From 37de09105822b2b4db8b0ebac1ec5994af5d0fd9 Mon Sep 17 00:00:00 2001 From: Eduardo Sousa Date: Thu, 23 May 2019 02:17:22 +0100 Subject: [PATCH] Fixing ids and names for roles when listing Change-Id: I9f915199bf65bd68c7b03c78c120136130c5b105 Signed-off-by: Eduardo Sousa --- osm_nbi/admin_topics.py | 67 ++++++++++++++++-------------------- osm_nbi/authconn_keystone.py | 3 +- osm_nbi/validation.py | 8 ++--- 3 files changed, 33 insertions(+), 45 deletions(-) diff --git a/osm_nbi/admin_topics.py b/osm_nbi/admin_topics.py index 7ae855f..07f18da 100644 --- a/osm_nbi/admin_topics.py +++ b/osm_nbi/admin_topics.py @@ -731,9 +731,15 @@ class RoleTopicAuth(BaseTopic): :param role_definitions: role definition to test :return: None if ok, raises ValidationError exception on error """ + ignore_fields = ["_id", "name"] for role_def in role_definitions.keys(): - if role_def == ".": + if role_def in ignore_fields: continue + if role_def == ".": + if isinstance(role_definitions[role_def], bool): + continue + else: + raise ValidationError("Operation authorization \".\" should be True/False.") if role_def[-1] == ".": raise ValidationError("Operation cannot end with \".\"") @@ -742,6 +748,9 @@ class RoleTopicAuth(BaseTopic): if len(role_def_matches) == 0: raise ValidationError("No matching operation found.") + if not isinstance(role_definitions[role_def], bool): + raise ValidationError("Operation authorization {} should be True/False.".format(role_def)) + def _validate_input_new(self, input, force=False): """ Validates input user content for a new entry. @@ -752,8 +761,8 @@ class RoleTopicAuth(BaseTopic): """ if self.schema_new: validate_input(input, self.schema_new) - if "definition" in input and input["definition"]: - self.validate_role_definition(self.operations, input["definition"]) + self.validate_role_definition(self.operations, input) + return input def _validate_input_edit(self, input, force=False): @@ -766,8 +775,8 @@ class RoleTopicAuth(BaseTopic): """ if self.schema_edit: validate_input(input, self.schema_edit) - if "definition" in input and input["definition"]: - self.validate_role_definition(self.operations, input["definition"]) + self.validate_role_definition(self.operations, input) + return input def check_conflict_on_new(self, session, indata): @@ -833,19 +842,14 @@ class RoleTopicAuth(BaseTopic): if not content["_admin"].get("created"): content["_admin"]["created"] = now content["_admin"]["modified"] = now - content["root"] = False - - # Saving the role definition - if "definition" in content and content["definition"]: - for role_def, value in content["definition"].items(): - if role_def == ".": - content["root"] = value - else: - content[role_def.replace(".", ":")] = value + content[":"] = False - # Cleaning undesired values - if "definition" in content: - del content["definition"] + ignore_fields = ["_id", "_admin", "name"] + for role_def, value in content.items(): + if role_def in ignore_fields: + continue + content[role_def.replace(".", ":")] = value + del content[role_def] @staticmethod def format_on_edit(final_content, edit_content): @@ -865,15 +869,11 @@ class RoleTopicAuth(BaseTopic): del final_content[key] # Saving the role definition - if "definition" in edit_content and edit_content["definition"]: - for role_def, value in edit_content["definition"].items(): - if role_def == ".": - final_content["root"] = value - else: - final_content[role_def.replace(".", ":")] = value - - if "root" not in final_content: - final_content["root"] = False + for role_def, value in edit_content.items(): + final_content[role_def.replace(".", ":")] = value + + if ":" not in final_content.keys(): + final_content[":"] = False @staticmethod def format_on_show(content): @@ -884,21 +884,12 @@ class RoleTopicAuth(BaseTopic): :param definition: role definition to be processed """ - ignore_fields = ["_admin", "_id", "name", "root"] content_keys = list(content.keys()) - definition = dict(content) - + for key in content_keys: - if key in ignore_fields: - del definition[key] - if ":" not in key: + if ":" in key: + content[key.replace(":", ".")] = content[key] del content[key] - continue - definition[key.replace(":", ".")] = definition[key] - del definition[key] - del content[key] - - content["definition"] = definition def show(self, session, _id): """ diff --git a/osm_nbi/authconn_keystone.py b/osm_nbi/authconn_keystone.py index 9f67450..7f59270 100644 --- a/osm_nbi/authconn_keystone.py +++ b/osm_nbi/authconn_keystone.py @@ -298,8 +298,7 @@ class AuthconnKeystone(Authconn): """ Get role list. - :return: returns the list of roles for the user in that project. If - the token is unscoped it returns None. + :return: returns the list of roles. """ try: roles_list = self.keystone.roles.list() diff --git a/osm_nbi/validation.py b/osm_nbi/validation.py index ba2451b..a6b9421 100644 --- a/osm_nbi/validation.py +++ b/osm_nbi/validation.py @@ -648,10 +648,9 @@ roles_new_schema = { "type": "object", "properties": { "name": shortname_schema, - "definition": object_schema, }, "required": ["name"], - "additionalProperties": False + "additionalProperties": True } roles_edit_schema = { "$schema": "http://json-schema.org/draft-04/schema#", @@ -660,10 +659,9 @@ roles_edit_schema = { "properties": { "_id": id_schema, "name": shortname_schema, - "definition": object_schema, }, - "required": ["_id", "name", "definition"], - "additionalProperties": False, + "required": ["_id", "name"], + "additionalProperties": True, "minProperties": 1 } -- 2.25.1