[openstack-dev] [Keystone] Use JSON Schemas to validate API requests data
Jorge Williams
jorge.williams at rackspace.com
Thu Jun 6 21:19:12 UTC 2013
The problem with setting additionalProperties to true is that if someone misspells the name of an optional property then you don't catch that as a validation error.
The latest draft of JSON schema has a way to address this. You can set additonalProperties to false. And then add a 'patternProperties' to essentially ignore properties whose name matches a certain regex. In the example below we assume that extensions have a prefix and a colon (:).
JSON Schema:
{
'type': 'object',
'properties': {
id': {'type': 'string'},
'name': {'type': 'string'}
},
'required':['name'],
'patternProperties' : {
".*:.*" : {}
},
'additionalProperties': false
}
VALID:
{
"name": "Smith",
"id": "1234"
}
INVALID (misspell id):
{
"name": "Smith",
"Id": "1234"
}
Valid (With extension):
{
"name": "Smith",
"id": "1234",
"ext:region": "US-East"
}
-jOrGe W.
On Jun 6, 2013, at 3:33 PM, Dolph Mathews wrote:
> Cool, I sent my email too soon!
>
> -Dolph
>
>
> On Thu, Jun 6, 2013 at 3:16 PM, Bruno Semperlotti <bruno.semperlotti at gmail.com> wrote:
> Hi Brant,
>
> Json schema has an attribute "additionalProperties": true/false. If true (the default), all extra properties not declared in the corresponding schema level are ignored and thus considered as valid.
> This allows to strictly validate expected data and gives enough flexibility to easily extends the API.
>
> {
> 'type': 'object',
> 'properties': {
>
> id': {'type': 'string'},
> 'name': {'type': 'string'}
> },
> 'required':['name'],
> 'additionalProperties': true
> }
>
> *** Valid if 'additionalProperties' is true, Invalid if 'additionalProperties' is false***
> {
> 'name': 'Smith',
> 'ext-region': 'US-East'
> }
>
> --
> Bruno Semperlotti
>
>
> On Thu, Jun 6, 2013 at 9:23 PM, Brant Knudson <blk at acm.org> wrote:
>
> Does OpenStack have a policy for handling of extra/unexpected arguments? Examples of extra arguments are unexpected query parameters on a GET request or extra fields provided in the JSON body of a POST.
>
> Many web APIs ignore extra arguments to make it easier to add support for new features. For example, if 'GET /users' adds support for sorting with 'GET /users?sort=id' , new clients will still work with old servers, they just won't get the users back in sorted order.
>
> If we strictly validate inputs that would make it more difficult to extend our APIs.
>
> - Brant
>
>
>
> On Sun, Jun 2, 2013 at 4:11 AM, Bruno Semperlotti <bruno.semperlotti at gmail.com> wrote:
> Hi,
>
> As a first contribution, I recently worked on a small bug about bad error response when passing incorrect parameters in API requests (#1110435).
> There is also this other bug about bad application behavior when API requests data are incorrect or missing (#999084)
>
> My point is that no systematic data validation seems to be made when receiving API requests, leading to potential unwanted behavior or instability.
>
> I am working on a prototype to enable simple validation of all API requests data using json schemas and the python package jsonschema.
>
> As I am new in the openstack community and also because my work uses the json schema specification which is still a draft with a new package dependency, I was looking for some feedback about this idea before going on and filling a blueprint.
>
> Regards,
>
> --
> Bruno Semperlotti
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
More information about the OpenStack-dev
mailing list