[Engine-devel] REST vs. UI validation

Vojtech Szocs vszocs at redhat.com
Thu May 2 17:11:47 UTC 2013 

Hi guys,

>> the main chalenge is to share the validation code which might be achievablle if GWT will support our validation annotation on beans (jsr303)  - Vojetech this one I think
>> you'll be able to help with
>
> this is nice to have approach and will work with static validations only (that does
> not require dialogue with the engine), in any case api don't have any validation concept (except
> of mandatory parameters existence) and should not have, as engine do this job, - and that what
> we trying to make clear,
>
> but again not always same validations as mentioned above will take place on both client and engine
> sides.

AFAIK Java bean validation annotations (JSR-303 a.k.a javax.validation) are used directly on backend business entities, i.e. org.ovirt.engine.core.common.businessentities.*

Today, GUI works directly with backend business entities, so we can support JSR-303 annotations in GWT code. However, in the long-term, we plan to use REST API, breaking bonds with Engine with regard to RPC/API protocol.

For static validations (not involving server interaction), we will very likely end up implementing custom validation code, unrelated to backend validation annotations. For dynamic validations, I think we should let server handle this, otherwise we're just introducing more roundtrips and code complexity.

Just an idea: as part of moving GUI to REST API, initiate some work on REST API JavaScript SDK that would include such "common" validation code. This SDK would be used by both WebAdmin, UserPortal, and any other web application talking to REST API. I'm the first one to volunteer for this, if it gets some green flag :)

Vojtech


----- Original Message -----
From: "Michael Pasternak" <mpastern at redhat.com>
To: "Roy Golan" <rgolan at redhat.com>
Cc: "Vered Volansky" <vered at redhat.com>, "Vojtech Szocs" <vszocs at redhat.com>, engine-devel at ovirt.org
Sent: Thursday, May 2, 2013 8:05:43 AM
Subject: Re: [Engine-devel] REST vs. UI validation


Hi Roy,

On 05/02/2013 08:29 AM, Roy Golan wrote:
> On Wed 01 May 2013 08:41:15 PM IDT, Vered Volansky wrote:
>>
>>
>> ----- Original Message -----
>>> From: "Kari Whitcomb" <Kari.Whitcomb at hp.com>
>>> To: "Michael Pasternak" <mpastern at redhat.com>, "Vered Volansky" <vered at redhat.com>
>>> Cc: engine-devel at ovirt.org
>>> Sent: Wednesday, May 1, 2013 8:12:09 PM
>>> Subject: RE: [Engine-devel] REST vs. UI validation
>>>
>>> Thanks for the discussion.  One clarifying question below...
>>>
>>> -Kari
>>>
>>>>>>
>>>>>> Vered - I disagree that this is by design.
>>>>>> There is only one definition of what a correct value is, there should be
>>>>>> no
>>>>>> ambiguity about it[1]
>>>>>> If the GUI prohibits you from a legal configuration - it should be
>>>>>> fixed.
>>>>>> if the backend allows an illegal configuration - a CDA should be added.
>>>>>> My two cents - this is not OK, please open bugs (or even better - send
>>>>>> patches!) for the specific issues.
>>>>>
>>>>> This was discussed with Michael (until he answers himself).
>>>>> More info on the issue -
>>>>> The backend validations are less restrictive than UI, but not
>>>>> contradicting it.
>>>>> This IS by design and is not a bug in general.
>>>>> The specific min-max differences example is for sure by design.
>>>>> In some (but I guess not all) cases the reasoning is a thought to expand
>>>> possible values in the future.
>>>>>
>>>>> So this is how things are right now.
>>>>> I agree it looks weird that you might be able to set "illegal" values in
>>>>> REST
>>>> and then connect via UI and see these values.
>>>>> I suppose it can always come up for devel discussion whether that should
>>>>> be
>>>> changed.
>>>>
>>>> you cannot set any illegal value in REST-API, UI is more restrictive
>>>> indeed,
>>>> while api expose all backend capabilities (including those that are
>>>> restricted in
>>>> UI)
>>>
>>> So if I understanding correctly... The backend validations are checking
>>> legality. The UI may in some cases (like the specific ones I mentioned)
>>> impose additional restrictions/validations that further narrow the allowed
>>> input and this is by design and not a bug.  Does that sum the current state
>>> about right?
>> Yep.
> I disagree. The UI is validating input to fail as fast and save rountrips for better responsiveness and overall a better UX. This means validation are duplicated and
> sometimes, different - which I consider a bug - there is no good reason an action would be valid using the API and invalid with UI or vise versa.

you basically repeating told above, if you'll read this tread from the beginning,
kari gives two examples in "Cluster load balancing" both not even near to be "different",
it's just a different (UI) representation for same thing, UI actually hiding engine implementation
details over mentioned properties.

> 
> the main chalenge is to share the validation code which might be achievablle if GWT will support our validation annotation on beans (jsr303)  - Vojetech this one I think
> you'll be able to help with

this is nice to have approach and will work with static validations only (that does
not require dialogue with the engine), in any case api don't have any validation concept (except
of mandatory parameters existence) and should not have, as engine do this job, - and that what
we trying to make clear,

but again not always same validations as mentioned above will take place on both client and engine
sides.

> 
>>>
>>> Thanks,
>>> Kari
>>>
>>>>>>> ----- Original Message -----
>>>>>>>> From: "Kari Whitcomb" <Kari.Whitcomb at hp.com>
>>>>>>>> To: engine-devel at ovirt.org
>>>>>>>> Sent: Tuesday, April 30, 2013 1:19:00 AM
>>>>>>>> Subject: [Engine-devel] REST vs. UI validation
>>>>>>>>
>>>>>>>> I've been making use of the oVirt REST api, and have noticed that in
>>>>>>>> several
>>>>>>>> cases the validation done for a REST request is different than what
>>>>>>>> the
>>>>>>>> admin UI does.  It seems that the UI is generally more restrictive on
>>>>>>>> the
>>>>>>>> data it will accept than the backend.  So you can set things up using
>>>>>>>> the
>>>>>>>> REST api that the UI wouldn't let you do.  Two examples I've hit
>>>>>>>> recently,
>>>>>>>> both in the cluster policy (load balancing section):
>>>>>>>>
>>>>>>>> - Cluster load balancing policy duration - the UI requires a value
>>>>>>>> between
>>>>>>>> 1
>>>>>>>> and 100, but the REST api seems to let you set it to any integer.
>>>>>>>>
>>>>>>>> - Cluster load balancing high and low thresholds / max and min service
>>>>>>>> levels
>>>>>>>> - The UI restricts the high value to 51-90% and the low value to
>>>>>>>> 10-50%.
>>>>>>>> But the backend only requires that the values be 0-100% and that low
>>>>>>>> can't
>>>>>>>> be greater than high.
>>>>>>>>
>>>>>>>> So my question - is this intended behavior, or is it a bug that the
>>>>>>>> validation is different?  If similar validation should be done through
>>>>>>>> both
>>>>>>>> the UI and REST api, should the UI be less restrictive, or the backend
>>>>>>>> more
>>>>>>>> restrictive?
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Kari
>>>
>> _______________________________________________
>> Engine-devel mailing list
>> Engine-devel at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/engine-devel
> 
> 
> _______________________________________________
> Engine-devel mailing list
> Engine-devel at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/engine-devel


-- 

Michael Pasternak
RedHat, ENG-Virtualization R&D

More information about the Devel mailing list