Simplify federated_domain_name processing
federated_domain_name has a default so it's always going to be set to something. There's no need for the code to be complicated by checking if it's not set. Change-Id: Iba152bfc55b976e1bcb4aad97866e6110c297aa3
This commit is contained in:
parent
53237b5d9b
commit
8a2486883f
|
@ -515,9 +515,7 @@ FILE_OPTIONS = {
|
||||||
'an admin will not be able to create a domain with '
|
'an admin will not be able to create a domain with '
|
||||||
'this name or update an existing domain to this '
|
'this name or update an existing domain to this '
|
||||||
'name. You are not advised to change this value '
|
'name. You are not advised to change this value '
|
||||||
'unless you really have to. Changing this option '
|
'unless you really have to.'),
|
||||||
'to empty string or None will not have any impact and '
|
|
||||||
'default name will be used.'),
|
|
||||||
cfg.MultiStrOpt('trusted_dashboard', default=[],
|
cfg.MultiStrOpt('trusted_dashboard', default=[],
|
||||||
help='A list of trusted dashboard hosts. Before '
|
help='A list of trusted dashboard hosts. Before '
|
||||||
'accepting a Single Sign-On request to return a '
|
'accepting a Single Sign-On request to return a '
|
||||||
|
|
|
@ -12,5 +12,4 @@
|
||||||
|
|
||||||
FEDERATION = 'OS-FEDERATION'
|
FEDERATION = 'OS-FEDERATION'
|
||||||
IDENTITY_PROVIDER = 'OS-FEDERATION:identity_provider'
|
IDENTITY_PROVIDER = 'OS-FEDERATION:identity_provider'
|
||||||
FEDERATED_DOMAIN_KEYWORD = 'Federated'
|
|
||||||
PROTOCOL = 'OS-FEDERATION:protocol'
|
PROTOCOL = 'OS-FEDERATION:protocol'
|
||||||
|
|
|
@ -21,7 +21,6 @@ from oslo_log import log
|
||||||
from oslo_utils import timeutils
|
from oslo_utils import timeutils
|
||||||
import six
|
import six
|
||||||
|
|
||||||
from keystone.contrib.federation import constants as federation_constants
|
|
||||||
from keystone import exception
|
from keystone import exception
|
||||||
from keystone.i18n import _, _LW
|
from keystone.i18n import _, _LW
|
||||||
|
|
||||||
|
@ -528,8 +527,7 @@ class RuleProcessor(object):
|
||||||
|
|
||||||
if user_type == UserType.EPHEMERAL:
|
if user_type == UserType.EPHEMERAL:
|
||||||
user['domain'] = {
|
user['domain'] = {
|
||||||
'id': (CONF.federation.federated_domain_name or
|
'id': CONF.federation.federated_domain_name
|
||||||
federation_constants.FEDERATED_DOMAIN_KEYWORD)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# initialize the group_ids as a set to eliminate duplicates
|
# initialize the group_ids as a set to eliminate duplicates
|
||||||
|
|
|
@ -23,7 +23,6 @@ from keystone.common import clean
|
||||||
from keystone.common import dependency
|
from keystone.common import dependency
|
||||||
from keystone.common import driver_hints
|
from keystone.common import driver_hints
|
||||||
from keystone.common import manager
|
from keystone.common import manager
|
||||||
from keystone.contrib.federation import constants as federation_constants
|
|
||||||
from keystone import exception
|
from keystone import exception
|
||||||
from keystone.i18n import _, _LE, _LW
|
from keystone.i18n import _, _LE, _LW
|
||||||
from keystone import notifications
|
from keystone import notifications
|
||||||
|
@ -139,15 +138,13 @@ class Manager(manager.Manager):
|
||||||
"""
|
"""
|
||||||
# NOTE(marek-denis): We cannot create this attribute in the __init__ as
|
# NOTE(marek-denis): We cannot create this attribute in the __init__ as
|
||||||
# config values are always initialized to default value.
|
# config values are always initialized to default value.
|
||||||
federated_domain = (
|
federated_domain = CONF.federation.federated_domain_name.lower()
|
||||||
CONF.federation.federated_domain_name or
|
|
||||||
federation_constants.FEDERATED_DOMAIN_KEYWORD).lower()
|
|
||||||
if (domain.get('name') and domain['name'].lower() == federated_domain):
|
if (domain.get('name') and domain['name'].lower() == federated_domain):
|
||||||
raise AssertionError(_('Domain cannot be named %s')
|
raise AssertionError(_('Domain cannot be named %s')
|
||||||
% federated_domain)
|
% domain['name'])
|
||||||
if (domain_id.lower() == federated_domain):
|
if (domain_id.lower() == federated_domain):
|
||||||
raise AssertionError(_('Domain cannot have ID %s')
|
raise AssertionError(_('Domain cannot have ID %s')
|
||||||
% federated_domain)
|
% domain_id)
|
||||||
|
|
||||||
def assert_project_enabled(self, project_id, project=None):
|
def assert_project_enabled(self, project_id, project=None):
|
||||||
"""Assert the project is enabled and its associated domain is enabled.
|
"""Assert the project is enabled and its associated domain is enabled.
|
||||||
|
|
|
@ -467,40 +467,6 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
|
||||||
self.resource_api.update_domain,
|
self.resource_api.update_domain,
|
||||||
domain['id'], domain)
|
domain['id'], domain)
|
||||||
|
|
||||||
def test_set_federated_domain_when_config_empty(self):
|
|
||||||
"""Make sure we are operable even if config value is not properly
|
|
||||||
set.
|
|
||||||
|
|
||||||
This includes operations like create, update, delete.
|
|
||||||
|
|
||||||
"""
|
|
||||||
federated_name = 'Federated'
|
|
||||||
self.config_fixture.config(group='federation',
|
|
||||||
federated_domain_name='')
|
|
||||||
domain = self.new_domain_ref()
|
|
||||||
domain['id'] = federated_name
|
|
||||||
self.assertRaises(AssertionError,
|
|
||||||
self.resource_api.create_domain,
|
|
||||||
domain['id'], domain)
|
|
||||||
self.assertRaises(exception.DomainNotFound,
|
|
||||||
self.resource_api.delete_domain,
|
|
||||||
domain['id'])
|
|
||||||
self.assertRaises(AssertionError,
|
|
||||||
self.resource_api.update_domain,
|
|
||||||
domain['id'], domain)
|
|
||||||
|
|
||||||
# swap id with name
|
|
||||||
domain['id'], domain['name'] = domain['name'], domain['id']
|
|
||||||
self.assertRaises(AssertionError,
|
|
||||||
self.resource_api.create_domain,
|
|
||||||
domain['id'], domain)
|
|
||||||
self.assertRaises(exception.DomainNotFound,
|
|
||||||
self.resource_api.delete_domain,
|
|
||||||
domain['id'])
|
|
||||||
self.assertRaises(AssertionError,
|
|
||||||
self.resource_api.update_domain,
|
|
||||||
domain['id'], domain)
|
|
||||||
|
|
||||||
# Project CRUD tests
|
# Project CRUD tests
|
||||||
|
|
||||||
def test_list_projects(self):
|
def test_list_projects(self):
|
||||||
|
|
|
@ -33,7 +33,6 @@ if not xmldsig:
|
||||||
|
|
||||||
from keystone.auth import controllers as auth_controllers
|
from keystone.auth import controllers as auth_controllers
|
||||||
from keystone.auth.plugins import mapped
|
from keystone.auth.plugins import mapped
|
||||||
from keystone.contrib.federation import constants as federation_constants
|
|
||||||
from keystone.contrib.federation import controllers as federation_controllers
|
from keystone.contrib.federation import controllers as federation_controllers
|
||||||
from keystone.contrib.federation import idp as keystone_idp
|
from keystone.contrib.federation import idp as keystone_idp
|
||||||
from keystone.contrib.federation import utils as mapping_utils
|
from keystone.contrib.federation import utils as mapping_utils
|
||||||
|
@ -1470,7 +1469,7 @@ class MappingRuleEngineTests(FederationTests):
|
||||||
self.assertIn('domain', user)
|
self.assertIn('domain', user)
|
||||||
domain = user['domain']
|
domain = user['domain']
|
||||||
domain_name_or_id = domain.get('id') or domain.get('name')
|
domain_name_or_id = domain.get('id') or domain.get('name')
|
||||||
domain_ref = domain_id or federation_constants.FEDERATED_DOMAIN_KEYWORD
|
domain_ref = domain_id or 'Federated'
|
||||||
self.assertEqual(domain_ref, domain_name_or_id)
|
self.assertEqual(domain_ref, domain_name_or_id)
|
||||||
|
|
||||||
def test_rule_engine_any_one_of_and_direct_mapping(self):
|
def test_rule_engine_any_one_of_and_direct_mapping(self):
|
||||||
|
|
|
@ -579,11 +579,6 @@ class BaseProvider(provider.Provider):
|
||||||
return token_id, token_data
|
return token_id, token_data
|
||||||
|
|
||||||
def _handle_mapped_tokens(self, auth_context, project_id, domain_id):
|
def _handle_mapped_tokens(self, auth_context, project_id, domain_id):
|
||||||
def get_federated_domain():
|
|
||||||
return (CONF.federation.federated_domain_name or
|
|
||||||
federation_constants.FEDERATED_DOMAIN_KEYWORD)
|
|
||||||
|
|
||||||
federated_domain = get_federated_domain()
|
|
||||||
user_id = auth_context['user_id']
|
user_id = auth_context['user_id']
|
||||||
group_ids = auth_context['group_ids']
|
group_ids = auth_context['group_ids']
|
||||||
idp = auth_context[federation_constants.IDENTITY_PROVIDER]
|
idp = auth_context[federation_constants.IDENTITY_PROVIDER]
|
||||||
|
@ -598,8 +593,8 @@ class BaseProvider(provider.Provider):
|
||||||
'protocol': {'id': protocol}
|
'protocol': {'id': protocol}
|
||||||
},
|
},
|
||||||
'domain': {
|
'domain': {
|
||||||
'id': federated_domain,
|
'id': CONF.federation.federated_domain_name,
|
||||||
'name': federated_domain
|
'name': CONF.federation.federated_domain_name
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue