Fix role schema in trust object

Previously, we weren't doing any validation on the roles attribute of a trust except to validate that it was an array. A hasty glance, however, would lead you to believe that it was validating an array of parameter_types.id_string[1] and so we translated that to the new role object validation. However, id_string doesn't include some valid role names like _member_. This patch updates the role name schema to match parameter_types.name, which is the same as the schema for the main role object. [1] http://git.openstack.org/cgit/openstack/keystone/tree/keystone/trust/schema.py?id=62f9e57cd81dc98c5816da9fa483d385b4c1a66c#n41 Change-Id: I83aafc7a96e81a9b6b1056b39cd8c5d23676c014 Closes-bug: #1734871
2017-11-28 14:33:04 +01:00 · 2017-11-28 14:33:04 +01:00 · f97df5cb6f
parent f8e79ab507
commit f97df5cb6f
2 changed files with 3 additions and 2 deletions
--- a/keystone/tests/unit/test_validation.py
+++ b/keystone/tests/unit/test_validation.py
@ -1485,7 +1485,8 @@ class TrustValidationTestCase(unit.BaseTestCase):

    _valid_roles = [{'name': 'member'},
                    {'id': uuid.uuid4().hex},
-                    {'id': str(uuid.uuid4())}]
+                    {'id': str(uuid.uuid4())},
+                    {'name': '_member_'}]
    _invalid_roles = [False, True, 123, None]

    def setUp(self):
--- a/keystone/trust/schema.py
+++ b/keystone/trust/schema.py
@ -19,7 +19,7 @@ _role_properties = {
        'type': 'object',
        'properties': {
            'id': parameter_types.id_string,
-            'name': parameter_types.id_string
+            'name': parameter_types.name
        },
        'minProperties': 1,
        'maxProperties': 1,