<div dir="ltr"><div>Hi,</div><div><br></div><div>Now we are implementing api validation framework for Oslo.</div><div><a href="https://review.openstack.org/#/c/25884/">https://review.openstack.org/#/c/25884/</a></div><div>
Through this process, we face difficult issue between strict validation and</div><div>compatibility.</div><div><br></div><div>Now Nova distinguishes string integer(ex. "10") as integer by int().</div><div>If passing parameter "0123", current Nova handles it as 123 because of</div>
<div>casting to integer.</div><div><br></div><div>From the point view of strict validation, it is better to disallow integer</div><div>"0123".</div><div>However, from one of compatibility, it may be better to allow the value.</div>
<div><br></div><div>Also there is other issue of this kind.</div><div>Current "bool_from_str" type, which is used by parameter</div><div>"return_reservation_id" etc, is</div><div>distinguished to</div>
<div> * True: True(boolean), not 0(int), "True"(str), "Yes"(str), "Y"(str)</div><div> * False: Other everything</div><div>So now we can pass any value to parameter of "bool_from_str" type.</div>
<div>For strict validation, it is better to disallow except the following:</div><div> * True(boolean), 1(int), "True"(str), "Yes"(str), "Y"(str)</div><div> * False(boolean), 0(int), "False"(str), "No"(str), "N"(str)</div>
<div><br></div><div>IMO it is a good opportunity to adjust api validation, so I feel strict</div><div>validation is better. But this is not a strong opinion due to compatibility.</div><div><br></div><div>Any comments are welcome.</div>
<div><br></div><div><br></div><div>Thanks,</div><div>Ken'ichi Ohmichi</div><div><br></div><div class="gmail_extra">---<br><br><div class="gmail_quote">2013/3/27 Ken'ichi Ohmichi <span dir="ltr"><<a href="mailto:oomichi@mxs.nes.nec.co.jp" target="_blank">oomichi@mxs.nes.nec.co.jp</a>></span><br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><br>
Hi Édouard,<br>
<br>
On Tue, 26 Mar 2013 14:01:16 +0100<br>
Édouard Thuleau <<a href="mailto:edouard.thuleau@gmail.com">edouard.thuleau@gmail.com</a>> wrote:<br>
><br>
> Yes, very interesting.<br>
> Perhaps it could be mutualized between all OpenStack APIs. Why not<br>
> integrates it in the OpenStack common library (Oslo) ?<br>
<br>
Good point, Oslo is a nice implementation target from the viewpoint<br>
of whole OpenStack APIs.<br>
I guess the API validation will be executed in Resource.dispatch()<br>
of Oslo. Because now I think API schema definitions, which is used<br>
for API validation, are gotten from method attribute.<br>
<br>
openstack/common/wsgi.py<br>
394 def dispatch(self, obj, action, *args, **kwargs):<br>
395 """Find action-specific method on self and call it."""<br>
396 try:<br>
397 method = getattr(obj, action)<br>
398 except AttributeError:<br>
399 method = getattr(obj, 'default')<br>
400 <<-- Here -->><br>
401 return method(*args, **kwargs)<br>
<br>
This will be changed by discussions.<br>
<br>
<br>
Thanks<br>
Ken'ichi Ohmichi<br>
<br>
---<br>
<br>
> On Tue, Mar 26, 2013 at 1:24 PM, Sean Dague <<a href="mailto:sean@dague.net">sean@dague.net</a>> wrote:<br>
><br>
> > On 03/26/2013 06:09 AM, Ken'ichi Ohmichi wrote:<br>
> ><br>
> >><br>
> >> Hi,<br>
> >><br>
> >> This is RFC of blueprint nova-api-validation-fw.<br>
> >> Blueprint: <a href="https://blueprints.launchpad." target="_blank">https://blueprints.launchpad.</a>**net/nova/+spec/nova-api-**<br>
> >> validation-fw<<a href="https://blueprints.launchpad.net/nova/+spec/nova-api-validation-fw" target="_blank">https://blueprints.launchpad.net/nova/+spec/nova-api-validation-fw</a>><br>
> >> Details : <a href="https://wiki.openstack.org/**wiki/**" target="_blank">https://wiki.openstack.org/**wiki/**</a><br>
> >> NovaApiValidationFramework<<a href="https://wiki.openstack.org/wiki/NovaApiValidationFramework" target="_blank">https://wiki.openstack.org/wiki/NovaApiValidationFramework</a>><br>
> >><br>
> >> Nova has many RESTful APIs, and not all API parameters are completely<br>
> >> validated. We would like to propose an API validation framework to<br>
> >> implement comprehensive validation.<br>
> >> The benefits of this framework will be the followings:<br>
> >> * Validate every API parameters.<br>
> >> * Unify both message format and HTTP code of error response, if<br>
> >> the same cause.<br>
> >> ex) ".. is too short.", ".. is too long.", ".. is not integer."<br>
> >> * Clarify the API parameter definitions.<br>
> >> * Clean up codes by merging error handling methods.<br>
> >><br>
> >> Using the JSON Schema library, we have created a prototype and examined<br>
> >> this API validation framework. The following URL is the prototype code.<br>
> >> <a href="https://review.openstack.org/**25358" target="_blank">https://review.openstack.org/**25358</a><<a href="https://review.openstack.org/25358" target="_blank">https://review.openstack.org/25358</a>><br>
> >><br>
> >> We'd like to discuss the framework design, so any comments are welcome.<br>
> >><br>
> ><br>
> > This looks like a nice start, and it would be really good to consolidate<br>
> > the validation to a central point. Have you submitted a design summit<br>
> > session on this as well?<br>
> ><br>
> > -Sean<br>
> ><br>
> > --<br>
> > Sean Dague<br>
> > <a href="http://dague.net" target="_blank">http://dague.net</a><br>
> ><br>
> ><br>
> > ______________________________**_________________<br>
> > OpenStack-dev mailing list<br>
> > OpenStack-dev@lists.openstack.**org <<a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a>><br>
> > <a href="http://lists.openstack.org/**cgi-bin/mailman/listinfo/**openstack-dev" target="_blank">http://lists.openstack.org/**cgi-bin/mailman/listinfo/**openstack-dev</a><<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a>><br>
> ><br>
</blockquote></div><br></div></div>