Make schema object compatible with JSON Schema draft4 #333
Comments
IvanGoncharov
changed the title
|
Hi @IvanGoncharov Looks like we've been having similar issues. I'm having trouble getting documents that lack properties that are not actually required to be correctly validated. The Ruby |
|
The existing JSON Schema validators out there should have no problem validating Swagger definitions as-is. Using a subset of properties doesn't take away from that functionality. There are explicit reasons for most excluded keywords as to why they were excluded, though some excluded keywords may have been excluded by mistake. We will not be able to provide support for most these keywords without finding proper solutions for the problems they may cause. JSON Schema is extensible to the user's needs. We chose to extend it with our own keywords to better support the use cases that we require. There's no technical problem there. If there's a problem with a specific validator, it's a bug with the validator. By definition, the validator should ignore any additional keyword that's use that it is not aware of. The You are partially right about the Given all the above, it does not mean we will not provide support for whichever JSON Schema version is available when we work on the next Swagger specification version. We would have to be sure that we can provide end-to-end (for producers and consumers) which we couldn't do in the last version of the spec. |
I'm not speaking about validating Swagger definitions instead my concern is about request/reply body validation.
Can you please post link or short description, because it really affects further discussion.
If we speak only about JSON Schema standard than your right, validator could simply ignore non-standard keywords. From Swagger point of view situation is different, lets consider the following Pet model as an example. If you simply ignore
Right now I'm aware only of two types of "consumers", which could be affected by such change:
Do you now about any other affected "consumers"? |
|
I'm with @IvanGoncharov. (with respect to allowing all of json-schema). It's been a PITA to have swagger fail the spec validation because we use the same json-schema for model definition as validation. It's "thou shalt not use unblessed attributes" approach seems unnecessarily restrictive. We don't need to add full blown json-schema support to the spec definition. We should relax the spec validation to allow valid json-schema in the model definitions. I've never understood what the harm is. So I include valid json schema attributes swagger should just ignore, what's the big deal? |
|
Folks, I do understand the concern. Historically, however, we have had invalid swagger specifications from a variety of tooling providers, which has made it very difficult for end-users to know "what is compatible with what". One of the most requested, and frankly most important features in 2.0 is a strict schema that should tell you whether or not your swagger specification is compliant with the spec. If for example we started ignoring definitions in the schema, it would be up to the end user (i.e. consumer) to know great detail of the swagger specification, including what is allowed vs. what is not before being confident that the definition would work with the tooling ecosystem. This has proven over and over again to hurt the consumers of the spec. To all you to do "whatever you want" you should consider using vendor extensions. They can be easy to produce or possibly more complicated depending on what you're looking to do. |
|
So use vendor extensions to support existing json-schema constructs? x-anyOf ? That seems a little... awkward, don't you think? :-) |
|
@fehguy I think we divert from original problem. |
|
I think we should divide problem into three parts:
@fehguy, Can you please comment? |
|
|
Hi ! I'm just adding my 2 cents contribution as it's an important issue to me. I second @IvanGoncharov , supporting the full JSON Schema v4 specs is essential, in my opinion, for many reason, mostly for being able to:
As I understand the main caveat is that existing tooling won't be able to implement all the specs. I develop a tool too (flask-restplus) and the impossibility to use existing JSON schema validator is a real handicap because it means one of these:
I don't know if this the place to debate about this, if there is already a dedicated issue or a dedicated topic on the mailing list, I'll join the existing debate. |
|
@noirbizarre - this is definitely the place to debate it. I'd just like to clarify that for 2.0, this will not change. I completely understand the problems this causes, but no matter which way we go, it will cause problems. I'd like to try and find a hopefully generic solution as part of this ticket when the time comes to be able to provide adequate support across the board. We should thrive to evolve, but do it in a thoughtful process. |
That is why I think current model for standardisation is problematic. That said, I really like
That procedure will ensure that Swagger ecosystem will be in sync with latest Swagger spec. |
|
I agree we should improve on the process, and when the time is right we'll make an official announcement with a suggestion for such a process (we have something in mind). The process for 2.0 was open and practically anyone could have joined. Eventually, there was an agreement on the limitations we imposed on the spec, including the non-full JSON Schema support. I cannot say yet when we'll start the process for the next version and whether it would be 2.1 or 3.0. We do have a few issues we know we won't to address there, but I'm not sure this specific issue is one of them. |
|
I think that I can't find any examples of using JSON patch with Swagger, and the petstore example just uses POST to update resources. From what I understand, the PATCH method is the most "correct" way to update parts of a resource. I was going to use this method with formData, but it's unclear (+ comments) as to whether or not this is acceptable usage. We'll probably use PATCH (or even POST) + formData for now, but it would be nice if JSON patch was supported in the future. |
|
This is what I tried to communicate previously, Swagger spec give people false hopes that they can use it together with JSON Schema. @glen-84 You can try to use RFC7386. |
|
How does it give false hope when it explicitly states that it supports a subset of it? |
|
@IvanGoncharov That's interesting (thanks for the link), but I'd prefer to use something with existing client- and server-side implementations if possible. Edit: I found some libs. We might consider this. |
|
I also need |
|
@jamiehannaford I personally solve this problem by prefixing unsupported keywords with |
|
@IvanGoncharov But if you're writing a Swagger file to power a frontend (e.g. swagger-ui), will they know to strip out the I ended up simplifying up the JSON patch schema like so 😒 Not great but it works... |
|
@jamiehannaford, it just one of options and maybe it will be useful for other people reading this issue.
No, almost every tool will simply ignore
But you still need to validate the same constraints that you express with |
|
@IvanGoncharov Would you be able to provide two samples which fully explain and show your explanation of the problem in #333 (comment) please? Specifically |
|
@Relequestual Right now it has some problems(see #403) and they definitely could be solved. Disclaimer: All below text is my personal opinion. All other problems is consequence of the first one:
And generally this feature not extend JSON Schema but replace In my particular example I tried to create API interface to collection of Swagger files, so I need to document function which return Swagger file. I naively thought that I could reuse official JSON Schema to describe payload, but it use a lot of I personally solve this issues using this approach #333 (comment). P.S. If you I didn't answer your question or you have some other questions we can chat here |
|
Well said.
|
|
Validation and modeling are different beasts. JSON schema was designed for validation, not modeling. Thus supporting everything that it has for validation does not make sense for modeling in many cases. 3.0 has greatly increased support for JSON schema draft 4. Decide what you want the spec to do. If it's just validate, then yes, there are constructs that may make sense outside the goals of design. |
|
Thanks fehguy. Where can I find out more about v 3.0? If there a published draft, or a repo? |
|
It's right here in this repo. From the home page there is a link to the branch where we're working on 3.0. https://github.com/OAI/OpenAPI-Specification/blob/OpenAPI.next/README.md The in-progress spec is here, if you don't feel like reading the README: https://github.com/OAI/OpenAPI-Specification/blob/OpenAPI.next/versions/3.0.md |
|
Thanks fehguy - I did see that branch but wasn't sure I was in the right place. (though I did see your name on it which made me think I was . :-) ) The big question is ... can it describe itself? Off for a read. If it can, what kind of release timeframe is v3.0 set for? Thanks again. |
|
"can it describe itself?". No. No apparent schema support for id keyword and a schema having its own definitions. As v3 is at the moment I still could not use it to describe an API that produces swagger JSON .... It there a separate v3 discussion area that you could point me to? |
From wikipedia's article on XML schema
|
|
Hah! Oh that made me lough out loud! Very well done Mike. :-) I read this an hour ago and I am still smiling :-) Nice. Though, that still doesn't change my feeling that a technology for describing APIs should be able to describe an API that produces those descriptions. Kinda makes sense I reckon. I'll explain my situation: We're not talking about a guy here wanting to describe his shopping cart app. I am part of a API standards movement in a (very) large financial organisation. Part of those standards is that going forward, all APIs should have machine readable descriptions of themselves - part of a mindset move from SOAP/WSDL and a 'service enablement' of the org and mainframe systems so on. Indeed, there is a legislative requirement looming to publicly expose a number of financial APIs and that effort is now underway. This swagger limitation means that some APIs now have to be 'special cases' What is also means is that when some part of the organisation that is designing an API using JSON schema to describe payloads hands over their interface spec it will not be able to be described in swagger. They'll have used ids, and #/definitions and oneOf/anyOf and friends (coming in swagger v3) and whatever they need to describe the payload / param structural correctness. If we can't use those schemas in API docs then we're sunk with swagger. It means that existing APIs to be exposed that have not taken swagger's limitations into account may not be able to be described. Now, I have been heard many times saying "a bad standard is better than no standard". I do honestly believe that. We need standards. But even a bad standard has to actually achieve the functionality that you need or have decent workarounds. I dearly dearly want standards like swagger to succeed. But to succeed, it must be able to describe APIs - you simply cannot ask an organisation this large with such complex APIs to dumb down their objects and schemas to something swagger can describe. It absolutely has to be the other way around. The API description tool has to fits people needs. It cannot be people working to fit the needs of the API description tool. And again. Nice one. Still smiling at that. :-) |
|
@StrayAlien - putting aside the JSON Schema discussion itself, it was never Swagger's goal to support all APIs, nor is it the goal of the OpenAPI spec. We put a lot of effort into supporting more features, more design paradigms and concerns, but it is unlikely we will ever support everything. Not supporting your needs doesn't make it a general bad solution, it makes it a bad solution for you. Just because a 2-seater can't accommodate a family of 7, doesn't make it a bad car. Getting back to the topic - the upcoming version will not support the full draft, but that doesn't mean it won't be in the version after that. |
|
Thanks webron, I do get that. And it is good to see it evolving. Any timeframes for v3 release? |
|
We should be making an announcement regarding the timeline in the next few days. |
|
cool. Thanks. |
I'm curious what is the idea behind OpenAPI regarding validation. If models were described using JSON Schema, then the same models could be used for validation. Which would make Swagger API description the single point of reference for both documentation and validation. Otherwise one would have to maintain separate actual JSON schema for validation, which is a rather bad idea since schema and model would have to be kept in sync by hand. IMO Swagger model descriptions should at least use a compatible subset of JSON schema (and ideally support full JSON schema). PS considering code-generation I don't see a problem in allowing "hard" features of JSON schema, since it is already possible to create API for which generic code generation will not work (e.g. returning |
I cannot agree more with this statement ! I do really agree that if some language cannot generate code because of the way they are made, then they should juste not generate it, it seems wasteful to prevent using those keywords simply because some but not all languages are incompatible with them, different languages means different way of doing things, uniformity would be a bad thing in this case.
It's been quite some time but we are just out of the holidays, any news on that ? Is there a way to help drive this forward ? Since it seems most people agree now to add those keywords, what is the blocker currently ? If possible we'd like to make this happens quickly as then the tooling needs time to adapt. |
|
Hello, I'm the editor of the most recent update to the JSON Schema Internet-Draft. @Relequestual and @handrews are some of my partners in crime. Of course JSON Schema is quintessentially for validating JSON, but that's so boring: perhaps our top use case for JSON Schema is actually in Web APIs (it's certainly my focus). The two important features around that are, first, hypermedia (defining link relations between documents), and second, document submission to Web APIs: letting a Web server declare the requirements that a submitted document must follow, so that clients can validate their submissions before the server ever needs to reply with an error message. Well, one of the interesting things about using JSON Schema to define what's acceptable for submission, is first you have to construct a document to submit. So the validation keywords are really a way of expressing useful constraints on input that can be used for building forms and other tools for interacting with data, and it's fully anticipated that validation keywords will used for these sorts of things. From a user interface perspective, defining a field with From a computing perspective, you can use these assertions to optimize database indexes, or generate client libraries like Swagger does. Further following from this, I think it's also totally reasonable to allow a profile of JSON Schema (a subset) that makes sense for the application. For example, allowing "anyOf" would in many cases require falling back on behavior that's just as useless as In many cases, though, most of the keywords should be implementable, even if only at runtime. For example, "patternPropeties" would likely have to generate errors at runtime ("Error! Key |
|
Given how long this issue dates back, there's bound to be many things which have changed. It's clear (and has been for a long time) that Swagger / OAI will not fully support JSON Schema (like RAML does) for the foreseeable future. I totally understanding their reasoning, and that's OK. The problem however, even if you ignore many issues, as the original creator of the issue points out, many libraries use existing JSON Schema validators, and therefore do not conform to the OAI specification. I've suggested before, a few times, the solution to this problem is to provide a comprehensive official test suite for this purpose, which allows you to confirm compliance or not. Heck, you could even base it off our existing JSON Schema test suite at https://github.com/json-schema-org/JSON-Schema-Test-Suite |
|
@awwright wrote:
Allowing any JSON possible value is not useless at all. We actually need that feature in our API where some API routes are just a gateway to another system that will validate the value asynchronously. This is also necessary to define API that are JSON document stores (should allow to store/retreive any raw JSON value without validation). |
|
To summarize what changed in 3.0.0:
Thanks everyone who participated in this discussion. |
|
|
and others
According to spec swagger inside schema object support only limited subset of JSON Schema draft4 and extend it with custom keywords.
This isssue was hidden, before 68c6777 commit any swagger model with arbitrary JSON schema was valid(against Swagger schema).
These create a problem, because in reality most of tools use standard JSON schema validators(for e.g. swagger-tools use z-schema, swagger-express-middleware use tv4). And I didn't found any true Swagger 2.0 validator in the wild.
Another problem is that you can't reference existing schemes inside your swagger files.
It became real problem, if you want to use some standard scheme or simply reuse your existing validation scheme. For example if you make API that return swagger definitions and want to reuse existing schema, you can't simply use '$ref' or even copy-paste it.
Finally it brake compatibility with all tooling around JSON Schema not only validators but also documentation generators, UI form generators, etc.
On technical side, this is list of Draft4 keywords doesn't supported by Swagger: id, $schema, additionalItems, definitions, patternProperties, dependencies, anyOf, oneOf, not.
Also there are "discriminator" and "readOnly" Swagger specific keywords that don't supported by JSON Schema validators. "discriminator" could be safely substitute with "oneOf" construction, as for "readOnly" same behaviour could be achieved by using "allOf" with "write part" and "read-only part".
My proposal it either to remove these keywords or make them optional to support.
Also there are "safe" custom keywords namely "example" and "externalDocs", they shouldn't cause any serious trouble, but should be submitted as requests for Draft5 to ensure future compatibility.
Last keyword is "xml", I didn't make any research about it, so I can't say if it used in any Swagger related project or if it brake JSON schema compatibility.
The text was updated successfully, but these errors were encountered: