Add schema check for OS-TRUST:trust authentication

If the OS-TRUST:trust is not a dict when authenticating, Keystone will raise 500 error. This patch add the related schema check to avoid the error. Change-Id: I575440fa507c5274e0c3bc09f4cfcb9b3d91a28c Closes-bug: #1733754
2017-11-22 11:41:35 +08:00 · 2017-11-22 11:41:35 +08:00 · 4c824c8088
commit 4c824c8088
parent cf43e3a756
4 changed files with 22 additions and 3 deletions
--- a/keystone/auth/schema.py
+++ b/keystone/auth/schema.py
@ -82,6 +82,12 @@ token_issue = {
                        'name': {'type': 'string', },
                    },
                },
+                'OS-TRUST:trust': {
+                    'type': 'object',
+                    'properties': {
+                        'id': {'type': 'string', },
+                    },
+                },
            },
        },
    },
--- a/keystone/tests/unit/auth/test_schema.py
+++ b/keystone/tests/unit/auth/test_schema.py
@ -367,6 +367,15 @@ class TestValidateIssueTokenAuth(unit.BaseTestCase):
        }
        self._expect_failure(p)

+    def test_trust_not_object_ex(self):
+        p = {
+            'identity': {'methods': [], },
+            'scope': {
+                'OS-TRUST:trust': 'something',
+            },
+        }
+        self._expect_failure(p)
+
    def test_unscoped(self):
        post_data = {
            'identity': {
--- a/keystone/tests/unit/test_v3_auth.py
+++ b/keystone/tests/unit/test_v3_auth.py
@ -43,7 +43,6 @@ from keystone.tests.common import auth as common_auth
 from keystone.tests import unit
 from keystone.tests.unit import ksfixtures
 from keystone.tests.unit import test_v3
-from keystone.tests.unit import utils as test_utils


 CONF = keystone.conf.CONF
@ -3966,8 +3965,6 @@ class TrustAPIBehavior(test_v3.RestfulTestCase):
        r = self.v3_create_token(auth_data)
        return trust

-    @test_utils.wip('Waiting on validation to be added from fixing bug '
-                    '1733754')
    def test_authenticate_without_trust_dict_returns_bad_request(self):
        # Authenticate for a token to use in the request
        token = self.v3_create_token(
--- a/releasenotes/notes/bug-1733754-4d9d3042b8501ec6.yaml
+++ b/releasenotes/notes/bug-1733754-4d9d3042b8501ec6.yaml
@ -0,0 +1,7 @@
+---
+fixes:
+  - |
+    [`bug 1733754 <https://bugs.launchpad.net/keystone/+bug/1733754>`_]
+    Keystone didn't validate the OS-TRUST:trust key of the authentication
+    request is actually a dictionary. This results in a 500 Internal Server
+    Error when it should really be a 400 Bad Request.