Temporary replace appcreds schema

A bug landed in the keystone openapi schemas that blocks us now so we need to temporarily host the whole schema here until the fix lands. In the long run we completely drop the whole module with application credential schemas from the codegenerator. Change-Id: If04dbdccfcad8f35e48ea68c081fc1df2a8116fd
2024-11-26 17:45:09 +01:00
parent d02ace52ab
commit 3887d49135
1 changed files with 66 additions and 17 deletions
--- a/codegenerator/openapi/keystone_schemas/application_credential.py
+++ b/codegenerator/openapi/keystone_schemas/application_credential.py
@@ -14,10 +14,6 @@ import copy

 from typing import Any

-from keystone.application_credential import (
-    schema as application_credential_schema,
-)
-
 from codegenerator.common.schema import TypeSchema
 from codegenerator.common.schema import ParameterSchema
 from codegenerator.openapi.keystone_schemas import common
@@ -28,6 +24,7 @@ APPLICATION_CREDENTIAL_SCHEMA: dict[str, Any] = {
        "id": {
            "type": "string",
            "format": "uuid",
+            "readOnly": True,
            "description": "The ID of the application credential.",
        },
        "project_id": {
@@ -35,39 +32,90 @@ APPLICATION_CREDENTIAL_SCHEMA: dict[str, Any] = {
            "format": "uuid",
            "description": "The ID of the project the application credential was created for and that authentication requests using this application credential will be scoped to.",
        },
-        **application_credential_schema._application_credential_properties,
+        "name": {
+            "type": "string",
+            "description": "The name of the application credential. Must be unique to a user.",
+        },
+        "description": {
+            "type": ["string", "null"],
+            "description": "A description of the application credential's purpose.",
+        },
+        "expires_at": {"type": ["null", "string"]},
+        "roles": {
+            "type": "array",
+            "description": "An optional list of role objects, identified by ID or name. The list may only contain roles that the user has assigned on the project. If not provided, the roles assigned to the application credential will be the same as the roles in the current token.",
+            "items": {
+                "type": "object",
+                "properties": {
+                    "name": {"type": "string"},
+                    "id": {"type": "string"},
+                },
+            },
+        },
+        "unrestricted": {
+            "type": "boolean",
+            "description": "An optional flag to restrict whether the application credential may be used for the creation or destruction of other application credentials or trusts. Defaults to false.",
+        },
+        "access_rules": {
+            "type": "array",
+            "description": "A list of access_rules objects",
+            "items": {
+                "type": "object",
+                "properties": {
+                    "id": {"type": "string"},
+                    "path": {"type": "string"},
+                    "method": {"type": "string"},
+                    "service": {"type": "string"},
+                },
+            },
+        },
    },
 }
-APPLICATION_CREDENTIAL_SCHEMA["properties"].pop("secret", None)

 APPLICATION_CREDENTIAL_CONTAINER_SCHEMA: dict[str, Any] = {
    "type": "object",
    "properties": {
        "application_credential": copy.deepcopy(APPLICATION_CREDENTIAL_SCHEMA)
    },
+    "required": ["application_credential"],
+    "additionalProperties": False,
 }

 APPLICATION_CREDENTIAL_CREATE_SCHEMA: dict[str, Any] = {
    "type": "object",
    "properties": {
-        "application_credential": copy.deepcopy(
-            application_credential_schema.application_credential_create
-        )
+        "application_credential": {
+            "type": "object",
+            "properties": {
+                "secret": {
+                    "type": "string",
+                    "description": "The secret that the application credential will be created with. If not provided, one will be generated.",
+                },
+                **APPLICATION_CREDENTIAL_SCHEMA["properties"],
+            },
+            "required": ["name"],
+        }
    },
+    "required": ["application_credential"],
+    "additionalProperties": False,
 }

 APPLICATION_CREDENTIAL_CREATE_RESPONSE_SCHEMA: dict[str, Any] = {
    "type": "object",
    "properties": {
-        "application_credential": copy.deepcopy(APPLICATION_CREDENTIAL_SCHEMA)
+        "application_credential": {
+            "type": "object",
+            "properties": {
+                "secret": {
+                    "type": "string",
+                    "description": "The secret for the application credential, either generated by the server or provided by the user. This is only ever shown once in the response to a create request. It is not stored nor ever shown again. If the secret is lost, a new application credential must be created.",
+                },
+                **APPLICATION_CREDENTIAL_SCHEMA["properties"],
+            },
+        }
    },
-}
-# Update `secret` field
-APPLICATION_CREDENTIAL_CREATE_RESPONSE_SCHEMA["properties"][
-    "application_credential"
-]["properties"]["secret"] = {
-    "type": "string",
-    "description": "The secret for the application credential, either generated by the server or provided by the user. This is only ever shown once in the response to a create request. It is not stored nor ever shown again. If the secret is lost, a new application credential must be created.",
+    "required": ["application_credential"],
+    "additionalProperties": False,
 }

 APPLICATION_CREDENTIALS_SCHEMA: dict[str, Any] = {
@@ -78,6 +126,7 @@ APPLICATION_CREDENTIALS_SCHEMA: dict[str, Any] = {
            "items": copy.deepcopy(APPLICATION_CREDENTIAL_SCHEMA),
        }
    },
+    "required": ["application_credentials"],
 }

 APPLICATION_CREDENTIALS_LIST_PARAMETERS = {