add federated credential

This is in support of bp audit-support-for-federation in Keystone. Change-Id: Ibba203b4131a46fcfd7cc1e54b480b9c1392fe83 Closes-Bug: 1359495
2014-08-20 15:18:22 -05:00 · 2014-08-20 15:18:22 -05:00 · 52727bcea3
commit 52727bcea3
parent 9c400a7da0
2 changed files with 60 additions and 3 deletions
--- a/pycadf/credential.py
+++ b/pycadf/credential.py
@ -26,8 +26,16 @@ CRED_KEYNAMES = [CRED_KEYNAME_TYPE,
                 CRED_KEYNAME_TOKEN]


-class Credential(cadftype.CADFAbstractType):
+FED_CRED_KEYNAME_IDENTITY_PROVIDER = "identity_provider"
+FED_CRED_KEYNAME_USER = "user"
+FED_CRED_KEYNAME_GROUPS = "groups"

+FED_CRED_KEYNAMES = CRED_KEYNAMES + [FED_CRED_KEYNAME_IDENTITY_PROVIDER,
+                                     FED_CRED_KEYNAME_USER,
+                                     FED_CRED_KEYNAME_GROUPS]
+
+
+class Credential(cadftype.CADFAbstractType):
    type = cadftype.ValidatorDescriptor(
        CRED_KEYNAME_TYPE,
        lambda x: isinstance(x, six.string_types))
@ -51,7 +59,41 @@ class Credential(cadftype.CADFAbstractType):

    # TODO(mrutkows): validate this cadf:Credential type against schema
    def is_valid(self):
-        """Validation to ensure Credential required attributes are set.
-        """
+        """Validation to ensure Credential required attributes are set."""
        # TODO(mrutkows): validate specific attribute type/format
        return self._isset(CRED_KEYNAME_TOKEN)
+
+
+class FederatedCredential(Credential):
+    identity_provider = cadftype.ValidatorDescriptor(
+        FED_CRED_KEYNAME_IDENTITY_PROVIDER,
+        lambda x: isinstance(x, six.string_types))
+    user = cadftype.ValidatorDescriptor(
+        FED_CRED_KEYNAME_USER,
+        lambda x: isinstance(x, six.string_types))
+    groups = cadftype.ValidatorDescriptor(
+        FED_CRED_KEYNAME_GROUPS,
+        lambda x: isinstance(x, list))
+
+    def __init__(self, token, type, identity_provider, user, groups):
+        super(FederatedCredential, self).__init__(
+            token=token,
+            type=type)
+
+        # FederatedCredential.identity_provider
+        setattr(self, FED_CRED_KEYNAME_IDENTITY_PROVIDER, identity_provider)
+
+        # FederatedCredential.user
+        setattr(self, FED_CRED_KEYNAME_USER, user)
+
+        # FederatedCredential.groups
+        setattr(self, FED_CRED_KEYNAME_GROUPS, groups)
+
+    def is_valid(self):
+        """Validation to ensure Credential required attributes are set."""
+        return (
+            super(FederatedCredential, self).is_valid()
+            and self._isset(CRED_KEYNAME_TYPE)
+            and self._isset(FED_CRED_KEYNAME_IDENTITY_PROVIDER)
+            and self._isset(FED_CRED_KEYNAME_USER)
+            and self._isset(FED_CRED_KEYNAME_GROUPS))
--- a/pycadf/tests/test_cadf_spec.py
+++ b/pycadf/tests/test_cadf_spec.py
@ -59,6 +59,21 @@ class TestCADFSpec(base.TestCase):
        for key in credential.CRED_KEYNAMES:
            self.assertIn(key, dict_cred)

+    def test_federated_credential(self):
+        cred = credential.FederatedCredential(
+            token=identifier.generate_uuid(),
+            type='http://docs.oasis-open.org/security/saml/v2.0',
+            identity_provider=identifier.generate_uuid(),
+            user=identifier.generate_uuid(),
+            groups=[
+                identifier.generate_uuid(),
+                identifier.generate_uuid(),
+                identifier.generate_uuid()])
+        self.assertEqual(cred.is_valid(), True)
+        dict_cred = cred.as_dict()
+        for key in credential.FED_CRED_KEYNAMES:
+            self.assertIn(key, dict_cred)
+
    def test_geolocation(self):
        geo = geolocation.Geolocation(id=identifier.generate_uuid(),
                                      latitude='43.6481 N',