)]}'
{"specs/kilo/implemented/v2-on-v3-api.rst":[{"author":{"_account_id":12175,"name":"Eli Qiao","email":"qiaoliyong@gmail.com","username":"Eli"},"change_message_id":"482c2e1594d391e094de6656faa4036ec5aba97b","unresolved":false,"context_lines":[{"line_number":119,"context_line":"succeeded. However Nova V2.1 API rejected these requests and tests"},{"line_number":120,"context_line":"failed. So that was Tempest bug, but we imagined this kind of problem"},{"line_number":121,"context_line":"would happen on the other SDKs. Before fixing this Tempest bug, we"},{"line_number":122,"context_line":"investigated major SDKs(fog, jclouds)\u0027 code and we confirmed these SDKs"},{"line_number":123,"context_line":"send a valid request without undefined properties and they don\u0027t contain"},{"line_number":124,"context_line":"this kind of problem."},{"line_number":125,"context_line":"We cannot check all SDKs/clients in the world, and we cannot confirm"}],"source_content_type":"text/x-rst","patch_set":1,"id":"7aaa499b_494fc492","line":122,"updated":"2015-04-13 01:51:01.000000000","message":"additional single quote mark should be removed?","commit_id":"789301e3176af9fca4115b146a7682e928bb2ae2"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"414b94511bde367ae9a13c4c3955a78efd6695e5","unresolved":false,"context_lines":[{"line_number":129,"context_line":"properties. That means they can improve clients\u0027 code quality."},{"line_number":130,"context_line":"This is a balance between strong input validation and clients\u0027 effect,"},{"line_number":131,"context_line":"but we are standing on strong input validation side for improving whole"},{"line_number":132,"context_line":"OpenStack quality which includes SDKs/clients\u0027 one."},{"line_number":133,"context_line":""},{"line_number":134,"context_line":"Security impact"},{"line_number":135,"context_line":"---------------"}],"source_content_type":"text/x-rst","patch_set":3,"id":"7aaa499b_ac04e4bf","line":132,"updated":"2015-04-14 09:26:12.000000000","message":"I don\u0027t quite agree with this.\n\nI think we need to keep validation when a client specifies a micro version, but in \"compatibility\" mode for v2.0, we should just strip invalid params from the request, log a warning, but not fail the request.\n\nI am not quite sure how to update the above wording to reflect that, but I think it should say why we want strong input validation. I can\u0027t agree at this point that it is the right call for all requests to v2.1.","commit_id":"f627ab396354849f43e32b47814175b92f0be905"},{"author":{"_account_id":782,"name":"John Garbutt","email":"john@johngarbutt.com","username":"johngarbutt"},"change_message_id":"663e3468dbf4905602a643a0bf104e6ab00e3d86","unresolved":false,"context_lines":[{"line_number":129,"context_line":"properties. That means they can improve clients\u0027 code quality."},{"line_number":130,"context_line":"This is a balance between strong input validation and clients\u0027 effect,"},{"line_number":131,"context_line":"but we are standing on strong input validation side for improving whole"},{"line_number":132,"context_line":"OpenStack quality which includes SDKs/clients\u0027 one."},{"line_number":133,"context_line":""},{"line_number":134,"context_line":"Security impact"},{"line_number":135,"context_line":"---------------"}],"source_content_type":"text/x-rst","patch_set":3,"id":"9af37de9_9b48612f","line":132,"in_reply_to":"3acd31a7_8f710de3","updated":"2015-05-11 11:31:59.000000000","message":"Agreed we want strong validation.\n\nBut we need v2.0 compatibility more.","commit_id":"f627ab396354849f43e32b47814175b92f0be905"},{"author":{"_account_id":6167,"name":"Ken\u0027ichi Ohmichi","email":"ken1ohmichi@gmail.com","username":"oomichi"},"change_message_id":"e8581478996ad7b3ee9f402e4352d6ec64ae4f46","unresolved":false,"context_lines":[{"line_number":129,"context_line":"properties. That means they can improve clients\u0027 code quality."},{"line_number":130,"context_line":"This is a balance between strong input validation and clients\u0027 effect,"},{"line_number":131,"context_line":"but we are standing on strong input validation side for improving whole"},{"line_number":132,"context_line":"OpenStack quality which includes SDKs/clients\u0027 one."},{"line_number":133,"context_line":""},{"line_number":134,"context_line":"Security impact"},{"line_number":135,"context_line":"---------------"}],"source_content_type":"text/x-rst","patch_set":3,"id":"3acd31a7_8f710de3","line":132,"in_reply_to":"7aaa499b_ac04e4bf","updated":"2015-05-03 21:51:06.000000000","message":"@John\n\nThe reason of strong validation of my thinking is the above.\n\nIf a client is passing undefined properties, that would be a client bug. As you know, some properties are not required(mandatory) and Nova can work without these properties. For example, if a client passes a typo property \"personalities\" to \"create a server\" API instead of \"personality\", the API works because the wrong property is just ignored. However the result is different from user\u0027s expecting.\n\nIt is difficult to fix undetected bugs, so strong validation will be a chance to detect this kind of client bug. but I can see your point for production environments. I will try rewording here by including a point from your nova-spec.","commit_id":"f627ab396354849f43e32b47814175b92f0be905"},{"author":{"_account_id":2271,"name":"Michael Still","email":"mikal@stillhq.com","username":"mikalstill"},"change_message_id":"b972eaaa394ae68d596867c05f1a447243aeffe5","unresolved":false,"context_lines":[{"line_number":114,"context_line":"properties in an input request. V2 API just ignored undefined properties"},{"line_number":115,"context_line":"if a request contain, but V2.1 API denies the request and returns a"},{"line_number":116,"context_line":"BadRequest response to a client."},{"line_number":117,"context_line":"During V2.1 development, we found that Tempest also passed undefined"},{"line_number":118,"context_line":"properties to Nova API, and Nova V2 API just ignored them then tests"},{"line_number":119,"context_line":"succeeded. However Nova V2.1 API rejected these requests and tests"},{"line_number":120,"context_line":"failed. So that was Tempest bug, but we imagined this kind of problem"}],"source_content_type":"text/x-rst","patch_set":4,"id":"9af37de9_8b74899c","line":117,"updated":"2015-05-11 15:35:34.000000000","message":"Need a blank line between paragraphs.","commit_id":"1eaf44bbc6f71df6869713a1a6753d073a41e92b"},{"author":{"_account_id":2271,"name":"Michael Still","email":"mikal@stillhq.com","username":"mikalstill"},"change_message_id":"b972eaaa394ae68d596867c05f1a447243aeffe5","unresolved":false,"context_lines":[{"line_number":121,"context_line":"would happen on the other SDKs. Before fixing this Tempest bug, we"},{"line_number":122,"context_line":"investigated major SDKs(fog, jclouds)\u0027s code and we confirmed these SDKs"},{"line_number":123,"context_line":"send a valid request without undefined properties and they don\u0027t contain"},{"line_number":124,"context_line":"this kind of problem."},{"line_number":125,"context_line":"We cannot check all SDKs/clients in the world, and we cannot confirm"},{"line_number":126,"context_line":"this problem never happens on V2.1 API. This kind of problem must be due"},{"line_number":127,"context_line":"to clients\u0027 code and users of clients will be able to know these existing"}],"source_content_type":"text/x-rst","patch_set":4,"id":"9af37de9_4b6ea1ca","line":124,"updated":"2015-05-11 15:35:34.000000000","message":"Ditto","commit_id":"1eaf44bbc6f71df6869713a1a6753d073a41e92b"},{"author":{"_account_id":2271,"name":"Michael Still","email":"mikal@stillhq.com","username":"mikalstill"},"change_message_id":"b972eaaa394ae68d596867c05f1a447243aeffe5","unresolved":false,"context_lines":[{"line_number":125,"context_line":"We cannot check all SDKs/clients in the world, and we cannot confirm"},{"line_number":126,"context_line":"this problem never happens on V2.1 API. This kind of problem must be due"},{"line_number":127,"context_line":"to clients\u0027 code and users of clients will be able to know these existing"},{"line_number":128,"context_line":"code passed meaningless properties. That means this srong validation will"},{"line_number":129,"context_line":"be a chance to improve clients\u0027 code quality. However, this problem will"},{"line_number":130,"context_line":"be painful for public cloud environments and this is a big concern of V2.1"},{"line_number":131,"context_line":"adoption. We need some adoption way like validation relaxation or something"}],"source_content_type":"text/x-rst","patch_set":4,"id":"9af37de9_0b69b9be","line":128,"range":{"start_line":128,"start_character":52,"end_line":128,"end_character":57},"updated":"2015-05-11 15:35:34.000000000","message":"strong","commit_id":"1eaf44bbc6f71df6869713a1a6753d073a41e92b"}]}