[openstack-dev] [api] Request Validation - Stoplight

Kenichi Oomichi oomichi at mxs.nes.nec.co.jp
Tue Oct 21 01:45:44 UTC 2014


Hi Amit,

Thanks for picking this topic up,

Honestly I don't have a strong opinion about validation libraries.
Each project implements based on different web frameworks and
the options of validation libraries would be limited from its web
framework. For example, Nova implements its own wsgi framework and
it is difficult to use pecan/wsme due to its API routing/parameter
names. So Nova uses jsonschema for a new API(Nova v2.1 API) because
of its flexibility and portability.
>From quick seeing, stoplight seems flexible and it could cover many
cases. That would be nice for me, but I'm not sure that stoplight is
the best library because jsonschema is a common way/library and portable.

Related to this topic, I'd like to suggest that we have common validation
patterns across OpenStack projects. Now each project contains its owns
validation patterns for the other project's resource. For example, Nova
contains validation patterns for project-id and image-id on the code[1].
Ideally, these validation patterns would be nice to be ported/shared from
Keystone and Glance and it is the best to use the same validation patterns
between whole OpenStack projects for consistent interfaces. Maybe we can
implement these patterns even if using different validation libraries.

Thanks
Ken Ohmichi

---
[1]: https://github.com/openstack/nova/blob/master/nova/api/validation/parameter_types.py#L68


> -----Original Message-----
> From: Amit Gandhi [mailto:amit.gandhi at RACKSPACE.COM]
> Sent: Saturday, October 18, 2014 2:32 AM
> To: OpenStack Development Mailing List (not for usage questions)
> Cc: ryan at ryanpetrello.com
> Subject: [openstack-dev] [api] Request Validation - Stoplight
> 
> Hi API Working Group
> 
> Last night at the Openstack Meetup in Atlanta, a group of us discussed how request validation is being performed over
> various projects and how some teams are using pecan wsmi, or warlock, jsonschema etc.
> 
> Each of these libraries have their own pro’s and con’s.  My understanding is that the API working group is in the early
> stages of looking into these various libraries and will likely provide guidance in the near future on this.
> 
> I would like to suggest another library to evaluate when deciding this.  Some of our teams have started to use a library
> named “Stoplight”[1][2] in our projects.  For example, in the Poppy CDN project, we found it worked around some of the
> issues we had with warlock such as validating nested json correctly [3].
> 
> Stoplight is an input validation framework for python.  It can be used to decorate any function (including routes in pecan
> or falcon) to validate its parameters.
> 
> Some good examples can be found here [4] on how to use Spotlight.
> 
> Let us know your thoughts/interest and we would be happy to discuss further on if and how this would be valuable as a
> library for API request validation in Openstack.
> 
> 
> Thanks
> 
> 
> Amit Gandhi
> Senior Manager ? Rackspace
> 
> 
> 
> [1] https://pypi.python.org/pypi/stoplight
> [2] https://github.com/painterjd/stoplight
> [3] https://github.com/stackforge/poppy/blob/master/poppy/transport/pecan/controllers/v1/services.py#L108
> [4] https://github.com/painterjd/stoplight/blob/master/stoplight/tests/test_validation.py#L138




More information about the OpenStack-dev mailing list