Browse Source

Merge "Expiring Group Memberships API - Allow set idp authorization_ttl"

tags/17.0.0.0rc1
Zuul 3 months ago
committed by Gerrit Code Review
parent
commit
91fa019034
8 changed files with 65 additions and 4 deletions
  1. +5
    -1
      api-ref/source/v3-ext/federation/identity-provider/idp.inc
  2. +9
    -0
      api-ref/source/v3-ext/federation/identity-provider/parameters.yaml
  3. +2
    -1
      api-ref/source/v3-ext/federation/identity-provider/samples/get-response.json
  4. +2
    -1
      api-ref/source/v3-ext/federation/identity-provider/samples/update-response.json
  5. +2
    -1
      keystone/api/os_federation.py
  6. +5
    -0
      keystone/common/validation/parameter_types.py
  7. +2
    -0
      keystone/federation/schema.py
  8. +38
    -0
      keystone/tests/unit/test_v3_federation.py

+ 5
- 1
api-ref/source/v3-ext/federation/identity-provider/idp.inc View File

@@ -16,6 +16,7 @@ Parameters
~~~~~~~~~~
.. rest_parameters:: federation/identity-provider/parameters.yaml

- authorization_ttl: authorization_ttl
- domain_id: domain_id
- description: description
- enabled: enabled
@@ -39,6 +40,7 @@ Parameters

.. rest_parameters:: federation/identity-provider/parameters.yaml

- authorization_ttl: authorization_ttl
- domain_id: domain_id
- description: description
- enabled: enabled
@@ -131,6 +133,7 @@ Parameters

.. rest_parameters:: federation/identity-provider/parameters.yaml

- authorization_ttl: authorization_ttl
- domain_id: domain_id
- description: description
- enabled: enabled
@@ -221,6 +224,7 @@ Parameters

.. rest_parameters:: federation/identity-provider/parameters.yaml

- authorization_ttl: authorization_ttl
- domain_id: domain_id
- description: description
- enabled: enabled
@@ -460,4 +464,4 @@ Status Codes

.. rest_status_code:: success ../v3/status.yaml

- 204
- 204

+ 9
- 0
api-ref/source/v3-ext/federation/identity-provider/parameters.yaml View File

@@ -33,6 +33,15 @@ id_query:

# variables in body

authorization_ttl:
description: |
The length of validity in minutes for group memberships carried over
through mapping and persisted in the database. If left unset, the
default value configured in keystone will be used, if enabled.
in: body
required: false
type: integer

description:
description: |
The Identity Provider description


+ 2
- 1
api-ref/source/v3-ext/federation/identity-provider/samples/get-response.json View File

@@ -1,5 +1,6 @@
{
"identity_provider": {
"authorization_ttl": null,
"domain_id": "1789d1",
"description": "Stores ACME identities",
"remote_ids": ["acme_id_1", "acme_id_2"],
@@ -10,4 +11,4 @@
"self": "http://example.com/identity/v3/OS-FEDERATION/identity_providers/ACME"
}
}
}
}

+ 2
- 1
api-ref/source/v3-ext/federation/identity-provider/samples/update-response.json View File

@@ -1,5 +1,6 @@
{
"identity_provider": {
"authorization_ttl": null,
"domain_id": "1789d1",
"description": "Beta dev idp",
"remote_ids": ["beta_id_1", "beta_id_2"],
@@ -10,4 +11,4 @@
"self": "http://example.com/identity/v3/OS-FEDERATION/identity_providers/ACME"
}
}
}
}

+ 2
- 1
keystone/api/os_federation.py View File

@@ -74,7 +74,8 @@ class IdentityProvidersResource(_ResourceBase):
member_key = 'identity_provider'
api_prefix = '/OS-FEDERATION'
_public_parameters = frozenset(['id', 'enabled', 'description',
'remote_ids', 'links', 'domain_id'
'remote_ids', 'links', 'domain_id',
'authorization_ttl'
])
_id_path_param_name_override = 'idp_id'



+ 5
- 0
keystone/common/validation/parameter_types.py View File

@@ -69,3 +69,8 @@ email = {
'type': 'string',
'format': 'email'
}

integer_min0 = {
'type': 'integer',
'minimum': 0
}

+ 2
- 0
keystone/federation/schema.py View File

@@ -82,6 +82,7 @@ _identity_provider_properties_create = {
'enabled': parameter_types.boolean,
'description': validation.nullable(parameter_types.description),
'domain_id': validation.nullable(parameter_types.id_string),
'authorization_ttl': validation.nullable(parameter_types.integer_min0),
'remote_ids': {
'type': ['array', 'null'],
'items': {
@@ -94,6 +95,7 @@ _identity_provider_properties_create = {
_identity_provider_properties_update = {
'enabled': parameter_types.boolean,
'description': validation.nullable(parameter_types.description),
'authorization_ttl': validation.nullable(parameter_types.integer_min0),
'remote_ids': {
'type': ['array', 'null'],
'items': {


+ 38
- 0
keystone/tests/unit/test_v3_federation.py View File

@@ -1132,6 +1132,18 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase):
keys_to_check=keys_to_check,
ref=expected)

def test_create_idp_authorization_ttl(self):
keys_to_check = list(self.idp_keys)
keys_to_check.append('authorization_ttl')
body = self.default_body.copy()
body['description'] = uuid.uuid4().hex
body['authorization_ttl'] = 10080
resp = self._create_default_idp(body)
expected = body.copy()
self.assertValidResponse(resp, 'identity_provider', dummy_validator,
keys_to_check=keys_to_check,
ref=expected)

def test_update_idp_remote_ids(self):
"""Update IdP's remote_ids parameter."""
body = self.default_body.copy()
@@ -1216,6 +1228,32 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase):
self.assertIn('Duplicate remote ID',
resp_data['error']['message'])

def test_update_idp_authorization_ttl(self):
body = self.default_body.copy()
body['authorization_ttl'] = 10080
default_resp = self._create_default_idp(body=body)
default_idp = self._fetch_attribute_from_response(default_resp,
'identity_provider')
idp_id = default_idp.get('id')
url = self.base_url(suffix=idp_id)
self.assertIsNotNone(idp_id)

body['authorization_ttl'] = None

body = {'identity_provider': body}
resp = self.patch(url, body=body)
updated_idp = self._fetch_attribute_from_response(resp,
'identity_provider')
body = body['identity_provider']
self.assertEqual(body['authorization_ttl'],
updated_idp.get('authorization_ttl'))

resp = self.get(url)
returned_idp = self._fetch_attribute_from_response(resp,
'identity_provider')
self.assertEqual(body['authorization_ttl'],
returned_idp.get('authorization_ttl'))

def test_list_head_idps(self, iterations=5):
"""List all available IdentityProviders.



Loading…
Cancel
Save