Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove DELETE /index/type endpoint #5960

Closed
dadoonet opened this issue Apr 28, 2014 · 5 comments
Closed

Remove DELETE /index/type endpoint #5960

dadoonet opened this issue Apr 28, 2014 · 5 comments
Labels
discuss

Comments

@dadoonet
Copy link
Member

Heya,

As we did it for #4481, it could be safe not to allow anymore removing a type using:

DELETE /index/type

But only allow:

DELETE /index/type/_mapping
DELETE /index/_mapping/type

It could happen that a user which have previously posted a new document deletes all documents by forgetting to provide the _id.

POST /index/type
{
 "foo" : "bar"
}

# Just change the VERB and you wipe every documents! 
DELETE /index/type
{
 "foo" : "bar"
}

Thoughts?
@kimchy
Copy link
Member

kimchy commented Apr 29, 2014

I am conflicted, if we remove this, and following the same logic, we should remove DELETE /_index_. On the other hand, can easily see how maybe someone can make a mistake here...

@dadoonet
Copy link
Member Author

So may be we should introduce a new setting like action.destructive_requires_confirmation (default to false) and if set only allow operations like:

# Scenario 1: index level
PUT /{index}

# Will be rejected
DELETE /{index}

# will work
DELETE /{index}/_confirm

# Scenario 2: type level
POST /{index}/{type}
{ "foo" : "bar" }

# Will be rejected
DELETE /{index}/{type}

# Will work
DELETE /{index}/{type}/_confirm

So, we don't break anything with that change which is even better but we let OPS decide if we want to activate that feature or not.

May be there are some cleaner way to do this?
I mean like we do with existing on disk indices which are not in cluster state. We can DELETE an index only after some minutes by setting indices.delete.interval: 5m (default to 0 - means immediate removal).

In that case, the index should not be available anymore for search but we could fire a command like:

DELETE /{index}/_cancel

Any other ideas? Or should we close this "issue"?

@ghoumard
Copy link

ghoumard commented May 1, 2014

We make this mistake, so we definitively love to see a circuit-breaker here.
I'm not sure about the indices.delete.interval: 5m , but the action.destructive_requires_confirmation settings looks a good start.

@clintongormley
Copy link

We talked about this today and feel that we should keep the existing API, and not try to provide too much protection as we will end up hurting existing users.

What we can do is to reject DELETE requests which come with a body, when a body is not expected.

@clintongormley clintongormley mentioned this issue Oct 24, 2014
Closed
@clintongormley
Copy link

Closed in favour of #8217

@bvolpato bvolpato mentioned this issue Nov 10, 2016
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
discuss
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@kimchy @clintongormley @dadoonet @ghoumard