[Engine-devel] REST vs. UI validation

[Whitcomb, Kari]

I've been making use of the oVirt REST api, and have noticed that in several cases the validation done for a REST request is different than what the admin UI does.  It seems that the UI is generally more restrictive on the data it will accept than the backend.  So you can set things up using the REST api that the UI wouldn't let you do.  Two examples I've hit recently, both in the cluster policy (load balancing section):

- Cluster load balancing policy duration - the UI requires a value between 1 and 100, but the REST api seems to let you set it to any integer.

- Cluster load balancing high and low thresholds / max and min service levels - The UI restricts the high value to 51-90% and the low value to 10-50%.  But the backend only requires that the values be 0-100% and that low can't be greater than high.

So my question - is this intended behavior, or is it a bug that the validation is different?  If similar validation should be done through both the UI and REST api, should the UI be less restrictive, or the backend more restrictive?

Thanks,
Kari