Make cloud API requests idempotent

[cuonglm]

When k6 requests to cloud API timeout, k6 will retry the request a
few times. This can be problematic, because the retrying request can
cause user's test start twice.

This PR tries to fix that problem by using a session token for each POST
request. With this token, cloud API can know that the request is the
retried one, and avoid creating new test, and return the old one.

Speaking in other way, k6 POST request to cloud API becomes idempotent.

Fixes #1205

[codecov-io]

Codecov Report

Merging #1208 into master will decrease coverage by <.01%.
The diff coverage is 88.88%.

@@            Coverage Diff             @@
##           master    #1208      +/-   ##
==========================================
- Coverage   73.65%   73.65%   -0.01%     
==========================================
  Files         147      147              
  Lines       10641    10656      +15     
==========================================
+ Hits         7838     7849      +11     
- Misses       2344     2346       +2     
- Partials      459      461       +2

Impacted Files	Coverage Δ
stats/cloud/client.go	75.96% <88.88%> (+2.39%)	⬆️
core/engine.go	93.77% <0%> (-0.96%)	⬇️
js/modules/k6/html/html.go	85.08% <0%> (-0.06%)	⬇️
lib/testutils/httpmultibin/httpmultibin.go	92.53% <0%> (-0.06%)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 5cda323...7452ffc. Read the comment docs.

[mstoykov]

Not certain what this test adds that the others you have changed don't already do ...

[cuonglm]

@mstoykov this test for 2 case:

• POST request with user supplies session token success.
• Non-POST request success without session token.

[mstoykov]

1. it doesn't test that the token that is set manually is the one that is used
2. it doesn't test that the Non-POST request don't send a token
   So in both cases those are tested by other tests already

[cuonglm]

@mstoykov Fair point, but I think it just does mean that the test does not do the actual meaningful test, not mean both cases those are tested by other tests already

I'm sure because you can check code cov log, I add the test above because code cov complains about missing of 2 above cases.

Anyway, updated PR coming.

[mstoykov]

I don't think either of those or necessary:

1. This can be used for all requests not only POSTs
2. I don't see why calling setSessionToken should not overwrite an old token (maybe the tests were failing
3. If each of 1 or 2 is not true we can just not call setSessionToken inside Client.Do but insted in Client.CreateTestRun

[cuonglm]

@mstoykov

This can be used for all requests not only POSTs

Yes, but idempotency should be applied for POST only. There's nothing you should do with other requests. For k6, generating wasted HTTP header, which backend does not handle increase both bandwidth and load for our cloud API server

I don't see why calling setSessionToken should not overwrite an old token (maybe the tests were failing

The point is that if the caller can specify its session token id, instead of relying on our generating one. See TestSessionToken for example

If each of 1 or 2 is not true we can just not call setSessionToken inside Client.Do but insted in Client.CreateTestRun

Yes, but it's not well design to just handle specific case for CreateTestRun. In future, if we introduce more Post endpoint which need idempotency, this design works for all of them.

[mstoykov]

The problem is that ... literally we have 1 POST we need this for ... and while there is possibility we might add it to others, this is not the case today and I find it unlikely.
Also the method name is ... lying it's not just setting a SessionToken, it's setting only if ... some conditions are met.
To be honest I think generateSessionToken and k6SessionTokenHeader should become a public use them in CreateTestRun and let people if want to to set them in a custom request and send it ... which is also unlikely use case but still ... it would be possible.
If we ever want to do it for all Posts I would argue that the if method == POST should be in the body of the client.Do not in some function

[cuonglm]

If we ever want to do it for all Posts I would argue that the if method == POST should be in the body of the client.Do not in some function

Fair point, this change and with satori uuid, the code looks much cleaner

[mstoykov]

I really don't like that now we have an error that we have to check that

1. we have no way of fixing
2. it's very unlikely that crypto/rand#Read will return an error >.>

But unfortunately I don't have any proposals ...

[cuonglm]

I often use https://github.com/satori/go.uuid in all my previous projects. Since when I see current uuid package inside vendor already, I don't want to touch it in this PR.

We can ignore it for now and I will create separate issue for changing uuid package.

How do you think @na-- @imiric ?

[mstoykov]

I don't think changing to a different uuid package will help us with the error ... the problem is crypto.rand#Read can return an error and all of those use them AFAIK.
My argument is that we don't need crypto/rand at all and the non crypto one always returns a nil error :). But I don't think it's that big of problem ... I just really dislike that we added another error that is

1. unlikely
2. we have 0 things we can do, but report it or retry ... maybe
3. can't test

[cuonglm]

@mstoykov not sure what's your point. My point is that satori/go.uuid does not return error when creating new uuid string, so we don't have to check for error.

[cuonglm]

Hmm, maybe I should change the current uuid package, as I see it is not used anywhere in current code base (not sure why it existed in vendor)

[mstoykov]

Okay ... so apparently that lib you just added has a last version which panics on error and the very next commit (nearly 2 years ago) adds an error to be returned, which is what is shown in the godoc.

I am very strongly against adding another UUID lib ... just for this.

I am also very opposed to panicing. I have no idea when crypto/rand could return an error but still.

For me using crypto/rand for this particular token is an overkill .. if it wasn't for the fact we add an error I would've not cared :) , but that is what is bugging me - the error(or panic with this new lib), not the fact we use crypto for it

[cuonglm]

@mstoykov note that even you use math/rand, its rand.Read still returns an error, too. So why bother to use crypto/rand

[cuonglm]

@mstoykov Here's what I often do:

func generateSessionToken() string {
	// 16 hex characters
	b := make([]byte, 8)
	if _, err := rand.Read(b); err != nil {
		panic(err)
	}
	return hex.EncodeToString(b)
}

[mstoykov]

as per the docs it always return a nil error, so we can ignore it safely knowing it's never going to happen.

[cuonglm]

@mstoykov good point 👍

[na--]

As we spoke on the call, I'm completely walking back from my desire of a session-id 😞 We don't currently need it, and it would unnecessarily complicate the distributed execution, so the per-request idempotency key would be sufficient for now.

[cuonglm]

As we spoke on the call, I'm completely walking back from my desire of a session-id 😞 We don't currently need it, and it would unnecessarily complicate the distributed execution, so the per-request idempotency key would be sufficient for now.

For clarifying, "per-request" means "per-POST-request" or every requests?

[na--]

As we spoke on the call, I'm completely walking back from my desire of a session-id disappointed We don't currently need it, and it would unnecessarily complicate the distributed execution, so the per-request idempotency key would be sufficient for now.

For clarifying, "per-request" means "per-POST-request" or every requests?

Per non-GET/non-HEAD request, since these should be idempotent by default 😉 And while we currently have only POST requests IIRC, we might have PUT or DELETE requests in the future, where this could also be useful

[mstoykov]

I am still of the opinion that the session token should be set by each and every constructor of the corresponding request not in Client.Do.

[na--]

@mstoykov, let's not call it session token, since that implies it's persistent for the whole session (which we agreed we're not going to do now, since it would complicate distributed execution and is not needed to fix the particular problem). Rather, let's call the new header Idempotency-Key, borrowing from https://stripe.com/docs/api/idempotent_requests (kudos to @cuonglm for sending me that link).

But yeah, it'd probably be more visible and understandable if we're setting that header value in the request constructor, not in the Do() method...

[na--]

Like we mentioned in the PR global comments, this seems better suited for the NewRequest() method

[cuonglm]

I against it, as we may want the caller to supply its own Idempotency-Key. Also, I have a patch local here, which will move all request header preparation to here instead of in Client.do, but it will go after this PR merged.

[na--]

Fair enough, but the user would also be able to supply their own idempotency key even if we handle this in NewRequest(), it would just be done by deliberately overwriting whatever we generated there.

[cuonglm]

Fixed.

[na--]

Fair enough, but the user would also be able to supply their own idempotency key even if we handle this in NewRequest(), it would just be done by deliberately overwriting whatever we generated there.

[na--]

LGTM now 😄 Just please squash it to one or two (timeout increase+the rest) commits. And maybe add a //nolint:gosec in randomStrHex() so that the linter doesn't complain.