Add endpoint for REST version and capabilities.

[shaunrd0]

This adds the REST capabilities endpoint to RestClientRemote and serialization for the RestCapabilities response. The endpoint is currently not in use internally and there is no way to make the request using public APIs.

The RestCapabilities response currently provides the TileDB core version deployed to REST, and the minimum TileDB core client version supported by the REST server. The response may be updated in the future to add more information as needed - discussion in shortcut and design document

---

TYPE: FEATURE
DESC: Add endpoint for REST version and capabilities.

[ypatia]

Thank you for starting this! I left some first comments and let's discuss the next steps.

[ypatia]

hmm. Why allow that? This doesn't look good or necessary. Why allow version checking to be unauthenticated?

[shaunrd0]

The endpoint doesn't require authentication server side, all other endpoints currently supported by core do. If we make this request we could assume we plan to make requests to authenticated routes so the error is likely inevitable, on first pass it just seemed strange to require a token for an unauthenticated route.

I removed it and we now require the authentication to be configured, I don't think there is really a case where we would just make this request and not send any others. I'll bring this up on my REST PR as well to see if we want to require authentication on the REST side as well.

[ypatia]

I'd go for requiring authentication on the REST side as well, but yes checking with REST experts might be a better idea. The only downside I can see is performance, but having a general rule that all client-server communication needs to be authenticated sounds more important to me.

[ypatia]

Is that because the version request will always be the first one to get to the server? It's worth at least a comment.

[shaunrd0]

Sort of yeah, AFAICT this is the first endpoint supported by core that doesn't require an asset URI. We use the asset URI in Curl::write_header_callback to parse and cache redirect URIs. This was quite hacky though, it was really just for POC.

There was already a similar boolean flag in Curl::init to disable this so I updated to use that instead. Without an asset URI we need to disable the caching done on the URI or we fail the curl request after returning 0 here: https://github.com/tiledb-inc/tiledb/blob/286da187ee9a3bc9d66538ce2ed433cc2c8b759a/tiledb/sm/rest/curl.cc#L167

The logging looks like this when you set TILEDB_CONFIG_LOGGING_LEVEL=5, we end up in a retry loop after returning 0 in the callback linked above (Failure writing output to destination, passed 17 returned 0)

[2025-01-22 15:47:08.313] [Process: 2121225] [error] [1737578828284111920-Global] Rest components as array_ns and array_uri cannot be empty
[2025-01-22 15:47:08.313] [Process: 2121225] [trace] [1737578828261932792-Context: 2] [curl : 2] [curl : 1] OP=CORE-TO-REST,SECONDS=0.001,RETRY=0,CODE=200,URL=127.0.0.1:8181/v4/version
[2025-01-22 15:47:08.313] [Process: 2121225] [debug] [1737578828284111920-Global] Request to 127.0.0.1:8181/v4/version failed with Curl error message "Failure writing output to destination, passed 17 returned 0", will sleep 500ms, retry count 0

[ypatia]

Also I guess the UT can't go in as part of this PR, but will have to be moved to the next one that will come after the REST server has moved the libtiledb (minor) release that includes this PR. Hopefully for the last time 😅

[ypatia]

A few more comments but overall it looks good!

[ypatia]

Since we have accessors for all private arguments, how about making this a struct as well and simplify things?

[shaunrd0]

Done

[ypatia]

Well, I guess what I meant is that once we make this a struct , we no longer need friend or getters for the members. If you think it's important that the member variables are not set outside of the struct or its friends you can revert this to a class to preserve those semantics.

[shaunrd0]

Ah gotcha, this should work just fine since RestClientRemote returns only a const reference of the struct. I kept the RestClientRemote::rest_tiledb_version() and similar accessors in RestClientRemote for convenience, but I removed accessors from the struct itself since they are not needed.

[ypatia]

I'd go for requiring authentication on the REST side as well, but yes checking with REST experts might be a better idea. The only downside I can see is performance, but having a general rule that all client-server communication needs to be authenticated sounds more important to me.

[shaunrd0]

This is ready for review, a few notes for reviewers -

• The endpoint does not and will not exist in legacy REST, so a REST CI test here will fail until REST CI is updated to pull from the latest REST repository SC-62628
• The request won't be made until we internally make a call to RestClientRemote::get_capabilities_from_rest. At this time there is no usage of this method, so IIUC this can either go into 2.27.1 or 2.28.0 based on preference / need for a 2.27.1 patch release (cc @ihnorton) There is no way to manually make this request using public APIs.

[ypatia]

Some last comments and I'll approve. Let's also add a link to the design doc in the PR description.

[ypatia]

Well, I guess what I meant is that once we make this a struct , we no longer need friend or getters for the members. If you think it's important that the member variables are not set outside of the struct or its friends you can revert this to a class to preserve those semantics.