[openstack-dev] [Keystone] Use JSON Schemas to validate API requests data

Dolph Mathews dolph.mathews at gmail.com
Thu Jun 6 20:31:50 UTC 2013


On Thu, Jun 6, 2013 at 2:23 PM, Brant Knudson <blk at acm.org> wrote:

>
> Does OpenStack have a policy for handling of extra/unexpected arguments?
> Examples of extra arguments are unexpected query parameters on a GET
> request or extra fields provided in the JSON body of a POST.
>
> Many web APIs ignore extra arguments to make it easier to add support for
> new features. For example, if 'GET /users' adds support for sorting with
> 'GET /users?sort=id' , new clients will still work with old servers, they
> just won't get the users back in sorted order.
>
> If we strictly validate inputs that would make it more difficult to extend
> our APIs.
>

The current JSON schema validator ignores attributes that are not in the
schema (i.e. it "allows any other attribute").

  >>> import jsonschema
  >>> schema={'title': 'role', 'properties': {'id': {'type': 'string'}},
'required': ['id']}
  >>> validator = jsonschema.validators.Draft4Validator(schema)
  >>> validator.validate({'id': 'abc123'})  # id is validated as a required
string
  >>> validator.validate({'id': 'abc123', 'name': 'foo'})  # name is not an
attribute in the schema
  >>> validator.validate({'id': 123, 'name': 'foo'}) # id is not a string
  Traceback (most recent call last):
    File "<stdin>", line 1, in <module>
    File
"/Users/dolph/Environments/os/lib/python2.7/site-packages/jsonschema/validators.py",
line 117, in validate
      raise error
  jsonschema.exceptions.ValidationError: 123 is not of type 'string'

  Failed validating 'type' in schema['properties']['id']:
      {'type': 'string'}

  On instance['id']:
      123

Support for explicitly enumerating disallowed attributes was in draft 3 but
was removed in draft 4... not sure why.


>
> - Brant
>
>
>
> On Sun, Jun 2, 2013 at 4:11 AM, Bruno Semperlotti <
> bruno.semperlotti at gmail.com> wrote:
>
>> Hi,
>>
>> As a first contribution, I recently worked on a small bug about bad error
>> response when passing incorrect parameters in API requests (#1110435<https://bugs.launchpad.net/keystone/+bug/1110435>
>> ).
>> There is also this other bug about bad application behavior when API
>> requests data are incorrect or missing (#999084<https://bugs.launchpad.net/keystone/+bug/999084>
>> )
>>
>>  My point is that no systematic data validation seems to be made when
>> receiving API requests, leading to potential unwanted behavior or
>> instability.
>>
>> I am working on a prototype to enable simple validation of all API
>> requests data using json schemas and the python package jsonschema<https://pypi.python.org/pypi/jsonschema>
>> .
>>
>> As I am new in the openstack community and also because my work uses the
>> json schema specification which is still a draft with a new package
>> dependency, I was looking for some feedback about this idea before going on
>> and filling a blueprint.
>>
>> Regards,
>>
>> --
>> Bruno Semperlotti
>>
>> _______________________________________________
>> OpenStack-dev mailing list
>> OpenStack-dev at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130606/2c55d583/attachment.html>


More information about the OpenStack-dev mailing list