From f97df5cb6ff1b3fc0a1c18967c4eefff9e7670ce Mon Sep 17 00:00:00 2001 From: Colleen Murphy Date: Tue, 28 Nov 2017 14:33:04 +0100 Subject: [PATCH] Fix role schema in trust object Previously, we weren't doing any validation on the roles attribute of a trust except to validate that it was an array. A hasty glance, however, would lead you to believe that it was validating an array of parameter_types.id_string[1] and so we translated that to the new role object validation. However, id_string doesn't include some valid role names like _member_. This patch updates the role name schema to match parameter_types.name, which is the same as the schema for the main role object. [1] http://git.openstack.org/cgit/openstack/keystone/tree/keystone/trust/schema.py?id=62f9e57cd81dc98c5816da9fa483d385b4c1a66c#n41 Change-Id: I83aafc7a96e81a9b6b1056b39cd8c5d23676c014 Closes-bug: #1734871 --- keystone/tests/unit/test_validation.py | 3 ++- keystone/trust/schema.py | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/keystone/tests/unit/test_validation.py b/keystone/tests/unit/test_validation.py index 28d2e853a3..b325012b73 100644 --- a/keystone/tests/unit/test_validation.py +++ b/keystone/tests/unit/test_validation.py @@ -1485,7 +1485,8 @@ class TrustValidationTestCase(unit.BaseTestCase): _valid_roles = [{'name': 'member'}, {'id': uuid.uuid4().hex}, - {'id': str(uuid.uuid4())}] + {'id': str(uuid.uuid4())}, + {'name': '_member_'}] _invalid_roles = [False, True, 123, None] def setUp(self): diff --git a/keystone/trust/schema.py b/keystone/trust/schema.py index b8b941c058..9b155d45e1 100644 --- a/keystone/trust/schema.py +++ b/keystone/trust/schema.py @@ -19,7 +19,7 @@ _role_properties = { 'type': 'object', 'properties': { 'id': parameter_types.id_string, - 'name': parameter_types.id_string + 'name': parameter_types.name }, 'minProperties': 1, 'maxProperties': 1,