[Engine-devel] REST vs. UI validation

Allon Mureinik amureini at redhat.com
Wed May 1 07:05:34 UTC 2013 

REST shouldn't have any validations (perhaps maybe only that the passed type is correct, etc. - Michael, correct me if I'm wrong).

The real validations are in the backend, which both REST and the GUI invoke. Any validation the GUI does in addition to the backend is just a user-experience enhancement (e.g., if !@#^!^$) is not a valid DC name, there is no reason to send it to the backend).

Vered - I disagree that this is by design.
There is only one definition of what a correct value is, there should be no ambiguity about it[1]
If the GUI prohibits you from a legal configuration - it should be fixed.
if the backend allows an illegal configuration - a CDA should be added.
My two cents - this is not OK, please open bugs (or even better - send patches!) for the specific issues.

[1] Just to be clear, there is a difference between not being able to do something from the UI and having different validations.
For example, there is no GUI for scanning a storage domain (http://www.ovirt.org/Features/Domain_Scan). I'd prefer having a GUI for that too, but not having it is just a missing capability, not a disambiguity with REST.

----- Original Message -----
> From: "Vered Volansky" <vered at redhat.com>
> To: "Kari Whitcomb" <Kari.Whitcomb at hp.com>
> Cc: engine-devel at ovirt.org
> Sent: Tuesday, April 30, 2013 10:15:31 AM
> Subject: Re: [Engine-devel] REST vs. UI validation
> 
> 
> 
> ----- Original Message -----
> > From: "Kari Whitcomb" <Kari.Whitcomb at hp.com>
> > To: engine-devel at ovirt.org
> > Sent: Tuesday, April 30, 2013 1:19:00 AM
> > Subject: [Engine-devel] REST vs. UI validation
> > 
> > I've been making use of the oVirt REST api, and have noticed that in
> > several
> > cases the validation done for a REST request is different than what the
> > admin UI does.  It seems that the UI is generally more restrictive on the
> > data it will accept than the backend.  So you can set things up using the
> > REST api that the UI wouldn't let you do.  Two examples I've hit recently,
> > both in the cluster policy (load balancing section):
> > 
> > - Cluster load balancing policy duration - the UI requires a value between
> > 1
> > and 100, but the REST api seems to let you set it to any integer.
> > 
> > - Cluster load balancing high and low thresholds / max and min service
> > levels
> > - The UI restricts the high value to 51-90% and the low value to 10-50%.
> > But the backend only requires that the values be 0-100% and that low can't
> > be greater than high.
> > 
> > So my question - is this intended behavior, or is it a bug that the
> > validation is different?  If similar validation should be done through both
> > the UI and REST api, should the UI be less restrictive, or the backend more
> > restrictive?
> 
> This is the intended behaviour.
> The UI is often more restrictive than the api.
> By definition the api is more lenient that the UI.
> 
> Regards,
> Vered
> > 
> > Thanks,
> > Kari
> > _______________________________________________
> > Engine-devel mailing list
> > Engine-devel at ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/engine-devel
> > 
> _______________________________________________
> Engine-devel mailing list
> Engine-devel at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/engine-devel
>

More information about the Engine-devel mailing list