def json_schema(self): schema = { 'type': 'object', 'properties': {}, 'additionalProperties': False } for opt in self.options: if opt.json_schema is not None: schema['properties'][opt.option_name] = validation.nullable( opt.json_schema) else: # NOTE(notmorgan): without 'type' being specified, this # can be of any-type. We are simply specifying no interesting # values beyond that the property may exist here. schema['properties'][opt.option_name] = {} return schema
def json_schema(self): schema = {'type': 'object', 'properties': {}, 'additionalProperties': False} for opt in self.options: if opt.json_schema is not None: # NOTE(notmorgan): All options are nullable. Null indicates # the option should be reset and removed from the DB store. schema['properties'][opt.option_name] = validation.nullable( opt.json_schema) else: # NOTE(notmorgan): without 'type' being specified, this # can be of any-type. We are simply specifying no interesting # values beyond that the property may exist here. schema['properties'][opt.option_name] = {} return schema
from keystone.common.validation import parameter_types from keystone.identity.backends import resource_options as ro # NOTE(lhcheng): the max length is not applicable since it is specific # to the SQL backend, LDAP does not have length limitation. _identity_name = { 'type': 'string', 'minLength': 1, 'pattern': '[\S]+' } # Schema for Identity v3 API _user_properties = { 'default_project_id': validation.nullable(parameter_types.id_string), 'description': validation.nullable(parameter_types.description), 'domain_id': parameter_types.id_string, 'enabled': parameter_types.boolean, 'name': _identity_name, 'password': { 'type': ['string', 'null'] }, 'options': ro.USER_OPTIONS_REGISTRY.json_schema } # TODO(notmorgan): Provide a mechanism for options to supply real jsonschema # validation based upon the option object and the option validator(s) user_create = { 'type': 'object', 'properties': _user_properties,
'service_provider': basic_property_id }, 'required': ['service_provider'], 'additionalProperties': False }, }, 'required': ['identity', 'scope'], 'additionalProperties': False } _service_provider_properties = { # NOTE(rodrigods): The database accepts URLs with 256 as max length, # but parameter_types.url uses 225 as max length. 'auth_url': parameter_types.url, 'sp_url': parameter_types.url, 'description': validation.nullable(parameter_types.description), 'enabled': parameter_types.boolean, 'relay_state_prefix': validation.nullable(parameter_types.description) } service_provider_create = { 'type': 'object', 'properties': _service_provider_properties, # NOTE(rodrigods): 'id' is not required since it is passed in the URL 'required': ['auth_url', 'sp_url'], 'additionalProperties': False } service_provider_update = { 'type': 'object', 'properties': _service_provider_properties,
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. from keystone.common import validation from keystone.common.validation import parameter_types from keystone.identity.backends import resource_options as ro # NOTE(lhcheng): the max length is not applicable since it is specific # to the SQL backend, LDAP does not have length limitation. _identity_name = {'type': 'string', 'minLength': 1, 'pattern': '[\S]+'} # Schema for Identity v2 API _user_properties_v2 = { 'description': validation.nullable(parameter_types.description), 'enabled': parameter_types.boolean, 'tenantId': validation.nullable(parameter_types.id_string), 'name': _identity_name, 'username': _identity_name, 'password': { 'type': ['string', 'null'] } } user_create_v2 = { 'type': 'object', 'properties': _user_properties_v2, 'anyOf': [{ 'required': ['username'] }, {
# http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. from keystone.common import validation from keystone.common.validation import parameter_types _trust_properties = { "trustor_user_id": parameter_types.id_string, "trustee_user_id": parameter_types.id_string, "impersonation": parameter_types.boolean, "project_id": validation.nullable(parameter_types.id_string), "remaining_uses": {"type": ["integer", "null"]}, "expires_at": {"type": ["null", "string"]}, # TODO(lbragstad): Need to find a better way to do this. We should be # checking that a role is a list of IDs and/or names. "roles": validation.add_array_type(parameter_types.id_string), } trust_create = { "type": "object", "properties": _trust_properties, "required": ["trustor_user_id", "trustee_user_id", "impersonation"], "additionalProperties": True, }
# not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. from keystone.common import validation from keystone.common.validation import parameter_types _project_properties = { 'description': validation.nullable(parameter_types.description), # NOTE(lbragstad): domain_id isn't nullable according to some backends. # The identity-api should be updated to be consistent with the # implementation. 'domain_id': validation.nullable(parameter_types.id_string), 'enabled': parameter_types.boolean, 'is_domain': parameter_types.boolean, 'parent_id': validation.nullable(parameter_types.id_string), 'name': { 'type': 'string', 'minLength': 1, 'maxLength': 64 } } project_create = {
# a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. from keystone.common import validation from keystone.common.validation import parameter_types _project_properties = { 'description': validation.nullable(parameter_types.description), # NOTE(lbragstad): domain_id isn't nullable according to some backends. # The identity-api should be updated to be consistent with the # implementation. 'domain_id': parameter_types.id_string, 'enabled': parameter_types.boolean, 'parent_id': validation.nullable(parameter_types.id_string), 'name': { 'type': 'string', 'minLength': 1, 'maxLength': 64 } } project_create = { 'type': 'object',
# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. from keystone.common import validation from keystone.common.validation import parameter_types _trust_properties = { 'trustor_user_id': parameter_types.id_string, 'trustee_user_id': parameter_types.id_string, 'impersonation': parameter_types.boolean, 'project_id': validation.nullable(parameter_types.id_string), 'remaining_uses': { 'type': ['integer', 'null'] }, 'expires_at': { 'type': ['null', 'string'] }, # TODO(lbragstad): Need to find a better way to do this. We should be # checking that a role is a list of IDs and/or names. 'roles': validation.add_array_type(parameter_types.id_string) } trust_create = { 'type': 'object', 'properties': _trust_properties, 'required': ['trustor_user_id', 'trustee_user_id', 'impersonation'],
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. from keystone.common import validation from keystone.common.validation import parameter_types _name_properties = { 'type': 'string', 'minLength': 1, 'maxLength': 64, 'pattern': '[\S]+' } _project_properties = { 'description': validation.nullable(parameter_types.description), # NOTE(htruta): domain_id is nullable for projects acting as a domain. 'domain_id': validation.nullable(parameter_types.id_string), 'enabled': parameter_types.boolean, 'is_domain': parameter_types.boolean, 'parent_id': validation.nullable(parameter_types.id_string), 'name': _name_properties } project_create = { 'type': 'object', 'properties': _project_properties, # NOTE(lbragstad): A project name is the only parameter required for # project creation according to the Identity V3 API. We should think # about using the maxProperties validator here, and in update. 'required': ['name'],
# a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. from keystone.common import validation from keystone.common.validation import parameter_types _project_properties = { "description": validation.nullable(parameter_types.description), # NOTE(lbragstad): domain_id isn't nullable according to some backends. # The identity-api should be updated to be consistent with the # implementation. "domain_id": parameter_types.id_string, "enabled": parameter_types.boolean, "name": {"type": "string", "minLength": 1, "maxLength": 64}, } project_create = { "type": "object", "properties": _project_properties, # NOTE(lbragstad): A project name is the only parameter required for # project creation according to the Identity V3 API. We should think # about using the maxProperties validator here, and in update. "required": ["name"],
# not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. from keystone.common import validation from keystone.common.validation import parameter_types _consumer_properties = { 'description': validation.nullable(parameter_types.description) } consumer_create = { 'type': 'object', 'properties': _consumer_properties, 'additionalProperties': True } consumer_update = { 'type': 'object', 'properties': _consumer_properties, 'not': { 'required': ['secret'] }, 'minProperties': 1,
from keystone.common import validation from keystone.common.validation import parameter_types _registered_limit_create_properties = { 'service_id': parameter_types.id_string, 'region_id': { 'type': 'string' }, 'resource_name': { 'type': 'string' }, 'default_limit': { 'type': 'integer' }, 'description': validation.nullable(parameter_types.description) } _registered_limit_create = { 'type': 'object', 'properties': _registered_limit_create_properties, 'additionalProperties': False, 'required': ['service_id', 'resource_name', 'default_limit'] } registered_limit_create = { 'type': 'array', 'items': _registered_limit_create, 'minItems': 1 }
"type": "object", "properties": {"service_provider": basic_property_id}, "required": ["service_provider"], "additionalProperties": False, }, }, "required": ["identity", "scope"], "additionalProperties": False, } _service_provider_properties = { # NOTE(rodrigods): The database accepts URLs with 256 as max length, # but parameter_types.url uses 225 as max length. "auth_url": parameter_types.url, "sp_url": parameter_types.url, "description": validation.nullable(parameter_types.description), "enabled": parameter_types.boolean, "relay_state_prefix": validation.nullable(parameter_types.description), } service_provider_create = { "type": "object", "properties": _service_provider_properties, # NOTE(rodrigods): 'id' is not required since it is passed in the URL "required": ["auth_url", "sp_url"], "additionalProperties": False, } service_provider_update = { "type": "object", "properties": _service_provider_properties,