Re: [Engine-devel] REST vs. UI validation

From: "Kari Whitcomb" <Kari.Whitcomb(a)hp.com&gt; To: "Michael Pasternak" <mpastern(a)redhat.com&gt;, "Vered Volansky" <vered(a)redhat.com&gt; Cc: engine-devel(a)ovirt.org Sent: Wednesday, May 1, 2013 8:12:09 PM Subject: RE: [Engine-devel] REST vs. UI validation Thanks for the discussion. One clarifying question below... -Kari > >> > >> Vered - I disagree that this is by design. > >> There is only one definition of what a correct value is, there should be > >> no > >> ambiguity about it[1] > >> If the GUI prohibits you from a legal configuration - it should be > >> fixed. > >> if the backend allows an illegal configuration - a CDA should be added. > >> My two cents - this is not OK, please open bugs (or even better - send > >> patches!) for the specific issues. > > > > This was discussed with Michael (until he answers himself). > > More info on the issue - > > The backend validations are less restrictive than UI, but not > > contradicting it. > > This IS by design and is not a bug in general. > > The specific min-max differences example is for sure by design. > > In some (but I guess not all) cases the reasoning is a thought to expand > possible values in the future. > > > > So this is how things are right now. > > I agree it looks weird that you might be able to set "illegal" values in > > REST > and then connect via UI and see these values. > > I suppose it can always come up for devel discussion whether that should > > be > changed. > > you cannot set any illegal value in REST-API, UI is more restrictive > indeed, > while api expose all backend capabilities (including those that are > restricted in > UI) So if I understanding correctly... The backend validations are checking legality. The UI may in some cases (like the specific ones I mentioned) impose additional restrictions/validations that further narrow the allowed input and this is by design and not a bug. Does that sum the current state about right?

Thanks, Kari > >>> ----- Original Message ----- > >>>> From: "Kari Whitcomb" <Kari.Whitcomb(a)hp.com&gt; > >>>> To: engine-devel(a)ovirt.org > >>>> Sent: Tuesday, April 30, 2013 1:19:00 AM > >>>> Subject: [Engine-devel] REST vs. UI validation > >>>> > >>>> I've been making use of the oVirt REST api, and have noticed that in > >>>> several > >>>> cases the validation done for a REST request is different than what > >>>> the > >>>> admin UI does. It seems that the UI is generally more restrictive on > >>>> the > >>>> data it will accept than the backend. So you can set things up using > >>>> the > >>>> REST api that the UI wouldn't let you do. Two examples I've hit > >>>> recently, > >>>> both in the cluster policy (load balancing section): > >>>> > >>>> - Cluster load balancing policy duration - the UI requires a value > >>>> between > >>>> 1 > >>>> and 100, but the REST api seems to let you set it to any integer. > >>>> > >>>> - Cluster load balancing high and low thresholds / max and min service > >>>> levels > >>>> - The UI restricts the high value to 51-90% and the low value to > >>>> 10-50%. > >>>> But the backend only requires that the values be 0-100% and that low > >>>> can't > >>>> be greater than high. > >>>> > >>>> So my question - is this intended behavior, or is it a bug that the > >>>> validation is different? If similar validation should be done through > >>>> both > >>>> the UI and REST api, should the UI be less restrictive, or the backend > >>>> more > >>>> restrictive? > >>>> > >>>> Thanks, > >>>> Kari