Problem description
According to the latest version of the commonalities, the data types string, integer, and array now include new requirements based on the OWASP security guidelines for APIs:
-
If the data type is string, maxLength property or enum construct MUST be used to constrain values.
-
If the data type is array, maxItems property MUST be specified.
-
If the data type is integer, format (int32 or int64) and range (minimum and maximum properties) MUST be specified.
Currently, not all data structures comply with these guidelines, so adjustments are required.
Possible evolution
Align the API definition with these requirements. An initial proposal is outlined below. It should be noted that some of these values require analysis as they have implications for the scenarios where the API is used:
String fields:
| Field |
format |
minLength |
maxLength |
| AdditionalStorage[].mountPoint |
|
|
64 |
| AdditionalStorage[].name |
|
|
64 |
| AdditionalStorage[].storageSize |
|
|
32 |
| AppDeploymentId |
uuid |
36 |
36 |
| AppDeploymentName |
|
|
64 |
| AppId |
uuid |
36 |
36 |
| AppInstanceId |
uuid |
36 |
36 |
| AppInstanceInfo.componentEndpointInfo[].interfaceId |
|
4 |
32 |
| AppInstanceName |
|
|
64 |
| AppManifest.appRepo.checksum |
|
|
128 |
| AppManifest.appRepo.credentials |
|
|
2048 |
| AppManifest.appRepo.userName |
|
|
64 |
| AppManifest.componentSpec[].componentName |
|
|
64 |
| AppManifest.componentSpec[].networkInterfaces[].interfaceId |
|
4 |
32 |
| AppManifest.name |
|
|
64 |
| AppManifest.version |
|
|
64 |
| AppProvider |
|
|
64 |
| ClusterInfo.name |
|
|
64 |
| ClusterInfo.version |
|
|
64 |
| EdgeCloudProvider |
|
|
64 |
| EdgeCloudRegion |
|
|
64 |
| EdgeCloudZoneId |
uuid |
36 |
36 |
| EdgeCloudZoneName |
|
|
64 |
| ErrorInfo.code |
|
|
96 |
| ErrorInfo.message |
|
|
512 |
| Fqdn |
|
|
253 |
| Ipv4Addr |
ipv4 |
|
15 |
| Ipv6Addr |
ipv6 |
|
45 |
| K8sNetworking.additionalNetworks[].name |
|
|
64 |
Integer fields
| Field |
format |
minimum |
maximun |
$ref |
| ContainerResources.memory |
int32 |
1 |
16384 |
|
| DockerComposeResources.memory |
int32 |
1 |
16384 |
|
| DockerComposeResources.numCPU |
int32 |
0 |
256 |
|
| ErrorInfo.status |
int32 |
100 |
599 |
|
| GpuInfo.gpuMemory |
int32 |
1 |
16384 |
|
| GpuInfo.numGPU |
int32 |
0 |
16 |
|
| KubernetesNodePool.nodeResources.memory |
int32 |
1 |
16384 |
|
| KubernetesNodePool.nodeResources.numCPU |
int32 |
1 |
256 |
|
| KubernetesNodePool.numNodes |
int32 |
1 |
100 |
|
| KubernetesResources.applicationResources.cpuPool.memory |
int32 |
1 |
16384 |
|
| KubernetesResources.applicationResources.cpuPool.numCPU |
int32 |
1 |
256 |
|
| KubernetesResources.applicationResources.cpuPool.topology.minNodeCpu |
int32 |
1 |
256 |
|
| KubernetesResources.applicationResources.cpuPool.topology.minNodeMemory |
int32 |
1 |
16384 |
|
| KubernetesResources.applicationResources.cpuPool.topology.minNumberOfNodes |
int32 |
1 |
1000 |
|
| KubernetesResources.applicationResources.gpuPool.memory |
int32 |
1 |
16384 |
|
| KubernetesResources.applicationResources.gpuPool.numCPU |
int32 |
1 |
1024 |
|
| KubernetesResources.applicationResources.gpuPool.gpuMemory |
int32 |
0 |
16 |
|
| KubernetesResources.applicationResources.gpuPool.topology.minNodeCpu |
int32 |
1 |
256 |
|
| KubernetesResources.applicationResources.gpuPool.topology.minNodeGpuMemory |
int32 |
1 |
16 |
|
| KubernetesResources.applicationResources.gpuPool.topology.minNodeMemory |
int32 |
1 |
16384 |
|
| KubernetesResources.applicationResources.gpuPool.topology.minNumberOfNodes |
int32 |
1 |
1000 |
|
| Port |
int32 |
1 |
65535 |
|
| VmResources.memory |
int32 |
1 |
32768 |
|
| VmResources.numCPU |
int32 |
1 |
256 |
|
Array fields
| Field |
Tipo |
minItems |
maxItems |
| AccessEndpoint.ipv4Addresses[] |
Ipv4Addr |
1 |
16 |
| AccessEndpoint.ipv6Addresses[] |
Ipv6Addr |
1 |
16 |
| AppDeploymentInfo.edgeCloudZones[] |
EdgeCloudZoneId |
|
100 |
| AppDeploymentInfo.appInstances[] |
AppInstanceId |
|
100 |
| AppInstanceInfo.componentEndpointInfo[] |
object |
1 |
100 |
| AppManifest.componentSpec[] |
object |
|
100 |
| AppManifest.componentSpec[].networkInterfaces[] |
object |
1 |
100 |
| ClusterInfo.nodePools[] |
KubernetesNodePool |
1 |
100 |
| EdgeCloudZones[] |
EdgeCloudZone |
1 |
100 |
| K8sNetworking.additionalNetworks[] |
object |
|
100 |
| AdditionalStorage[] |
object |
|
50 |
Alternative solution
Additional context
This issue aims to initiate the discussion on this topic. A pull request will be opened once the new individual repository for the API is in place.
Problem description
According to the latest version of the commonalities, the data types string, integer, and array now include new requirements based on the OWASP security guidelines for APIs:
If the data type is string,
maxLengthproperty orenumconstruct MUST be used to constrain values.If the data type is array,
maxItemsproperty MUST be specified.If the data type is integer, format (
int32orint64) and range (minimumandmaximumproperties) MUST be specified.Currently, not all data structures comply with these guidelines, so adjustments are required.
Possible evolution
Align the API definition with these requirements. An initial proposal is outlined below. It should be noted that some of these values require analysis as they have implications for the scenarios where the API is used:
String fields:
Integer fields
Array fields
Alternative solution
Additional context
This issue aims to initiate the discussion on this topic. A pull request will be opened once the new individual repository for the API is in place.