Skip to content

Support for ignoring extraneous fields in rest request body#1608

Merged
ayush3797 merged 66 commits intomainfrom
dev/agarwalayush/strictModeForRestRequestBody
Sep 18, 2023
Merged

Support for ignoring extraneous fields in rest request body#1608
ayush3797 merged 66 commits intomainfrom
dev/agarwalayush/strictModeForRestRequestBody

Conversation

@ayush3797
Copy link
Copy Markdown
Contributor

@ayush3797 ayush3797 commented Jul 26, 2023
edited
Loading

Why make this change?

Add support for allowing extraneous fields in request body as per: #1606.

What is this change?

DAB will expose another CLI option in the init command rest.request-body-strict, which when set to true/false, would set the property runtime.rest.request-body-strict as true/false in the generated runtime config file. What this essentially means is that, as part of the REST mutations (POST/PUT/PATCH), there can be extraneous fields present in the request body and they will be ignored. Default behavior of DAB will continue to be the same as what it is today, i.e. any extraneous fields in the request body would return an error. So to say, the default value of runtime.rest.request-body-strict is true.

Additional change

Refactored RequestValidator.cs class to be a singleton dependent on ISqlMetaDataProvider and RuntimeConfigProvider services. Better presents its dependency on the two services and simplifies the code.

What are the different extraneous fields?

  1. Fields in request body that do not map to any backing column in the table/view. They will be ignored.
  2. Fields that are repeated - present as PK in the request URL for PUT/PATCH requests and also present in the request body. The ones in the request body will be ignored.
  3. Read-only fields. The support for this will be added in a subsequent PR: Preventing update/insert of read-only fields in a table by user #1596.
    -> Read-only field are: Computed (or Generated) / AutoGenerated fields in MsSql/MySql/PgSql
    -> timestamp fields in MsSql

Questions:

1. What about authorization of extraneous fields?
When operating in flexible mode, the user is not authorized for extraneous fields NOT defined on table because those fields are ignored. For all other cases, authorization goes as usual.

How was this tested?

  • Integration Tests - Added tests to validate that extraneous fields are allowed in the request body for all the 3 relational DBs in the {*}RestBodyNonStrictModeTests.cs classes inheriting from the base class RestBodyNonStrictModeTests.cs. (* = MsSql,MySql,PostgreSql)
  • Unit Tests - Added unit test to validate the functionality of the newly added --rest.request-body-strict feature in the init command.

@ayush3797 ayush3797 self-assigned this Jul 26, 2023
@ayush3797 ayush3797 added cli rest enhancement New feature or request labels Jul 26, 2023
@ayush3797 ayush3797 added this to the 0.9rc milestone Jul 26, 2023
@ayush3797 ayush3797 linked an issue Jul 26, 2023 that may be closed by this pull request
RFC: Ignore extra columns #1606
Closed
@ayush3797 ayush3797 marked this pull request as ready for review August 1, 2023 06:07
@ayush3797 ayush3797 requested a review from mbhaskar as a code owner August 1, 2023 06:07
seantleonard
seantleonard reviewed Sep 13, 2023
View reviewed changes
Comment thread src/Service.Tests/Configuration/ConfigurationTests.cs
seantleonard
seantleonard reviewed Sep 13, 2023
View reviewed changes
Comment thread src/Cli.Tests/TestHelper.cs
seantleonard
seantleonard reviewed Sep 14, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@seantleonard seantleonard left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

last nits but otherwise lgtm! (can approve once Ani's feedback addressed)

Aniruddh25
Aniruddh25 requested changes Sep 14, 2023
View reviewed changes
Copy link
Copy Markdown
Collaborator

@Aniruddh25 Aniruddh25 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Last question: why cant we set Default=CliBoolean.True instead of introducing CliBoolean.None?

@ayush3797
Copy link
Copy Markdown
Contributor Author

ayush3797 commented Sep 14, 2023

Last question: why cant we set Default=CliBoolean.True instead of introducing CliBoolean.None?

We can assign a default value of CliBoolean.True instead of CliBoolean.None. But this would unnecessarily log a warning for cosmosdb_nosql during config generation - that cosmosdb does not support REST. When the default value is CliBoolean.None, we would not be logging this warning because we would know that since the value is CliBoolean.None, the option was not included in the init command.

We cannot say the same when the default value is kept as CliBoolean.True. We won’t know that this true value is because of default behavior or because the option was included in the command. This might be the case that we would be unnecessarily logging a warning for cosmosdb_nosql even when the user did not include the rest.request-body-strict option.

seantleonard
seantleonard reviewed Sep 14, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@seantleonard seantleonard left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

last two questions about tests

Aniruddh25
Aniruddh25 reviewed Sep 16, 2023
View reviewed changes
Comment thread src/Cli/Commands/InitOptions.cs Outdated
Aniruddh25
Aniruddh25 approved these changes Sep 16, 2023
View reviewed changes
Copy link
Copy Markdown
Collaborator

@Aniruddh25 Aniruddh25 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM after resolving comments! Thanks for your patience on this PR and ensuring new issues found are handled appropriately, and consistently.

@ayush3797 ayush3797 enabled auto-merge (squash) September 18, 2023 07:15
@ayush3797 ayush3797 dismissed seantleonard’s stale review September 18, 2023 09:37

comments addressed.

@ayush3797 ayush3797 merged commit 1d43c41 into main Sep 18, 2023
@ayush3797 ayush3797 deleted the dev/agarwalayush/strictModeForRestRequestBody branch September 18, 2023 09:37
@seantleonard seantleonard mentioned this pull request Apr 19, 2024
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@seantleonard seantleonard seantleonard left review comments

@Aniruddh25 Aniruddh25 Aniruddh25 approved these changes

@severussundar severussundar severussundar approved these changes

@mbhaskar mbhaskar Awaiting requested review from mbhaskar

@JelteF JelteF Awaiting requested review from JelteF

@Mathos1432 Mathos1432 Awaiting requested review from Mathos1432

@gledis69 gledis69 Awaiting requested review from gledis69

@aaronburtle aaronburtle Awaiting requested review from aaronburtle aaronburtle is a code owner

@milismsft milismsft Awaiting requested review from milismsft

@tarazou9 tarazou9 Awaiting requested review from tarazou9

@abhishekkumams abhishekkumams Awaiting requested review from abhishekkumams

@aaronpowell aaronpowell Awaiting requested review from aaronpowell

@ravishetye ravishetye Awaiting requested review from ravishetye

Assignees

@ayush3797 ayush3797

Labels

cli enhancement New feature or request rest

Projects

Data API builder
Status: Done

Milestone

0.9

Development

Successfully merging this pull request may close these issues.

RFC: Ignore extra columns

6 participants

@ayush3797 @JerryNixon @seantleonard @Aniruddh25 @severussundar @abhishekkumams