Loosen the validation schema used for trustee/trustor ids

Previously, the jsonschema validator would match identifier strings to a regular expression representing something similar to a UUID. This is not always the case depending on how the user may have identifier strings setup in their deployment. This change allows for periods to be contained within an identifier string. Change-Id: I18d8a0347bab7c8c403368c53d24d144d36aa093 Closes-Bug: #1407661
2015-01-05 16:57:17 +00:00 · 2015-01-05 16:57:17 +00:00 · 729c1ea723
parent 2549ef8b24
commit 729c1ea723
3 changed files with 19 additions and 3 deletions
--- a/keystone/common/validation/parameter_types.py
+++ b/keystone/common/validation/parameter_types.py
@ -28,6 +28,12 @@ name = {
    'maxLength': 255
 }

+external_id_string = {
+    'type': 'string',
+    'minLength': 1,
+    'maxLength': 64
+}
+
 id_string = {
    'type': 'string',
    'minLength': 1,
--- a/keystone/tests/unit/test_validation.py
+++ b/keystone/tests/unit/test_validation.py
@ -226,7 +226,7 @@ class EntityValidationTestCase(testtools.TestCase):
    def test_create_entity_with_invalid_id_strings(self):
        """Exception raised when using invalid id strings."""
        long_string = 'A' * 65
-        invalid_id_strings = ['', long_string, 'this,should,fail']
+        invalid_id_strings = ['', long_string]
        for invalid_id in invalid_id_strings:
            request_to_validate = {'name': self.resource_name,
                                   'id_string': invalid_id}
@ -1360,6 +1360,13 @@ class TrustValidationTestCase(testtools.TestCase):
                               'remaining_uses': 2}
        self.create_trust_validator.validate(request_to_validate)

+    def test_validate_trust_with_period_in_user_id_string(self):
+        """Validate trust request with a period in the user id string."""
+        request_to_validate = {'trustor_user_id': 'john.smith',
+                               'trustee_user_id': 'joe.developer',
+                               'impersonation': False}
+        self.create_trust_validator.validate(request_to_validate)
+
    def test_validate_trust_with_invalid_expires_at_fails(self):
        """Validate trust request with invalid `expires_at` fails."""
        request_to_validate = {'trustor_user_id': uuid.uuid4().hex,
--- a/keystone/trust/schema.py
+++ b/keystone/trust/schema.py
@ -15,8 +15,11 @@ from keystone.common.validation import parameter_types


 _trust_properties = {
-    'trustor_user_id': parameter_types.id_string,
-    'trustee_user_id': parameter_types.id_string,
+    # NOTE(lbragstad): These are set as external_id_string because they have
+    # the ability to be read as LDAP user identifiers, which could be something
+    # other than uuid.
+    'trustor_user_id': parameter_types.external_id_string,
+    'trustee_user_id': parameter_types.external_id_string,
    'impersonation': parameter_types.boolean,
    'project_id': validation.nullable(parameter_types.id_string),
    'remaining_uses': {