From f82fa39834f0283c31f0f1a7b08369c1534d539a Mon Sep 17 00:00:00 2001 From: guang-yee Date: Wed, 9 Mar 2016 22:02:38 -0800 Subject: [PATCH] Fixing mapping schema to allow local user Mapping to local user was broken since we introduced JSON schema for mapping. That was because we've never accounted for the "type" attribute in the "user" object. This patch add it back so that we can map a remote user to either a local or ephemeral user. Closes-Bug: 1555403 Change-Id: I7ae69b143e1bdade3e8ea9e2036227c7a38b3b10 --- keystone/federation/utils.py | 19 ++++++++------ keystone/tests/unit/test_v3_federation.py | 30 +++++++++++++++++++++++ 2 files changed, 42 insertions(+), 7 deletions(-) diff --git a/keystone/federation/utils.py b/keystone/federation/utils.py index b9dc8f9032..18cbf0f281 100644 --- a/keystone/federation/utils.py +++ b/keystone/federation/utils.py @@ -29,6 +29,13 @@ CONF = cfg.CONF LOG = log.getLogger(__name__) +class UserType(object): + """User mapping type.""" + + EPHEMERAL = 'ephemeral' + LOCAL = 'local' + + MAPPING_SCHEMA = { "type": "object", "required": ['rules'], @@ -60,6 +67,11 @@ MAPPING_SCHEMA = { "name": {"type": "string"} }, "additionalProperties": False, + }, + "type": { + "type": "string", + "enum": [UserType.EPHEMERAL, + UserType.LOCAL] } }, "additionalProperties": False @@ -412,13 +424,6 @@ def get_assertion_params_from_env(context): yield (k, v) -class UserType(object): - """User mapping type.""" - - EPHEMERAL = 'ephemeral' - LOCAL = 'local' - - class RuleProcessor(object): """A class to process assertions and mapping rules.""" diff --git a/keystone/tests/unit/test_v3_federation.py b/keystone/tests/unit/test_v3_federation.py index 5a133b2d14..7dc9067b9c 100644 --- a/keystone/tests/unit/test_v3_federation.py +++ b/keystone/tests/unit/test_v3_federation.py @@ -10,6 +10,7 @@ # License for the specific language governing permissions and limitations # under the License. +import copy import os import random from testtools import matchers @@ -1531,6 +1532,35 @@ class MappingCRUDTests(test_v3.RestfulTestCase): self.put(url, expected_status=http_client.BAD_REQUEST, body={'mapping': mapping}) + def test_create_mapping_with_local_user_and_local_domain(self): + url = self.MAPPING_URL + uuid.uuid4().hex + resp = self.put( + url, + body={ + 'mapping': mapping_fixtures.MAPPING_LOCAL_USER_LOCAL_DOMAIN + }, + expected_status=http_client.CREATED) + self.assertValidMappingResponse( + resp, mapping_fixtures.MAPPING_LOCAL_USER_LOCAL_DOMAIN) + + def test_create_mapping_with_ephemeral(self): + url = self.MAPPING_URL + uuid.uuid4().hex + resp = self.put( + url, + body={'mapping': mapping_fixtures.MAPPING_EPHEMERAL_USER}, + expected_status=http_client.CREATED) + self.assertValidMappingResponse( + resp, mapping_fixtures.MAPPING_EPHEMERAL_USER) + + def test_create_mapping_with_bad_user_type(self): + url = self.MAPPING_URL + uuid.uuid4().hex + # get a copy of a known good map + bad_mapping = copy.deepcopy(mapping_fixtures.MAPPING_EPHEMERAL_USER) + # now sabotage the user type + bad_mapping['rules'][0]['local'][0]['user']['type'] = uuid.uuid4().hex + self.put(url, expected_status=http_client.BAD_REQUEST, + body={'mapping': bad_mapping}) + class FederatedTokenTests(test_v3.RestfulTestCase, FederatedSetupMixin):