openstack
/
keystone
Code Issues Proposed changes

Simplify federated_domain_name processing 

federated_domain_name has a default so it's always going to be set
to something. There's no need for the code to be complicated by
checking if it's not set.

Change-Id: Iba152bfc55b976e1bcb4aad97866e6110c297aa3
This commit is contained in:
Brant Knudson 2015-08-26 15:16:16 -05:00
parent 53237b5d9b
commit 8a2486883f
7 changed files with 8 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
keystone/common/config.py
View File

@ -515,9 +515,7 @@ FILE_OPTIONS = {
'an admin will not be able to create a domain with '
'this name or update an existing domain to this '
'name. You are not advised to change this value '
'unless you really have to. Changing this option '
'to empty string or None will not have any impact and '
'default name will be used.'),
'unless you really have to.'),
cfg.MultiStrOpt('trusted_dashboard', default=[],
help='A list of trusted dashboard hosts. Before '
'accepting a Single Sign-On request to return a '

1
keystone/contrib/federation/constants.py
View File

@ -12,5 +12,4 @@
FEDERATION = 'OS-FEDERATION'
IDENTITY_PROVIDER = 'OS-FEDERATION:identity_provider'
FEDERATED_DOMAIN_KEYWORD = 'Federated'
PROTOCOL = 'OS-FEDERATION:protocol'

4
keystone/contrib/federation/utils.py
View File

@ -21,7 +21,6 @@ from oslo_log import log
from oslo_utils import timeutils
import six
from keystone.contrib.federation import constants as federation_constants
from keystone import exception
from keystone.i18n import _, _LW
@ -528,8 +527,7 @@ class RuleProcessor(object):
if user_type == UserType.EPHEMERAL:
user['domain'] = {
'id': (CONF.federation.federated_domain_name or
federation_constants.FEDERATED_DOMAIN_KEYWORD)
'id': CONF.federation.federated_domain_name
}
# initialize the group_ids as a set to eliminate duplicates

9
keystone/resource/core.py
View File

@ -23,7 +23,6 @@ from keystone.common import clean
from keystone.common import dependency
from keystone.common import driver_hints
from keystone.common import manager
from keystone.contrib.federation import constants as federation_constants
from keystone import exception
from keystone.i18n import _, _LE, _LW
from keystone import notifications
@ -139,15 +138,13 @@ class Manager(manager.Manager):
"""
# NOTE(marek-denis): We cannot create this attribute in the __init__ as
# config values are always initialized to default value.
federated_domain = (
CONF.federation.federated_domain_name or
federation_constants.FEDERATED_DOMAIN_KEYWORD).lower()
federated_domain = CONF.federation.federated_domain_name.lower()
if (domain.get('name') and domain['name'].lower() == federated_domain):
raise AssertionError(_('Domain cannot be named %s')
% federated_domain)
% domain['name'])
if (domain_id.lower() == federated_domain):
raise AssertionError(_('Domain cannot have ID %s')
% federated_domain)
% domain_id)
def assert_project_enabled(self, project_id, project=None):
"""Assert the project is enabled and its associated domain is enabled.

34
keystone/tests/unit/test_v3_assignment.py
View File

@ -467,40 +467,6 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
self.resource_api.update_domain,
domain['id'], domain)
def test_set_federated_domain_when_config_empty(self):
"""Make sure we are operable even if config value is not properly
set.
This includes operations like create, update, delete.
"""
federated_name = 'Federated'
self.config_fixture.config(group='federation',
federated_domain_name='')
domain = self.new_domain_ref()
domain['id'] = federated_name
self.assertRaises(AssertionError,
self.resource_api.create_domain,
domain['id'], domain)
self.assertRaises(exception.DomainNotFound,
self.resource_api.delete_domain,
domain['id'])
self.assertRaises(AssertionError,
self.resource_api.update_domain,
domain['id'], domain)
# swap id with name
domain['id'], domain['name'] = domain['name'], domain['id']
self.assertRaises(AssertionError,
self.resource_api.create_domain,
domain['id'], domain)
self.assertRaises(exception.DomainNotFound,
self.resource_api.delete_domain,
domain['id'])
self.assertRaises(AssertionError,
self.resource_api.update_domain,
domain['id'], domain)
# Project CRUD tests
def test_list_projects(self):

3
keystone/tests/unit/test_v3_federation.py
View File

@ -33,7 +33,6 @@ if not xmldsig:
from keystone.auth import controllers as auth_controllers
from keystone.auth.plugins import mapped
from keystone.contrib.federation import constants as federation_constants
from keystone.contrib.federation import controllers as federation_controllers
from keystone.contrib.federation import idp as keystone_idp
from keystone.contrib.federation import utils as mapping_utils
@ -1470,7 +1469,7 @@ class MappingRuleEngineTests(FederationTests):
self.assertIn('domain', user)
domain = user['domain']
domain_name_or_id = domain.get('id') or domain.get('name')
domain_ref = domain_id or federation_constants.FEDERATED_DOMAIN_KEYWORD
domain_ref = domain_id or 'Federated'
self.assertEqual(domain_ref, domain_name_or_id)
def test_rule_engine_any_one_of_and_direct_mapping(self):

9
keystone/token/providers/common.py
View File

@ -579,11 +579,6 @@ class BaseProvider(provider.Provider):
return token_id, token_data
def _handle_mapped_tokens(self, auth_context, project_id, domain_id):
def get_federated_domain():
return (CONF.federation.federated_domain_name or
federation_constants.FEDERATED_DOMAIN_KEYWORD)
federated_domain = get_federated_domain()
user_id = auth_context['user_id']
group_ids = auth_context['group_ids']
idp = auth_context[federation_constants.IDENTITY_PROVIDER]
@ -598,8 +593,8 @@ class BaseProvider(provider.Provider):
'protocol': {'id': protocol}
},
'domain': {
'id': federated_domain,
'name': federated_domain
'id': CONF.federation.federated_domain_name,
'name': CONF.federation.federated_domain_name
}
}
}