Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Proposal: package validation API endpoint #610

Closed
Tracked by #780
ycombinator opened this issue Jul 28, 2020 · 5 comments
Closed
Tracked by #780

Proposal: package validation API endpoint #610

ycombinator opened this issue Jul 28, 2020 · 5 comments

Comments

@ycombinator
Copy link
Contributor

ycombinator commented Jul 28, 2020

IIUC the code for the package registry is the ultimate source of truth of what constitutes a valid package definition. If so, it would be nice if the registry service could expose an HTTP API endpoint for validation. It would take as input the entire package (as an archive file) and return success of a list of validation errors.

By centralizing the validation rules for a package in the package registry code and offering validation as a service, multiple tools could provide validation without having to reimplement the rules and keep them in sync. Two such tools that come to mind right now are:

@ycombinator
Copy link
Contributor Author

cc: @ruflin @mtojek @ph (not sure who else to tag as relevant; feel free to add as you see fit!)

@mtojek
Copy link
Contributor

mtojek commented Jul 28, 2020

I think I would go first with your idea for writing down the package definition, spec and others. Then we can go with updating the package-registry and elastic-package to pick it up. Maybe the validation code should be part of this common place?

Another approach - make the Elastic Package not only the tool, but also the official repository defining the spec. It can also contain package validation logic and others.
Package Registry can use the logic to validate packages and also expose the validation of archives over HTTP.

Personally I would keep the validation in some library, which can be exposed over the HTTP, but wouldn't keep it inside the Package Registry (separation of concerns). Exposing as web services implies additional action items to measure performance, bottlenecks, security threats and others.

@ycombinator
Copy link
Contributor Author

ycombinator commented Jul 28, 2020

@mtojek thanks for weighing in.

I was concurrently having this discussion with @exekias in our 1-1 and his thoughts are very much in line with yours: create a repo for the spec first, and package it as a library which could be embedded in tooling. Later we can consider using the library within the package registry to provide validation as a service.. I also just had a 1-1 with @andresrc in which we also discussed this and he's also +1 for the spec repo idea.

So without further ado, I'm going to create this repo (initially as private but with the intention of it being public) and notify stakeholders (internal for now) about it.

@ruflin
Copy link
Contributor

ruflin commented Jul 29, 2020

++ on the plan. But I would make it public directly.

@jlind23
Copy link
Contributor

jlind23 commented Sep 24, 2024

[Clean up] Closing this as outdated, will reopen if required.

@jlind23 jlind23 closed this as not planned Won't fix, can't repro, duplicate, stale Sep 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

4 participants