keystone/keystone/tests/unit/schema/v2.py

# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.


import copy

from keystone.common import validation
from keystone.common.validation import parameter_types
from keystone.common.validation import validators


_project_properties = {
    'id': parameter_types.id_string,
    'name': parameter_types.name,
    'enabled': parameter_types.boolean,
    'description': validation.nullable(parameter_types.description),
}

_token_properties = {
    'audit_ids': {
        'type': 'array',
        'items': {
            'type': 'string',
        },
        'minItems': 1,
        'maxItems': 2,
    },
    'id': {'type': 'string'},
    'expires': {'type': 'string'},
    'issued_at': {'type': 'string'},
    'tenant': {
        'type': 'object',
        'properties': _project_properties,
        'required': ['id', 'name', 'enabled'],
        'additionalProperties': False,
    },
}

_role_properties = {
    'name': parameter_types.name,
}

_user_properties = {
    'id': parameter_types.id_string,
    'name': parameter_types.name,
    'username': parameter_types.name,
    'roles': {
        'type': 'array',
        'items': {
            'type': 'object',
            'properties': _role_properties,
            'required': ['name'],
            'additionalProperties': False,
        },
    },
    'roles_links': {
        'type': 'array',
        'maxItems': 0,
    },
}

_metadata_properties = {
    'is_admin': {'type': 'integer'},
    'roles': {
        'type': 'array',
        'items': {'type': 'string'},
    },
}

_endpoint_properties = {
    'id': {'type': 'string'},
    'adminURL': parameter_types.url,
    'internalURL': parameter_types.url,
    'publicURL': parameter_types.url,
    'region': {'type': 'string'},
}

_service_properties = {
    'type': {'type': 'string'},
    'name': parameter_types.name,
    'endpoints_links': {
        'type': 'array',
        'maxItems': 0,
    },
    'endpoints': {
        'type': 'array',
        'minItems': 1,
        'items': {
            'type': 'object',
            'properties': _endpoint_properties,
            'required': ['id', 'publicURL'],
            'additionalProperties': False,
        },
    },
}

_base_access_properties = {
    'metadata': {
        'type': 'object',
        'properties': _metadata_properties,
        'required': ['is_admin', 'roles'],
        'additionalProperties': False,
    },
    'serviceCatalog': {
        'type': 'array',
        'items': {
            'type': 'object',
            'properties': _service_properties,
            'required': ['name', 'type', 'endpoints_links', 'endpoints'],
            'additionalProperties': False,
        },
    },
    'token': {
        'type': 'object',
        'properties': _token_properties,
        'required': ['audit_ids', 'id', 'expires', 'issued_at'],
        'additionalProperties': False,
    },
    'user': {
        'type': 'object',
        'properties': _user_properties,
        'required': ['id', 'name', 'username', 'roles', 'roles_links'],
        'additionalProperties': False,
    },
}

_unscoped_access_properties = copy.deepcopy(_base_access_properties)
unscoped_metadata = _unscoped_access_properties['metadata']
unscoped_metadata['properties']['roles']['maxItems'] = 0
_unscoped_access_properties['user']['properties']['roles']['maxItems'] = 0
_unscoped_access_properties['serviceCatalog']['maxItems'] = 0

_scoped_access_properties = copy.deepcopy(_base_access_properties)
_scoped_access_properties['metadata']['properties']['roles']['minItems'] = 1
_scoped_access_properties['serviceCatalog']['minItems'] = 1
_scoped_access_properties['user']['properties']['roles']['minItems'] = 1

base_token_schema = {
    'type': 'object',
    'required': ['metadata', 'user', 'serviceCatalog', 'token'],
    'additionalProperties': False,
}

unscoped_token_schema = copy.deepcopy(base_token_schema)
unscoped_token_schema['properties'] = _unscoped_access_properties

scoped_token_schema = copy.deepcopy(base_token_schema)
scoped_token_schema['properties'] = _scoped_access_properties

# Validator objects
unscoped_validator = validators.SchemaValidator(unscoped_token_schema)
scoped_validator = validators.SchemaValidator(scoped_token_schema)