aboutsummaryrefslogtreecommitdiffstats
path: root/keystone-moon/keystone/common/validation
diff options
context:
space:
mode:
Diffstat (limited to 'keystone-moon/keystone/common/validation')
-rw-r--r--keystone-moon/keystone/common/validation/__init__.py62
-rw-r--r--keystone-moon/keystone/common/validation/parameter_types.py57
-rw-r--r--keystone-moon/keystone/common/validation/validators.py59
3 files changed, 178 insertions, 0 deletions
diff --git a/keystone-moon/keystone/common/validation/__init__.py b/keystone-moon/keystone/common/validation/__init__.py
new file mode 100644
index 00000000..f9c58eaf
--- /dev/null
+++ b/keystone-moon/keystone/common/validation/__init__.py
@@ -0,0 +1,62 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+"""Request body validating middleware for OpenStack Identity resources."""
+
+import functools
+
+from keystone.common.validation import validators
+
+
+def validated(request_body_schema, resource_to_validate):
+ """Register a schema to validate a resource reference.
+
+ Registered schema will be used for validating a request body just before
+ API method execution.
+
+ :param request_body_schema: a schema to validate the resource reference
+ :param resource_to_validate: the reference to validate
+
+ """
+ schema_validator = validators.SchemaValidator(request_body_schema)
+
+ def add_validator(func):
+ @functools.wraps(func)
+ def wrapper(*args, **kwargs):
+ if resource_to_validate in kwargs:
+ schema_validator.validate(kwargs[resource_to_validate])
+ return func(*args, **kwargs)
+ return wrapper
+ return add_validator
+
+
+def nullable(property_schema):
+ """Clone a property schema into one that is nullable.
+
+ :param dict property_schema: schema to clone into a nullable schema
+ :returns: a new dict schema
+ """
+ # TODO(dstanek): deal with the case where type is already a list; we don't
+ # do that yet so I'm not wasting time on it
+ new_schema = property_schema.copy()
+ new_schema['type'] = [property_schema['type'], 'null']
+ return new_schema
+
+
+def add_array_type(property_schema):
+ """Convert the parameter schema to be of type list.
+
+ :param dict property_schema: schema to add array type to
+ :returns: a new dict schema
+ """
+ new_schema = property_schema.copy()
+ new_schema['type'] = [property_schema['type'], 'array']
+ return new_schema
diff --git a/keystone-moon/keystone/common/validation/parameter_types.py b/keystone-moon/keystone/common/validation/parameter_types.py
new file mode 100644
index 00000000..c5908836
--- /dev/null
+++ b/keystone-moon/keystone/common/validation/parameter_types.py
@@ -0,0 +1,57 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+"""Common parameter types for validating a request reference."""
+
+boolean = {
+ 'type': 'boolean',
+ 'enum': [True, False]
+}
+
+# NOTE(lbragstad): Be mindful of this pattern as it might require changes
+# once this is used on user names, LDAP-based user names specifically since
+# commas aren't allowed in the following pattern. Here we are only going to
+# check the length of the name and ensure that it's a string. Right now we are
+# not going to validate on a naming pattern for issues with
+# internationalization.
+name = {
+ 'type': 'string',
+ 'minLength': 1,
+ 'maxLength': 255
+}
+
+id_string = {
+ 'type': 'string',
+ 'minLength': 1,
+ 'maxLength': 64,
+ # TODO(lbragstad): Find a way to make this configurable such that the end
+ # user chooses how much control they want over id_strings with a regex
+ 'pattern': '^[a-zA-Z0-9-]+$'
+}
+
+description = {
+ 'type': 'string'
+}
+
+url = {
+ 'type': 'string',
+ 'minLength': 0,
+ 'maxLength': 225,
+ # NOTE(edmondsw): we could do more to validate per various RFCs, but
+ # decision was made to err on the side of leniency. The following is based
+ # on rfc1738 section 2.1
+ 'pattern': '[a-zA-Z0-9+.-]+:.+'
+}
+
+email = {
+ 'type': 'string',
+ 'format': 'email'
+}
diff --git a/keystone-moon/keystone/common/validation/validators.py b/keystone-moon/keystone/common/validation/validators.py
new file mode 100644
index 00000000..a4574176
--- /dev/null
+++ b/keystone-moon/keystone/common/validation/validators.py
@@ -0,0 +1,59 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+"""Internal implementation of request body validating middleware."""
+
+import jsonschema
+
+from keystone import exception
+from keystone.i18n import _
+
+
+class SchemaValidator(object):
+ """Resource reference validator class."""
+
+ validator = None
+ validator_org = jsonschema.Draft4Validator
+
+ def __init__(self, schema):
+ # NOTE(lbragstad): If at some point in the future we want to extend
+ # our validators to include something specific we need to check for,
+ # we can do it here. Nova's V3 API validators extend the validator to
+ # include `self._validate_minimum` and `self._validate_maximum`. This
+ # would be handy if we needed to check for something the jsonschema
+ # didn't by default. See the Nova V3 validator for details on how this
+ # is done.
+ validators = {}
+ validator_cls = jsonschema.validators.extend(self.validator_org,
+ validators)
+ fc = jsonschema.FormatChecker()
+ self.validator = validator_cls(schema, format_checker=fc)
+
+ def validate(self, *args, **kwargs):
+ try:
+ self.validator.validate(*args, **kwargs)
+ except jsonschema.ValidationError as ex:
+ # NOTE: For whole OpenStack message consistency, this error
+ # message has been written in a format consistent with WSME.
+ if len(ex.path) > 0:
+ # NOTE(lbragstad): Here we could think about using iter_errors
+ # as a method of providing invalid parameters back to the
+ # user.
+ # TODO(lbragstad): If the value of a field is confidential or
+ # too long, then we should build the masking in here so that
+ # we don't expose sensitive user information in the event it
+ # fails validation.
+ detail = _("Invalid input for field '%(path)s'. The value is "
+ "'%(value)s'.") % {'path': ex.path.pop(),
+ 'value': ex.instance}
+ else:
+ detail = ex.message
+ raise exception.SchemaValidationError(detail=detail)