Connexion: Possibility to be strict while validating JSON responses with more keys than defined in spec

Created on 3 Apr 2016  路  11Comments  路  Source: zalando/connexion

Hi,

I'm trying out connexion, and even with logging level = DEBUG I can see it's not validating response data. Looking through the source code I don't see in master where it actually does any validation of responses.

Has this been implemented?

thanks

enhancement help wanted
Source
picture bkcsfi

All 11 comments

When you make the call to app.add_api() you need to pass the argument validate_responses=True

dfeinzeig picture dfeinzeig on 4 Apr 2016
👍1

I am passing that parameter:

connexion_app.add_api(
'swagger.yaml',
resolver=class_resolver,
validate_responses=True)

bkcsfi picture bkcsfi on 4 Apr 2016

The validation is a bit limited right now. Try changing a type in your swagger doc and see if it fails validation (e.g., int to float or string or such).

dfeinzeig picture dfeinzeig on 4 Apr 2016
👍1

Thanks for the fast response.

one example I'm testing is this simple schema. The customer.get_customer method is returning a dictionary with many more keys than just 'id', but no exception is raised.

I am using connexion==1.0.84

  /customer/{customer_id}:
    get:
      summary: Get Customer By ID
      description: Returns details about a customer
      operationId: customer.get_customer
      produces:
        - application/json
      parameters:
        - in: path
          name: customer_id
          description: Customer ID
          required: true
          type: integer
          format: int64
      responses:
        "200":
          description: successful operation
          schema:
            $ref: "#/definitions/Customer"

definitions:
  Customer:
    type: object
    properties:
      id:
        type: integer
        format: int64
bkcsfi picture bkcsfi on 4 Apr 2016

No problem.

Yeah, that kind of validation isn't yet in connexion as far as I know. I discovered that myself a few weeks ago. It's on my todo list to add. I believe data types are the only real response validation at the moment. Missing or extra return values aren't caught yet.

dfeinzeig picture dfeinzeig on 4 Apr 2016

great, thanks for the info, I won't worry about it right now.

bkcsfi picture bkcsfi on 4 Apr 2016

Extra keys in objects are not covered. It should throw an error if you mare missing a required field in a object though.

If we are thinking of adding that kind of validation (more keys than defined) I would recommend to add an option to make the validation be strict about that or not.

rafaelcaricio picture rafaelcaricio on 4 Apr 2016

@rafaelcaricio @dfeinzeig Hi there, wondering if this issue is on the way to resolution or if we ought to keep it open?

LappleApple picture LappleApple on 29 Jul 2016

@LappleApple it could stay open as a suggestion to someone looking to work on something in Connexion.

rafaelcaricio picture rafaelcaricio on 29 Jul 2016
👍1

Good news, everyone!
The current version of connexion can already raise validation errors if any unexpected key is present.
Following from the example above, with an API so defined:

definitions:
  Customer:
    type: object
    additionalProperties: false
    properties:
      id:
        type: integer
        format: int64

Code that returns a Customer object so defined:
{'id': 42, 'password': 's3cure', 'name': 'charlie'}

Yields:
validation error: Additional properties are not allowed (u'password', u'name' were unexpected)
.

invernizzi-at-google picture invernizzi-at-google on 16 Aug 2016
👍1

@invernizzi-at-google thanks for pointing out. Closing this issue.

hjacobs picture hjacobs on 23 Aug 2016
Was this page helpful?
0 / 5 - 0 ratings

Related issues

majoros picture majoros  路  5Comments
hjacobs picture hjacobs  路  4Comments
oddjobz picture oddjobz  路  3Comments
zd0 picture zd0  路  4Comments
vimalloc picture vimalloc  路  3Comments