Hi Phil, Thanks for working on this. On Thu, Apr 25, 2019 at 04:05:00PM +0200, Phil Sutter wrote: > This is an initial implementation of support for jsonschema in > nftables.py. The goal is to have a schema definition which may be used > by users as well as our testsuite to make sure any JSON we accept or > generate is valid. > > The added schema.json in patch 1 is very minimal for now - I have a more > detailed version but it is not complete yet. Also it is quite large > already, so for the sake of reviews the small one serves better. > > A few aspects of the implementation I'm unsure of: > > Keeping the schema in a "pure" JSON file makes things a bit complex: It > has to be shipped as data file and loaded by the validator using > json.load(). OTOH the content may be fed into json_verify and my editor > provides nicer syntax highlighting. An alternative would be to name it > schema.py, prefix the content with 'nftschema = ' and simply import it > into nftables.py. I don't think inlining the content is a good option > simply due to how large the file will get once definitions for all > statements and expressions are in there. I very much prefer the external JSON file. Other projects can then use it to validate the JSON they generate without going through libnftables. > Introducing that SchemaValidator class is not really required, either. > Though squeezing everything into json_validate() method felt clumsy. > Also I wanted to avoid the explicit schema loading mentioned above upon > each call to json_validate(), so having an instance of a validator class > seemed like how one is supposed to do things in an object-oriented > language. > > Note that SchemaValidator imports jsonschema upon instantiation. This > may be a bad idea to begin with, but the intention is to not introduce a > hard dependency on jsonschema in nftables.py. Same argument holds for > conditional import of traceback module in nft-test.py, although > validator errors are practically useless without it. I agree with the optional jsonschema dependency. traceback is part of the python standard library. No reason to make it a conditional import unless you're worried about the cost of importing it. > > Phil Sutter (2): > py: Implement JSON validation in nftables module > tests/py: Support JSON validation > > py/Makefile.am | 2 +- > py/nftables.py | 30 ++++++++++++++++++++++++++++++ > py/schema.json | 17 +++++++++++++++++ > py/setup.py | 1 + > tests/py/nft-test.py | 29 ++++++++++++++++++++++++++++- > 5 files changed, 77 insertions(+), 2 deletions(-) > create mode 100644 py/schema.json > > -- > 2.21.0 >
