docs: delete / cancel query #11708
docs: delete / cancel query #11708
Conversation
docs/querying/sql.md
Outdated
| @@ -956,6 +955,24 @@ trailer they all include: one blank line at the end of the result set. If you de | |||
| through a JSON parsing error or through a missing trailing newline, you should assume the response was not fully | |||
| delivered due to an error. | |||
|
|
|||
| ### HTTP DELETE | |||
| You can use the HTTP `DELETE` method to cancel a SQL query using the following syntax: | |||
| `DELETE https://BROKER:8082/druid/v2/sql/{sqlQueryId}`. The DELETE method requires the `sqlQueryId`, therefore to predict the query id you must set it in the query context. | |||
There was a problem hiding this comment.
@jihoonson do we want to say something about what happens behind the scenes with this query cancellation?
techdocsmith
force-pushed
the
cancelsqldoc
branch
2 times, most recently
from
662b0e1 to
31d15a6
Compare
techdocsmith
force-pushed
the
cancelsqldoc
branch
from
31d15a6 to
a01e289
Compare
docs/querying/sql.md
Outdated
| DELETE https://BROKER:8082/druid/v2/sql/{sqlQueryId} | ||
| ``` | ||
|
|
||
| The DELETE method requires the `sqlQueryId`, therefore to predict the query id you must set it in the query context. |
There was a problem hiding this comment.
Queries are allowed to have the same sqlQueryId even when they are different. It would be nice to mention that all queries will be cancelled if you have multiple sql queries running with the same sqlQueryId.
There was a problem hiding this comment.
I was wondering about that actually. Thank you!
docs/querying/sql.md
Outdated
|
|
||
| HTTP DELETE method uses the following syntax: | ||
| ``` | ||
| DELETE https://BROKER:8082/druid/v2/sql/{sqlQueryId} |
There was a problem hiding this comment.
I'm wondering whether we should promote using router instead of broker since the router is now sort of mandatory to use the web console. Or, should we mention that you can use either router or broker address here?
There was a problem hiding this comment.
The POST examples used BROKER, but I can. change to ROUTER and mention both are options.
docs/querying/sql.md
Outdated
| curl --request DELETE 'https://BROKER:8082/druid/v2/sql/myQuery01' \ | ||
| ``` | ||
|
|
||
| Druid returns an HTTP 202 response for successful deletion requests. If the the query id is incorrect or if the query completes before your cancellation request, Druid returns an HTTP 404 response. |
There was a problem hiding this comment.
The cancellation request requires the read permission on all resources (currently datasource and view) in the sql query. It returns 404 as well when authorization fails.
There was a problem hiding this comment.
Hi @jihoonson Why is status code 404 returned for autorization failure? In compliance with the HTTP status code definition, code 403 is the appropriate one. Actually, the native query endpoint returns 403 for such case
druid/server/src/main/java/org/apache/druid/server/QueryResource.java
Lines 164 to 166 in 7220d04
There was a problem hiding this comment.
Hey @FrankChen021, per the RFC for HTTP, you can return either 403 or 404 (https://datatracker.ietf.org/doc/html/rfc7231#section-6.5.3, https://datatracker.ietf.org/doc/html/rfc7231#section-6.5.4). From security perspective, 404 is preferred to 403 since 403 leaks the existence of resource.
There was a problem hiding this comment.
But in such case, this endpoint is already public to everyone, I think there's no concern of security problem so that we need to hide its existence. 404 might be a confusion for users when authorization fails. And it's better that we keep it consistent with the implementation of native query.
There was a problem hiding this comment.
The SQL authorization checks the permission on the resources used in the SQL query, such as datasources or views. Returning 404 is to hide the existence of those datasources or views, not the endpoint. For user confusion, what is the use case where the user should know that he doesn't have permission to cancel the query? The query is usually cancelled by the user who submitted the query or the cluster admin. Either case, they will have the right permission already. For the difference from native query behavior, I'm pretty sure that most clients should handle native queries and sql queries separately anyway since their result format is different.
BUT, I think authorization failure handling should be consistent with the query posting endpoint which returns 403. I will create a PR to fix this. Thank you for bringing this up!
docs/querying/sql.md
Outdated
| @@ -956,6 +955,30 @@ trailer they all include: one blank line at the end of the result set. If you de | |||
| through a JSON parsing error or through a missing trailing newline, you should assume the response was not fully | |||
| delivered due to an error. | |||
|
|
|||
| ### HTTP DELETE | |||
| You can use the HTTP `DELETE` method to cancel a SQL query. When you cancel a query canceled, Druid marks its `SqlLifecycle` canceled immediately. After that, any operations in `SqlLifecycle` become non-operational to avoid unnecessary execution of expensive operations. | |||
There was a problem hiding this comment.
| You can use the HTTP `DELETE` method to cancel a SQL query. When you cancel a query canceled, Druid marks its `SqlLifecycle` canceled immediately. After that, any operations in `SqlLifecycle` become non-operational to avoid unnecessary execution of expensive operations. | |
| You can use the HTTP `DELETE` method to cancel a SQL query. When you cancel a query, Druid immediately marks its `SqlLifecycle` as canceled. After that, any operations in `SqlLifecycle` become non-operational to avoid unnecessary execution of expensive operations. |
docs/querying/sql.md
Outdated
|
|
||
| HTTP DELETE method uses the following syntax: | ||
| ``` | ||
| DELETE https://BROKER:8082/druid/v2/sql/{sqlQueryId} |
There was a problem hiding this comment.
I like that this is clearly laid out in a code block, but it's a different format than is used to describe HTTP POST, which says: "You can make Druid SQL queries using HTTP via POST to the endpoint /druid/v2/sql/."
Perhaps have a DELETE endpoint description similar to HTTP POST, or edit HTTP POST to have a code block like done here?
Co-authored-by: Jihoon Son <[email protected]>
Co-authored-by: Victoria Lim <[email protected]>
Co-authored-by: Victoria Lim <[email protected]>
docs/querying/sql.md
Outdated
| be a JSON object with a "query" field, like `{"query" : "SELECT COUNT(*) FROM data_source WHERE foo = 'bar'"}`. | ||
| To use the SQL API to make Druid SQL queries, POST your query to the following endpoint on either the Router or Broker: | ||
| ``` | ||
| POST https://ROUTER:8082/druid/v2/sql/`. |
There was a problem hiding this comment.
Router uses the port 8888 by default while broker uses 8082.
Co-authored-by: Jihoon Son <[email protected]>
Co-authored-by: Jihoon Son <[email protected]>
fix port for router
docs/querying/sql.md
Outdated
| @@ -990,7 +990,7 @@ Druid returns an HTTP 202 response for successful deletion requests. | |||
|
|
|||
| Druid returns an HTTP 404 response in the following cases: | |||
| - Authorization fails. | |||
There was a problem hiding this comment.
Sorry @techdocsmith, now it return 403. Can you update the doc one last time?
remove authorization until it is 403
add 403 message
Adds documentation for the DELETE method to cancel queries.