[Pulp-dev] 3.0 Validation update

Sean Myers sean.myers at redhat.com
Fri Apr 7 18:14:52 UTC 2017 

On 04/07/2017 12:08 PM, Brian Bouterse wrote:
> == questions ==
> * Where should ^ terms be documented?

I'm not really sure, but recommend the wiki as a good starting point for
putting information that we should probably "officially" document *somewhere*,
but at the moment we aren't quite sure where.

https://pulp.plan.io/projects/pulp/wiki/Pulp_3_Developer_Notes

> * Take the case of a sync which has overrides provided? This isn't in the
> MVP, but in the future it could be. In that case, does the serializer
> associated with the importer validate the database data with the overrides
> "added" on top of it?

My question here is "validate against what?". It makes sense to validate
against database data, but as long as the overrides aren't themselves stored
in the database, what does this really stop?

For example, what prevents two simultaneous syncs of repos using overrides
that would trigger a constraint violation if they were saved, but don't do
this because we don't save the overrides?

> * For plugin writers writing a serializer for a subclassed Importer, do
> they also need to express validations for fields defined on the base
> Importer?

It depends on the validation. If it's just validating an individual field,
no. If it's validation of a combination of values in multiple fields, and
one of those fields in this case was defined in a subclass, the subclass
will need to add the proper validation support.

> * The database still rejects data that doesn't adhere to the data layer
> definition right? That occurs even without the DRF serializer correct?

Again, this depends. For example, attempting to store an int in a charfield
will work, because Django will coerce that int to string on save. Attempting
to store a string in an IntegerField will fail, though, because Django is
not able to coerce str to int prior to saving. Generally, though, your
understanding is correct. Anything that the database can't handle will be
rejected.

> * In cases where data is created in the backend, do we need to validate
> that as a general practice? If we do, do we call the DRF serializer
> regularly in the backend or just let the database reject "bad" data at the
> db level?

As a general practice, I don't think so. Specifically, though, when we're
passing data around, like when a bit of platform code is taking incoming
plugin data and passing it into some standard workflow that platform provides
(like running sync on an importer, say) I think it's going to be a good idea
and an all-around gentlemenly thing to do to validate that data in some way
that appropriate to the process/workflow being invoked.

I'm concerned about finding the balance between making things user-friendly
for plugin writers and having our checking code that provides that user-
friendly-ness itself be difficult to maintain and end up being pulp-developer-
unfriendly.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 866 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/pulp-dev/attachments/20170407/b28dceae/attachment.sig>

More information about the Pulp-dev mailing list