From 1c94ae71d687b2b0b479639193ca44b0588962ba Mon Sep 17 00:00:00 2001 From: David Stanek Date: Wed, 14 Dec 2016 20:33:52 +0000 Subject: [PATCH] Adds projects mapping to the mapping engine This was really enabled by two things: - enable lists to appear in the mapping rules - specifically pull out the projects to return bp shadow-mapping Change-Id: I3980e20d21a2114543ec20f63c107de1d16939aa --- keystone/federation/utils.py | 9 ++++++- .../unit/contrib/federation/test_utils.py | 17 +++++++++++++ keystone/tests/unit/mapping_fixtures.py | 24 +++++++++++++++++++ 3 files changed, 49 insertions(+), 1 deletion(-) diff --git a/keystone/federation/utils.py b/keystone/federation/utils.py index ddb50599c5..1e8080b8a5 100644 --- a/keystone/federation/utils.py +++ b/keystone/federation/utils.py @@ -575,6 +575,7 @@ class RuleProcessor(object): group_ids = set() group_names = list() groups_by_domain = dict() + projects = [] # if mapping yield no valid identity values, we should bail right away # instead of continuing on with a normalized bogus user @@ -632,12 +633,15 @@ class RuleProcessor(object): ast.literal_eval(identity_value['group_ids'])) except (ValueError, SyntaxError): group_ids.update([identity_value['group_ids']]) + if 'projects' in identity_value: + projects = identity_value['projects'] normalize_user(user) return {'user': user, 'group_ids': list(group_ids), - 'group_names': group_names} + 'group_names': group_names, + 'projects': projects} def _update_local_mapping(self, local, direct_maps): """Replace any {0}, {1} ... values with data from the assertion. @@ -671,6 +675,9 @@ class RuleProcessor(object): for k, v in local.items(): if isinstance(v, dict): new_value = self._update_local_mapping(v, direct_maps) + elif isinstance(v, list): + new_value = [self._update_local_mapping(item, direct_maps) + for item in v] else: try: new_value = v.format(*direct_maps) diff --git a/keystone/tests/unit/contrib/federation/test_utils.py b/keystone/tests/unit/contrib/federation/test_utils.py index 9063716066..975eb09c7a 100644 --- a/keystone/tests/unit/contrib/federation/test_utils.py +++ b/keystone/tests/unit/contrib/federation/test_utils.py @@ -731,6 +731,23 @@ class MappingRuleEngineTests(unit.BaseTestCase): self.assertItemsEqual(['210mlk', '321cba'], mapped_properties['group_ids']) + def test_mapping_projects(self): + mapping = mapping_fixtures.MAPPING_PROJECTS + assertion = mapping_fixtures.EMPLOYEE_ASSERTION + rp = mapping_utils.RuleProcessor(FAKE_MAPPING_ID, mapping['rules']) + values = rp.process(assertion) + + self.assertValidMappedUserObject(values) + expected_username = mapping_fixtures.EMPLOYEE_ASSERTION['UserName'] + self.assertEqual(expected_username, values['user']['name']) + + expected_projects = [ + {"name": "a"}, + {"name": "b"}, + {"name": "project for %s" % expected_username}, + ] + self.assertEqual(expected_projects, values['projects']) + class TestUnicodeAssertionData(unit.BaseTestCase): """Ensure that unicode data in the assertion headers works. diff --git a/keystone/tests/unit/mapping_fixtures.py b/keystone/tests/unit/mapping_fixtures.py index 0592fb63da..87f835fdc6 100644 --- a/keystone/tests/unit/mapping_fixtures.py +++ b/keystone/tests/unit/mapping_fixtures.py @@ -1588,3 +1588,27 @@ MAPPING_UNICODE = { }, ], } + +MAPPING_PROJECTS = { + "rules": [ + { + "local": [ + { + "user": { + "name": "{0}" + }, + "projects": [ + {"name": "a"}, + {"name": "b"}, + {"name": "project for {0}"}, + ], + } + ], + "remote": [ + { + "type": "UserName" + } + ] + }, + ] +}