diff options
Diffstat (limited to 'keystone-moon/keystone/common/validation')
3 files changed, 178 insertions, 0 deletions
diff --git a/keystone-moon/keystone/common/validation/__init__.py b/keystone-moon/keystone/common/validation/__init__.py new file mode 100644 index 00000000..f9c58eaf --- /dev/null +++ b/keystone-moon/keystone/common/validation/__init__.py @@ -0,0 +1,62 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +"""Request body validating middleware for OpenStack Identity resources.""" + +import functools + +from keystone.common.validation import validators + + +def validated(request_body_schema, resource_to_validate): + """Register a schema to validate a resource reference. + + Registered schema will be used for validating a request body just before + API method execution. + + :param request_body_schema: a schema to validate the resource reference + :param resource_to_validate: the reference to validate + + """ + schema_validator = validators.SchemaValidator(request_body_schema) + + def add_validator(func): + @functools.wraps(func) + def wrapper(*args, **kwargs): + if resource_to_validate in kwargs: + schema_validator.validate(kwargs[resource_to_validate]) + return func(*args, **kwargs) + return wrapper + return add_validator + + +def nullable(property_schema): + """Clone a property schema into one that is nullable. + + :param dict property_schema: schema to clone into a nullable schema + :returns: a new dict schema + """ + # TODO(dstanek): deal with the case where type is already a list; we don't + # do that yet so I'm not wasting time on it + new_schema = property_schema.copy() + new_schema['type'] = [property_schema['type'], 'null'] + return new_schema + + +def add_array_type(property_schema): + """Convert the parameter schema to be of type list. + + :param dict property_schema: schema to add array type to + :returns: a new dict schema + """ + new_schema = property_schema.copy() + new_schema['type'] = [property_schema['type'], 'array'] + return new_schema diff --git a/keystone-moon/keystone/common/validation/parameter_types.py b/keystone-moon/keystone/common/validation/parameter_types.py new file mode 100644 index 00000000..c5908836 --- /dev/null +++ b/keystone-moon/keystone/common/validation/parameter_types.py @@ -0,0 +1,57 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +"""Common parameter types for validating a request reference.""" + +boolean = { + 'type': 'boolean', + 'enum': [True, False] +} + +# NOTE(lbragstad): Be mindful of this pattern as it might require changes +# once this is used on user names, LDAP-based user names specifically since +# commas aren't allowed in the following pattern. Here we are only going to +# check the length of the name and ensure that it's a string. Right now we are +# not going to validate on a naming pattern for issues with +# internationalization. +name = { + 'type': 'string', + 'minLength': 1, + 'maxLength': 255 +} + +id_string = { + 'type': 'string', + 'minLength': 1, + 'maxLength': 64, + # TODO(lbragstad): Find a way to make this configurable such that the end + # user chooses how much control they want over id_strings with a regex + 'pattern': '^[a-zA-Z0-9-]+$' +} + +description = { + 'type': 'string' +} + +url = { + 'type': 'string', + 'minLength': 0, + 'maxLength': 225, + # NOTE(edmondsw): we could do more to validate per various RFCs, but + # decision was made to err on the side of leniency. The following is based + # on rfc1738 section 2.1 + 'pattern': '[a-zA-Z0-9+.-]+:.+' +} + +email = { + 'type': 'string', + 'format': 'email' +} diff --git a/keystone-moon/keystone/common/validation/validators.py b/keystone-moon/keystone/common/validation/validators.py new file mode 100644 index 00000000..a4574176 --- /dev/null +++ b/keystone-moon/keystone/common/validation/validators.py @@ -0,0 +1,59 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +"""Internal implementation of request body validating middleware.""" + +import jsonschema + +from keystone import exception +from keystone.i18n import _ + + +class SchemaValidator(object): + """Resource reference validator class.""" + + validator = None + validator_org = jsonschema.Draft4Validator + + def __init__(self, schema): + # NOTE(lbragstad): If at some point in the future we want to extend + # our validators to include something specific we need to check for, + # we can do it here. Nova's V3 API validators extend the validator to + # include `self._validate_minimum` and `self._validate_maximum`. This + # would be handy if we needed to check for something the jsonschema + # didn't by default. See the Nova V3 validator for details on how this + # is done. + validators = {} + validator_cls = jsonschema.validators.extend(self.validator_org, + validators) + fc = jsonschema.FormatChecker() + self.validator = validator_cls(schema, format_checker=fc) + + def validate(self, *args, **kwargs): + try: + self.validator.validate(*args, **kwargs) + except jsonschema.ValidationError as ex: + # NOTE: For whole OpenStack message consistency, this error + # message has been written in a format consistent with WSME. + if len(ex.path) > 0: + # NOTE(lbragstad): Here we could think about using iter_errors + # as a method of providing invalid parameters back to the + # user. + # TODO(lbragstad): If the value of a field is confidential or + # too long, then we should build the masking in here so that + # we don't expose sensitive user information in the event it + # fails validation. + detail = _("Invalid input for field '%(path)s'. The value is " + "'%(value)s'.") % {'path': ex.path.pop(), + 'value': ex.instance} + else: + detail = ex.message + raise exception.SchemaValidationError(detail=detail) |