Kalivo.com - Removal of referral validation

View User Content View Profile

Author	#
	185
	148
Anonymous User	49
	28
Kimberly Hieber	27
	23

« Metaprogramming Fun | Home | Development Environment Setup fun »

Removal of referral validation
belongs to Storage Service Info

by Jonathan Bell on 2008-08-01 09:58 PM read 342 times

I've updated the storage service to remove the referral validation of incoming requests. Instead it now follows the standard pattern of checking for a BSGRA_GUID header, HTTP_BSGRA_GUID header, or a bsgra_guid parameter on the incoming request like the service_user. In addition it will validate the incoming bsgra_guid is valid and has access to the storage service in the provisions server, and that the incoming request is coming to an expected request url.

However, it is concerning that this make break clients of the storage server that are not currently passing the bsgra_guid in the request. Should we be handling backwards compatibility in regards to the referer mechanism? What sort of systems integration testing do we have for service interface updates?

Tags

Rating ( 0.00 )

3 Replies Loading ... Please wait | Log In to Reply | Log In to Copy | Tell a Friend |

re: Removal of referral validation

a reply to Removal of referral validation
by Brittain on 2008-08-05 02:50 PM read 77 times

Good questions all. A few parts to my answer, then perhaps MarcS can answer also.

At this point, compatibility with nGen Collab is our only concern; however, the functional tests for the Storage Service (SS) should cover this case and, optimally, would have broken due to this change. My preference would be that break would initiate (a) a discussion about how we want to handle such a breaking change and (b) a communication to the world that we'd changed the API, if we'd explicitly decided to.
The integration testing environment is under construction. Starting with staging.kalivo.com and moving into storagetest.ngenplatform.com, etc, etc.
I would not expect we need an integration test to discover this breakage. IMO this is a functional test that the SS should execute continuously.

Other thoughts?

Tags

Rating ( 0.00 )

2 Replies | Log In to Reply | Log In to Copy | Tell a Friend |

re: re: Removal of referral validation

a reply to re: Removal of referral validation

in a conversation thread started here
by Marc S. Schriftman on 2008-08-05 07:14 PM read 51 times

Scott,

I'm on board with your first two points, but I'm not sure I understand point #3. Our tests detected that we changed the API, so we fixed out tests and now they pass, but platform units and functionals don't verify that client code (e.g. service_storage_client) has been adjusted correctly. Wouldn't we want integration tests in each client?

Marc

Tags

Rating ( 0.00 )

1 Reply | Log In to Reply | Log In to Copy | Tell a Friend |

re: re: re: Removal of referral validation

a reply to re: re: Removal of referral validation

in a conversation thread started here
by Brittain on 2008-08-05 07:52 PM read 64 times

My statement was that we wouldn't need an integration test. As you said (and I agree with) the functionals should've detected the breakage. Certainly an integration test suite (independent of the functionals/units) and an environment to execute it in is a good thing.

As for your point, shouldn't the service_storage_client have its own tests (particularly mocking the service)? As the distributors of this proxy, I'd expect that whomever updated the API would be responsible for updating any proxy for that API.

In practice this task is sometimes forgotten, but IMO that's a sign of a weak engineering effort (not knowing and covering ones dependencies).

Tags

Rating ( 0.00 )