From 729c1ea723370ac91e4b483ec84f890321b7754f Mon Sep 17 00:00:00 2001
From: Lance Bragstad <lbragstad@gmail.com>
Date: Mon, 5 Jan 2015 16:57:17 +0000
Subject: [PATCH] Loosen the validation schema used for trustee/trustor ids

Previously, the jsonschema validator would match identifier strings to a
regular expression representing something similar to a UUID. This is not always
the case depending on how the user may have identifier strings setup in their
deployment. This change allows for periods to be contained within an identifier
string.

Change-Id: I18d8a0347bab7c8c403368c53d24d144d36aa093
Closes-Bug: #1407661
---
 keystone/common/validation/parameter_types.py | 6 ++++++
 keystone/tests/unit/test_validation.py        | 9 ++++++++-
 keystone/trust/schema.py                      | 7 +++++--
 3 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/keystone/common/validation/parameter_types.py b/keystone/common/validation/parameter_types.py
index c5908836eb..1bc81383f3 100644
--- a/keystone/common/validation/parameter_types.py
+++ b/keystone/common/validation/parameter_types.py
@@ -28,6 +28,12 @@ name = {
     'maxLength': 255
 }
 
+external_id_string = {
+    'type': 'string',
+    'minLength': 1,
+    'maxLength': 64
+}
+
 id_string = {
     'type': 'string',
     'minLength': 1,
diff --git a/keystone/tests/unit/test_validation.py b/keystone/tests/unit/test_validation.py
index f83cabcb62..7fcb902b90 100644
--- a/keystone/tests/unit/test_validation.py
+++ b/keystone/tests/unit/test_validation.py
@@ -226,7 +226,7 @@ class EntityValidationTestCase(testtools.TestCase):
     def test_create_entity_with_invalid_id_strings(self):
         """Exception raised when using invalid id strings."""
         long_string = 'A' * 65
-        invalid_id_strings = ['', long_string, 'this,should,fail']
+        invalid_id_strings = ['', long_string]
         for invalid_id in invalid_id_strings:
             request_to_validate = {'name': self.resource_name,
                                    'id_string': invalid_id}
@@ -1360,6 +1360,13 @@ class TrustValidationTestCase(testtools.TestCase):
                                'remaining_uses': 2}
         self.create_trust_validator.validate(request_to_validate)
 
+    def test_validate_trust_with_period_in_user_id_string(self):
+        """Validate trust request with a period in the user id string."""
+        request_to_validate = {'trustor_user_id': 'john.smith',
+                               'trustee_user_id': 'joe.developer',
+                               'impersonation': False}
+        self.create_trust_validator.validate(request_to_validate)
+
     def test_validate_trust_with_invalid_expires_at_fails(self):
         """Validate trust request with invalid `expires_at` fails."""
         request_to_validate = {'trustor_user_id': uuid.uuid4().hex,
diff --git a/keystone/trust/schema.py b/keystone/trust/schema.py
index 087cd1e9d3..673b786b26 100644
--- a/keystone/trust/schema.py
+++ b/keystone/trust/schema.py
@@ -15,8 +15,11 @@ from keystone.common.validation import parameter_types
 
 
 _trust_properties = {
-    'trustor_user_id': parameter_types.id_string,
-    'trustee_user_id': parameter_types.id_string,
+    # NOTE(lbragstad): These are set as external_id_string because they have
+    # the ability to be read as LDAP user identifiers, which could be something
+    # other than uuid.
+    'trustor_user_id': parameter_types.external_id_string,
+    'trustee_user_id': parameter_types.external_id_string,
     'impersonation': parameter_types.boolean,
     'project_id': validation.nullable(parameter_types.id_string),
     'remaining_uses': {