<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif; ">
<div>
<div>
<div>With JSON Schema, you can specify whether you allow unknown elements in the message. I imagine it would be up to the individual API to decide if that was warranted for a particular message.</div>
<div><br>
</div>
<div><br>
</div>
<div>Jarret</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
</div>
</div>
<span id="OLK_SRC_BODY_SECTION">
<div style="font-family:Calibri; font-size:11pt; text-align:left; color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt">
<span style="font-weight:bold">From: </span>Brant Knudson <<a href="mailto:blk@acm.org">blk@acm.org</a>><br>
<span style="font-weight:bold">Reply-To: </span>OpenStack List <<a href="mailto:openstack-dev@lists.openstack.org">openstack-dev@lists.openstack.org</a>><br>
<span style="font-weight:bold">Date: </span>Thursday, June 6, 2013 2:23 PM<br>
<span style="font-weight:bold">To: </span>OpenStack List <<a href="mailto:openstack-dev@lists.openstack.org">openstack-dev@lists.openstack.org</a>><br>
<span style="font-weight:bold">Subject: </span>Re: [openstack-dev] [Keystone] Use JSON Schemas to validate API requests data<br>
</div>
<div><br>
</div>
<div>
<div>
<div dir="ltr">
<div>
<div><br>
Does OpenStack have a policy for handling of extra/unexpected arguments? Examples of extra arguments are unexpected query parameters on a GET request or extra fields provided in the JSON body of a POST.<br>
<br>
</div>
Many web APIs ignore extra arguments to make it easier to add support for new features. For example, if 'GET /users' adds support for sorting with 'GET /users?sort=id' , new clients will still work with old servers, they just won't get the users back in sorted
order.<br>
<br>
</div>
<div>If we strictly validate inputs that would make it more difficult to extend our APIs.<br>
</div>
<div><br>
</div>
- Brant<br>
<br>
</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Sun, Jun 2, 2013 at 4:11 AM, Bruno Semperlotti <span dir="ltr">
<<a href="mailto:bruno.semperlotti@gmail.com" target="_blank">bruno.semperlotti@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div>Hi,</div>
<div><br>
</div>
<div>As a first contribution, I recently worked on a small bug about bad error response when passing incorrect parameters in API requests (<span style="color: rgb(102, 102, 102); font-size: 12px; line-height: 18px; font-family: Ubuntu, 'Bitstream Vera Sans', 'DejaVu Sans', Tahoma, sans-serif; "><a href="https://bugs.launchpad.net/keystone/+bug/1110435" target="_blank">#1110435</a></span>).</div>
<div>There is also this other bug about bad application behavior when API requests data are incorrect or missing (<a href="https://bugs.launchpad.net/keystone/+bug/999084" target="_blank">#999084</a>)</div>
<div><br>
</div>
<div>My point is that no systematic data validation seems to be made when receiving API requests, leading to potential unwanted behavior or instability.</div>
<div><br>
</div>
<div>I am working on a prototype to enable simple validation of all API requests data using json schemas and the python package
<a href="https://pypi.python.org/pypi/jsonschema" target="_blank">jsonschema</a>.</div>
<div><br>
</div>
<div>As I am new in the openstack community and also because my work uses the json schema specification which is still a draft with a new package dependency, I was looking for some feedback about this idea before going on and filling a blueprint. </div>
<div><br>
</div>
<div>Regards,</div>
<br clear="all">
<div>--<br>
Bruno Semperlotti</div>
</div>
<br>
_______________________________________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</span>
</body>
</html>