Expiring Group Memberships API - Allow set idp authorization_ttl
This patch extends the identity provider API to receive, return and set the authorization_ttl on an identity provider. Change-Id: I3c58da290d52149e307280042ed20447da4687f7 Partial-Bug: 1809116
This commit is contained in:
parent
d8938514fe
commit
c18956f198
@ -16,6 +16,7 @@ Parameters
|
||||
~~~~~~~~~~
|
||||
.. rest_parameters:: federation/identity-provider/parameters.yaml
|
||||
|
||||
- authorization_ttl: authorization_ttl
|
||||
- domain_id: domain_id
|
||||
- description: description
|
||||
- enabled: enabled
|
||||
@ -39,6 +40,7 @@ Parameters
|
||||
|
||||
.. rest_parameters:: federation/identity-provider/parameters.yaml
|
||||
|
||||
- authorization_ttl: authorization_ttl
|
||||
- domain_id: domain_id
|
||||
- description: description
|
||||
- enabled: enabled
|
||||
@ -131,6 +133,7 @@ Parameters
|
||||
|
||||
.. rest_parameters:: federation/identity-provider/parameters.yaml
|
||||
|
||||
- authorization_ttl: authorization_ttl
|
||||
- domain_id: domain_id
|
||||
- description: description
|
||||
- enabled: enabled
|
||||
@ -221,6 +224,7 @@ Parameters
|
||||
|
||||
.. rest_parameters:: federation/identity-provider/parameters.yaml
|
||||
|
||||
- authorization_ttl: authorization_ttl
|
||||
- domain_id: domain_id
|
||||
- description: description
|
||||
- enabled: enabled
|
||||
@ -460,4 +464,4 @@ Status Codes
|
||||
|
||||
.. rest_status_code:: success ../v3/status.yaml
|
||||
|
||||
- 204
|
||||
- 204
|
||||
|
@ -33,6 +33,15 @@ id_query:
|
||||
|
||||
# variables in body
|
||||
|
||||
authorization_ttl:
|
||||
description: |
|
||||
The length of validity in minutes for group memberships carried over
|
||||
through mapping and persisted in the database. If left unset, the
|
||||
default value configured in keystone will be used, if enabled.
|
||||
in: body
|
||||
required: false
|
||||
type: integer
|
||||
|
||||
description:
|
||||
description: |
|
||||
The Identity Provider description
|
||||
|
@ -1,5 +1,6 @@
|
||||
{
|
||||
"identity_provider": {
|
||||
"authorization_ttl": null,
|
||||
"domain_id": "1789d1",
|
||||
"description": "Stores ACME identities",
|
||||
"remote_ids": ["acme_id_1", "acme_id_2"],
|
||||
@ -10,4 +11,4 @@
|
||||
"self": "http://example.com/identity/v3/OS-FEDERATION/identity_providers/ACME"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -1,5 +1,6 @@
|
||||
{
|
||||
"identity_provider": {
|
||||
"authorization_ttl": null,
|
||||
"domain_id": "1789d1",
|
||||
"description": "Beta dev idp",
|
||||
"remote_ids": ["beta_id_1", "beta_id_2"],
|
||||
@ -10,4 +11,4 @@
|
||||
"self": "http://example.com/identity/v3/OS-FEDERATION/identity_providers/ACME"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -74,7 +74,8 @@ class IdentityProvidersResource(_ResourceBase):
|
||||
member_key = 'identity_provider'
|
||||
api_prefix = '/OS-FEDERATION'
|
||||
_public_parameters = frozenset(['id', 'enabled', 'description',
|
||||
'remote_ids', 'links', 'domain_id'
|
||||
'remote_ids', 'links', 'domain_id',
|
||||
'authorization_ttl'
|
||||
])
|
||||
_id_path_param_name_override = 'idp_id'
|
||||
|
||||
|
@ -69,3 +69,8 @@ email = {
|
||||
'type': 'string',
|
||||
'format': 'email'
|
||||
}
|
||||
|
||||
integer_min0 = {
|
||||
'type': 'integer',
|
||||
'minimum': 0
|
||||
}
|
||||
|
@ -82,6 +82,7 @@ _identity_provider_properties_create = {
|
||||
'enabled': parameter_types.boolean,
|
||||
'description': validation.nullable(parameter_types.description),
|
||||
'domain_id': validation.nullable(parameter_types.id_string),
|
||||
'authorization_ttl': validation.nullable(parameter_types.integer_min0),
|
||||
'remote_ids': {
|
||||
'type': ['array', 'null'],
|
||||
'items': {
|
||||
@ -94,6 +95,7 @@ _identity_provider_properties_create = {
|
||||
_identity_provider_properties_update = {
|
||||
'enabled': parameter_types.boolean,
|
||||
'description': validation.nullable(parameter_types.description),
|
||||
'authorization_ttl': validation.nullable(parameter_types.integer_min0),
|
||||
'remote_ids': {
|
||||
'type': ['array', 'null'],
|
||||
'items': {
|
||||
|
@ -1132,6 +1132,18 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase):
|
||||
keys_to_check=keys_to_check,
|
||||
ref=expected)
|
||||
|
||||
def test_create_idp_authorization_ttl(self):
|
||||
keys_to_check = list(self.idp_keys)
|
||||
keys_to_check.append('authorization_ttl')
|
||||
body = self.default_body.copy()
|
||||
body['description'] = uuid.uuid4().hex
|
||||
body['authorization_ttl'] = 10080
|
||||
resp = self._create_default_idp(body)
|
||||
expected = body.copy()
|
||||
self.assertValidResponse(resp, 'identity_provider', dummy_validator,
|
||||
keys_to_check=keys_to_check,
|
||||
ref=expected)
|
||||
|
||||
def test_update_idp_remote_ids(self):
|
||||
"""Update IdP's remote_ids parameter."""
|
||||
body = self.default_body.copy()
|
||||
@ -1216,6 +1228,32 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase):
|
||||
self.assertIn('Duplicate remote ID',
|
||||
resp_data['error']['message'])
|
||||
|
||||
def test_update_idp_authorization_ttl(self):
|
||||
body = self.default_body.copy()
|
||||
body['authorization_ttl'] = 10080
|
||||
default_resp = self._create_default_idp(body=body)
|
||||
default_idp = self._fetch_attribute_from_response(default_resp,
|
||||
'identity_provider')
|
||||
idp_id = default_idp.get('id')
|
||||
url = self.base_url(suffix=idp_id)
|
||||
self.assertIsNotNone(idp_id)
|
||||
|
||||
body['authorization_ttl'] = None
|
||||
|
||||
body = {'identity_provider': body}
|
||||
resp = self.patch(url, body=body)
|
||||
updated_idp = self._fetch_attribute_from_response(resp,
|
||||
'identity_provider')
|
||||
body = body['identity_provider']
|
||||
self.assertEqual(body['authorization_ttl'],
|
||||
updated_idp.get('authorization_ttl'))
|
||||
|
||||
resp = self.get(url)
|
||||
returned_idp = self._fetch_attribute_from_response(resp,
|
||||
'identity_provider')
|
||||
self.assertEqual(body['authorization_ttl'],
|
||||
returned_idp.get('authorization_ttl'))
|
||||
|
||||
def test_list_head_idps(self, iterations=5):
|
||||
"""List all available IdentityProviders.
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user