From 3887d49135bb9049627030d3e15e1c5b9309380a Mon Sep 17 00:00:00 2001 From: Artem Goncharov Date: Tue, 26 Nov 2024 17:45:09 +0100 Subject: [PATCH] Temporary replace appcreds schema A bug landed in the keystone openapi schemas that blocks us now so we need to temporarily host the whole schema here until the fix lands. In the long run we completely drop the whole module with application credential schemas from the codegenerator. Change-Id: If04dbdccfcad8f35e48ea68c081fc1df2a8116fd --- .../application_credential.py | 83 +++++++++++++++---- 1 file changed, 66 insertions(+), 17 deletions(-) diff --git a/codegenerator/openapi/keystone_schemas/application_credential.py b/codegenerator/openapi/keystone_schemas/application_credential.py index e2a5488..6cf15e6 100644 --- a/codegenerator/openapi/keystone_schemas/application_credential.py +++ b/codegenerator/openapi/keystone_schemas/application_credential.py @@ -14,10 +14,6 @@ import copy from typing import Any -from keystone.application_credential import ( - schema as application_credential_schema, -) - from codegenerator.common.schema import TypeSchema from codegenerator.common.schema import ParameterSchema from codegenerator.openapi.keystone_schemas import common @@ -28,6 +24,7 @@ APPLICATION_CREDENTIAL_SCHEMA: dict[str, Any] = { "id": { "type": "string", "format": "uuid", + "readOnly": True, "description": "The ID of the application credential.", }, "project_id": { @@ -35,39 +32,90 @@ APPLICATION_CREDENTIAL_SCHEMA: dict[str, Any] = { "format": "uuid", "description": "The ID of the project the application credential was created for and that authentication requests using this application credential will be scoped to.", }, - **application_credential_schema._application_credential_properties, + "name": { + "type": "string", + "description": "The name of the application credential. Must be unique to a user.", + }, + "description": { + "type": ["string", "null"], + "description": "A description of the application credential's purpose.", + }, + "expires_at": {"type": ["null", "string"]}, + "roles": { + "type": "array", + "description": "An optional list of role objects, identified by ID or name. The list may only contain roles that the user has assigned on the project. If not provided, the roles assigned to the application credential will be the same as the roles in the current token.", + "items": { + "type": "object", + "properties": { + "name": {"type": "string"}, + "id": {"type": "string"}, + }, + }, + }, + "unrestricted": { + "type": "boolean", + "description": "An optional flag to restrict whether the application credential may be used for the creation or destruction of other application credentials or trusts. Defaults to false.", + }, + "access_rules": { + "type": "array", + "description": "A list of access_rules objects", + "items": { + "type": "object", + "properties": { + "id": {"type": "string"}, + "path": {"type": "string"}, + "method": {"type": "string"}, + "service": {"type": "string"}, + }, + }, + }, }, } -APPLICATION_CREDENTIAL_SCHEMA["properties"].pop("secret", None) APPLICATION_CREDENTIAL_CONTAINER_SCHEMA: dict[str, Any] = { "type": "object", "properties": { "application_credential": copy.deepcopy(APPLICATION_CREDENTIAL_SCHEMA) }, + "required": ["application_credential"], + "additionalProperties": False, } APPLICATION_CREDENTIAL_CREATE_SCHEMA: dict[str, Any] = { "type": "object", "properties": { - "application_credential": copy.deepcopy( - application_credential_schema.application_credential_create - ) + "application_credential": { + "type": "object", + "properties": { + "secret": { + "type": "string", + "description": "The secret that the application credential will be created with. If not provided, one will be generated.", + }, + **APPLICATION_CREDENTIAL_SCHEMA["properties"], + }, + "required": ["name"], + } }, + "required": ["application_credential"], + "additionalProperties": False, } APPLICATION_CREDENTIAL_CREATE_RESPONSE_SCHEMA: dict[str, Any] = { "type": "object", "properties": { - "application_credential": copy.deepcopy(APPLICATION_CREDENTIAL_SCHEMA) + "application_credential": { + "type": "object", + "properties": { + "secret": { + "type": "string", + "description": "The secret for the application credential, either generated by the server or provided by the user. This is only ever shown once in the response to a create request. It is not stored nor ever shown again. If the secret is lost, a new application credential must be created.", + }, + **APPLICATION_CREDENTIAL_SCHEMA["properties"], + }, + } }, -} -# Update `secret` field -APPLICATION_CREDENTIAL_CREATE_RESPONSE_SCHEMA["properties"][ - "application_credential" -]["properties"]["secret"] = { - "type": "string", - "description": "The secret for the application credential, either generated by the server or provided by the user. This is only ever shown once in the response to a create request. It is not stored nor ever shown again. If the secret is lost, a new application credential must be created.", + "required": ["application_credential"], + "additionalProperties": False, } APPLICATION_CREDENTIALS_SCHEMA: dict[str, Any] = { @@ -78,6 +126,7 @@ APPLICATION_CREDENTIALS_SCHEMA: dict[str, Any] = { "items": copy.deepcopy(APPLICATION_CREDENTIAL_SCHEMA), } }, + "required": ["application_credentials"], } APPLICATION_CREDENTIALS_LIST_PARAMETERS = {