Merge "Expiring Group Memberships API - Allow set idp authorization_ttl"
This commit is contained in:
commit
91fa019034
|
@ -16,6 +16,7 @@ Parameters
|
||||||
~~~~~~~~~~
|
~~~~~~~~~~
|
||||||
.. rest_parameters:: federation/identity-provider/parameters.yaml
|
.. rest_parameters:: federation/identity-provider/parameters.yaml
|
||||||
|
|
||||||
|
- authorization_ttl: authorization_ttl
|
||||||
- domain_id: domain_id
|
- domain_id: domain_id
|
||||||
- description: description
|
- description: description
|
||||||
- enabled: enabled
|
- enabled: enabled
|
||||||
|
@ -39,6 +40,7 @@ Parameters
|
||||||
|
|
||||||
.. rest_parameters:: federation/identity-provider/parameters.yaml
|
.. rest_parameters:: federation/identity-provider/parameters.yaml
|
||||||
|
|
||||||
|
- authorization_ttl: authorization_ttl
|
||||||
- domain_id: domain_id
|
- domain_id: domain_id
|
||||||
- description: description
|
- description: description
|
||||||
- enabled: enabled
|
- enabled: enabled
|
||||||
|
@ -131,6 +133,7 @@ Parameters
|
||||||
|
|
||||||
.. rest_parameters:: federation/identity-provider/parameters.yaml
|
.. rest_parameters:: federation/identity-provider/parameters.yaml
|
||||||
|
|
||||||
|
- authorization_ttl: authorization_ttl
|
||||||
- domain_id: domain_id
|
- domain_id: domain_id
|
||||||
- description: description
|
- description: description
|
||||||
- enabled: enabled
|
- enabled: enabled
|
||||||
|
@ -221,6 +224,7 @@ Parameters
|
||||||
|
|
||||||
.. rest_parameters:: federation/identity-provider/parameters.yaml
|
.. rest_parameters:: federation/identity-provider/parameters.yaml
|
||||||
|
|
||||||
|
- authorization_ttl: authorization_ttl
|
||||||
- domain_id: domain_id
|
- domain_id: domain_id
|
||||||
- description: description
|
- description: description
|
||||||
- enabled: enabled
|
- enabled: enabled
|
||||||
|
@ -460,4 +464,4 @@ Status Codes
|
||||||
|
|
||||||
.. rest_status_code:: success ../v3/status.yaml
|
.. rest_status_code:: success ../v3/status.yaml
|
||||||
|
|
||||||
- 204
|
- 204
|
||||||
|
|
|
@ -33,6 +33,15 @@ id_query:
|
||||||
|
|
||||||
# variables in body
|
# variables in body
|
||||||
|
|
||||||
|
authorization_ttl:
|
||||||
|
description: |
|
||||||
|
The length of validity in minutes for group memberships carried over
|
||||||
|
through mapping and persisted in the database. If left unset, the
|
||||||
|
default value configured in keystone will be used, if enabled.
|
||||||
|
in: body
|
||||||
|
required: false
|
||||||
|
type: integer
|
||||||
|
|
||||||
description:
|
description:
|
||||||
description: |
|
description: |
|
||||||
The Identity Provider description
|
The Identity Provider description
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
{
|
{
|
||||||
"identity_provider": {
|
"identity_provider": {
|
||||||
|
"authorization_ttl": null,
|
||||||
"domain_id": "1789d1",
|
"domain_id": "1789d1",
|
||||||
"description": "Stores ACME identities",
|
"description": "Stores ACME identities",
|
||||||
"remote_ids": ["acme_id_1", "acme_id_2"],
|
"remote_ids": ["acme_id_1", "acme_id_2"],
|
||||||
|
@ -10,4 +11,4 @@
|
||||||
"self": "http://example.com/identity/v3/OS-FEDERATION/identity_providers/ACME"
|
"self": "http://example.com/identity/v3/OS-FEDERATION/identity_providers/ACME"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
{
|
{
|
||||||
"identity_provider": {
|
"identity_provider": {
|
||||||
|
"authorization_ttl": null,
|
||||||
"domain_id": "1789d1",
|
"domain_id": "1789d1",
|
||||||
"description": "Beta dev idp",
|
"description": "Beta dev idp",
|
||||||
"remote_ids": ["beta_id_1", "beta_id_2"],
|
"remote_ids": ["beta_id_1", "beta_id_2"],
|
||||||
|
@ -10,4 +11,4 @@
|
||||||
"self": "http://example.com/identity/v3/OS-FEDERATION/identity_providers/ACME"
|
"self": "http://example.com/identity/v3/OS-FEDERATION/identity_providers/ACME"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -74,7 +74,8 @@ class IdentityProvidersResource(_ResourceBase):
|
||||||
member_key = 'identity_provider'
|
member_key = 'identity_provider'
|
||||||
api_prefix = '/OS-FEDERATION'
|
api_prefix = '/OS-FEDERATION'
|
||||||
_public_parameters = frozenset(['id', 'enabled', 'description',
|
_public_parameters = frozenset(['id', 'enabled', 'description',
|
||||||
'remote_ids', 'links', 'domain_id'
|
'remote_ids', 'links', 'domain_id',
|
||||||
|
'authorization_ttl'
|
||||||
])
|
])
|
||||||
_id_path_param_name_override = 'idp_id'
|
_id_path_param_name_override = 'idp_id'
|
||||||
|
|
||||||
|
|
|
@ -69,3 +69,8 @@ email = {
|
||||||
'type': 'string',
|
'type': 'string',
|
||||||
'format': 'email'
|
'format': 'email'
|
||||||
}
|
}
|
||||||
|
|
||||||
|
integer_min0 = {
|
||||||
|
'type': 'integer',
|
||||||
|
'minimum': 0
|
||||||
|
}
|
||||||
|
|
|
@ -82,6 +82,7 @@ _identity_provider_properties_create = {
|
||||||
'enabled': parameter_types.boolean,
|
'enabled': parameter_types.boolean,
|
||||||
'description': validation.nullable(parameter_types.description),
|
'description': validation.nullable(parameter_types.description),
|
||||||
'domain_id': validation.nullable(parameter_types.id_string),
|
'domain_id': validation.nullable(parameter_types.id_string),
|
||||||
|
'authorization_ttl': validation.nullable(parameter_types.integer_min0),
|
||||||
'remote_ids': {
|
'remote_ids': {
|
||||||
'type': ['array', 'null'],
|
'type': ['array', 'null'],
|
||||||
'items': {
|
'items': {
|
||||||
|
@ -94,6 +95,7 @@ _identity_provider_properties_create = {
|
||||||
_identity_provider_properties_update = {
|
_identity_provider_properties_update = {
|
||||||
'enabled': parameter_types.boolean,
|
'enabled': parameter_types.boolean,
|
||||||
'description': validation.nullable(parameter_types.description),
|
'description': validation.nullable(parameter_types.description),
|
||||||
|
'authorization_ttl': validation.nullable(parameter_types.integer_min0),
|
||||||
'remote_ids': {
|
'remote_ids': {
|
||||||
'type': ['array', 'null'],
|
'type': ['array', 'null'],
|
||||||
'items': {
|
'items': {
|
||||||
|
|
|
@ -1132,6 +1132,18 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase):
|
||||||
keys_to_check=keys_to_check,
|
keys_to_check=keys_to_check,
|
||||||
ref=expected)
|
ref=expected)
|
||||||
|
|
||||||
|
def test_create_idp_authorization_ttl(self):
|
||||||
|
keys_to_check = list(self.idp_keys)
|
||||||
|
keys_to_check.append('authorization_ttl')
|
||||||
|
body = self.default_body.copy()
|
||||||
|
body['description'] = uuid.uuid4().hex
|
||||||
|
body['authorization_ttl'] = 10080
|
||||||
|
resp = self._create_default_idp(body)
|
||||||
|
expected = body.copy()
|
||||||
|
self.assertValidResponse(resp, 'identity_provider', dummy_validator,
|
||||||
|
keys_to_check=keys_to_check,
|
||||||
|
ref=expected)
|
||||||
|
|
||||||
def test_update_idp_remote_ids(self):
|
def test_update_idp_remote_ids(self):
|
||||||
"""Update IdP's remote_ids parameter."""
|
"""Update IdP's remote_ids parameter."""
|
||||||
body = self.default_body.copy()
|
body = self.default_body.copy()
|
||||||
|
@ -1216,6 +1228,32 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase):
|
||||||
self.assertIn('Duplicate remote ID',
|
self.assertIn('Duplicate remote ID',
|
||||||
resp_data['error']['message'])
|
resp_data['error']['message'])
|
||||||
|
|
||||||
|
def test_update_idp_authorization_ttl(self):
|
||||||
|
body = self.default_body.copy()
|
||||||
|
body['authorization_ttl'] = 10080
|
||||||
|
default_resp = self._create_default_idp(body=body)
|
||||||
|
default_idp = self._fetch_attribute_from_response(default_resp,
|
||||||
|
'identity_provider')
|
||||||
|
idp_id = default_idp.get('id')
|
||||||
|
url = self.base_url(suffix=idp_id)
|
||||||
|
self.assertIsNotNone(idp_id)
|
||||||
|
|
||||||
|
body['authorization_ttl'] = None
|
||||||
|
|
||||||
|
body = {'identity_provider': body}
|
||||||
|
resp = self.patch(url, body=body)
|
||||||
|
updated_idp = self._fetch_attribute_from_response(resp,
|
||||||
|
'identity_provider')
|
||||||
|
body = body['identity_provider']
|
||||||
|
self.assertEqual(body['authorization_ttl'],
|
||||||
|
updated_idp.get('authorization_ttl'))
|
||||||
|
|
||||||
|
resp = self.get(url)
|
||||||
|
returned_idp = self._fetch_attribute_from_response(resp,
|
||||||
|
'identity_provider')
|
||||||
|
self.assertEqual(body['authorization_ttl'],
|
||||||
|
returned_idp.get('authorization_ttl'))
|
||||||
|
|
||||||
def test_list_head_idps(self, iterations=5):
|
def test_list_head_idps(self, iterations=5):
|
||||||
"""List all available IdentityProviders.
|
"""List all available IdentityProviders.
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue