openstack/keystone
Code Issues Proposed changes
789573a0f1
keystone/keystone/identity/schema.py
Morgan Fainberg 47cd72911c Implement better validation for resource options 
This implements validation for the resource options and exposes
definition of JSON Schema on the option object itself. Identity
Schema validation now utilizes the json_schema dict generated
by the registry of all options registered.

Change-Id: I2fe0fc432126ef4c2aff8951080a9b5798a67849
2017-01-29 13:19:44 -08:00

126 lines
3.3 KiB
Python
Raw Blame History

# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from keystone.common import validation
from keystone.common.validation import parameter_types
from keystone.identity.backends import resource_options as ro
# NOTE(lhcheng): the max length is not applicable since it is specific
# to the SQL backend, LDAP does not have length limitation.
_identity_name = {
'type': 'string',
'minLength': 1,
'pattern': '[\S]+'
}
# Schema for Identity v2 API
_user_properties_v2 = {
'description': validation.nullable(parameter_types.description),
'enabled': parameter_types.boolean,
'tenantId': validation.nullable(parameter_types.id_string),
'name': _identity_name,
'username': _identity_name,
'password': {
'type': ['string', 'null']
}
}
user_create_v2 = {
'type': 'object',
'properties': _user_properties_v2,
'anyOf': [
{
'required': ['username']
},
{
'required': ['name']
}
],
'additionalProperties': True
}
# NOTE(ghugo): minProperties value should really be 1, however it
# is currently set to 0 to avoid breaking backwards compatibility,
# and tempest tests.
user_update_v2 = {
'type': 'object',
'properties': _user_properties_v2,
'minProperties': 0,
'additionalProperties': True
}
# Schema for Identity v3 API
_user_properties = {
'default_project_id': validation.nullable(parameter_types.id_string),
'description': validation.nullable(parameter_types.description),
'domain_id': parameter_types.id_string,
'enabled': parameter_types.boolean,
'name': _identity_name,
'password': {
'type': ['string', 'null']
},
'options': ro.USER_OPTIONS_REGISTRY.json_schema
}
# TODO(notmorgan): Provide a mechanism for options to supply real jsonschema
# validation based upon the option object and the option validator(s)
user_create = {
'type': 'object',
'properties': _user_properties,
'required': ['name'],
'options': {
'type': 'object'
},
'additionalProperties': True
}
user_update = {
'type': 'object',
'properties': _user_properties,
'minProperties': 1,
'options': {
'type': 'object'
},
'additionalProperties': True
}
_group_properties = {
'description': validation.nullable(parameter_types.description),
'domain_id': parameter_types.id_string,
'name': _identity_name
}
group_create = {
'type': 'object',
'properties': _group_properties,
'required': ['name'],
'additionalProperties': True
}
group_update = {
'type': 'object',
'properties': _group_properties,
'minProperties': 1,
'additionalProperties': True
}
enable_user_v2 = {
'type': 'object',
'properties': {'enabled': parameter_types.boolean},
'required': ['enabled'],
'additionalProperties': True
}
View Git Blame Copy Permalink