[openstack-dev] [Keystone] Use JSON Schemas to validate API requests data

Jarret Raim jarret.raim at RACKSPACE.COM
Mon Jun 3 14:36:38 UTC 2013


JSON Schema supports the creation of base elements that can be inherited or composed to form larger schemas. You just need to pass the schema to the validator, so there shouldn't be anything preventing you from generating them on the fly if needed.

We are also planning on sharing the schemas between the client and api. I hadn't thought about the middleware idea, but that might not be a bad idea.



Jarret


From: Dolph Mathews <dolph.mathews at gmail.com<mailto:dolph.mathews at gmail.com>>
Reply-To: OpenStack List <openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack.org>>
Date: Monday, June 3, 2013 9:12 AM
To: OpenStack List <openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack.org>>
Subject: Re: [openstack-dev] [Keystone] Use JSON Schemas to validate API requests data

We do a bit of data validation... but not across the entire API nor on responses, both of which would be great to have.

I'd actually like to see the jsonschema validation provided by keystoneclient, which keystone can consume through a new middleware (say, keystone.contrib.json_schema) or publish through the HTTP API. Reason being that I think enabling --debug in the client should trigger the client to validate it's own requests & responses (or perhaps it should always validate it's own requests?), and that can be applied during integration tests as well.

There would also be a LOT of similarity between various v3 API request/response formats, and I'd hate to have to maintain a jungle of .json schema files. Instead, it'd be awesome if the schemas could be produced on the fly by inheriting common attributes, etc.

-Dolph


On Sun, Jun 2, 2013 at 4:11 AM, Bruno Semperlotti <bruno.semperlotti at gmail.com<mailto:bruno.semperlotti at gmail.com>> wrote:
Hi,

As a first contribution, I recently worked on a small bug about bad error response when passing incorrect parameters in API requests (#1110435<https://bugs.launchpad.net/keystone/+bug/1110435>).
There is also this other bug about bad application behavior when API requests data are incorrect or missing (#999084<https://bugs.launchpad.net/keystone/+bug/999084>)

My point is that no systematic data validation seems to be made when receiving API requests, leading to potential unwanted behavior or instability.

I am working on a prototype to enable simple validation of all API requests data using json schemas and the python package jsonschema<https://pypi.python.org/pypi/jsonschema>.

As I am new in the openstack community and also because my work uses the json schema specification which is still a draft with a new package dependency, I was looking for some feedback about this idea before going on and filling a blueprint.

Regards,

--
Bruno Semperlotti

_______________________________________________
OpenStack-dev mailing list
OpenStack-dev at lists.openstack.org<mailto:OpenStack-dev at lists.openstack.org>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130603/f3fe59c1/attachment.html>


More information about the OpenStack-dev mailing list