://{{ip}}/redfish/v1/Systems/Self/Boot/Certificates/2/Actions/Certificate.Renew

should return 404 Not Found

2. Valid POST Actions(Certificate.Renew, Certificate.Rekey) to Existent Instances

for e.g. {{http_protocol}}://{{ip}}/redfish/v1/Systems/Self/Boot/Certificates/1/Actions/Certificate.Renew

should return 200 OK for Success and 400 Bad Request in case of Failure.

3. Invalid POST Actions(for e.g. Certificate.Renew1, Certificate.Rekey1) to Non Existent Instances

{{http_protocol}}://{{ip}}/redfish/v1/Systems/Self/Boot/Certificates/2/Actions/Certificate.Renew1

should return 404 Not Found

4. Invalid POST Actions(for e.g. Certificate.Renew1, Certificate.Rekey1) to Existent Instances

{{http_protocol}}://{{ip}}/redfish/v1/Systems/Self/Boot/Certificates/1/Actions/Certificate.Renew1

should return 400 Bad Request

Please let us know if we need to revisit any of the scenarios and modify the status codes.

mraineri
Administrator

Posts: 1,050

HTTP Status Codes for POST Actions URI Jun 11, 2021 13:31:22 GMT

Quote

Post by mraineri on Jun 11, 2021 13:31:22 GMT

For 1: Yes, 404 is correct.
For 2: Generally you're correct. Keep in mind 400 Bad Request indicates to the client that the request body is not correct. There could be other failure cases, such as the service took an exception that should not have happened, so 500 would be better for that scenario. It's important to think about the different failure cases for the action and map them to the appropriate status code. Clients will be using these codes to determine next steps, such as retrying as is, modifying their headers and retrying, modifying their body and retrying, or nothing at all.
For 3: Yes, 404 is correct.
For 4: No, I would expect 404. The URI given is not valid, so 404 maps in that case.

ginugeorge
Minnow

Posts: 28

HTTP Status Codes for POST Actions URI Jun 11, 2021 14:11:39 GMT

Quote

Post by ginugeorge on Jun 11, 2021 14:11:39 GMT

Hi mraineri

Please comment on the below clarification :

4. Invalid POST Actions(for e.g. Certificate.Renew1, Certificate.Rekey1) to Existent Instances

{{http_protocol}}://{{ip}}/redfish/v1/Systems/Self/Boot/Certificates/1/Actions/Certificate.Renew1

should return 400 Bad Request

Your Response : For 4: No, I would expect 404. The URI given is not valid, so 404 maps in that case.

Clarification :

Here, the client wishes to perform an Action named "Certificate.Renew1" on the Resource {{http_protocol}}://{{ip}}/redfish/v1/Systems/Self/Boot/Certificates/1 .

In this scenario, the concerned resource on which the action has to be performed does exist but only the Action to be performed is an Invalid one.

So wouldn't it be more appropriate to throw 400 Bad Request with error Message as "Action Not Supported" instead of throwing 404 Not Found with error Message as "Resource Missing at URI" ?

mraineri
Administrator

Posts: 1,050

HTTP Status Codes for POST Actions URI Jun 11, 2021 14:54:51 GMT

Quote

Post by mraineri on Jun 11, 2021 14:54:51 GMT

The URI itself is not valid; from an HTTP perspective, the fact that this is an action on a resource is not relevant. When considering OpenAPI use cases, URI patterns are called out for resources and actions independently. There is no URI that contains "Certificate.Renew1", so the URI itself is invalid.