[Engine-devel] REST vs. UI validation

[Vered Volansky]

----- Original Message -----
> From: "Kari Whitcomb" <Kari.Whitcomb at hp.com>
> To: "Michael Pasternak" <mpastern at redhat.com>, "Vered Volansky" <vered at redhat.com>
> Cc: engine-devel at ovirt.org
> Sent: Wednesday, May 1, 2013 8:12:09 PM
> Subject: RE: [Engine-devel] REST vs. UI validation
> 
> Thanks for the discussion.  One clarifying question below...
> 
> -Kari
> 
> > >>
> > >> Vered - I disagree that this is by design.
> > >> There is only one definition of what a correct value is, there should be
> > >> no
> > >> ambiguity about it[1]
> > >> If the GUI prohibits you from a legal configuration - it should be
> > >> fixed.
> > >> if the backend allows an illegal configuration - a CDA should be added.
> > >> My two cents - this is not OK, please open bugs (or even better - send
> > >> patches!) for the specific issues.
> > >
> > > This was discussed with Michael (until he answers himself).
> > > More info on the issue -
> > > The backend validations are less restrictive than UI, but not
> > > contradicting it.
> > > This IS by design and is not a bug in general.
> > > The specific min-max differences example is for sure by design.
> > > In some (but I guess not all) cases the reasoning is a thought to expand
> > possible values in the future.
> > >
> > > So this is how things are right now.
> > > I agree it looks weird that you might be able to set "illegal" values in
> > > REST
> > and then connect via UI and see these values.
> > > I suppose it can always come up for devel discussion whether that should
> > > be
> > changed.
> > 
> > you cannot set any illegal value in REST-API, UI is more restrictive
> > indeed,
> > while api expose all backend capabilities (including those that are
> > restricted in
> > UI)
> 
> So if I understanding correctly... The backend validations are checking
> legality. The UI may in some cases (like the specific ones I mentioned)
> impose additional restrictions/validations that further narrow the allowed
> input and this is by design and not a bug.  Does that sum the current state
> about right?
Yep.
> 
> Thanks,
> Kari
> 
> > >>> ----- Original Message -----
> > >>>> From: "Kari Whitcomb" <Kari.Whitcomb at hp.com>
> > >>>> To: engine-devel at ovirt.org
> > >>>> Sent: Tuesday, April 30, 2013 1:19:00 AM
> > >>>> Subject: [Engine-devel] REST vs. UI validation
> > >>>>
> > >>>> I've been making use of the oVirt REST api, and have noticed that in
> > >>>> several
> > >>>> cases the validation done for a REST request is different than what
> > >>>> the
> > >>>> admin UI does.  It seems that the UI is generally more restrictive on
> > >>>> the
> > >>>> data it will accept than the backend.  So you can set things up using
> > >>>> the
> > >>>> REST api that the UI wouldn't let you do.  Two examples I've hit
> > >>>> recently,
> > >>>> both in the cluster policy (load balancing section):
> > >>>>
> > >>>> - Cluster load balancing policy duration - the UI requires a value
> > >>>> between
> > >>>> 1
> > >>>> and 100, but the REST api seems to let you set it to any integer.
> > >>>>
> > >>>> - Cluster load balancing high and low thresholds / max and min service
> > >>>> levels
> > >>>> - The UI restricts the high value to 51-90% and the low value to
> > >>>> 10-50%.
> > >>>> But the backend only requires that the values be 0-100% and that low
> > >>>> can't
> > >>>> be greater than high.
> > >>>>
> > >>>> So my question - is this intended behavior, or is it a bug that the
> > >>>> validation is different?  If similar validation should be done through
> > >>>> both
> > >>>> the UI and REST api, should the UI be less restrictive, or the backend
> > >>>> more
> > >>>> restrictive?
> > >>>>
> > >>>> Thanks,
> > >>>> Kari
>