From 159531fcc16dec79269d21b085d90f26b3e63648 Mon Sep 17 00:00:00 2001 From: Agustin Bettati Date: Wed, 17 Jun 2026 22:29:14 +0200 Subject: [PATCH] feat(ipa): Tighten standard method guarantees in IPA-101, IPA-106, IPA-107 and IPA-108 CLOUDP-412563 --- ipa/general/0101.mdx | 15 +++++++++++++++ ipa/general/0106.mdx | 4 ++-- ipa/general/0107.mdx | 4 ++-- ipa/general/0108.mdx | 11 +++++++---- 4 files changed, 26 insertions(+), 8 deletions(-) diff --git a/ipa/general/0101.mdx b/ipa/general/0101.mdx index c5913ed..e8d043a 100644 --- a/ipa/general/0101.mdx +++ b/ipa/general/0101.mdx @@ -38,6 +38,21 @@ When designing an API, consider the following (roughly in logical order): - Resources **may** have any number of sub-resources - The schema for a resource **must** be the same across all methods related to the resource +- The schema consistency rule implies that every field accepted in a request + body **must** also be present in the response body for the same resource. + Omitting request fields from responses breaks declarative clients and forces + manual reconciliation in downstream tooling. + - The only exceptions are [sensitive fields](0111.mdx#sensitive-fields), which + may be omitted entirely (write-only) or may appear only in the Create + response (reveal-once). + - For the per-method expression of this rule, see [Create](0106.mdx) and + [Update](0107.mdx). +- Resources declared by clients **must not** be silently removed by the server + as a result of time-based expiry, inactivity, or other server-side lifecycle + events. If such a lifecycle transition is part of the resource's domain model, + it **must** be represented as a terminal status on the resource (e.g. + `EXPIRED`, `REVOKED`, `REJECTED`), and the resource **must** remain readable + through the Get and List methods until the client explicitly deletes it. :::warning[Important] diff --git a/ipa/general/0106.mdx b/ipa/general/0106.mdx index 1b7ea3b..d5a5284 100644 --- a/ipa/general/0106.mdx +++ b/ipa/general/0106.mdx @@ -24,8 +24,8 @@ collection. - A `Request` object **must** include only input fields - In OpenAPI, this means that the `Request` object **must not** include fields with `readOnly: true` -- The response body **should** be the same resource returned by the - [Get](0104.mdx) method +- The response body **must** be the same resource returned by the + [Get](0104.mdx) method. - Create operations **must not** accept query parameters - Query parameters are usually a sign of a side effect that standard methods **must not** cause diff --git a/ipa/general/0107.mdx b/ipa/general/0107.mdx index aae3645..62ec7cb 100644 --- a/ipa/general/0107.mdx +++ b/ipa/general/0107.mdx @@ -33,9 +33,9 @@ resource. - A `UpdateRequest` object **must** include only input fields - In OpenAPI, this means that the `UpdateRequest` object **must not** include fields with `readOnly: true` -- The response body **should** be the same resource returned by the +- The response body **must** be the same resource returned by the [Get method](0104.mdx) - - The Update method **should** return the complete resource to avoid + - The Update method **must** return the complete resource to avoid complexities for clients - The Update method **must** respect the client provided values, or lack thereof, for all fields in the request (see diff --git a/ipa/general/0108.mdx b/ipa/general/0108.mdx index 11a1cb5..512c1a1 100644 --- a/ipa/general/0108.mdx +++ b/ipa/general/0108.mdx @@ -23,10 +23,13 @@ resource. [204 No Content](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/204) status - The request **must not** include a body -- The Delete method **should** succeed if and only if a resource was present and - was successfully deleted - - If the resource did not exist, the method **should** respond with a - `NOT FOUND` [error](0114.mdx) +- The Delete method **must** succeed if and only if a resource was present and + was successfully deleted. + - If the resource did not exist, the method **must** respond with a + `404 Not Found` error per [IPA-114](0114.mdx#not-found). +- The Delete method **must not** return a successful response while any internal + state of the resource — settings, policies, configurations, or any other state + without an independent endpoint — remains. Example