Add schema validation to create user v2

Added validation for create user in v2 Partially implements: bp schema-validation-extent Change-Id: I555243cb00423367a415dcbf3674af0940c2a669
2016-07-28 14:55:39 -05:00
parent 5628e24de3
commit a5264d7f35
3 changed files with 71 additions and 8 deletions
--- a/keystone/identity/controllers.py
+++ b/keystone/identity/controllers.py
@@ -21,7 +21,7 @@ from keystone.common import dependency
 from keystone.common import validation
 import keystone.conf
 from keystone import exception
-from keystone.i18n import _, _LW
+from keystone.i18n import _LW
 from keystone.identity import schema
 from keystone import notifications

@@ -61,18 +61,12 @@ class User(controller.V2Controller):
    # CRUD extension
    @controller.v2_deprecated
    def create_user(self, request, user):
+        validation.lazy_validate(schema.user_create_v2, user)
        user = self._normalize_OSKSADM_password_on_request(user)
        user = self.normalize_username_in_request(user)
        user = self._normalize_dict(user)
        self.assert_admin(request)

-        if 'name' not in user or not user['name']:
-            msg = _('Name field is required and cannot be empty')
-            raise exception.ValidationError(message=msg)
-        if 'enabled' in user and not isinstance(user['enabled'], bool):
-            msg = _('Enabled field must be a boolean')
-            raise exception.ValidationError(message=msg)
-
        default_project_id = user.pop('tenantId', None)
        if default_project_id is not None:
            # Check to see if the project is valid before moving on.
--- a/keystone/identity/schema.py
+++ b/keystone/identity/schema.py
@@ -35,6 +35,24 @@ _user_properties_v2 = {
    }
 }

+user_create_v2 = {
+    'type': 'object',
+    'properties': _user_properties_v2,
+    'anyOf': [
+        {
+            'required': ['username']
+        },
+        {
+            'required': ['name']
+        }
+    ],
+    'additionalProperties': True
+}
+
+# NOTE(ghugo): minProperties value should really be 1, however it
+# is currently set to 0 to avoid breaking backwards compatability,
+# and tempest tests.
+
 user_update_v2 = {
    'type': 'object',
    'properties': _user_properties_v2,