aboutsummaryrefslogtreecommitdiffstats
path: root/keystone-moon/keystone/federation/schema.py
diff options
context:
space:
mode:
Diffstat (limited to 'keystone-moon/keystone/federation/schema.py')
-rw-r--r--keystone-moon/keystone/federation/schema.py115
1 files changed, 115 insertions, 0 deletions
diff --git a/keystone-moon/keystone/federation/schema.py b/keystone-moon/keystone/federation/schema.py
new file mode 100644
index 00000000..6cdfd1f5
--- /dev/null
+++ b/keystone-moon/keystone/federation/schema.py
@@ -0,0 +1,115 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+from keystone.common import validation
+from keystone.common.validation import parameter_types
+
+
+basic_property_id = {
+ 'type': 'object',
+ 'properties': {
+ 'id': {
+ 'type': 'string'
+ }
+ },
+ 'required': ['id'],
+ 'additionalProperties': False
+}
+
+saml_create = {
+ 'type': 'object',
+ 'properties': {
+ 'identity': {
+ 'type': 'object',
+ 'properties': {
+ 'token': basic_property_id,
+ 'methods': {
+ 'type': 'array'
+ }
+ },
+ 'required': ['token'],
+ 'additionalProperties': False
+ },
+ 'scope': {
+ 'type': 'object',
+ 'properties': {
+ 'service_provider': basic_property_id
+ },
+ 'required': ['service_provider'],
+ 'additionalProperties': False
+ },
+ },
+ 'required': ['identity', 'scope'],
+ 'additionalProperties': False
+}
+
+_service_provider_properties = {
+ # NOTE(rodrigods): The database accepts URLs with 256 as max length,
+ # but parameter_types.url uses 225 as max length.
+ 'auth_url': parameter_types.url,
+ 'sp_url': parameter_types.url,
+ 'description': validation.nullable(parameter_types.description),
+ 'enabled': parameter_types.boolean,
+ 'relay_state_prefix': validation.nullable(parameter_types.description)
+}
+
+service_provider_create = {
+ 'type': 'object',
+ 'properties': _service_provider_properties,
+ # NOTE(rodrigods): 'id' is not required since it is passed in the URL
+ 'required': ['auth_url', 'sp_url'],
+ 'additionalProperties': False
+}
+
+service_provider_update = {
+ 'type': 'object',
+ 'properties': _service_provider_properties,
+ # Make sure at least one property is being updated
+ 'minProperties': 1,
+ 'additionalProperties': False
+}
+
+_identity_provider_properties = {
+ 'enabled': parameter_types.boolean,
+ 'description': validation.nullable(parameter_types.description),
+ 'remote_ids': {
+ 'type': ['array', 'null'],
+ 'items': {
+ 'type': 'string'
+ },
+ 'uniqueItems': True
+ }
+}
+
+identity_provider_create = {
+ 'type': 'object',
+ 'properties': _identity_provider_properties,
+ 'additionalProperties': False
+}
+
+identity_provider_update = {
+ 'type': 'object',
+ 'properties': _identity_provider_properties,
+ # Make sure at least one property is being updated
+ 'minProperties': 1,
+ 'additionalProperties': False
+}
+
+federation_protocol_schema = {
+ 'type': 'object',
+ 'properties': {
+ 'mapping_id': parameter_types.mapping_id_string
+ },
+ # `mapping_id` is the property that cannot be ignored
+ 'minProperties': 1,
+ 'additionalProperties': False
+}