Fix wrong end_time

[hmpf]

Hopefylly closes #935

Also, attempt to clean up/document event types, and event type validation in the API.

[elfjes]

Seems like a normalization issue? Two ways of indicating that an event is stateless?

[hmpf]

Yep, and end_time = None is the more important/older one.

[elfjes]

oh well 🤷

[hmpf]

There is a question what should happen if there is a stateless event but end_time is wrong. Here, I trust the statetless event and unset end_time, but we could also delete the event. Though, then we would have to check that there is an incident-start event etc. etc. etc.

[elfjes]

Make sure that you have prefetched all events here, because otherwise thie function may cause a bunch of round trips to the db

[hmpf]

Not sure what you mean. This is on the model instance. Prefetch before a loop over instances?

self.events.prefetch_related(..) would work but the only relevant thing to prefetch would be acknowledgments, which is irrelevant for exists(), and might be handled behind the scenes anyway thanks to the OneToOneField.

Did you mean something in repair_end_time?

[elfjes]

Yes, I meant in repair_end_time, should've made that clearer. It has a bunch of checks based on properties that each filter on self.events, so make sure you're not firing a query for every check. Maybe it's prudent to just collect all events and manually process the list. As long as it's not too large, remembering incidents with 1000s of events

[elfjes]

This is where we would end up in our case. There already is an END event, but the incident is reported open, so we fire another END event. The incident is repaired, so the end_time is correctly set (closing the incident), but we still get a 400 error back like we did something wrong. We're being gaslighted here: "I didn't make a mistake and just fixed it, you made a mistake!" 😂

perhaps look a the return value of the repair?

[hmpf]

The difficulty is: we must prevent storing the new event since it is redundant after the repair. How do we report that fact back to the API client in the best way?

incident.repair_end_time does not create any events itself.

[elfjes]

Do we need to report that back? The client sees the incident is open and after their request the incident is closed. The way I see it is: as far as the client is concerned, the request was succesful.

[hmpf]

We might have to fake something in the API endpoint then, I'll dig into the drf-code...

[hmpf]

I'll redirect to the GET incidents-endpoint if the client is provably outdated.

[elfjes]

Do we need to report that back? The client sees the incident is open and after their request the incident is closed. The way I see it is: as far as the client is concerned, the request was succesful.

[elfjes]

This implies that you only want to call repair_end_time on stateful events? is that worth documenting?

[hmpf]

I don't see how that is implied.

repair_end_time has been designed to be called from anywhere and to do the right thing even if nothing is wrong. It does not assume pre-validation.

If I removed this block, or the comment in it, then I would almost be willing to bet the big bux (I don't bet though, not even LOTTO. Too much knowledge of the right kind of mathematics.) that some time in the future some helpful soul complains that the method is incomplete because it lacks this block or its comment.

[elfjes]

AttributeError seems like a strange exception to raise here. Perhaps a custom Exception class instead?

[hmpf]

See commit add new exceptions

[elfjes]

Exception message seems to have a grammatical error, not sure what you wanted to say here

[hmpf]

See new commit

[hmpf]

Uh, which exception message?

[elfjes]

"Found end_time mismatch was in error, see logs"

[hmpf]

(The last line is hidden by a scroll bar.)

[elfjes]

oh wow 🤦

[hmpf]

For some reason I'm not allowed to reply to @elfjes ' comments on line 507 to 510 in incident/views:

            if event_type in Event.CLOSING_TYPES and not incident.open:
                self._abort_due_to_type_validation_error("The incident is already closed.")
            if event_type == Event.Type.REOPEN and incident.open:
                self._abort_due_to_type_validation_error("The incident is already open.")

I presume these lines are also here for completeness sake just like the stateless checks in repair_end_time..

A source system is not allowed to reopen but that is handled earlier in the process, in validate_event_type_for_user.

If a client tries to reopen something that is correctly reopened already, or close something that is correctly closed already, then the client has an outdated view of the world. The server cannot fix that, or repair anything in itself to fix that, it can only report.

All we can do is either:

• fail quietly and either ship back
  • nothing
  • the original event that the client doesn't know about
• what we are currently doing: fail loudly and ship back a ValidationError.
• fail loudly with something else than ValidationError and I haven't found any good status codes

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[elfjes]

For some reason I'm not allowed to reply to @elfjes ' comments on line 507 to 510 in incident/views. I presume these lines are also here for completeness sake just like the stateful checks in repair_end_time..

A source system is not allowed to reopen but that is handled earlier in the process, in validate_event_type_for_user.

If a client tries to reopen something that is correctly reopened already, or close something that is correctly closed already, then the client has an outdated view of the world. The server cannot fix that, or repair anything in itself to fix that, it can only report.

All we can do is either:

* fail quietly and either ship back
  
  * nothing
  * the original event that the client doesn't know about

* what we are currently doing: fail loudly and ship back a ValidationError.

Yes, in case there was nothing to repair and it's all the clients fault, a ValidationError would be ok, even though i think failing quietly is a nicer experience. Not sure what would be the value of sending back of the original event; imho the current/actual state of the incident (ie the incident itself) would be more useful.

My comment was on 510 only (keep forgetting that GH adds the other lines and that I thus need to be more explicit in my comments): the text "Found end_time mismatch was in error, see logs" is not gramatically correct

[hmpf]

All we can do is either:

• fail quietly and either ship back

  • nothing
  • the original event that the client doesn't know about

• what we are currently doing: fail loudly and ship back a ValidationError.

Yes, in case there was nothing to repair and it's all the clients fault, a ValidationError would be ok, even though i think failing quietly is a nicer experience. Not sure what would be the value of sending back of the original event; imho the current/actual state of the incident (ie the incident itself) would be more useful.

The endpoint returns a serialized copy of the newly created event if everything is alright, having it return a serialized incident after a repair makes no sense. After the repair it needs to re-fetch the incident, yes, so it needs to know that the repair happened.

We could change the type of the ValidationError: Now it sends {"type": message}. We could make it send {"repair": message}.

My comment was on 510 only (keep forgetting that GH adds the other lines and that I thus need to be more explicit in my comments): the text "Found end_time mismatch was in error, see logs" is not gramatically correct