Add schema validation to create role

Added validation for create role in v2 api

Partially implements: bp schema-validation-extent

Change-Id: I36dad2085e4147c8954a120a2537a247ce085791

keystone/assignment/controllers.py

@@ -93,13 +93,10 @@ class Role(controller.V2Controller):
 
     @controller.v2_deprecated
     def create_role(self, request, role):
+        validation.lazy_validate(schema.role_create_v2, role)
         role = self._normalize_dict(role)
         self.assert_admin(request)
 
-        if 'name' not in role or not role['name']:
-            msg = _('Name field is required and cannot be empty')
-            raise exception.ValidationError(message=msg)
-
         if role['name'] == CONF.member_role_name:
             # Use the configured member role ID when creating the configured
             # member role name. This avoids the potential of creating a

keystone/assignment/schema.py

@@ -12,6 +12,22 @@
 
 from keystone.common.validation import parameter_types
 
+# Schema for Identity v2 API
+
+_role_properties_v2 = {
+    'name': parameter_types.name,
+    'id': parameter_types.id_string,
+    'description': parameter_types.id_string
+}
+
+role_create_v2 = {
+    'type': 'object',
+    'properties': _role_properties_v2,
+    'required': ['name'],
+    'additionalProperties': True
+}
+
+# Schema for Identity v3 API
 
 _role_properties = {
     'name': parameter_types.name

keystone/tests/unit/test_v2_validation.py

@@ -0,0 +1,64 @@
+# -*- coding: utf-8 -*-
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import uuid
+
+from keystone.assignment import schema as assignment_schema
+from keystone.common.validation import validators
+from keystone import exception
+from keystone.tests import unit
+
+
+class RoleValidationTestCase(unit.BaseTestCase):
+    """Test for V2 Roles API Validation."""
+
+    def setUp(self):
+        super(RoleValidationTestCase, self).setUp()
+
+        schema_role_create = assignment_schema.role_create
+        self.create_validator = validators.SchemaValidator(schema_role_create)
+
+    def test_validate_role_create_succeeds(self):
+        request = {
+            'name': uuid.uuid4().hex
+        }
+        self.create_validator.validate(request)
+
+    def test_validate_role_create_succeeds_with_extra_params(self):
+        request = {
+            'name': uuid.uuid4().hex,
+            'asdf': uuid.uuid4().hex
+        }
+        self.create_validator.validate(request)
+
+    def test_validate_role_create_fails_with_invalid_params(self):
+        request = {
+            'bogus': uuid.uuid4().hex
+        }
+        self.assertRaises(exception.SchemaValidationError,
+                          self.create_validator.validate,
+                          request)
+
+    def test_validate_role_create_fails_with_no_params(self):
+        request = {}
+        self.assertRaises(exception.SchemaValidationError,
+                          self.create_validator.validate,
+                          request)
+
+    def test_validate_role_create_fails_with_invalid_name(self):
+        request = {
+            'name': 42
+        }
+        self.assertRaises(exception.SchemaValidationError,
+                          self.create_validator.validate,
+                          request)