Enable id, enabled attributes filtering for list IdP API

list IdP currently doesn't support to filter records by any
attributes, but this is used somewhere, such as OpenStack
Client using `name` to filter the record.

IdP doesn't has `name` attribute but has `id`, `enabled`
attributes instead.

This patch enables the filtering of Identity Provider based
on `id`, `enabled` attributes so that OpenStack Client or the
CURL query can benefit from it.

Change-Id: Ib672ba759d26bdd0eecd48451994b3451fb8648a
Related-Bug: #1479837
Closes-Bug: #1525317

keystone/federation/backends/sql.py

@@ -186,9 +186,10 @@ class Federation(core.FederationDriverV9):
         except sql.NotFound:
             raise exception.IdentityProviderNotFound(idp_id=remote_id)
 
-    def list_idps(self):
+    def list_idps(self, hints=None):
         with sql.transaction() as session:
-            idps = session.query(IdentityProviderModel)
+            query = session.query(IdentityProviderModel)
+            idps = sql.filter_limit_query(IdentityProviderModel, query, hints)
         idps_list = [idp.to_dict() for idp in idps]
         return idps_list
 

keystone/federation/controllers.py

@@ -98,11 +98,12 @@ class IdentityProvider(_ControllerBase):
         response = IdentityProvider.wrap_member(context, idp_ref)
         return wsgi.render_response(body=response, status=('201', 'Created'))
 
-    @controller.protected()
+    @controller.filterprotected('id', 'enabled')
-    def list_identity_providers(self, context):
+    def list_identity_providers(self, context, filters):
-        ref = self.federation_api.list_idps()
+        hints = self.build_driver_hints(context, filters)
+        ref = self.federation_api.list_idps(hints=hints)
         ref = [self.filter_params(x) for x in ref]
-        return IdentityProvider.wrap_collection(context, ref)
+        return IdentityProvider.wrap_collection(context, ref, hints=hints)
 
     @controller.protected()
     def get_identity_provider(self, context, idp_id):

keystone/federation/core.py

@@ -136,18 +136,6 @@ class FederationDriverBase(object):
         """
         raise exception.NotImplemented()  # pragma: no cover
 
-    @abc.abstractmethod
-    def list_idps(self):
-        """List all identity providers.
-
-        :raises keystone.exception.IdentityProviderNotFound: If the IdP
-            doesn't exist.
-        :returns: list of idp refs
-        :rtype: list of dicts
-
-        """
-        raise exception.NotImplemented()  # pragma: no cover
-
     @abc.abstractmethod
     def get_idp(self, idp_id):
         """Get an identity provider by ID.
@@ -459,7 +447,18 @@ class FederationDriverV8(FederationDriverBase):
 
     """
 
-    pass
+    @abc.abstractmethod
+    def list_idps(self):
+        """List all identity providers.
+
+        :returns: list of idp refs
+        :rtype: list of dicts
+
+        :raises keystone.exception.IdentityProviderNotFound: If the IdP
+            doesn't exist.
+
+        """
+        raise exception.NotImplemented()  # pragma: no cover
 
 
 class FederationDriverV9(FederationDriverBase):
@@ -470,7 +469,20 @@ class FederationDriverV9(FederationDriverBase):
 
     """
 
-    pass
+    @abc.abstractmethod
+    def list_idps(self, hints):
+        """List all identity providers.
+
+        :param hints: filter hints which the driver should
+                      implement if at all possible.
+        :returns: list of idp refs
+        :rtype: list of dicts
+
+        :raises keystone.exception.IdentityProviderNotFound: If the IdP
+            doesn't exist.
+
+        """
+        raise exception.NotImplemented()  # pragma: no cover
 
 
 class V9FederationWrapperForV8Driver(FederationDriverV9):
@@ -509,7 +521,11 @@ class V9FederationWrapperForV8Driver(FederationDriverV9):
     def delete_idp(self, idp_id):
         self.driver.delete_idp(idp_id)
 
-    def list_idps(self):
+    # NOTE(davechen): The hints is ignored here to support legacy drivers,
+    # but the filters in hints will be remain unsatisfied and V3Controller
+    # wrapper will apply these filters at the end. So that the result get
+    # returned for list IdP will still be filtered with the legacy drivers.
+    def list_idps(self, hints):
         return self.driver.list_idps()
 
     def get_idp(self, idp_id):

keystone/tests/unit/test_v3_federation.py

@@ -1013,6 +1013,57 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase):
         ids_intersection = entities_ids.intersection(ids)
         self.assertEqual(ids_intersection, ids)
 
+    def test_filter_list_idp_by_id(self):
+        def get_id(resp):
+            r = self._fetch_attribute_from_response(resp,
+                                                    'identity_provider')
+            return r.get('id')
+
+        idp1_id = get_id(self._create_default_idp())
+        idp2_id = get_id(self._create_default_idp())
+
+        # list the IdP, should get two IdP.
+        url = self.base_url()
+        resp = self.get(url)
+        entities = self._fetch_attribute_from_response(resp,
+                                                       'identity_providers')
+        entities_ids = [e['id'] for e in entities]
+        self.assertItemsEqual(entities_ids, [idp1_id, idp2_id])
+
+        # filter the IdP by ID.
+        url = self.base_url() + '?id=' + idp1_id
+        resp = self.get(url)
+        filtered_service_list = resp.json['identity_providers']
+        self.assertThat(filtered_service_list, matchers.HasLength(1))
+        self.assertEqual(idp1_id, filtered_service_list[0].get('id'))
+
+    def test_filter_list_idp_by_enabled(self):
+        def get_id(resp):
+            r = self._fetch_attribute_from_response(resp,
+                                                    'identity_provider')
+            return r.get('id')
+
+        idp1_id = get_id(self._create_default_idp())
+
+        body = self.default_body.copy()
+        body['enabled'] = False
+        idp2_id = get_id(self._create_default_idp(body=body))
+
+        # list the IdP, should get two IdP.
+        url = self.base_url()
+        resp = self.get(url)
+        entities = self._fetch_attribute_from_response(resp,
+                                                       'identity_providers')
+        entities_ids = [e['id'] for e in entities]
+        self.assertItemsEqual(entities_ids, [idp1_id, idp2_id])
+
+        # filter the IdP by 'enabled'.
+        url = self.base_url() + '?enabled=True'
+        resp = self.get(url)
+        filtered_service_list = resp.json['identity_providers']
+        self.assertThat(filtered_service_list, matchers.HasLength(1))
+        self.assertEqual(idp1_id, filtered_service_list[0].get('id'))
+
     def test_check_idp_uniqueness(self):
         """Add same IdP twice.
 

releasenotes/notes/enable-filter-idp-d0135f4615178cfc.yaml

@@ -0,0 +1,6 @@
+---
+features:
+  - >
+    [`bug 1525317 <https://bugs.launchpad.net/keystone/+bug/1525317>`_]
+    Enable filtering of identity providers based on ``id``, and ``enabled``
+    attributes.