Add keyless REST PUT/PATCH support for entities with auto-generated primary keys#3150
Add keyless REST PUT/PATCH support for entities with auto-generated primary keys#3150aaronburtle wants to merge 9 commits intomainfrom
Conversation
|
/azp run |
|
Azure Pipelines successfully started running 6 pipeline(s). |
aaronburtle
requested review from
Alekhya-Polavarapu,
Aniruddh25,
JerryNixon,
RubenCerna2079,
anushakolan,
rusamant,
sourabh1007,
souvikghosh04,
stuartpa and
vadeveka
as code owners
There was a problem hiding this comment.
Pull request overview
This PR adds support for keyless REST PUT and PATCH operations on entities with auto-generated primary keys. When a PUT or PATCH request arrives without a primary key in the URL route, the operation is converted to an Insert, enabling record creation for entities with identity/auto-generated keys where the caller doesn't know the key value beforehand.
Changes:
- Converts keyless PUT/PATCH operations to Insert in
RestService.ExecuteAsyncbefore request processing - Adds keyless PUT/PATCH operation documentation in OpenAPI for entities with auto-generated primary keys
- Updates tests to reflect new behavior and adds comprehensive test coverage for keyless operations
Reviewed changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| src/Core/Services/RestService.cs | Adds logic to convert Upsert/UpsertIncremental to Insert when primary key route is empty |
| src/Core/Services/OpenAPI/OpenApiDocumentor.cs | Documents keyless PUT/PATCH operations for entities with auto-generated PKs using _NoAutoPK schema |
| src/Service.Tests/SqlTests/RestApiTests/Put/PutApiTestBase.cs | Adds test for keyless PUT with auto-gen PK, updates existing tests, adds If-Match header test |
| src/Service.Tests/SqlTests/RestApiTests/Put/PostgreSqlPutApiTests.cs | Adds SQL query for keyless PUT test verification |
| src/Service.Tests/SqlTests/RestApiTests/Put/MySqlPutApiTests.cs | Adds SQL query for keyless PUT test verification |
| src/Service.Tests/SqlTests/RestApiTests/Put/MsSqlPutApiTests.cs | Adds SQL query for keyless PUT test verification |
| src/Service.Tests/SqlTests/RestApiTests/Patch/PatchApiTestBase.cs | Adds test for keyless PATCH with auto-gen PK, updates existing tests, removes unused using statement |
| src/Service.Tests/SqlTests/RestApiTests/Patch/PostgreSqlPatchApiTests.cs | Adds SQL query for keyless PATCH test verification |
| src/Service.Tests/SqlTests/RestApiTests/Patch/MySqlPatchApiTests.cs | Adds SQL query for keyless PATCH test verification |
| src/Service.Tests/SqlTests/RestApiTests/Patch/MsSqlPatchApiTests.cs | Adds SQL query for keyless PATCH test verification |
|
/azp run |
|
Azure Pipelines successfully started running 6 pipeline(s). |
| if (string.IsNullOrEmpty(primaryKeyRoute) && | ||
| (operationType is EntityActionOperation.Upsert || | ||
| operationType is EntityActionOperation.UpsertIncremental)) | ||
| { |
There was a problem hiding this comment.
The conversion to Insert is not gated by “auto-generated PK”. Should it?
There was a problem hiding this comment.
Good question, this is OK because our RequestValidator will handle the validation side of things and we keep a clean separation of responsibility.
There was a problem hiding this comment.
This is indeed a good question. @aaronburtle, I checked with Copilot, and it says "So: autogenerated PKs do not bypass the URL [primaryKeyRoute] requirement for update/upsert/delete. For insert, a URL PK is disallowed regardless, in [RequestValidator.cs:224-232].
public void ValidatePrimaryKey(RestRequestContext context) see this function.
You need to fix the exception that we throw there, in cases of Patch/Put to not check for existence of primaryKey in the route if they are autogenerated.
There was a problem hiding this comment.
This is indeed a good question. @aaronburtle, I checked with Copilot, and it says "So: autogenerated PKs do not bypass the URL [primaryKeyRoute] requirement for update/upsert/delete. For insert, a URL PK is disallowed regardless, in [RequestValidator.cs:224-232].
public void ValidatePrimaryKey(RestRequestContext context)see this function.You need to fix the exception that we throw there, in cases of Patch/Put to not check for existence of primaryKey in the route if they are autogenerated.
We should be OK, because we are changing the Patch/Put to an insert operation already in RestService
if (string.IsNullOrEmpty(primaryKeyRoute) && (operationType is EntityActionOperation.Upsert || operationType is EntityActionOperation.UpsertIncremental)) { operationType = EntityActionOperation.Insert; }
And then when we do the validation on lines 224-232 of RequestValidator we expect there to be no Primary Key, so keyless Put Patch should be fine, since we've converted to insert and then have the right behavior
case EntityActionOperation.Insert: if (!isPrimaryKeyRouteEmpty) { throw new DataApiBuilderException( message: PRIMARY_KEY_INVALID_USAGE_ERR_MESSAGE, statusCode: HttpStatusCode.BadRequest, subStatusCode: DataApiBuilderException.SubStatusCodes.BadRequest); }
There was a problem hiding this comment.
looks like the conversion to Insert operation happens before we do the Request Validation. In that case, we should be ok with validation. But, then we should be doing the conversion to Insert only when the PKs are autogenerated. Otherwise, we should NOT convert into Insert and continue to throw the exception.
There was a problem hiding this comment.
I think we want this behavior because they could include the PKs in the body of the request, in which case we should still be able to do the insert. The logic would be to convert to Insert even for non auto-gen, then the Insert validation logic applies, and if it is non-auto-gen it must include the keys in the body, and only if those keys are missing from the body as well, we would throw.
There was a problem hiding this comment.
I know this is effectively going beyond the scope of this underlying issue, however, we get this additional functionality for free just by letting the request validator handle the insert op, so seems worth it.
There was a problem hiding this comment.
So after speaking offline we have identified the correct behavior we want, will provide it here for clarity.
In a truly keyless PUT/PATCH, we will convert to insert op, that means no key in URL, no key in body. The Insert validation will just work in this case. It will succeed if we are auto-gen, and fail if we are not. This will require identifying when we have keys in the body when the URL is missing keys.
For PUT/PATCH where the URL is keyless, but we have the keys in the body, we want to use Upsert semantics, so we will not convert to an insert. This will require new validation logic.
|
/azp run |
|
Azure Pipelines successfully started running 6 pipeline(s). |
Aniruddh25
left a comment
Aniruddh25
left a comment
There was a problem hiding this comment.
RequestValidator needs to be relaxed for Put/Patch operations when primary key subroute is not found and it is autogenerated.
|
/azp run |
|
Azure Pipelines successfully started running 6 pipeline(s). |
|
/azp run |
|
Azure Pipelines successfully started running 6 pipeline(s). |
| await Task.Delay(2000); | ||
| // Poll until the log appears (the flusher service needs time to dequeue and upload) | ||
| int maxWaitMs = 10000; | ||
| int pollIntervalMs = 100; |
There was a problem hiding this comment.
why start with such a low pollIntervalMs if the original delay was 2000ms? Perhaps start with that.
Why make this change?
Closes #2663
One test change to help the pipeline pass relates to #2992
What is this change?
Add keyless REST PUT/PATCH support for entities with auto-generated primary keys
When a PUT or PATCH request arrives without a primary key in the URL route, the operation is converted to an Insert, reusing the existing insert pipeline. This enables creation of records on entities with identity/auto-generated keys where callers don't know the key value upfront. The original keyed PUT/PATCH routes are unchanged.
In
RestService.ExecuteAsync, keyless Upsert/UpsertIncremental operations are detected early and remapped to Insert before authorization and request context creation. Authorization is unaffected since theRestAuthorizationHandlerresolves permissions from the HTTP method directly, andPUT/PATCHalready require both Create and Update permissions.In
OpenApiDocumentor, keylessPUTandPATCHoperations are now documented for entities with auto-generated primary keys on the base entity path. These use the_NoAutoPKrequest body schema and only advertise201 Createdresponses. A missingAddQueryParametershelper method was also added.Stored procedure entities are unaffected. No changes to the mutation engine, query builders, or database interaction layer.
How was this tested?
We modify existing tests to match the new behavior, and then add a test for keyless PUT/PATCH.
Sample Request(s)
These will convert to
Insert