Source code for keystone.auth.schema

# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

from keystone.common import validation
from keystone.common.validation import parameter_types
from keystone import exception
from keystone.i18n import _


token_issue = {
    'type': 'object',
    'properties': {
        'identity': {
            'type': 'object',
            'properties': {
                'methods': {
                    'type': 'array',
                    'items': {'type': 'string', },
                },
                'password': {
                    'type': 'object',
                    'properties': {
                        'user': {
                            'type': 'object',
                            'properties': {
                                'id': {'type': 'string', },
                                'name': {'type': 'string', },
                                'password': {'type': 'string', },
                                'domain': {
                                    'type': 'object',
                                    'properties': {
                                        'id': {'type': 'string', },
                                        'name': {'type': 'string', },
                                    },
                                },
                            },
                        },
                    },
                },
                'token': {
                    'type': 'object',
                    'properties': {
                        'id': {
                            'type': 'string',
                        },
                    },
                    'required': ['id', ],
                },
            },
            'required': ['methods', ],
        },
        'scope': {
            # For explicit unscoped authentication the type should not be
            # strictly string. Although keystone server specifies the value
            # to be 'unscoped', old versions of keystoneauth might still be
            # using `"scope": {'unscoped': {}}` instead of
            # `"scope": "unscoped"`
            # https://bugs.launchpad.net/keystoneauth/+bug/1637682/
            'type': ['object', 'string'],
            'properties': {
                'project': {
                    'type': 'object',
                    'properties': {
                        'name': {'type': 'string', },
                        'id': {'type': 'string', },
                        'domain': {
                            'type': 'object',
                            'properties': {
                                'id': {'type': 'string', },
                                'name': {'type': 'string', },
                            },
                        },
                    },
                },
                'domain': {
                    'type': 'object',
                    'properties': {
                        'id': {'type': 'string', },
                        'name': {'type': 'string', },
                    },
                },
                'OS-TRUST:trust': {
                    'type': 'object',
                    'properties': {
                        'id': {'type': 'string', },
                    }
                },
                'system': {
                    'type': 'object',
                    'properties': {
                        'all': parameter_types.boolean
                    }
                }
            },
        },
    },
    'required': ['identity', ],
}


[docs]def validate_issue_token_auth(auth=None): if auth is None: return validation.lazy_validate(token_issue, auth) user = auth['identity'].get('password', {}).get('user') if user is not None: if 'id' not in user and 'name' not in user: msg = _('Invalid input for field identity/password/user: ' 'id or name must be present.') raise exception.SchemaValidationError(detail=msg) domain = user.get('domain') if domain is not None: if 'id' not in domain and 'name' not in domain: msg = _( 'Invalid input for field identity/password/user/domain: ' 'id or name must be present.') raise exception.SchemaValidationError(detail=msg) scope = auth.get('scope') if scope is not None and isinstance(scope, dict): project = scope.get('project') if project is not None: if 'id' not in project and 'name' not in project: msg = _( 'Invalid input for field scope/project: ' 'id or name must be present.') raise exception.SchemaValidationError(detail=msg) domain = project.get('domain') if domain is not None: if 'id' not in domain and 'name' not in domain: msg = _( 'Invalid input for field scope/project/domain: ' 'id or name must be present.') raise exception.SchemaValidationError(detail=msg) domain = scope.get('domain') if domain is not None: if 'id' not in domain and 'name' not in domain: msg = _( 'Invalid input for field scope/domain: ' 'id or name must be present.') raise exception.SchemaValidationError(detail=msg)