Merge "Add schema for identity provider"

2016-01-05 13:48:15 +00:00 · 2016-01-05 13:48:15 +00:00 · a4ac0b64e8
parent 090cddb230 f5cd0f55bb
commit a4ac0b64e8
4 changed files with 131 additions and 2 deletions
--- a/keystone/federation/controllers.py
+++ b/keystone/federation/controllers.py
@ -91,6 +91,7 @@ class IdentityProvider(_ControllerBase):
        return {cls.member_name: ref}

    @controller.protected()
+    @validation.validated(schema.identity_provider_create, 'identity_provider')
    def create_identity_provider(self, context, idp_id, identity_provider):
        identity_provider = self._normalize_dict(identity_provider)
        identity_provider.setdefault('enabled', False)
@ -115,6 +116,7 @@ class IdentityProvider(_ControllerBase):
        self.federation_api.delete_idp(idp_id)

    @controller.protected()
+    @validation.validated(schema.identity_provider_update, 'identity_provider')
    def update_identity_provider(self, context, idp_id, identity_provider):
        identity_provider = self._normalize_dict(identity_provider)
        IdentityProvider.check_immutable_params(identity_provider)
--- a/keystone/federation/schema.py
+++ b/keystone/federation/schema.py
@ -77,3 +77,29 @@ service_provider_update = {
    'minProperties': 1,
    'additionalProperties': False
 }
+
+_identity_provider_properties = {
+    'enabled': parameter_types.boolean,
+    'description': validation.nullable(parameter_types.description),
+    'remote_ids': {
+        'type': ['array', 'null'],
+        'items': {
+            'type': 'string'
+        },
+        'uniqueItems': True
+    }
+}
+
+identity_provider_create = {
+    'type': 'object',
+    'properties': _identity_provider_properties,
+    'additionalProperties': False
+}
+
+identity_provider_update = {
+    'type': 'object',
+    'properties': _identity_provider_properties,
+    # Make sure at least one property is being updated
+    'minProperties': 1,
+    'additionalProperties': False
+}
--- a/keystone/tests/unit/test_v3_federation.py
+++ b/keystone/tests/unit/test_v3_federation.py
@ -1139,7 +1139,7 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase):
    def test_update_idp_immutable_attributes(self):
        """Update IdP's immutable parameters.

-        Expect HTTP FORBIDDEN.
+        Expect HTTP BAD REQUEST.

        """
        default_resp = self._create_default_idp()
@ -1154,7 +1154,7 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase):

        url = self.base_url(suffix=idp_id)
        self.patch(url, body={'identity_provider': body},
-                   expected_status=http_client.FORBIDDEN)
+                   expected_status=http_client.BAD_REQUEST)

    def test_update_nonexistent_idp(self):
        """Update nonexistent IdP
--- a/keystone/tests/unit/test_validation.py
+++ b/keystone/tests/unit/test_validation.py
@ -1879,3 +1879,104 @@ class GroupValidationTestCase(unit.BaseTestCase):
        """Validate group update requests with extra parameters."""
        request_to_validate = {'other_attr': uuid.uuid4().hex}
        self.update_group_validator.validate(request_to_validate)
+
+
+class IdentityProviderValidationTestCase(unit.BaseTestCase):
+    """Test for V3 Identity Provider API validation."""
+
+    def setUp(self):
+        super(IdentityProviderValidationTestCase, self).setUp()
+
+        create = federation_schema.identity_provider_create
+        update = federation_schema.identity_provider_update
+        self.create_idp_validator = validators.SchemaValidator(create)
+        self.update_idp_validator = validators.SchemaValidator(update)
+
+    def test_validate_idp_request_succeeds(self):
+        """Test that we validate an identity provider request."""
+        request_to_validate = {'description': 'identity provider description',
+                               'enabled': True,
+                               'remote_ids': [uuid.uuid4().hex,
+                                              uuid.uuid4().hex]}
+        self.create_idp_validator.validate(request_to_validate)
+        self.update_idp_validator.validate(request_to_validate)
+
+    def test_validate_idp_request_fails_with_invalid_params(self):
+        """Exception raised when unknown parameter is found."""
+        request_to_validate = {'bogus': uuid.uuid4().hex}
+        self.assertRaises(exception.SchemaValidationError,
+                          self.create_idp_validator.validate,
+                          request_to_validate)
+
+        self.assertRaises(exception.SchemaValidationError,
+                          self.update_idp_validator.validate,
+                          request_to_validate)
+
+    def test_validate_idp_request_with_enabled(self):
+        """Validate `enabled` as boolean-like values."""
+        for valid_enabled in _VALID_ENABLED_FORMATS:
+            request_to_validate = {'enabled': valid_enabled}
+            self.create_idp_validator.validate(request_to_validate)
+            self.update_idp_validator.validate(request_to_validate)
+
+    def test_validate_idp_request_with_invalid_enabled_fails(self):
+        """Exception is raised when `enabled` isn't a boolean-like value."""
+        for invalid_enabled in _INVALID_ENABLED_FORMATS:
+            request_to_validate = {'enabled': invalid_enabled}
+            self.assertRaises(exception.SchemaValidationError,
+                              self.create_idp_validator.validate,
+                              request_to_validate)
+
+            self.assertRaises(exception.SchemaValidationError,
+                              self.update_idp_validator.validate,
+                              request_to_validate)
+
+    def test_validate_idp_request_no_parameters(self):
+        """Test that schema validation with empty request body."""
+        request_to_validate = {}
+        self.create_idp_validator.validate(request_to_validate)
+
+        # Exception raised when no property on IdP update.
+        self.assertRaises(exception.SchemaValidationError,
+                          self.update_idp_validator.validate,
+                          request_to_validate)
+
+    def test_validate_idp_request_with_invalid_description_fails(self):
+        """Exception is raised when `description` as a non-string value."""
+        request_to_validate = {'description': False}
+        self.assertRaises(exception.SchemaValidationError,
+                          self.create_idp_validator.validate,
+                          request_to_validate)
+
+        self.assertRaises(exception.SchemaValidationError,
+                          self.update_idp_validator.validate,
+                          request_to_validate)
+
+    def test_validate_idp_request_with_invalid_remote_id_fails(self):
+        """Exception is raised when `remote_ids` is not a array."""
+        request_to_validate = {"remote_ids": uuid.uuid4().hex}
+        self.assertRaises(exception.SchemaValidationError,
+                          self.create_idp_validator.validate,
+                          request_to_validate)
+
+        self.assertRaises(exception.SchemaValidationError,
+                          self.update_idp_validator.validate,
+                          request_to_validate)
+
+    def test_validate_idp_request_with_duplicated_remote_id(self):
+        """Exception is raised when the duplicated `remote_ids` is found."""
+        idp_id = uuid.uuid4().hex
+        request_to_validate = {"remote_ids": [idp_id, idp_id]}
+        self.assertRaises(exception.SchemaValidationError,
+                          self.create_idp_validator.validate,
+                          request_to_validate)
+
+        self.assertRaises(exception.SchemaValidationError,
+                          self.update_idp_validator.validate,
+                          request_to_validate)
+
+    def test_validate_idp_request_remote_id_nullable(self):
+        """Test that `remote_ids` could be explicitly set to None"""
+        request_to_validate = {'remote_ids': None}
+        self.create_idp_validator.validate(request_to_validate)
+        self.update_idp_validator.validate(request_to_validate)