Propose api-validation blueprint

This document describes the work required for adding a jsonschema validation layer to the Zun API. Partially-Implements: blueprint api-json-input-validation Change-Id: Id7fecbef3aeb9a208b99c968f4ed4a60897403aa
2016-12-11 07:23:40 +00:00 · 2016-12-11 07:23:40 +00:00 · 9c061c61c2
commit 9c061c61c2
parent 5a899b6091
1 changed files with 172 additions and 0 deletions
--- a/specs/zun-api-validation.rst
+++ b/specs/zun-api-validation.rst
@ -0,0 +1,172 @@
 ..
 This work is licensed under a Creative Commons Attribution 3.0 Unported
 License.
 http://creativecommons.org/licenses/by/3.0/legalcode
 ==============
 API Validation
 ==============
 `bp api-json-input-validation <https://blueprints.launchpad.net/zun/+spec/api-json-input-validation>`_
 The purpose of this blueprint is to track the progress of validating the
 request bodies sent to the Zun API server, accepting requests
 that fit the resource schema and rejecting requests that do not fit the
 schema. Depending on the content of the request body, the request should
 be accepted or rejected consistently regardless of the resource the request
 is for.
 Problem Description
 ===================
 Currently Zun validates each type of resource in request body by defining a
 type class for that resource, although such approach is good but is not very
 scalable. It also require conversion of request body to controller object and
 vice versa.
 Use Case: As an End User, I want to observe consistent API validation and
 values passed to the Zun API server.
 Proposed Change
 ===============
 One possible way to validate the Zun API is to use jsonschema
 (https://pypi.python.org/pypi/jsonschema). A jsonschema validator object can
 be used to check each resource against an appropriate schema for that
 resource. If the validation passes, the request can follow the existing flow
 of control to the resource manager. If the request body parameters fail the
 validation specified by the resource schema, a validation error will be
 returned from the server.
 Example:
 "Invalid input for field 'cpu'. The value is 'some invalid cpu value'.
 We can build in some sort of truncation check if the value of the attribute is
 too long. For example, if someone tries to pass in a 300 character name of
 container we should check for that case and then only return a useful message,
 instead of spamming the logs. Truncating some really long container name might
 not help readability for the user, so return a message to the user with what
 failed validation.
 Example:
 "Invalid input for field 'name'."
 Some notes on doing this implementation:
 * Common parameter types can be leveraged across all Zun resources. An
  example of this would be as follows::
    from zun.common.validation import parameter_types
    <snip>
    CREATE = {
        'type': 'object',
        'properties': {
            'name': parameter_types.name,
            'image': parameter_types.image,
            'command': parameter_types.command,
            <snip>
        },
        'required': ['image'],
        'additionalProperties': True,
    }
 * The validation can take place at the controller layer.
 * When adding a new extension to Zun, the new extension must be proposed
  with its appropriate schema.
 Alternatives
 ------------
 `Voluptuous <https://github.com/alecthomas/voluptuous>`_ might be another
 option for input validation.
 Data Model Impact
 -----------------
 This blueprint shouldn't require a database migration or schema change.
 REST API Impact
 ---------------
 This blueprint shouldn't affect the existing API.
 Security Impact
 ---------------
 None
 Notifications Impact
 --------------------
 None
 Other End User Impact
 ---------------------
 None
 Performance Impact
 ------------------
 Changes required for request validation do not require any locking mechanisms.
 Other Deployer Impact
 ---------------------
 None
 Developer Impact
 ----------------
 This will require developers contributing new extensions to Zun to have
 a proper schema representing the extension's API.
 Implementation
 ==============
 Assignee(s)
 -----------
 Primary assignee:
 pksingh (Pradeep Kumar Singh <ps4openstack@gmail.com>)
 Work Items
 ----------
 1. Initial validator implementation, which will contain common validator code
   designed to be shared across all resource controllers validating request
   bodies.
 2. Introduce validation schemas for existing core API resources.
 3. Enforce validation on proposed core API additions and extensions.
 Dependencies
 ============
 None
 Testing
 =======
 Tempest tests can be added as each resource is validated against its schema.
 Documentation Impact
 ====================
 None
 References
 ==========
 Useful Links:
 * [Understanding JSON Schema] (http://spacetelescope.github.io/understanding-json-schema/reference/object.html)
 * [Nova Validation Examples] (http://git.openstack.org/cgit/openstack/nova/tree/nova/api/validation)
 * [JSON Schema on PyPI] (https://pypi.python.org/pypi/jsonschema)
 * [JSON Schema core definitions and terminology] (http://tools.ietf.org/html/draft-zyp-json-schema-04)
 * [JSON Schema Documentation] (http://json-schema.org/documentation.html)