Comments (10)
@joaoqalves , @dhontecillas : I'd rather go with the smallest increment possible in the direction described by @alombarte and I'd try to design some kind of optional validation mode using the fields listed in the whitelist, always keeping an eye on the performance impact.
Once we got that, we can start thinking about complex ways of defining the expected dataset/model.
from lura.
@kpacha I have a couple of ideas about this, but I'd like these issues to be described more in depth :)
from lura.
@joaoqalves Yes, the issues are more like a TODO list right now...
Current behavior:
- A field
whatever
is defined in the whitelist - KrakenD goes to the backend and reads the response
- The field
whatever
is missing from the response - KrakenD ignores the field, no error of any kind is raised.
Desired behaviour:
- Strict mapper can be enabled if desired (flag)
- When enabled, krakend goes to the backend and readsthe response
- The field
whatever
is missing from the response - The mapper returns an error (that could be logged)
@kpacha will give you more details about the implementation, I just described the functionality.
Thanks
from lura.
The current implementation prunes all elements that are not in the whitelist, without taking into account that the elements exists.
Having had a look at the code, I think there are two approaches:
-
Have a separate step that checks that all whitelisted fields exist in the response, after the pruning has done its job (with a O(N) cost, being N the number of 'nodes' of the whitelist - by the way, we already have a linear cost).
-
Try to have an early check inside the
whitelistPrune
function, (inproxy/formatter.go
), and change the signature for that function, so it returns ancanDelete
and anerror
if it detects that some fields are missing. I would need to deep a little more into this second option to know it its worth the complexity.
I can have a look (but not this week). So, let me know if someone already starts working on this.
from lura.
@alombarte Yes, I agree with these points. But we're looking at the first solution we got. Apart from implementing this, I suggest to implement a suggestion that imho brings more value to the table: to read JSON schema. The idea behind this is:
- You touch an API
- openAPI/whatever generates the schema
- You run a tool that compares the mapping against the schema and you won't let deploy anything that breaks your system
from lura.
After playing around with some ideas, I think the easiest way to do the validation would be as a martian
verifier using a json-schema for every backend response to validate.
Delegating this task to the entity combiner could add unrequired overhead
So, this approach requires clients to define the json-schema to validate in the extra_config
section of every backend to check (like this example http://json-schema.org/examples.html)
from lura.
this two martian verifiers should do the job: https://github.com/kpacha/martian-components/tree/master/body/json-schema.
I'm not sure if these verifiers should be loaded by default into the official krakend-ce
binary or if we should keep them for custom builds until we solve the 'plugin' issue
from lura.
@kpacha Kudos to the JSON schema approach 👍 . I had the same idea, although mine involved a static analysis before deployment and that's out of Krakend's scope.
from lura.
please, keep in mind the impact in performance before using it.
My first benchmarks are not too pretty:
pkg: github.com/kpacha/martian-components/body/json-schema
BenchmarkRequestVerifier_ModifyRequest_ok-8 300000 4617 ns/op 4384 B/op 47 allocs/op
BenchmarkRequestVerifier_ModifyRequest_ko-8 100000 13176 ns/op 6610 B/op 94 allocs/op
BenchmarkResponseVerifier_ModifyResponse_ok-8 300000 4656 ns/op 4384 B/op 47 allocs/op
BenchmarkResponseVerifier_ModifyResponse_ko-8 100000 12786 ns/op 6610 B/op 94 allocs/op
BenchmarkVerifier_ok-8 500000 3603 ns/op 2096 B/op 42 allocs/op
BenchmarkVerifier_ko-8 200000 11284 ns/op 4321 B/op 89 allocs/op
PASS
ok github.com/kpacha/martian-components/body/json-schema 9.992s
I'll benchmark other libs to be sure this is the fastest option
from lura.
This issue was marked as resolved a long time ago and now has been automatically locked as there has not been any recent activity after it. You can still open a new issue and reference this link.
from lura.
Related Issues (20)
- Requests sent to backend doesn't have the parameters replaced from the client URL HOT 2
- How do I add an element to the responses HOT 2
- Handler plugin injection aborted for configuration error of one plugin HOT 1
- Disable encoding of query parameters in the load balancing middleware HOT 9
- Generate config json from `ServiceConfig` struct HOT 2
- Control Plane/ Service Mesh Feature Request HOT 2
- GraphQL backend to support variables in the POST body for Queries HOT 2
- Probably me as newbie but I can't get the GraphQL proxy config to work HOT 3
- Race condition in shadowproxy HOT 1
- Default router behavior changing when the `router` configuration is present HOT 2
- Inconsistent interpolation behavior in various parts of the configuration HOT 1
- Metrics for HTTP-Client plugin not reported HOT 3
- Configurable SD protocol HOT 1
- Proposal: Ability to filter input_headers at the backend level HOT 1
- Log which endpoint failed to register HOT 2
- Remove restriction on multiple POSTS or other unsafe methods HOT 1
- Default router behavior changing when the router configuration is present HOT 1
- Where did the examples go? HOT 3
- Pass request `ctx` to modifier plugins HOT 1
- Gofiber Support HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lura.