<div dir="ltr">I think as we start moving these validations to the API, we should probably just enforce them across all plugins. Having conditionals in the API to check if the DB is there to change validation logic doesn't sound like much fun to maintain.</div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Feb 5, 2015 at 1:22 AM, Akihiro Motoki <span dir="ltr"><<a href="mailto:amotoki@gmail.com" target="_blank">amotoki@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">It is a good idea to enforce some validations for string fields.<br>
As Kevin said, Contrail plugin does not use db-backend but the API<br>
layer is still used,<br>
so attrbiutes.py works in the API layer, so we need to coordinate the effort.<br>
<br>
In addition, Neutron API v2.0 is an already shipped version. so we<br>
have several choice:<br>
- Keep the behavior unchanged<br>
- Always enforce string validation (it affects non-db backend plugins)<br>
- Enforce string validation conditionally<br>
There are several possible options to control the condition:<br>
- new configuration option which controls string field validation is enforced<br>
- query corresponding plugins (core, l3, service plugins) if it<br>
requires string validation<br>
- some other dynamic detection?<br>
<br>
In the next version of Neutron (v2.1 or v3), we should have more<br>
consistent validations<br>
on string fields too.<br>
<span class=""><br>
> If there is a DB that can be detected (something like sql.true()), we set 255 to name validate, otherwise we leave it as None.<br>
> How do you like this idea?<br>
<br>
</span>Regarding your idea, I haven't understood how your idea works.<br>
sqlalchemy is always installed on neutron-server and sql.true() just<br>
returns a constant.<br>
In addition, it depends on db backend but if [database] connection is<br>
set when non-db<br>
backend it does not work. Previously [database] connection config<br>
pramater is just ignored<br>
so it can still change the behavior.<br>
<br>
Akihiro<br>
<div class="HOEnZb"><div class="h5"><br>
2015-01-30 10:33 GMT+09:00 Zou, Yun <<a href="mailto:zou.yun@jp.fujitsu.com">zou.yun@jp.fujitsu.com</a>>:<br>
> To: Kevin Benton<br>
> To: Mark McClain,<br>
> Cc: Akihiro Motoki<br>
><br>
> Hello, Kevin Benton. Thank you for the reply.<br>
> I have an idea.<br>
> If there is a DB that can be detected (something like sql.true()), we set 255 to name validate, otherwise we leave it as None.<br>
> How do you like this idea?<br>
><br>
> Best regards,<br>
> watanabe.isao<br>
><br>
>> -----Original Message-----<br>
>> From: Kevin Benton [mailto:<a href="mailto:blak111@gmail.com">blak111@gmail.com</a>]<br>
>> Sent: Monday, January 26, 2015 1:56 PM<br>
>> To: OpenStack Development Mailing List (not for usage questions)<br>
>> Subject: Re: [openstack-dev] About fix of validate name string length at API<br>
>> level<br>
>><br>
>> Devstack may not install neutron without a database backend, but that's just<br>
>> a side effect of devstack. If I recall correctly, the contrail plugin does<br>
>> not use the DB at all to service the API calls, so that would be an example<br>
>> of a non-db plugin that you would have to consider.<br>
>><br>
>> So the concern here would be that putting this new constraint at the API layer<br>
>> would break long names on something like the contrail plugin when they could<br>
>> have been working before.<br>
>><br>
>> IMO, putting some restrictions on what can go into an arbitrary Neutron<br>
>> installation for fields like this is a better experience for users/deployers.<br>
>> However, we should probably do it in a coordinated effort (i.e. restrict them<br>
>> all simultaneously) rather than slowly trickling in restrictions across<br>
>> several releases.<br>
>><br>
>> On Jan 25, 2015 8:40 PM, "Zou, Yun" <<a href="mailto:zou.yun@jp.fujitsu.com">zou.yun@jp.fujitsu.com</a><br>
>> <mailto:<a href="mailto:zou.yun@jp.fujitsu.com">zou.yun@jp.fujitsu.com</a>> > wrote:<br>
>><br>
>><br>
>> To: Mark McClain<br>
>> Cc: Akihiro Motoki<br>
>> Cc: Assaf Muller, Armando Migliaccio, Oleg Bondarev, Toshiaki<br>
>> Higuchi<br>
>> Cc: Carl Baldwin, Aaron Rosen, Paul Michali, Rossella Sblendido<br>
>><br>
>> Hello, Mark McClain. I'm working on a bug fix [1] of validate name<br>
>> string length at API level.<br>
>> This fix let neutron return 400 BadRequest Error instead of internal<br>
>> 500 DB Error in an user operation.<br>
>> Then, Akihiro Motoki kindly told me that he worked on a similar issue<br>
>> [2], and you have reminded him about non-db backend plugin.<br>
>> I would like to take a consensus about this non-db backend plugin<br>
>> issue, before I move on my work.<br>
>> I have looked at the code of devstack [3], and it shows that neutron<br>
>> API server will not be installed if there is not any $DATABASE_BACKENDS been<br>
>> enabled.<br>
>> So I don't know what should we really take care about in this fix.<br>
>> Could you tell me your original concern or the picture you are imaging,<br>
>> please?<br>
>><br>
>> [1] <a href="https://review.openstack.org/#/c/145660/" target="_blank">https://review.openstack.org/#/c/145660/</a><br>
>> [2] <a href="https://review.openstack.org/#/c/84708/" target="_blank">https://review.openstack.org/#/c/84708/</a><br>
>> [3] <a href="http://docs.openstack.org/developer/devstack/stack.sh.html" target="_blank">http://docs.openstack.org/developer/devstack/stack.sh.html</a><br>
>><br>
>> Best regards,<br>
>> watanabe.isao<br>
>><br>
>><br>
>> ________________________________________________________________<br>
>> __________<br>
>> OpenStack Development Mailing List (not for usage questions)<br>
>> Unsubscribe:<br>
>> <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br>
>> <<a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" target="_blank">http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a>><br>
>> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-de" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-de</a><br>
>> v<br>
>><br>
><br>
> _______________________________________________<br>
> Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
> Post to : <a href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a><br>
> Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
<br>
<br>
<br>
</div></div><span class="HOEnZb"><font color="#888888">--<br>
Akihiro Motoki <<a href="mailto:amotoki@gmail.com">amotoki@gmail.com</a>><br>
</font></span><div class="HOEnZb"><div class="h5"><br>
_______________________________________________<br>
Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
Post to : <a href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a><br>
Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div>Kevin Benton</div></div>
</div>