Merge "Report correct domain in federated user token"
This commit is contained in:
Zuul
Gerrit Code Review
commit
4f16676797
|
|
@ -121,9 +121,6 @@ def render_token_response_from_model(token, include_catalog=True):
|
|||
token_reference['token']['user']['OS-FEDERATION'] = (
|
||||
federated_dict
|
||||
)
|
||||
token_reference['token']['user']['domain'] = {
|
||||
'id': 'Federated', 'name': 'Federated'
|
||||
}
|
||||
del token_reference['token']['user']['password_expires_at']
|
||||
if token.access_token_id:
|
||||
token_reference['token']['OS-OAUTH1'] = {
|
||||
|
|
|
|||
|
|
@ -591,12 +591,7 @@ class RuleProcessor(object):
|
|||
raise exception.ValidationError(msg)
|
||||
|
||||
if user_type is None:
|
||||
user_type = user['type'] = UserType.EPHEMERAL
|
||||
|
||||
if user_type == UserType.EPHEMERAL:
|
||||
user['domain'] = {
|
||||
'id': CONF.federation.federated_domain_name
|
||||
}
|
||||
user['type'] = UserType.EPHEMERAL
|
||||
|
||||
# initialize the group_ids as a set to eliminate duplicates
|
||||
user = {}
|
||||
|
|
|
|||
|
|
@ -44,19 +44,18 @@ class MappingRuleEngineTests(unit.BaseTestCase):
|
|||
"""Check whether mapped properties object has 'user' within.
|
||||
|
||||
According to today's rules, RuleProcessor does not have to issue user's
|
||||
id or name. What's actually required is user's type and for ephemeral
|
||||
users that would be service domain named 'Federated'.
|
||||
id or name. What's actually required is user's type.
|
||||
"""
|
||||
self.assertIn('user', mapped_properties,
|
||||
message='Missing user object in mapped properties')
|
||||
user = mapped_properties['user']
|
||||
self.assertIn('type', user)
|
||||
self.assertEqual(user_type, user['type'])
|
||||
self.assertIn('domain', user)
|
||||
domain = user['domain']
|
||||
domain_name_or_id = domain.get('id') or domain.get('name')
|
||||
domain_ref = domain_id or 'Federated'
|
||||
self.assertEqual(domain_ref, domain_name_or_id)
|
||||
|
||||
if domain_id:
|
||||
domain = user['domain']
|
||||
domain_name_or_id = domain.get('id') or domain.get('name')
|
||||
self.assertEqual(domain_id, domain_name_or_id)
|
||||
|
||||
def test_rule_engine_any_one_of_and_direct_mapping(self):
|
||||
"""Should return user's name and group id EMPLOYEE_GROUP_ID.
|
||||
|
|
@ -912,7 +911,6 @@ class TestMappingLocals(unit.BaseTestCase):
|
|||
expected = {
|
||||
'user': {
|
||||
'name': 'a_user',
|
||||
'domain': {'id': 'Federated'},
|
||||
'type': 'ephemeral'
|
||||
},
|
||||
'projects': [],
|
||||
|
|
@ -930,7 +928,6 @@ class TestMappingLocals(unit.BaseTestCase):
|
|||
expected = {
|
||||
'user': {
|
||||
'name': 'test_a_user',
|
||||
'domain': {'id': 'Federated'},
|
||||
'type': 'ephemeral'
|
||||
},
|
||||
'projects': [],
|
||||
|
|
|
|||
|
|
@ -1813,9 +1813,6 @@ class TestMappingEngineTester(unit.BaseTestCase):
|
|||
"group_names": [],
|
||||
"user": {
|
||||
"type": "ephemeral",
|
||||
"domain": {
|
||||
"id": "Federated"
|
||||
},
|
||||
"name": "me"
|
||||
},
|
||||
"projects": [],
|
||||
|
|
|
|||
|
|
@ -84,8 +84,9 @@ class FederatedSetupMixin(object):
|
|||
}
|
||||
|
||||
def _check_domains_are_valid(self, token):
|
||||
self.assertEqual('Federated', token['user']['domain']['id'])
|
||||
self.assertEqual('Federated', token['user']['domain']['name'])
|
||||
domain = PROVIDERS.resource_api.get_domain(self.idp['domain_id'])
|
||||
self.assertEqual(domain['id'], token['user']['domain']['id'])
|
||||
self.assertEqual(domain['name'], token['user']['domain']['name'])
|
||||
|
||||
def _project(self, project):
|
||||
return (project['id'], project['name'])
|
||||
|
|
|
|||
|
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
fixes:
|
||||
- |
|
||||
[`bug 1754048 <https://bugs.launchpad.net/keystone/+bug/1754048>`_]
|
||||
The correct user domain is now reported when validating a federated token.
|
||||
Previously, the domain would always be validated as "Federated."
|
||||
Loading…
Reference in New Issue