Expiring Group Memberships API - Allow set idp authorization_ttl

This patch extends the identity provider API to receive, return
and set the authorization_ttl on an identity provider.

Change-Id: I3c58da290d52149e307280042ed20447da4687f7
Partial-Bug: 1809116
This commit is contained in:
Kristi Nikolla 2020-03-23 14:04:10 -04:00 committed by Kristi Nikolla
parent d8938514fe
commit c18956f198
8 changed files with 65 additions and 4 deletions

View File

@ -16,6 +16,7 @@ Parameters
~~~~~~~~~~
.. rest_parameters:: federation/identity-provider/parameters.yaml
- authorization_ttl: authorization_ttl
- domain_id: domain_id
- description: description
- enabled: enabled
@ -39,6 +40,7 @@ Parameters
.. rest_parameters:: federation/identity-provider/parameters.yaml
- authorization_ttl: authorization_ttl
- domain_id: domain_id
- description: description
- enabled: enabled
@ -131,6 +133,7 @@ Parameters
.. rest_parameters:: federation/identity-provider/parameters.yaml
- authorization_ttl: authorization_ttl
- domain_id: domain_id
- description: description
- enabled: enabled
@ -221,6 +224,7 @@ Parameters
.. rest_parameters:: federation/identity-provider/parameters.yaml
- authorization_ttl: authorization_ttl
- domain_id: domain_id
- description: description
- enabled: enabled
@ -460,4 +464,4 @@ Status Codes
.. rest_status_code:: success ../v3/status.yaml
- 204
- 204

View File

@ -33,6 +33,15 @@ id_query:
# variables in body
authorization_ttl:
description: |
The length of validity in minutes for group memberships carried over
through mapping and persisted in the database. If left unset, the
default value configured in keystone will be used, if enabled.
in: body
required: false
type: integer
description:
description: |
The Identity Provider description

View File

@ -1,5 +1,6 @@
{
"identity_provider": {
"authorization_ttl": null,
"domain_id": "1789d1",
"description": "Stores ACME identities",
"remote_ids": ["acme_id_1", "acme_id_2"],
@ -10,4 +11,4 @@
"self": "http://example.com/identity/v3/OS-FEDERATION/identity_providers/ACME"
}
}
}
}

View File

@ -1,5 +1,6 @@
{
"identity_provider": {
"authorization_ttl": null,
"domain_id": "1789d1",
"description": "Beta dev idp",
"remote_ids": ["beta_id_1", "beta_id_2"],
@ -10,4 +11,4 @@
"self": "http://example.com/identity/v3/OS-FEDERATION/identity_providers/ACME"
}
}
}
}

View File

@ -74,7 +74,8 @@ class IdentityProvidersResource(_ResourceBase):
member_key = 'identity_provider'
api_prefix = '/OS-FEDERATION'
_public_parameters = frozenset(['id', 'enabled', 'description',
'remote_ids', 'links', 'domain_id'
'remote_ids', 'links', 'domain_id',
'authorization_ttl'
])
_id_path_param_name_override = 'idp_id'

View File

@ -69,3 +69,8 @@ email = {
'type': 'string',
'format': 'email'
}
integer_min0 = {
'type': 'integer',
'minimum': 0
}

View File

@ -82,6 +82,7 @@ _identity_provider_properties_create = {
'enabled': parameter_types.boolean,
'description': validation.nullable(parameter_types.description),
'domain_id': validation.nullable(parameter_types.id_string),
'authorization_ttl': validation.nullable(parameter_types.integer_min0),
'remote_ids': {
'type': ['array', 'null'],
'items': {
@ -94,6 +95,7 @@ _identity_provider_properties_create = {
_identity_provider_properties_update = {
'enabled': parameter_types.boolean,
'description': validation.nullable(parameter_types.description),
'authorization_ttl': validation.nullable(parameter_types.integer_min0),
'remote_ids': {
'type': ['array', 'null'],
'items': {

View File

@ -1132,6 +1132,18 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase):
keys_to_check=keys_to_check,
ref=expected)
def test_create_idp_authorization_ttl(self):
keys_to_check = list(self.idp_keys)
keys_to_check.append('authorization_ttl')
body = self.default_body.copy()
body['description'] = uuid.uuid4().hex
body['authorization_ttl'] = 10080
resp = self._create_default_idp(body)
expected = body.copy()
self.assertValidResponse(resp, 'identity_provider', dummy_validator,
keys_to_check=keys_to_check,
ref=expected)
def test_update_idp_remote_ids(self):
"""Update IdP's remote_ids parameter."""
body = self.default_body.copy()
@ -1216,6 +1228,32 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase):
self.assertIn('Duplicate remote ID',
resp_data['error']['message'])
def test_update_idp_authorization_ttl(self):
body = self.default_body.copy()
body['authorization_ttl'] = 10080
default_resp = self._create_default_idp(body=body)
default_idp = self._fetch_attribute_from_response(default_resp,
'identity_provider')
idp_id = default_idp.get('id')
url = self.base_url(suffix=idp_id)
self.assertIsNotNone(idp_id)
body['authorization_ttl'] = None
body = {'identity_provider': body}
resp = self.patch(url, body=body)
updated_idp = self._fetch_attribute_from_response(resp,
'identity_provider')
body = body['identity_provider']
self.assertEqual(body['authorization_ttl'],
updated_idp.get('authorization_ttl'))
resp = self.get(url)
returned_idp = self._fetch_attribute_from_response(resp,
'identity_provider')
self.assertEqual(body['authorization_ttl'],
returned_idp.get('authorization_ttl'))
def test_list_head_idps(self, iterations=5):
"""List all available IdentityProviders.