Right now, while fields are marked as required in the OpenAPI for a kind, you can create the kind lacking those fields in the payload (and they default to an empty value due to go functionality) when posting to an APIServer that has the app installed on it via the app-sdk. We should validate on create, before hitting the storage, that required fields are present in the payload, and reject the request with a HTTP 400 if the fields are not, the same way CRDs behave with required fields.
Right now, while fields are marked as
requiredin the OpenAPI for a kind, you can create the kind lacking those fields in the payload (and they default to an empty value due to go functionality) when posting to an APIServer that has the app installed on it via the app-sdk. We should validate on create, before hitting the storage, that required fields are present in the payload, and reject the request with a HTTP 400 if the fields are not, the same way CRDs behave with required fields.