[RFC] Removing classful POST capability from pytx about threatexchange HOT 10 CLOSED

I concur that the changes we've made in the API will necessitate some major changes at the client side. That being said, we can always change the API if it will help you. Are there server side changes we can make to ease this transition?

But otherwise, yes, I concur the with the changes described above.

from threatexchange.

Umm, like we chatted about I think being able to say "give me all fields" without having to specify each one specifically would be nice. It makes code not break and last longer when you can do something like fields=all and no matter what changes you get all of the fields.

Other than that I haven't come up with much "it would be great if I could request...." things :) Give me some more time ;)

from threatexchange.

Yeah, the 'all fields' issue is sticky, since the fields functionality is built deep in the Facebook open graph stack. I was thinking about this today; as a short term solution, could pytx fetch some reference objects when it first starts up (i.e. a known malware, threat_indicator, etc) with the metadata=1 set and then use those return values to cache the set of available fields for each type?

from threatexchange.

Hmm. I'd like to shy away from making web requests to the graph that the user didn't specifically ask to do. It would be a bit more work on maintenance but we can check if someone sets "fields=all" in code and if they do replace "all" with the appropriate list of fields. It does make the code more version dependent (read: if you try to specify v2.3 and the code is for v2.4 things will break using fields=all).

from threatexchange.

Yeah, it's not ideal doing a fetch on some public reference object, but it might handle the version specific issues more cleanly. Though, I suppose we could also have a version indexed list of fields for the 'all' alias within the code.

from threatexchange.

With the latest PR up (#72) this will be complete with the exception of the "fields=all" thing. I think this can be closed and we can discuss that elsewhere :)

from threatexchange.

@mgoffin I've been making request like so to get all of the fields -

results = ThreatDescriptor.objects(type_='IP_ADDRESS', fields=ThreatDescriptor._fields,
                                   text='127.0.0.1')

Haven't had any problems I notice. In the future I'll probably pare it down because I notice some of the fields are rarely used. I am trusting pytx to maintain a correct field list.

from threatexchange.

That's a pretty clever way to go about that actually. The goal would be to make sure we handle all of the available fields in that list so I guess we can go with it as a solution :)

from threatexchange.

@mgoffin I just had the thought - could use @hammem suggestion ("pytx fetch some reference objects") in the test suite to make sure we have all of the fields for the appropriate endpoints in the module vocabulary.

from threatexchange.

Sounds doable. If you want, you can create another Issue to track the addition of field validation in the test suite.

from threatexchange.