[APIv2] /secrets endpoint with filter param doesn't filter and returns 400 with two responses

[riyad]

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

Trying to find regressions by exercising the APIv2 trough docker-py's test suite (see #5386) I came across the failing SecretAPITest::test_list_secrets test.

The GET /secrets endpoint had the following issues:

• returns a 400 status code when a filter parameter (see Docker API docs) is used
• returns two bodies:
  1. an error message: {"cause":"bad parameter","message":"bad parameter","response":400} followed by
  2. the list of (all) secrets
• does not actually filter the list of secrets

Steps to reproduce the issue:

$ curl -sS --unix-socket /var/run/user/1000/podman/podman.sock -XPOST 'http://localhost/v1.40/secrets/create' -H "Content-Type: application/json" -d '{"Data": "Zm9vIGJhcg==", "Name": "dockerpy_test1"}'
{"ID":"f76cb9091ea531994cd9e9438"}
$ curl -sS --unix-socket /var/run/user/1000/podman/podman.sock -XPOST 'http://localhost/v1.40/secrets/create' -H "Content-Type: application/json" -d '{"Data": "Zm9vIGJhcg==", "Name": "dockerpy_test2"}'
{"ID":"2bf77a1b5d2f8c8a4936f259c"}

$ curl -v -sS --unix-socket /var/run/user/1000/podman/podman.sock -XGET 'http://localhost/v1.40/secrets' -G --data-urlencode 'filters={"names": ["test1"]}'                                              
*   Trying /var/run/user/1000/podman/podman.sock:0...
* Connected to localhost (/run/user/1000/podman/podman.sock) port 80 (#0)
> GET /v1.40/secrets?filters=%7B%22names%22%3A%20%5B%22test1%22%5D%7D HTTP/1.1
> Host: localhost
> User-Agent: curl/7.68.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 400 Bad Request
< Api-Version: 1.40
< Content-Type: application/json
< Libpod-Api-Version: 3.0.0
< Server: Libpod/3.0.0 (linux)
< Date: Wed, 10 Feb 2021 22:59:11 GMT
< Content-Length: 589
< 
{"cause":"bad parameter","message":"bad parameter","response":400}
[{"ID":"2bf77a1b5d2f8c8a4936f259c","CreatedAt":"2021-02-10T23:57:39.811493275+01:00","UpdatedAt":"2021-02-10T23:57:39.811493275+01:00","Spec":{"Name":"dockerpy_test2","Driver":{"Name":"file","Options":{"path":"/home/riyad/podman/storage/secrets/filedriver"}}}},{"ID":"f76cb9091ea531994cd9e9438","CreatedAt":"2021-02-10T23:57:25.547915167+01:00","UpdatedAt":"2021-02-10T23:57:25.547915167+01:00","Spec":{"Name":"dockerpy_test1","Driver":{"Name":"file","Options":{"path":"/home/riyad/podman/storage/secrets/filedriver"}}}}]
* Connection #0 to host localhost left intact

Describe the results you received:

The endpoint responded with a 400 status code a body in the following form:

{"cause":"bad parameter","message":"bad parameter","response":400}
[{secret1}, ...]

Note that the list of secrets is not being filtered!

Describe the results you expected:

It should have responded with a 200 status code and a filtered list of secrets in the body.

[mheon]

@ashley-cui PTAL

[ashley-cui]

Yeah, this is on purpose as of now. Though maybe the body shouldn't have the list of secrets, that's an error.

podman/pkg/api/handlers/compat/secrets.go

Line 33 in db64865

utils.Error(w, "filters not supported", http.StatusBadRequest, errors.New("bad parameter"))

Secrets doesn't have filter params implemented, since we decided not to implement tags as of now (may be done in future? but also might not make sense since the podman secrets aren't in a swarm, which makes them a little different from docker secrets anyway. Prolly need more discussion on this) and so it doesn't really make sense to have filter only take name or id, because you would just inspect the name or id. This might be implemented in the future, but I'm going to be honest, I might come back to it a little later - not this week; I definitely need a break from staring at secrets for 3 months straight.

[riyad]

@ashley-cui the weird thing is that utils.Error() ignores/discards the second argument (i.e. "filters not supported") so the API only returns {"cause":"bad parameter","message":"bad parameter","response":400}.

If I had seen the "filters not supported" message I'd probably not have bothered opening this issue. 😅

[ashley-cui]

Ah strange. Thanks for opening up a PR to fix it though! 😄