[Engine-devel] REST vs. UI validation

Whitcomb, Kari Kari.Whitcomb at hp.com
Wed May 1 17:12:09 UTC 2013 

Thanks for the discussion.  One clarifying question below...

-Kari

> >>
> >> Vered - I disagree that this is by design.
> >> There is only one definition of what a correct value is, there should be no
> >> ambiguity about it[1]
> >> If the GUI prohibits you from a legal configuration - it should be fixed.
> >> if the backend allows an illegal configuration - a CDA should be added.
> >> My two cents - this is not OK, please open bugs (or even better - send
> >> patches!) for the specific issues.
> >
> > This was discussed with Michael (until he answers himself).
> > More info on the issue -
> > The backend validations are less restrictive than UI, but not contradicting it.
> > This IS by design and is not a bug in general.
> > The specific min-max differences example is for sure by design.
> > In some (but I guess not all) cases the reasoning is a thought to expand
> possible values in the future.
> >
> > So this is how things are right now.
> > I agree it looks weird that you might be able to set "illegal" values in REST
> and then connect via UI and see these values.
> > I suppose it can always come up for devel discussion whether that should be
> changed.
> 
> you cannot set any illegal value in REST-API, UI is more restrictive indeed,
> while api expose all backend capabilities (including those that are restricted in
> UI)

So if I understanding correctly... The backend validations are checking legality. The UI may in some cases (like the specific ones I mentioned) impose additional restrictions/validations that further narrow the allowed input and this is by design and not a bug.  Does that sum the current state about right?

Thanks,
Kari

> >>> ----- Original Message -----
> >>>> From: "Kari Whitcomb" <Kari.Whitcomb at hp.com>
> >>>> To: engine-devel at ovirt.org
> >>>> Sent: Tuesday, April 30, 2013 1:19:00 AM
> >>>> Subject: [Engine-devel] REST vs. UI validation
> >>>>
> >>>> I've been making use of the oVirt REST api, and have noticed that in
> >>>> several
> >>>> cases the validation done for a REST request is different than what the
> >>>> admin UI does.  It seems that the UI is generally more restrictive on the
> >>>> data it will accept than the backend.  So you can set things up using the
> >>>> REST api that the UI wouldn't let you do.  Two examples I've hit
> >>>> recently,
> >>>> both in the cluster policy (load balancing section):
> >>>>
> >>>> - Cluster load balancing policy duration - the UI requires a value
> >>>> between
> >>>> 1
> >>>> and 100, but the REST api seems to let you set it to any integer.
> >>>>
> >>>> - Cluster load balancing high and low thresholds / max and min service
> >>>> levels
> >>>> - The UI restricts the high value to 51-90% and the low value to 10-50%.
> >>>> But the backend only requires that the values be 0-100% and that low
> >>>> can't
> >>>> be greater than high.
> >>>>
> >>>> So my question - is this intended behavior, or is it a bug that the
> >>>> validation is different?  If similar validation should be done through
> >>>> both
> >>>> the UI and REST api, should the UI be less restrictive, or the backend
> >>>> more
> >>>> restrictive?
> >>>>
> >>>> Thanks,
> >>>> Kari

More information about the Engine-devel mailing list