[nova][osc][api-sig] How strict should our clients be?
Ghanshyam Mann
gmann at ghanshyammann.com
Tue Jun 22 17:16:43 UTC 2021
---- On Tue, 22 Jun 2021 11:39:42 -0500 Stephen Finucane <stephenfin at redhat.com> wrote ----
> Hey,
>
> We have an interesting problem that I wanted to poll opinions on. In OSC 5.5.0,
> we closed most of the gaps between novaclient and openstackclient. As part of
> these changes, we introduced validation of a number of requests such as
> validating enum-style values. For example, [1][2][3]. This validation already
> occurs on the server side, but by adding it to the client side we prevent users
> sending invalid requests to the server in the first place and allow users to
> discover the correct API behaviour from the client rather than having to read
> the API docs or use trial and error.
I think this is the one of benefits of having Client so that we can improve the UX where
user will get a clear way of right usage of our API instead of debugging the API code/error
and correct the request.
Protecting APIs from incorrect usage with right validation is good thing to do in Client.
>
> Now, an issue has been opened against OSC. Apparently someone has been relying
> on a bug in Nova to pass a different value to the API that what the schema
> should have allowed, and they are dismayed that the client no longer allows them
> to do this. They have asked [4][5] that we relax the client-side validation to
> allow them to continue relying on this bug. As you can probably tell from my
> comments, this seems to me to be an open and shut case: you shouldn't fork an
> OpenStack API and you shouldn't side-step validation. However, I wanted to see
> if anyone disagreed and thought there was merit in loose or no validation of API
> requests made via our clients.
Although its modified API case but Nova bug but in case of Nova bug also raise a very good point. If
Client is having such validation and protect users for such kind of API/server side bug then it help us
to fix the bug without any user impact. Having more kind of such validation are even better for
UX perspective.
and the modified APIs case (which is the case of story/2008975) is something we want people to avoid and
encourage to integrate the changes in upstream as per eligibity. That was whole point of removing the
API extensions concept from Nova.
IMO, this is right change in Client side and improve the overall UX.
-gmann
>
> Let me know what you think,
> Stephen
>
> [1] https://github.com/openstack/python-openstackclient/blob/5.5.0/openstackclient/compute/v2/server.py#L1789-L1808
> [2] https://github.com/openstack/python-openstackclient/blob/5.5.0/openstackclient/compute/v2/server.py#L1907-L1921
> [3] https://github.com/openstack/python-openstackclient/blob/5.5.0/openstackclient/compute/v2/server_group.py#L62-L67
> [4] https://storyboard.openstack.org/#!/story/2008975
> [5] https://github.com/openstack/python-openstackclient/commit/ab0b1fe885ee0a210a58008b631521025be7f3eb
>
>
>
More information about the openstack-discuss
mailing list