def json_schema(self):
schema = {
'type': 'object',
'properties': {},
'additionalProperties': False
}
for opt in self.options:
if opt.json_schema is not None:
schema['properties'][opt.option_name] = validation.nullable(
opt.json_schema)
else:
# NOTE(notmorgan): without 'type' being specified, this
# can be of any-type. We are simply specifying no interesting
# values beyond that the property may exist here.
schema['properties'][opt.option_name] = {}
return schema
def json_schema(self):
schema = {'type': 'object',
'properties': {},
'additionalProperties': False}
for opt in self.options:
if opt.json_schema is not None:
# NOTE(notmorgan): All options are nullable. Null indicates
# the option should be reset and removed from the DB store.
schema['properties'][opt.option_name] = validation.nullable(
opt.json_schema)
else:
# NOTE(notmorgan): without 'type' being specified, this
# can be of any-type. We are simply specifying no interesting
# values beyond that the property may exist here.
schema['properties'][opt.option_name] = {}
return schema
from keystone.common.validation import parameter_types
from keystone.identity.backends import resource_options as ro
# NOTE(lhcheng): the max length is not applicable since it is specific
# to the SQL backend, LDAP does not have length limitation.
_identity_name = {
'type': 'string',
'minLength': 1,
'pattern': '[\S]+'
}
# Schema for Identity v3 API
_user_properties = {
'default_project_id': validation.nullable(parameter_types.id_string),
'description': validation.nullable(parameter_types.description),
'domain_id': parameter_types.id_string,
'enabled': parameter_types.boolean,
'name': _identity_name,
'password': {
'type': ['string', 'null']
},
'options': ro.USER_OPTIONS_REGISTRY.json_schema
}
# TODO(notmorgan): Provide a mechanism for options to supply real jsonschema
# validation based upon the option object and the option validator(s)
user_create = {
'type': 'object',
'properties': _user_properties,
'service_provider': basic_property_id
},
'required': ['service_provider'],
'additionalProperties': False
},
},
'required': ['identity', 'scope'],
'additionalProperties': False
}
_service_provider_properties = {
# NOTE(rodrigods): The database accepts URLs with 256 as max length,
# but parameter_types.url uses 225 as max length.
'auth_url': parameter_types.url,
'sp_url': parameter_types.url,
'description': validation.nullable(parameter_types.description),
'enabled': parameter_types.boolean,
'relay_state_prefix': validation.nullable(parameter_types.description)
}
service_provider_create = {
'type': 'object',
'properties': _service_provider_properties,
# NOTE(rodrigods): 'id' is not required since it is passed in the URL
'required': ['auth_url', 'sp_url'],
'additionalProperties': False
}
service_provider_update = {
'type': 'object',
'properties': _service_provider_properties,
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from keystone.common import validation
from keystone.common.validation import parameter_types
from keystone.identity.backends import resource_options as ro
# NOTE(lhcheng): the max length is not applicable since it is specific
# to the SQL backend, LDAP does not have length limitation.
_identity_name = {'type': 'string', 'minLength': 1, 'pattern': '[\S]+'}
# Schema for Identity v2 API
_user_properties_v2 = {
'description': validation.nullable(parameter_types.description),
'enabled': parameter_types.boolean,
'tenantId': validation.nullable(parameter_types.id_string),
'name': _identity_name,
'username': _identity_name,
'password': {
'type': ['string', 'null']
}
}
user_create_v2 = {
'type': 'object',
'properties': _user_properties_v2,
'anyOf': [{
'required': ['username']
}, {
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from keystone.common import validation
from keystone.common.validation import parameter_types
_trust_properties = {
"trustor_user_id": parameter_types.id_string,
"trustee_user_id": parameter_types.id_string,
"impersonation": parameter_types.boolean,
"project_id": validation.nullable(parameter_types.id_string),
"remaining_uses": {"type": ["integer", "null"]},
"expires_at": {"type": ["null", "string"]},
# TODO(lbragstad): Need to find a better way to do this. We should be
# checking that a role is a list of IDs and/or names.
"roles": validation.add_array_type(parameter_types.id_string),
}
trust_create = {
"type": "object",
"properties": _trust_properties,
"required": ["trustor_user_id", "trustee_user_id", "impersonation"],
"additionalProperties": True,
}
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from keystone.common import validation
from keystone.common.validation import parameter_types
_project_properties = {
'description': validation.nullable(parameter_types.description),
# NOTE(lbragstad): domain_id isn't nullable according to some backends.
# The identity-api should be updated to be consistent with the
# implementation.
'domain_id': validation.nullable(parameter_types.id_string),
'enabled': parameter_types.boolean,
'is_domain': parameter_types.boolean,
'parent_id': validation.nullable(parameter_types.id_string),
'name': {
'type': 'string',
'minLength': 1,
'maxLength': 64
}
}
project_create = {
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from keystone.common import validation
from keystone.common.validation import parameter_types
_project_properties = {
'description': validation.nullable(parameter_types.description),
# NOTE(lbragstad): domain_id isn't nullable according to some backends.
# The identity-api should be updated to be consistent with the
# implementation.
'domain_id': parameter_types.id_string,
'enabled': parameter_types.boolean,
'parent_id': validation.nullable(parameter_types.id_string),
'name': {
'type': 'string',
'minLength': 1,
'maxLength': 64
}
}
project_create = {
'type': 'object',
'service_provider': basic_property_id
},
'required': ['service_provider'],
'additionalProperties': False
},
},
'required': ['identity', 'scope'],
'additionalProperties': False
}
_service_provider_properties = {
# NOTE(rodrigods): The database accepts URLs with 256 as max length,
# but parameter_types.url uses 225 as max length.
'auth_url': parameter_types.url,
'sp_url': parameter_types.url,
'description': validation.nullable(parameter_types.description),
'enabled': parameter_types.boolean,
'relay_state_prefix': validation.nullable(parameter_types.description)
}
service_provider_create = {
'type': 'object',
'properties': _service_provider_properties,
# NOTE(rodrigods): 'id' is not required since it is passed in the URL
'required': ['auth_url', 'sp_url'],
'additionalProperties': False
}
service_provider_update = {
'type': 'object',
'properties': _service_provider_properties,
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from keystone.common import validation
from keystone.common.validation import parameter_types
_trust_properties = {
'trustor_user_id': parameter_types.id_string,
'trustee_user_id': parameter_types.id_string,
'impersonation': parameter_types.boolean,
'project_id': validation.nullable(parameter_types.id_string),
'remaining_uses': {
'type': ['integer', 'null']
},
'expires_at': {
'type': ['null', 'string']
},
# TODO(lbragstad): Need to find a better way to do this. We should be
# checking that a role is a list of IDs and/or names.
'roles': validation.add_array_type(parameter_types.id_string)
}
trust_create = {
'type': 'object',
'properties': _trust_properties,
'required': ['trustor_user_id', 'trustee_user_id', 'impersonation'],
'service_provider': basic_property_id
},
'required': ['service_provider'],
'additionalProperties': False
},
},
'required': ['identity', 'scope'],
'additionalProperties': False
}
_service_provider_properties = {
# NOTE(rodrigods): The database accepts URLs with 256 as max length,
# but parameter_types.url uses 225 as max length.
'auth_url': parameter_types.url,
'sp_url': parameter_types.url,
'description': validation.nullable(parameter_types.description),
'enabled': parameter_types.boolean,
'relay_state_prefix': validation.nullable(parameter_types.description)
}
service_provider_create = {
'type': 'object',
'properties': _service_provider_properties,
# NOTE(rodrigods): 'id' is not required since it is passed in the URL
'required': ['auth_url', 'sp_url'],
'additionalProperties': False
}
service_provider_update = {
'type': 'object',
'properties': _service_provider_properties,
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from keystone.common import validation
from keystone.common.validation import parameter_types
_name_properties = {
'type': 'string',
'minLength': 1,
'maxLength': 64,
'pattern': '[\S]+'
}
_project_properties = {
'description': validation.nullable(parameter_types.description),
# NOTE(htruta): domain_id is nullable for projects acting as a domain.
'domain_id': validation.nullable(parameter_types.id_string),
'enabled': parameter_types.boolean,
'is_domain': parameter_types.boolean,
'parent_id': validation.nullable(parameter_types.id_string),
'name': _name_properties
}
project_create = {
'type': 'object',
'properties': _project_properties,
# NOTE(lbragstad): A project name is the only parameter required for
# project creation according to the Identity V3 API. We should think
# about using the maxProperties validator here, and in update.
'required': ['name'],
'service_provider': basic_property_id
},
'required': ['service_provider'],
'additionalProperties': False
},
},
'required': ['identity', 'scope'],
'additionalProperties': False
}
_service_provider_properties = {
# NOTE(rodrigods): The database accepts URLs with 256 as max length,
# but parameter_types.url uses 225 as max length.
'auth_url': parameter_types.url,
'sp_url': parameter_types.url,
'description': validation.nullable(parameter_types.description),
'enabled': parameter_types.boolean,
'relay_state_prefix': validation.nullable(parameter_types.description)
}
service_provider_create = {
'type': 'object',
'properties': _service_provider_properties,
# NOTE(rodrigods): 'id' is not required since it is passed in the URL
'required': ['auth_url', 'sp_url'],
'additionalProperties': False
}
service_provider_update = {
'type': 'object',
'properties': _service_provider_properties,
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from keystone.common import validation
from keystone.common.validation import parameter_types
_project_properties = {
"description": validation.nullable(parameter_types.description),
# NOTE(lbragstad): domain_id isn't nullable according to some backends.
# The identity-api should be updated to be consistent with the
# implementation.
"domain_id": parameter_types.id_string,
"enabled": parameter_types.boolean,
"name": {"type": "string", "minLength": 1, "maxLength": 64},
}
project_create = {
"type": "object",
"properties": _project_properties,
# NOTE(lbragstad): A project name is the only parameter required for
# project creation according to the Identity V3 API. We should think
# about using the maxProperties validator here, and in update.
"required": ["name"],
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from keystone.common import validation
from keystone.common.validation import parameter_types
_consumer_properties = {
'description': validation.nullable(parameter_types.description)
}
consumer_create = {
'type': 'object',
'properties': _consumer_properties,
'additionalProperties': True
}
consumer_update = {
'type': 'object',
'properties': _consumer_properties,
'not': {
'required': ['secret']
},
'minProperties': 1,
'service_provider': basic_property_id
},
'required': ['service_provider'],
'additionalProperties': False
},
},
'required': ['identity', 'scope'],
'additionalProperties': False
}
_service_provider_properties = {
# NOTE(rodrigods): The database accepts URLs with 256 as max length,
# but parameter_types.url uses 225 as max length.
'auth_url': parameter_types.url,
'sp_url': parameter_types.url,
'description': validation.nullable(parameter_types.description),
'enabled': parameter_types.boolean,
'relay_state_prefix': validation.nullable(parameter_types.description)
}
service_provider_create = {
'type': 'object',
'properties': _service_provider_properties,
# NOTE(rodrigods): 'id' is not required since it is passed in the URL
'required': ['auth_url', 'sp_url'],
'additionalProperties': False
}
service_provider_update = {
'type': 'object',
'properties': _service_provider_properties,
from keystone.common import validation
from keystone.common.validation import parameter_types
_registered_limit_create_properties = {
'service_id': parameter_types.id_string,
'region_id': {
'type': 'string'
},
'resource_name': {
'type': 'string'
},
'default_limit': {
'type': 'integer'
},
'description': validation.nullable(parameter_types.description)
}
_registered_limit_create = {
'type': 'object',
'properties': _registered_limit_create_properties,
'additionalProperties': False,
'required': ['service_id', 'resource_name', 'default_limit']
}
registered_limit_create = {
'type': 'array',
'items': _registered_limit_create,
'minItems': 1
}
"type": "object",
"properties": {"service_provider": basic_property_id},
"required": ["service_provider"],
"additionalProperties": False,
},
},
"required": ["identity", "scope"],
"additionalProperties": False,
}
_service_provider_properties = {
# NOTE(rodrigods): The database accepts URLs with 256 as max length,
# but parameter_types.url uses 225 as max length.
"auth_url": parameter_types.url,
"sp_url": parameter_types.url,
"description": validation.nullable(parameter_types.description),
"enabled": parameter_types.boolean,
"relay_state_prefix": validation.nullable(parameter_types.description),
}
service_provider_create = {
"type": "object",
"properties": _service_provider_properties,
# NOTE(rodrigods): 'id' is not required since it is passed in the URL
"required": ["auth_url", "sp_url"],
"additionalProperties": False,
}
service_provider_update = {
"type": "object",
"properties": _service_provider_properties,