Risk of inconsistent API response data #21991
Unanswered
TribuneX
asked this question in
Help Wanted!
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Problem
We store devices in NetBox with 1000+ interfaces and periodically query them via GraphQL, including related data. These queries retrieve large datasets, including all interfaces of a device.
We observed that responses sometimes contain inconsistent data. For example, the description of a recently updated interface may be missing or outdated within the same response.
Potential Root Cause
Write operations in NetBox are executed within database transactions, while read operations (via REST API or GraphQL) are not explicitly wrapped in transactions.
Even if read queries were executed within a transaction, PostgreSQL’s default isolation level, Read Committed, allows a query to see data committed by other transactions during its execution.
By analyzing the SQL generated by our GraphQL queries, we found that fields such as the interface description are fetched via multiple separate
SELECTstatements within a single GraphQL request. This likely leads to inconsistent snapshots of the data being returned.Workaround
As a workaround, we enabled ATOMIC_REQUESTS and set the transaction isolation level to REPEATABLE READ (see also django docs).
With this setup, each request runs within a single transaction and sees a consistent snapshot of the database, eliminating the inconsistencies observed in read queries.
Request for Feedback
We are interested in how others handle this issue and whether there are known drawbacks to running NetBox with
ATOMIC_REQUESTSenabled and the isolation level set toREPEATABLE READ. Since the django docs include a warning for this level:One issue we have encountered is that seemingly read-only requests may still perform write operations (e.g., updating the last-used timestamp of an API token). Under higher isolation, this can lead to errors such as:
We appreciate any insights or best practices regarding this setup.
Beta Was this translation helpful? Give feedback.
All reactions