def validate_update_entry(payload, data_type):
"""Validate (User | Group) payload from NEXT being updated on AD."""
updated_required_fields = ["distinguishedName"]
prohibited_updated_group_fields = ["objectGUID", "whenCreated"]
if data_type == "user":
prohibited_updated_group_fields.append("cn")
elif data_type == "group":
prohibited_updated_group_fields.append("groupType")
else:
raise ValidationException(
"Payload does not have the data_type of user or group.")
for required_field in updated_required_fields:
if required_field not in payload:
raise ValidationException(
"Required field: '{}' is missing".format(required_field))
for prohibited_field in prohibited_updated_group_fields:
if prohibited_field in payload:
LOGGER.info(
"Payload contains prohibited field %s. Removing prohibited field from payload",
prohibited_field,
)
payload.pop(prohibited_field, None)
return payload
def get_distinguished_name(queue_entry):
"""Returns the distinguished_name of the queue entry."""
sawtooth_entry = queue_entry["data"]
if "distinguished_name" in sawtooth_entry:
return sawtooth_entry["distinguished_name"]
raise ValidationException("Payload does not have a distinguished_name.")