Update IdP sql model

Base on the database schema, the domain_id column in identity_provider
is not unique and has the ForeignKey for project.id. But the IdP sql
model is different. It marks the domain_id is unique and the ForeignKey
is lost.

This patch removes the unique restriction and adds the FK back, ultimately
making the relationship between domains and identity provider 1:many.

Change-Id: I13ecb0ab0434f5614f31d151e708f299cf8e8adb
Partial-bug: #1760843

keystone/federation/backends/sql.py

@@ -55,7 +55,8 @@ class IdentityProviderModel(sql.ModelBase, sql.ModelDictMixin):
     mutable_attributes = frozenset(['description', 'enabled', 'remote_ids'])
 
     id = sql.Column(sql.String(64), primary_key=True)
-    domain_id = sql.Column(sql.String(64), nullable=False, unique=True)
+    domain_id = sql.Column(sql.String(64), sql.ForeignKey('project.id'),
+                           nullable=False)
     enabled = sql.Column(sql.Boolean, nullable=False)
     description = sql.Column(sql.Text(), nullable=True)
     remote_ids = orm.relationship('IdPRemoteIdsModel',

keystone/tests/unit/test_v3_federation.py

@@ -45,6 +45,7 @@ from keystone.tests.unit import federation_fixtures
 from keystone.tests.unit import ksfixtures
 from keystone.tests.unit import mapping_fixtures
 from keystone.tests.unit import test_v3
+from keystone.tests.unit import utils as test_utils
 from keystone.token.providers import common as token_common
 
 
@@ -993,6 +994,9 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase):
         # since it wasn't auto-generated
         self.assertIsNotNone(PROVIDERS.resource_api.get_domain(domain['id']))
 
+    @test_utils.wip("Keystone never supported IdP:domain = 1:1. This test "
+                    "should be fixed to make sure IdP:domain is n:1",
+                    bug='1760843')
     def test_create_idp_domain_id_unique_constraint(self):
         # create domain and add domain_id to keys to check
         domain = unit.new_domain_ref()