From: Phil Sutter <phil@nwl.cc>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org, Eric Leblond <eric@regit.org>,
Eric Garver <e@erig.me>, Florian Westphal <fw@strlen.de>
Subject: [nft PATCH RFC 0/2] JSON schema for nftables.py
Date: Thu, 25 Apr 2019 16:05:00 +0200 [thread overview]
Message-ID: <20190425140502.22761-1-phil@nwl.cc> (raw)
This is an initial implementation of support for jsonschema in
nftables.py. The goal is to have a schema definition which may be used
by users as well as our testsuite to make sure any JSON we accept or
generate is valid.
The added schema.json in patch 1 is very minimal for now - I have a more
detailed version but it is not complete yet. Also it is quite large
already, so for the sake of reviews the small one serves better.
A few aspects of the implementation I'm unsure of:
Keeping the schema in a "pure" JSON file makes things a bit complex: It
has to be shipped as data file and loaded by the validator using
json.load(). OTOH the content may be fed into json_verify and my editor
provides nicer syntax highlighting. An alternative would be to name it
schema.py, prefix the content with 'nftschema = ' and simply import it
into nftables.py. I don't think inlining the content is a good option
simply due to how large the file will get once definitions for all
statements and expressions are in there.
Introducing that SchemaValidator class is not really required, either.
Though squeezing everything into json_validate() method felt clumsy.
Also I wanted to avoid the explicit schema loading mentioned above upon
each call to json_validate(), so having an instance of a validator class
seemed like how one is supposed to do things in an object-oriented
language.
Note that SchemaValidator imports jsonschema upon instantiation. This
may be a bad idea to begin with, but the intention is to not introduce a
hard dependency on jsonschema in nftables.py. Same argument holds for
conditional import of traceback module in nft-test.py, although
validator errors are practically useless without it.
Phil Sutter (2):
py: Implement JSON validation in nftables module
tests/py: Support JSON validation
py/Makefile.am | 2 +-
py/nftables.py | 30 ++++++++++++++++++++++++++++++
py/schema.json | 17 +++++++++++++++++
py/setup.py | 1 +
tests/py/nft-test.py | 29 ++++++++++++++++++++++++++++-
5 files changed, 77 insertions(+), 2 deletions(-)
create mode 100644 py/schema.json
--
2.21.0
next reply other threads:[~2019-04-25 14:05 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-25 14:05 Phil Sutter [this message]
2019-04-25 14:05 ` [nft PATCH RFC 1/2] py: Implement JSON validation in nftables module Phil Sutter
2019-04-25 14:05 ` [nft PATCH RFC 2/2] tests/py: Support JSON validation Phil Sutter
2019-04-25 16:35 ` [nft PATCH RFC 0/2] JSON schema for nftables.py Eric Garver
2019-04-26 7:45 ` Phil Sutter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190425140502.22761-1-phil@nwl.cc \
--to=phil@nwl.cc \
--cc=e@erig.me \
--cc=eric@regit.org \
--cc=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).