fuel-dev team mailing list archive

Thread
Date

Re: Data validation on back-end and clients

To: Ivan Kolodyazhny <ikolodyazhny@xxxxxxxxxxxx>, Vitaly Kramskikh <vkramskikh@xxxxxxxxxxxx>
From: Aleksey Kasatkin <akasatkin@xxxxxxxxxxxx>
Date: Tue, 20 May 2014 12:56:51 +0300
Cc: fuel-dev <fuel-dev@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <CAG7RHW0WtwkfdvEwuTVXQYBjnU2Lc3BhCGzrBc=HyHe1vgqDRw@mail.gmail.com>

Yes, the validation of input data in Nailgun doesn't cover all possible
data integrity problems. We just send data from UI and CLI using right
format. It's true for networking data as well (e.g. networks roles are not
validated, networks can be duplicated).
AFAIC, it's very simple to get 500 error using curl. Data validation in
Nailgun should be strengthened if we want to get the same usability for API
as for UI and CLI.
It is partly implemented with introduction of JSON schemas for objects.
Additional validation logic should be added, especially for complex data
sets like disks and networking data.
We enhance data validation occasionally but API is not documented enough
(no description on parameters JSONs). We should get it covered with
documentation at first and make proper validation according to that doc
then (as it was with Networking limitations: see
https://etherpad.openstack.org/p/limitations-of-networking-configuration).
Validation for CLI can be done similarly.

Vitaly, please comment on this problem from UI point of view. What can be
done to formalize validation in UI and to make it systematic?

Aleksey Kasatkin

S. Software Developer | Mirantis, Inc. | http://www.mirantis.com
cell: +380938330852 | skype: alexeyk_ru

On Mon, May 19, 2014 at 3:35 PM, Ivan Kolodyazhny <ikolodyazhny@xxxxxxxxxxxx
> wrote:

> Hi Fuel devs!
>
> I'm looking on fix https://bugs.launchpad.net/fuel/+bug/1319306. This bug
> is fixed only for Web UI. But it should be fixed on back-end site too.
> Let's add validation for it. AFAIK, at least we've got similar errors with
> roles assignment validation earlier.
>
> I agree, that we need as much as possible validations on our Web UI. But
> back-end validation is very important too. It must be implemented because
> Web UI is only one of possible users of our API. A good REST API must not
> raises 500 errors.  4xx HTTP status codes should be used for any case of
> invalid data. It's a good practice and it makes API usage less risky.
>
> I propose to implement validation on every API client and API handlers:
>
>    - API handlers - all input data must be validated;
>    - Web UI - all input data should be validated as much as possible;
>    - Fuel (CLI) Client - at least, all required parameters should be
>    validated.
>
>
> Let's discuss my proposals and file bugs and blueprints if needed.
>
> --
> Regards,
> Ivan Kolodyazhny,
> Software Engineer, Mirantis, Inc.
>
> --
> Mailing list: https://launchpad.net/~fuel-dev
> Post to     : fuel-dev@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~fuel-dev
> More help   : https://help.launchpad.net/ListHelp
>
>

Follow ups

Re: Data validation on back-end and clients
From: Vitaly Kramskikh, 2014-05-20

References

Data validation on back-end and clients
From: Ivan Kolodyazhny, 2014-05-19