[Engine-devel] REST vs. UI validation

Michael Pasternak mpastern at redhat.com
Thu May 2 05:51:37 UTC 2013 

On 05/01/2013 08:12 PM, Whitcomb, Kari wrote:
> Thanks for the discussion.  One clarifying question below...
> 
> -Kari
> 
>>>>
>>>> Vered - I disagree that this is by design.
>>>> There is only one definition of what a correct value is, there should be no
>>>> ambiguity about it[1]
>>>> If the GUI prohibits you from a legal configuration - it should be fixed.
>>>> if the backend allows an illegal configuration - a CDA should be added.
>>>> My two cents - this is not OK, please open bugs (or even better - send
>>>> patches!) for the specific issues.
>>>
>>> This was discussed with Michael (until he answers himself).
>>> More info on the issue -
>>> The backend validations are less restrictive than UI, but not contradicting it.
>>> This IS by design and is not a bug in general.
>>> The specific min-max differences example is for sure by design.
>>> In some (but I guess not all) cases the reasoning is a thought to expand
>> possible values in the future.
>>>
>>> So this is how things are right now.
>>> I agree it looks weird that you might be able to set "illegal" values in REST
>> and then connect via UI and see these values.
>>> I suppose it can always come up for devel discussion whether that should be
>> changed.
>>
>> you cannot set any illegal value in REST-API, UI is more restrictive indeed,
>> while api expose all backend capabilities (including those that are restricted in
>> UI)
> 
> So if I understanding correctly... The backend validations are checking legality. The UI may in some cases (like the specific ones I mentioned) impose additional restrictions/validations that further narrow the allowed input and this is by design and not a bug.  Does that sum the current state about right?

yep.

> 
> Thanks,
> Kari
> 
>>>>> ----- Original Message -----
>>>>>> From: "Kari Whitcomb" <Kari.Whitcomb at hp.com>
>>>>>> To: engine-devel at ovirt.org
>>>>>> Sent: Tuesday, April 30, 2013 1:19:00 AM
>>>>>> Subject: [Engine-devel] REST vs. UI validation
>>>>>>
>>>>>> I've been making use of the oVirt REST api, and have noticed that in
>>>>>> several
>>>>>> cases the validation done for a REST request is different than what the
>>>>>> admin UI does.  It seems that the UI is generally more restrictive on the
>>>>>> data it will accept than the backend.  So you can set things up using the
>>>>>> REST api that the UI wouldn't let you do.  Two examples I've hit
>>>>>> recently,
>>>>>> both in the cluster policy (load balancing section):
>>>>>>
>>>>>> - Cluster load balancing policy duration - the UI requires a value
>>>>>> between
>>>>>> 1
>>>>>> and 100, but the REST api seems to let you set it to any integer.
>>>>>>
>>>>>> - Cluster load balancing high and low thresholds / max and min service
>>>>>> levels
>>>>>> - The UI restricts the high value to 51-90% and the low value to 10-50%.
>>>>>> But the backend only requires that the values be 0-100% and that low
>>>>>> can't
>>>>>> be greater than high.
>>>>>>
>>>>>> So my question - is this intended behavior, or is it a bug that the
>>>>>> validation is different?  If similar validation should be done through
>>>>>> both
>>>>>> the UI and REST api, should the UI be less restrictive, or the backend
>>>>>> more
>>>>>> restrictive?
>>>>>>
>>>>>> Thanks,
>>>>>> Kari


-- 

Michael Pasternak
RedHat, ENG-Virtualization R&D

More information about the Devel mailing list