Open Stack

Hi Amit,

Keeping in mind this viewpoint is nothing but my own personal view, my recommendation would be to not mandate the use of a particular validation framework, but to instead define what kind of validation clients should expect the server to perform in general. For example, I would expect a service to return an error code and not perform any action if I called "Create server" but did not include a request body, but the actual manner in which that error is generated within the service does not matter from the client's perspective.

This is not to say the API Working Group wouldn't help you evaluate the potential of Stoplight to meet the needs of a service. To the contrary, by clearly defining the expectations of a service's responses to requests, you'll have a great idea of exactly what to look for in your evaluation, and your final decision would be based on objective results.

Thank you,
Sam Harwell

From: Amit Gandhi [mailto:amit.gandhi at RACKSPACE.COM]
Sent: Friday, October 17, 2014 12:32 PM
To: OpenStack Development Mailing List (not for usage questions)
Cc: ryan at ryanpetrello.com
Subject: [openstack-dev] [api] Request Validation - Stoplight

Hi API Working Group

Last night at the Openstack Meetup in Atlanta, a group of us discussed how request validation is being performed over various projects and how some teams are using pecan wsmi, or warlock, jsonschema etc.

Each of these libraries have their own pro's and con's.  My understanding is that the API working group is in the early stages of looking into these various libraries and will likely provide guidance in the near future on this.

I would like to suggest another library to evaluate when deciding this.  Some of our teams have started to use a library named "Stoplight"[1][2] in our projects.  For example, in the Poppy CDN project, we found it worked around some of the issues we had with warlock such as validating nested json correctly [3].

Stoplight is an input validation framework for python.  It can be used to decorate any function (including routes in pecan or falcon) to validate its parameters.

Some good examples can be found here [4] on how to use Spotlight.

Let us know your thoughts/interest and we would be happy to discuss further on if and how this would be valuable as a library for API request validation in Openstack.


Thanks


Amit Gandhi
Senior Manager - Rackspace



[1] https://pypi.python.org/pypi/stoplight
[2] https://github.com/painterjd/stoplight
[3] https://github.com/stackforge/poppy/blob/master/poppy/transport/pecan/controllers/v1/services.py#L108
[4] https://github.com/painterjd/stoplight/blob/master/stoplight/tests/test_validation.py#L138

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20141018/8267b4e2/attachment.html>