Merge "Add schema for identity provider"
This commit is contained in:
commit
a4ac0b64e8
|
@ -91,6 +91,7 @@ class IdentityProvider(_ControllerBase):
|
|||
return {cls.member_name: ref}
|
||||
|
||||
@controller.protected()
|
||||
@validation.validated(schema.identity_provider_create, 'identity_provider')
|
||||
def create_identity_provider(self, context, idp_id, identity_provider):
|
||||
identity_provider = self._normalize_dict(identity_provider)
|
||||
identity_provider.setdefault('enabled', False)
|
||||
|
@ -115,6 +116,7 @@ class IdentityProvider(_ControllerBase):
|
|||
self.federation_api.delete_idp(idp_id)
|
||||
|
||||
@controller.protected()
|
||||
@validation.validated(schema.identity_provider_update, 'identity_provider')
|
||||
def update_identity_provider(self, context, idp_id, identity_provider):
|
||||
identity_provider = self._normalize_dict(identity_provider)
|
||||
IdentityProvider.check_immutable_params(identity_provider)
|
||||
|
|
|
@ -77,3 +77,29 @@ service_provider_update = {
|
|||
'minProperties': 1,
|
||||
'additionalProperties': False
|
||||
}
|
||||
|
||||
_identity_provider_properties = {
|
||||
'enabled': parameter_types.boolean,
|
||||
'description': validation.nullable(parameter_types.description),
|
||||
'remote_ids': {
|
||||
'type': ['array', 'null'],
|
||||
'items': {
|
||||
'type': 'string'
|
||||
},
|
||||
'uniqueItems': True
|
||||
}
|
||||
}
|
||||
|
||||
identity_provider_create = {
|
||||
'type': 'object',
|
||||
'properties': _identity_provider_properties,
|
||||
'additionalProperties': False
|
||||
}
|
||||
|
||||
identity_provider_update = {
|
||||
'type': 'object',
|
||||
'properties': _identity_provider_properties,
|
||||
# Make sure at least one property is being updated
|
||||
'minProperties': 1,
|
||||
'additionalProperties': False
|
||||
}
|
||||
|
|
|
@ -1139,7 +1139,7 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase):
|
|||
def test_update_idp_immutable_attributes(self):
|
||||
"""Update IdP's immutable parameters.
|
||||
|
||||
Expect HTTP FORBIDDEN.
|
||||
Expect HTTP BAD REQUEST.
|
||||
|
||||
"""
|
||||
default_resp = self._create_default_idp()
|
||||
|
@ -1154,7 +1154,7 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase):
|
|||
|
||||
url = self.base_url(suffix=idp_id)
|
||||
self.patch(url, body={'identity_provider': body},
|
||||
expected_status=http_client.FORBIDDEN)
|
||||
expected_status=http_client.BAD_REQUEST)
|
||||
|
||||
def test_update_nonexistent_idp(self):
|
||||
"""Update nonexistent IdP
|
||||
|
|
|
@ -1879,3 +1879,104 @@ class GroupValidationTestCase(unit.BaseTestCase):
|
|||
"""Validate group update requests with extra parameters."""
|
||||
request_to_validate = {'other_attr': uuid.uuid4().hex}
|
||||
self.update_group_validator.validate(request_to_validate)
|
||||
|
||||
|
||||
class IdentityProviderValidationTestCase(unit.BaseTestCase):
|
||||
"""Test for V3 Identity Provider API validation."""
|
||||
|
||||
def setUp(self):
|
||||
super(IdentityProviderValidationTestCase, self).setUp()
|
||||
|
||||
create = federation_schema.identity_provider_create
|
||||
update = federation_schema.identity_provider_update
|
||||
self.create_idp_validator = validators.SchemaValidator(create)
|
||||
self.update_idp_validator = validators.SchemaValidator(update)
|
||||
|
||||
def test_validate_idp_request_succeeds(self):
|
||||
"""Test that we validate an identity provider request."""
|
||||
request_to_validate = {'description': 'identity provider description',
|
||||
'enabled': True,
|
||||
'remote_ids': [uuid.uuid4().hex,
|
||||
uuid.uuid4().hex]}
|
||||
self.create_idp_validator.validate(request_to_validate)
|
||||
self.update_idp_validator.validate(request_to_validate)
|
||||
|
||||
def test_validate_idp_request_fails_with_invalid_params(self):
|
||||
"""Exception raised when unknown parameter is found."""
|
||||
request_to_validate = {'bogus': uuid.uuid4().hex}
|
||||
self.assertRaises(exception.SchemaValidationError,
|
||||
self.create_idp_validator.validate,
|
||||
request_to_validate)
|
||||
|
||||
self.assertRaises(exception.SchemaValidationError,
|
||||
self.update_idp_validator.validate,
|
||||
request_to_validate)
|
||||
|
||||
def test_validate_idp_request_with_enabled(self):
|
||||
"""Validate `enabled` as boolean-like values."""
|
||||
for valid_enabled in _VALID_ENABLED_FORMATS:
|
||||
request_to_validate = {'enabled': valid_enabled}
|
||||
self.create_idp_validator.validate(request_to_validate)
|
||||
self.update_idp_validator.validate(request_to_validate)
|
||||
|
||||
def test_validate_idp_request_with_invalid_enabled_fails(self):
|
||||
"""Exception is raised when `enabled` isn't a boolean-like value."""
|
||||
for invalid_enabled in _INVALID_ENABLED_FORMATS:
|
||||
request_to_validate = {'enabled': invalid_enabled}
|
||||
self.assertRaises(exception.SchemaValidationError,
|
||||
self.create_idp_validator.validate,
|
||||
request_to_validate)
|
||||
|
||||
self.assertRaises(exception.SchemaValidationError,
|
||||
self.update_idp_validator.validate,
|
||||
request_to_validate)
|
||||
|
||||
def test_validate_idp_request_no_parameters(self):
|
||||
"""Test that schema validation with empty request body."""
|
||||
request_to_validate = {}
|
||||
self.create_idp_validator.validate(request_to_validate)
|
||||
|
||||
# Exception raised when no property on IdP update.
|
||||
self.assertRaises(exception.SchemaValidationError,
|
||||
self.update_idp_validator.validate,
|
||||
request_to_validate)
|
||||
|
||||
def test_validate_idp_request_with_invalid_description_fails(self):
|
||||
"""Exception is raised when `description` as a non-string value."""
|
||||
request_to_validate = {'description': False}
|
||||
self.assertRaises(exception.SchemaValidationError,
|
||||
self.create_idp_validator.validate,
|
||||
request_to_validate)
|
||||
|
||||
self.assertRaises(exception.SchemaValidationError,
|
||||
self.update_idp_validator.validate,
|
||||
request_to_validate)
|
||||
|
||||
def test_validate_idp_request_with_invalid_remote_id_fails(self):
|
||||
"""Exception is raised when `remote_ids` is not a array."""
|
||||
request_to_validate = {"remote_ids": uuid.uuid4().hex}
|
||||
self.assertRaises(exception.SchemaValidationError,
|
||||
self.create_idp_validator.validate,
|
||||
request_to_validate)
|
||||
|
||||
self.assertRaises(exception.SchemaValidationError,
|
||||
self.update_idp_validator.validate,
|
||||
request_to_validate)
|
||||
|
||||
def test_validate_idp_request_with_duplicated_remote_id(self):
|
||||
"""Exception is raised when the duplicated `remote_ids` is found."""
|
||||
idp_id = uuid.uuid4().hex
|
||||
request_to_validate = {"remote_ids": [idp_id, idp_id]}
|
||||
self.assertRaises(exception.SchemaValidationError,
|
||||
self.create_idp_validator.validate,
|
||||
request_to_validate)
|
||||
|
||||
self.assertRaises(exception.SchemaValidationError,
|
||||
self.update_idp_validator.validate,
|
||||
request_to_validate)
|
||||
|
||||
def test_validate_idp_request_remote_id_nullable(self):
|
||||
"""Test that `remote_ids` could be explicitly set to None"""
|
||||
request_to_validate = {'remote_ids': None}
|
||||
self.create_idp_validator.validate(request_to_validate)
|
||||
self.update_idp_validator.validate(request_to_validate)
|
||||
|
|
Loading…
Reference in New Issue