Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update the response code to 404 when deleting a memory that is not al… #2212

Merged
merged 1 commit into from
Mar 19, 2024
Merged

update the response code to 404 when deleting a memory that is not al… #2212

merged 1 commit into from
Mar 19, 2024

Conversation

Zhangxunmt
Copy link
Collaborator

…lowed to access

Description

Return 404 not found when deleting a memory that is not allowed to access. Previously it returned only "success": "false"

Issues Resolved

[List any issues this PR will resolve]

Check List

  • New functionality includes testing.
    • All tests pass
  • New functionality has been documented.
    • New functionality has javadoc added
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@Zhangxunmt Zhangxunmt had a problem deploying to ml-commons-cicd-env March 18, 2024 19:31 — with GitHub Actions Failure
@Zhangxunmt Zhangxunmt had a problem deploying to ml-commons-cicd-env March 18, 2024 19:31 — with GitHub Actions Failure
@Zhangxunmt
update the response code to 404 when deleting a memory that is not al…
0454db5 
…lowed to access

Signed-off-by: Xun Zhang <xunzh@amazon.com>
@Zhangxunmt Zhangxunmt had a problem deploying to ml-commons-cicd-env March 18, 2024 19:39 — with GitHub Actions Failure
@Zhangxunmt Zhangxunmt temporarily deployed to ml-commons-cicd-env March 18, 2024 19:39 — with GitHub Actions Inactive
@Zhangxunmt Zhangxunmt temporarily deployed to ml-commons-cicd-env March 18, 2024 19:39 — with GitHub Actions Inactive
@Zhangxunmt Zhangxunmt temporarily deployed to ml-commons-cicd-env March 18, 2024 19:39 — with GitHub Actions Inactive
dhrubo-os
dhrubo-os reviewed Mar 18, 2024
View reviewed changes
memory/src/main/java/org/opensearch/ml/memory/index/OpenSearchConversationalMemoryHandler.java
@@ -325,7 +327,14 @@ public void deleteConversation(String conversationId, ActionListener<Boolean> li
}, listener::onFailure);

} else {
listener.onResponse(false);
log.error("No access to delete the memory for " + conversationId);
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From reading the code it seems like when we don't have have access to that conversation we mark this as "Resource not found exception".

Is that the correct understanding? If yes, that doesn't seem quite right.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Olly chatbot pen tester thinks that UNAUTHORIZED(401) would suggests the user that the memory id at least exists, which is considered as leaking information. So returning "Not Found"(404) is a better option because it only indicates that you cannot find it.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see, makes sense. Can we add a comment in the code then? So that later we don't find it confusing again?

@codecov Codecov
Copy link

codecov bot commented Mar 18, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 81.89%. Comparing base (c233356) to head (0454db5).
Report is 4 commits behind head on main.

Additional details and impacted files 
@@             Coverage Diff              @@
##               main    #2212      +/-   ##
============================================
- Coverage     81.91%   81.89%   -0.02%     
+ Complexity     5719     5718       -1     
============================================
  Files           547      547              
  Lines         23064    23066       +2     
  Branches       2378     2378              
============================================
- Hits          18892    18891       -1     
- Misses         3227     3230       +3     
  Partials        945      945
Flag Coverage Δ
ml-commons 81.89% <100.00%> (-0.02%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@Zhangxunmt Zhangxunmt temporarily deployed to ml-commons-cicd-env March 18, 2024 20:07 — with GitHub Actions Inactive
@Zhangxunmt Zhangxunmt temporarily deployed to ml-commons-cicd-env March 18, 2024 20:07 — with GitHub Actions Inactive
@Zhangxunmt Zhangxunmt temporarily deployed to ml-commons-cicd-env March 18, 2024 20:07 — with GitHub Actions Inactive
@Zhangxunmt Zhangxunmt merged commit af539dc into opensearch-project:main Mar 19, 2024
11 of 15 checks passed
opensearch-trigger-bot bot pushed a commit that referenced this pull request Mar 19, 2024
@Zhangxunmt @github-actions
update the response code to 404 when deleting a memory that is not al…
c0ff22c 
…lowed to access (#2212)

Signed-off-by: Xun Zhang <xunzh@amazon.com>
(cherry picked from commit af539dc)
@opensearch-trigger-bot opensearch-trigger-bot bot mentioned this pull request Mar 19, 2024
Merged
Zhangxunmt added a commit that referenced this pull request Mar 19, 2024
@opensearch-trigger-bot @Zhangxunmt
update the response code to 404 when deleting a memory that is not al…
6c85dc6 
…lowed to access (#2212) (#2219)

Signed-off-by: Xun Zhang <xunzh@amazon.com>
(cherry picked from commit af539dc)

Co-authored-by: Xun Zhang <xunzh@amazon.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dhrubo-os dhrubo-os dhrubo-os left review comments

@b4sjoo b4sjoo b4sjoo approved these changes

@jngz-es jngz-es jngz-es approved these changes

@model-collapse model-collapse Awaiting requested review from model-collapse model-collapse is a code owner

@rbhavna rbhavna Awaiting requested review from rbhavna rbhavna is a code owner

@ylwu-amzn ylwu-amzn Awaiting requested review from ylwu-amzn ylwu-amzn is a code owner

@zane-neo zane-neo Awaiting requested review from zane-neo zane-neo is a code owner

@austintlee austintlee Awaiting requested review from austintlee austintlee is a code owner

@HenryL27 HenryL27 Awaiting requested review from HenryL27 HenryL27 is a code owner

@sam-herman sam-herman Awaiting requested review from sam-herman

Assignees
No one assigned
Labels
backport 2.x
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Zhangxunmt @jngz-es @dhrubo-os @b4sjoo