V3 API Validation

Registered by Lance Bragstad

This blueprint is meant to track progress of standardizing the API validation of Keystone. Previous, there have been multiple ways to validate resources when interacting with the Keystone API. Utilizing a common validator will enforce API consistency across the resources in Keystone as well as ensure consistency when adding extensions to Keystone.

One possible way to do this would be with jsonschema, which can be used to validate request bodies and throw validation exceptions when validation fails. To do this, we can add a validation module to Keystone that consists of a wrapper function. The wrapper will handle loading the schema and validate the request body against the validator object. In addition to the validator module, schemas will have to be created that essentially model the Identity V3 API spec. Once a schema is created and accepted, it shouldn't have to change. Actually implementing the validator on resource create and update methods should consist of adding a method wrapper to the create and update methods of the resource. The method decorator can be the validator and it can take a couple parameters, 1.) the resource schema to validate the request against and 2.) the kwarg to pull the request body out of.

When adding new extensions, if the extension wants to use the validator against it's API, a schema for the extension should be committed with the extension.

The the above is one possible way to enforce a validator in Keystone.

(stevemar) what resources do you intend to validate using the schema in juno vs beyond?
will this be v3 specific?

Blueprint information

Lance Bragstad
Needs approval
Lance Bragstad
Series goal:
Accepted for juno
Milestone target:
milestone icon 2014.2
Started by
Dolph Mathews
Completed by
Dolph Mathews

Related branches



Previously blocked by tempest producing random strings and calling them URLs (this bp will cause those strings to be validated as URLs in Keystone. which will fail): https://review.openstack.org/#/c/106420/ (merged)

Addressed by: https://review.openstack.org/95957 (spec merged)
    Propose api-validation blueprint

Gerrit topic: https://review.openstack.org/#q,topic:validator,n,z

Addressed by: https://review.openstack.org/86483 (merged)
    Initial implementation of validator

Addressed by: https://review.openstack.org/86484
    Implement validation on Assignment V3 resources

Gerrit topic: https://review.openstack.org/#q,topic:bp/keystone-api-validation,n,z

Addressed by: https://review.openstack.org/96266
    Implement validation on Catalog V3 resources

Gerrit topic: https://review.openstack.org/#q,topic:bp/This,n,z

Addressed by: https://review.openstack.org/98522
    Implement validation on Credential V3

Addressed by: https://review.openstack.org/104065
    Implement validation on Policy V3 API

Addressed by: https://review.openstack.org/104066
    Implement validation on Trust V3 API

Gerrit topic: https://review.openstack.org/#q,topic:bp/api-validation,n,z

Addressed by: https://review.openstack.org/108862
    Add string id type validation

Addressed by: https://review.openstack.org/109098 (abandoned)
    Make BaseValidationTestCase

Addressed by: https://review.openstack.org/110335 (abandoned)
    Fixes syntax error in tests

Addressed by: https://review.openstack.org/110336
    Splits generic validation tests from model tests

Addressed by: https://review.openstack.org/110337
    Adds a dependency on jsd

Addressed by: https://review.openstack.org/110338 (abandoned)
    Makes domain_id required for projects

Addressed by: https://review.openstack.org/110339
    Convert projects from embeded JSON to jsd schemas

Addressed by: https://review.openstack.org/110340
    Initial attempt at lazy configs - ugly

Addressed by: https://review.openstack.org/116954
    Adds tests that show how update with validation works

Gerrit topic: https://review.openstack.org/#q,topic:bug/1284430,n,z

Gerrit topic: https://review.openstack.org/#q,topic:bug/1362344,n,z

Gerrit topic: https://review.openstack.org/#q,topic:bug/999084,n,z

Addressed by: https://review.openstack.org/132122
    Implement validation on the Identity V3 API


Work Items

This blueprint contains Public information 
Everyone can see this information.


No subscribers.