[openstack-dev] [Keystone] Use JSON Schemas to validate API requests data

Brant Knudson blk at acm.org
Thu Jun 6 19:23:10 UTC 2013


Does OpenStack have a policy for handling of extra/unexpected arguments?
Examples of extra arguments are unexpected query parameters on a GET
request or extra fields provided in the JSON body of a POST.

Many web APIs ignore extra arguments to make it easier to add support for
new features. For example, if 'GET /users' adds support for sorting with
'GET /users?sort=id' , new clients will still work with old servers, they
just won't get the users back in sorted order.

If we strictly validate inputs that would make it more difficult to extend
our APIs.

- Brant



On Sun, Jun 2, 2013 at 4:11 AM, Bruno Semperlotti <
bruno.semperlotti at gmail.com> wrote:

> Hi,
>
> As a first contribution, I recently worked on a small bug about bad error
> response when passing incorrect parameters in API requests (#1110435<https://bugs.launchpad.net/keystone/+bug/1110435>
> ).
> There is also this other bug about bad application behavior when API
> requests data are incorrect or missing (#999084<https://bugs.launchpad.net/keystone/+bug/999084>
> )
>
> My point is that no systematic data validation seems to be made when
> receiving API requests, leading to potential unwanted behavior or
> instability.
>
> I am working on a prototype to enable simple validation of all API
> requests data using json schemas and the python package jsonschema<https://pypi.python.org/pypi/jsonschema>
> .
>
> As I am new in the openstack community and also because my work uses the
> json schema specification which is still a draft with a new package
> dependency, I was looking for some feedback about this idea before going on
> and filling a blueprint.
>
> Regards,
>
> --
> Bruno Semperlotti
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130606/33f6986a/attachment.html>


More information about the OpenStack-dev mailing list