[Engine-devel] REST vs. UI validation

Thu May 2 05:29:44 UTC 2013

On Wed 01 May 2013 08:41:15 PM IDT, Vered Volansky wrote:
>
>
> ----- Original Message -----
>> From: "Kari Whitcomb" <Kari.Whitcomb at hp.com>
>> To: "Michael Pasternak" <mpastern at redhat.com>, "Vered Volansky" <vered at redhat.com>
>> Cc: engine-devel at ovirt.org
>> Sent: Wednesday, May 1, 2013 8:12:09 PM
>> Subject: RE: [Engine-devel] REST vs. UI validation
>>
>> Thanks for the discussion.  One clarifying question below...
>>
>> -Kari
>>
>>>>>
>>>>> Vered - I disagree that this is by design.
>>>>> There is only one definition of what a correct value is, there should be
>>>>> no
>>>>> ambiguity about it[1]
>>>>> If the GUI prohibits you from a legal configuration - it should be
>>>>> fixed.
>>>>> if the backend allows an illegal configuration - a CDA should be added.
>>>>> My two cents - this is not OK, please open bugs (or even better - send
>>>>> patches!) for the specific issues.
>>>>
>>>> This was discussed with Michael (until he answers himself).
>>>> More info on the issue -
>>>> The backend validations are less restrictive than UI, but not
>>>> contradicting it.
>>>> This IS by design and is not a bug in general.
>>>> The specific min-max differences example is for sure by design.
>>>> In some (but I guess not all) cases the reasoning is a thought to expand
>>> possible values in the future.
>>>>
>>>> So this is how things are right now.
>>>> I agree it looks weird that you might be able to set "illegal" values in
>>>> REST
>>> and then connect via UI and see these values.
>>>> I suppose it can always come up for devel discussion whether that should
>>>> be
>>> changed.
>>>
>>> you cannot set any illegal value in REST-API, UI is more restrictive
>>> indeed,
>>> while api expose all backend capabilities (including those that are
>>> restricted in
>>> UI)
>>
>> So if I understanding correctly... The backend validations are checking
>> legality. The UI may in some cases (like the specific ones I mentioned)
>> impose additional restrictions/validations that further narrow the allowed
>> input and this is by design and not a bug.  Does that sum the current state
>> about right?
> Yep.
I disagree. The UI is validating input to fail as fast and save 
rountrips for better responsiveness and overall a better UX. This means 
validation are duplicated and sometimes, different - which I consider a 
bug - there is no good reason an action would be valid using the API 
and invalid with UI or vise versa.

the main chalenge is to share the validation code which might be 
achievablle if GWT will support our validation annotation on beans 
(jsr303)  - Vojetech this one I think you'll be able to help with

>>
>> Thanks,
>> Kari
>>
>>>>>> ----- Original Message -----
>>>>>>> From: "Kari Whitcomb" <Kari.Whitcomb at hp.com>
>>>>>>> To: engine-devel at ovirt.org
>>>>>>> Sent: Tuesday, April 30, 2013 1:19:00 AM
>>>>>>> Subject: [Engine-devel] REST vs. UI validation
>>>>>>>
>>>>>>> I've been making use of the oVirt REST api, and have noticed that in
>>>>>>> several
>>>>>>> cases the validation done for a REST request is different than what
>>>>>>> the
>>>>>>> admin UI does.  It seems that the UI is generally more restrictive on
>>>>>>> the
>>>>>>> data it will accept than the backend.  So you can set things up using
>>>>>>> the
>>>>>>> REST api that the UI wouldn't let you do.  Two examples I've hit
>>>>>>> recently,
>>>>>>> both in the cluster policy (load balancing section):
>>>>>>>
>>>>>>> - Cluster load balancing policy duration - the UI requires a value
>>>>>>> between
>>>>>>> 1
>>>>>>> and 100, but the REST api seems to let you set it to any integer.
>>>>>>>
>>>>>>> - Cluster load balancing high and low thresholds / max and min service
>>>>>>> levels
>>>>>>> - The UI restricts the high value to 51-90% and the low value to
>>>>>>> 10-50%.
>>>>>>> But the backend only requires that the values be 0-100% and that low
>>>>>>> can't
>>>>>>> be greater than high.
>>>>>>>
>>>>>>> So my question - is this intended behavior, or is it a bug that the
>>>>>>> validation is different?  If similar validation should be done through
>>>>>>> both
>>>>>>> the UI and REST api, should the UI be less restrictive, or the backend
>>>>>>> more
>>>>>>> restrictive?
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Kari
>>
> _______________________________________________
> Engine-devel mailing list
> Engine-devel at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/engine-devel