Merge "Add validation for mfa rule validator (storage)"

2017-02-01 02:43:00 +00:00 · 2017-02-01 02:43:00 +00:00 · 52804d2d83
parent 285d6e408a a4c226f31a
commit 52804d2d83
2 changed files with 31 additions and 14 deletions
--- a/keystone/identity/backends/resource_options.py
+++ b/keystone/identity/backends/resource_options.py
@ -29,22 +29,31 @@ def _mfa_rules_validator_list_of_lists_of_strings_no_duplicates(value):
            'Sub-lists may not be duplicated. Strings in sub-lists may not be '
            'duplicated.')
    if not isinstance(value, list):
+        # Value is not a List, TypeError
        raise TypeError(msg)
    sublists = []
-    for item in value:
+    for sublist in value:
+        # Sublist element tracker is reset for each sublist.
        string_set = set()
-        if not isinstance(item, list):
+        if not isinstance(sublist, list):
+            # Sublist is not a List, TypeError
            raise TypeError(msg)
-        if not item:
+        if not sublist:
+            # Sublist is Empty, ValueError
            raise ValueError(msg)
-        if item in sublists:
+        if sublist in sublists:
+            # Sublist is duplicated, ValueError
            raise ValueError(msg)
-        sublists.append(sublists)
-        for element in item:
+        # Add the sublist to the tracker
+        sublists.append(sublist)
+        for element in sublist:
            if not isinstance(element, six.string_types):
+                # Element of sublist is not a string, TypeError
                raise TypeError(msg)
            if element in string_set:
+                # Element of sublist is duplicated, ValueError
                raise ValueError(msg)
+            # add element to the sublist element tracker
            string_set.add(element)


--- a/keystone/tests/unit/test_validation.py
+++ b/keystone/tests/unit/test_validation.py
@ -1911,30 +1911,38 @@ class UserValidationTestCase(unit.BaseTestCase):
        }
        self.update_user_validator.validate(request_to_validate)

-    def test_user_update_with_invalid_mfa_rules_fails(self):
+    def test_user_option_validation_with_invalid_mfa_rules_fails(self):
+        # Test both json schema validation and the validator method in
+        # keystone.identity.backends.resource_options
        test_cases = [
            # Main Element Not an Array
-            True,
+            (True, TypeError),
            # Sub-Element Not an Array
-            [True, False],
+            ([True, False], TypeError),
            # Sub-element Element not string
-            [[True], [True, False]],
+            ([[True], [True, False]], TypeError),
            # Duplicate sub-array
-            [['duplicate_array'] for x in range(0, 2)],
+            ([['duplicate_array'] for x in range(0, 2)], ValueError),
            # Empty Sub element
-            [[uuid.uuid4().hex], []],
+            ([[uuid.uuid4().hex], []], ValueError),
            # Duplicate strings in sub-element
-            [['duplicate' for x in range(0, 2)]],
+            ([['duplicate' for x in range(0, 2)]], ValueError),
        ]
-        for ruleset in test_cases:
+        for ruleset, exception_class in test_cases:
            request_to_validate = {
                'options': {
                    ro.MFA_RULES_OPT.option_name: ruleset
                }
            }
+            # JSON Schema Validation
            self.assertRaises(exception.SchemaValidationError,
                              self.update_user_validator.validate,
                              request_to_validate)
+            # Data Store Validation
+            self.assertRaises(
+                exception_class,
+                ro._mfa_rules_validator_list_of_lists_of_strings_no_duplicates,
+                ruleset)


 class GroupValidationTestCase(unit.BaseTestCase):