From 05c8c487b549041be44275af6c90998d9fbf565e Mon Sep 17 00:00:00 2001
From: xingzhou <xingzhou@cn.ibm.com>
Date: Wed, 31 Jul 2013 11:25:53 +0800
Subject: V3 API need to check mandatory field when creating resources

When creating items like project, role through V3 API, if name field
is missing, the server will return 500 internal error or 409 conflict
error, shall return 400 bad request error instead

Change-Id: I9deddcd4cf801306c16555b59bba7fdfab6556a7
Fixes: Bug 1136342
---
 keystone/identity/controllers.py | 10 ++++++++++
 tests/test_v3_identity.py        | 20 ++++++++++++++++++++
 2 files changed, 30 insertions(+)

diff --git a/keystone/identity/controllers.py b/keystone/identity/controllers.py
index 12fb8145..7ca1f8bf 100644
--- a/keystone/identity/controllers.py
+++ b/keystone/identity/controllers.py
@@ -403,6 +403,8 @@ class DomainV3(controller.V3Controller):
 
     @controller.protected
     def create_domain(self, context, domain):
+        self._require_attribute(domain, 'name')
+
         ref = self._assign_unique_id(self._normalize_dict(domain))
         ref = self.identity_api.create_domain(ref['id'], ref)
         return DomainV3.wrap_member(context, ref)
@@ -544,6 +546,8 @@ class ProjectV3(controller.V3Controller):
 
     @controller.protected
     def create_project(self, context, project):
+        self._require_attribute(project, 'name')
+
         ref = self._assign_unique_id(self._normalize_dict(project))
         ref = self._normalize_domain_id(context, ref)
         ref = self.identity_api.create_project(ref['id'], ref)
@@ -592,6 +596,8 @@ class UserV3(controller.V3Controller):
 
     @controller.protected
     def create_user(self, context, user):
+        self._require_attribute(user, 'name')
+
         ref = self._assign_unique_id(self._normalize_dict(user))
         ref = self._normalize_domain_id(context, ref)
         ref = self.identity_api.create_user(ref['id'], ref)
@@ -663,6 +669,8 @@ class GroupV3(controller.V3Controller):
 
     @controller.protected
     def create_group(self, context, group):
+        self._require_attribute(group, 'name')
+
         ref = self._assign_unique_id(self._normalize_dict(group))
         ref = self._normalize_domain_id(context, ref)
         ref = self.identity_api.create_group(ref['id'], ref)
@@ -713,6 +721,8 @@ class RoleV3(controller.V3Controller):
 
     @controller.protected
     def create_role(self, context, role):
+        self._require_attribute(role, 'name')
+
         ref = self._assign_unique_id(self._normalize_dict(role))
         ref = self.identity_api.create_role(ref['id'], ref)
         return RoleV3.wrap_member(context, ref)
diff --git a/tests/test_v3_identity.py b/tests/test_v3_identity.py
index 5eaf9085..891f0c6a 100644
--- a/tests/test_v3_identity.py
+++ b/tests/test_v3_identity.py
@@ -105,6 +105,10 @@ class IdentityTestCase(test_v3.RestfulTestCase):
             body={'domain': ref})
         return self.assertValidDomainResponse(r, ref)
 
+    def test_create_domain_400(self):
+        """Call ``POST /domains``."""
+        self.post('/domains', body={'domain': {}}, expected_status=400)
+
     def test_list_domains(self):
         """Call ``GET /domains``."""
         r = self.get('/domains')
@@ -313,6 +317,10 @@ class IdentityTestCase(test_v3.RestfulTestCase):
             body={'project': ref})
         self.assertValidProjectResponse(r, ref)
 
+    def test_create_project_400(self):
+        """Call ``POST /projects``."""
+        self.post('/projects', body={'project': {}}, expected_status=400)
+
     def test_get_project(self):
         """Call ``GET /projects/{project_id}``."""
         r = self.get(
@@ -376,6 +384,10 @@ class IdentityTestCase(test_v3.RestfulTestCase):
             body={'user': ref})
         return self.assertValidUserResponse(r, ref)
 
+    def test_create_user_400(self):
+        """Call ``POST /users``."""
+        self.post('/users', body={'user': {}}, expected_status=400)
+
     def test_list_users(self):
         """Call ``GET /users``."""
         r = self.get('/users')
@@ -529,6 +541,10 @@ class IdentityTestCase(test_v3.RestfulTestCase):
             body={'group': ref})
         return self.assertValidGroupResponse(r, ref)
 
+    def test_create_group_400(self):
+        """Call ``POST /groups``."""
+        self.post('/groups', body={'group': {}}, expected_status=400)
+
     def test_list_groups(self):
         """Call ``GET /groups``."""
         r = self.get('/groups')
@@ -569,6 +585,10 @@ class IdentityTestCase(test_v3.RestfulTestCase):
             body={'role': ref})
         return self.assertValidRoleResponse(r, ref)
 
+    def test_create_role_400(self):
+        """Call ``POST /roles``."""
+        self.post('/roles', body={'role': {}}, expected_status=400)
+
     def test_list_roles(self):
         """Call ``GET /roles``."""
         r = self.get('/roles')
-- 
cgit