47cd72911c
This implements validation for the resource options and exposes definition of JSON Schema on the option object itself. Identity Schema validation now utilizes the json_schema dict generated by the registry of all options registered. Change-Id: I2fe0fc432126ef4c2aff8951080a9b5798a67849
126 lines
3.3 KiB
Python
126 lines
3.3 KiB
Python
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
from keystone.common import validation
|
|
from keystone.common.validation import parameter_types
|
|
from keystone.identity.backends import resource_options as ro
|
|
|
|
|
|
# NOTE(lhcheng): the max length is not applicable since it is specific
|
|
# to the SQL backend, LDAP does not have length limitation.
|
|
_identity_name = {
|
|
'type': 'string',
|
|
'minLength': 1,
|
|
'pattern': '[\S]+'
|
|
}
|
|
|
|
# Schema for Identity v2 API
|
|
|
|
_user_properties_v2 = {
|
|
'description': validation.nullable(parameter_types.description),
|
|
'enabled': parameter_types.boolean,
|
|
'tenantId': validation.nullable(parameter_types.id_string),
|
|
'name': _identity_name,
|
|
'username': _identity_name,
|
|
'password': {
|
|
'type': ['string', 'null']
|
|
}
|
|
}
|
|
|
|
user_create_v2 = {
|
|
'type': 'object',
|
|
'properties': _user_properties_v2,
|
|
'anyOf': [
|
|
{
|
|
'required': ['username']
|
|
},
|
|
{
|
|
'required': ['name']
|
|
}
|
|
],
|
|
'additionalProperties': True
|
|
}
|
|
|
|
# NOTE(ghugo): minProperties value should really be 1, however it
|
|
# is currently set to 0 to avoid breaking backwards compatibility,
|
|
# and tempest tests.
|
|
|
|
user_update_v2 = {
|
|
'type': 'object',
|
|
'properties': _user_properties_v2,
|
|
'minProperties': 0,
|
|
'additionalProperties': True
|
|
}
|
|
|
|
# Schema for Identity v3 API
|
|
|
|
_user_properties = {
|
|
'default_project_id': validation.nullable(parameter_types.id_string),
|
|
'description': validation.nullable(parameter_types.description),
|
|
'domain_id': parameter_types.id_string,
|
|
'enabled': parameter_types.boolean,
|
|
'name': _identity_name,
|
|
'password': {
|
|
'type': ['string', 'null']
|
|
},
|
|
'options': ro.USER_OPTIONS_REGISTRY.json_schema
|
|
}
|
|
|
|
# TODO(notmorgan): Provide a mechanism for options to supply real jsonschema
|
|
# validation based upon the option object and the option validator(s)
|
|
user_create = {
|
|
'type': 'object',
|
|
'properties': _user_properties,
|
|
'required': ['name'],
|
|
'options': {
|
|
'type': 'object'
|
|
},
|
|
'additionalProperties': True
|
|
}
|
|
|
|
user_update = {
|
|
'type': 'object',
|
|
'properties': _user_properties,
|
|
'minProperties': 1,
|
|
'options': {
|
|
'type': 'object'
|
|
},
|
|
'additionalProperties': True
|
|
}
|
|
|
|
_group_properties = {
|
|
'description': validation.nullable(parameter_types.description),
|
|
'domain_id': parameter_types.id_string,
|
|
'name': _identity_name
|
|
}
|
|
|
|
group_create = {
|
|
'type': 'object',
|
|
'properties': _group_properties,
|
|
'required': ['name'],
|
|
'additionalProperties': True
|
|
}
|
|
|
|
group_update = {
|
|
'type': 'object',
|
|
'properties': _group_properties,
|
|
'minProperties': 1,
|
|
'additionalProperties': True
|
|
}
|
|
|
|
enable_user_v2 = {
|
|
'type': 'object',
|
|
'properties': {'enabled': parameter_types.boolean},
|
|
'required': ['enabled'],
|
|
'additionalProperties': True
|
|
}
|