Add schema validation to create role
Added validation for create role in v2 api Partially implements: bp schema-validation-extent Change-Id: I36dad2085e4147c8954a120a2537a247ce085791
This commit is contained in:
parent
7e127fd4b2
commit
80b4ffaa9f
|
@ -93,13 +93,10 @@ class Role(controller.V2Controller):
|
|||
|
||||
@controller.v2_deprecated
|
||||
def create_role(self, request, role):
|
||||
validation.lazy_validate(schema.role_create_v2, role)
|
||||
role = self._normalize_dict(role)
|
||||
self.assert_admin(request)
|
||||
|
||||
if 'name' not in role or not role['name']:
|
||||
msg = _('Name field is required and cannot be empty')
|
||||
raise exception.ValidationError(message=msg)
|
||||
|
||||
if role['name'] == CONF.member_role_name:
|
||||
# Use the configured member role ID when creating the configured
|
||||
# member role name. This avoids the potential of creating a
|
||||
|
|
|
@ -12,6 +12,22 @@
|
|||
|
||||
from keystone.common.validation import parameter_types
|
||||
|
||||
# Schema for Identity v2 API
|
||||
|
||||
_role_properties_v2 = {
|
||||
'name': parameter_types.name,
|
||||
'id': parameter_types.id_string,
|
||||
'description': parameter_types.id_string
|
||||
}
|
||||
|
||||
role_create_v2 = {
|
||||
'type': 'object',
|
||||
'properties': _role_properties_v2,
|
||||
'required': ['name'],
|
||||
'additionalProperties': True
|
||||
}
|
||||
|
||||
# Schema for Identity v3 API
|
||||
|
||||
_role_properties = {
|
||||
'name': parameter_types.name
|
||||
|
|
|
@ -0,0 +1,64 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import uuid
|
||||
|
||||
from keystone.assignment import schema as assignment_schema
|
||||
from keystone.common.validation import validators
|
||||
from keystone import exception
|
||||
from keystone.tests import unit
|
||||
|
||||
|
||||
class RoleValidationTestCase(unit.BaseTestCase):
|
||||
"""Test for V2 Roles API Validation."""
|
||||
|
||||
def setUp(self):
|
||||
super(RoleValidationTestCase, self).setUp()
|
||||
|
||||
schema_role_create = assignment_schema.role_create
|
||||
self.create_validator = validators.SchemaValidator(schema_role_create)
|
||||
|
||||
def test_validate_role_create_succeeds(self):
|
||||
request = {
|
||||
'name': uuid.uuid4().hex
|
||||
}
|
||||
self.create_validator.validate(request)
|
||||
|
||||
def test_validate_role_create_succeeds_with_extra_params(self):
|
||||
request = {
|
||||
'name': uuid.uuid4().hex,
|
||||
'asdf': uuid.uuid4().hex
|
||||
}
|
||||
self.create_validator.validate(request)
|
||||
|
||||
def test_validate_role_create_fails_with_invalid_params(self):
|
||||
request = {
|
||||
'bogus': uuid.uuid4().hex
|
||||
}
|
||||
self.assertRaises(exception.SchemaValidationError,
|
||||
self.create_validator.validate,
|
||||
request)
|
||||
|
||||
def test_validate_role_create_fails_with_no_params(self):
|
||||
request = {}
|
||||
self.assertRaises(exception.SchemaValidationError,
|
||||
self.create_validator.validate,
|
||||
request)
|
||||
|
||||
def test_validate_role_create_fails_with_invalid_name(self):
|
||||
request = {
|
||||
'name': 42
|
||||
}
|
||||
self.assertRaises(exception.SchemaValidationError,
|
||||
self.create_validator.validate,
|
||||
request)
|
Loading…
Reference in New Issue