The problem is: A custom HTTP method is prone to incompatibilities in various places.
I'm sure there are reasons for choosing a custom method like REDEEM as opposed to something like PUT or POST, but there has to be a better solution.
Additional Context
While a custom HTTP method may work fine for most browsers, things start to break when there are Proxies between the API and browser.
Starting with the Proxy that we're using while developing the Portal itself. After debugging for an hour I noticed that the Proxy automatically turned the REDEEM request to a GET request but returned a 400 Bad Request...
I could spend more time to get a proxy working with REDEEM, but that is just fighting symptoms and still not resolving the bigger problem:
Corporate Proxies for sure won't allow custom methods.
I imagine that APPUiO Cloud has some users who are using the Portal from behind a Proxy or WAF. There's a very high chance that the feature to redeem invitations will not work in those conditions.
Logs
No response
Expected Behavior
The request is using a method that is commonly allowed, e.g. HEAD (preferred) or OPTIONS, if POST or PUT are unacceptable for some reason.
Alternatively, it may be worth thinking about a small server running on Kubernetes with its own Endpoint that can accept PUT or POST on invitations without K8s RBAC inbetween, but translates the request into something Kubernetes understands, or attempts to update the invitation accordingly for the requesting user.
HEAD is not possible AFAIK, we either do use an invitation subresource /redeem (like /status or /scale) or a create-only virtual resource InvitationRedemption analogous to SARs.
Description
I'm working on https://github.com/appuio/cloud-portal/issues/460, specifically the Accept part where the REDEEM request (see https://kb.vshn.ch/appuio-cloud/references/architecture/control-api-invitation.html) is supposed to happen.
The problem is: A custom HTTP method is prone to incompatibilities in various places.
I'm sure there are reasons for choosing a custom method like REDEEM as opposed to something like
PUT
orPOST
, but there has to be a better solution.Additional Context
While a custom HTTP method may work fine for most browsers, things start to break when there are Proxies between the API and browser. Starting with the Proxy that we're using while developing the Portal itself. After debugging for an hour I noticed that the Proxy automatically turned the REDEEM request to a GET request but returned a 400 Bad Request... I could spend more time to get a proxy working with REDEEM, but that is just fighting symptoms and still not resolving the bigger problem:
Corporate Proxies for sure won't allow custom methods.
I imagine that APPUiO Cloud has some users who are using the Portal from behind a Proxy or WAF. There's a very high chance that the feature to redeem invitations will not work in those conditions.
Logs
No response
Expected Behavior
The request is using a method that is commonly allowed, e.g.
HEAD
(preferred) orOPTIONS
, ifPOST
orPUT
are unacceptable for some reason.Alternatively, it may be worth thinking about a small server running on Kubernetes with its own Endpoint that can accept PUT or POST on invitations without K8s RBAC inbetween, but translates the request into something Kubernetes understands, or attempts to update the invitation accordingly for the requesting user.
Steps To Reproduce
curl -X REDEEM "http://localhost:8001/apis/user.appuio.io/v1/invitations/...?token=...
Version used
v0.19.2
Version of OpenShift
K8s v1.25