Don't assume group IDs are UUID format

When using the Fernet token provider to build a federated payload, we can't assume that the group ID will always be a UUID format that we can convert to bytes. This change makes the Fernet code smart enough to pass the original group ID in the payload if it can't convert it to bytes. Change-Id: I6d00902eb461c22aafd9cb5ca706b05bedefd37d Related-Bug: 1459382
2015-05-28 13:35:30 +00:00 · 2015-05-28 13:35:30 +00:00 · 5b650ff3f9
parent fe3da741c7
commit 5b650ff3f9
2 changed files with 29 additions and 2 deletions
--- a/keystone/tests/unit/token/test_fernet_provider.py
+++ b/keystone/tests/unit/token/test_fernet_provider.py
@ -260,3 +260,30 @@ class TestPayloads(tests.TestCase):
        self.assertEqual(exp_expires_at, expires_at)
        self.assertEqual(exp_audit_ids, audit_ids)
        self.assertEqual(exp_trust_id, trust_id)
+
+    def test_federated_payload_with_non_uuid_ids(self):
+        exp_user_id = 'someNonUuidUserId'
+        exp_methods = ['password']
+        exp_expires_at = timeutils.isotime(timeutils.utcnow())
+        exp_audit_ids = [provider.random_urlsafe_str()]
+        exp_federated_info = {'group_ids': [{'id': 'someNonUuidGroupId'}],
+                              'idp_id': uuid.uuid4().hex,
+                              'protocol_id': uuid.uuid4().hex}
+
+        payload = token_formatters.FederatedPayload.assemble(
+            exp_user_id, exp_methods, exp_expires_at, exp_audit_ids,
+            exp_federated_info)
+
+        (user_id, methods, expires_at, audit_ids, federated_info) = (
+            token_formatters.FederatedPayload.disassemble(payload))
+
+        self.assertEqual(exp_user_id, user_id)
+        self.assertEqual(exp_methods, methods)
+        self.assertEqual(exp_expires_at, expires_at)
+        self.assertEqual(exp_audit_ids, audit_ids)
+        self.assertEqual(exp_federated_info['group_ids'][0]['id'],
+                         federated_info['group_ids'][0]['id'])
+        self.assertEqual(exp_federated_info['idp_id'],
+                         federated_info['idp_id'])
+        self.assertEqual(exp_federated_info['protocol_id'],
+                         federated_info['protocol_id'])
--- a/keystone/token/providers/fernet/token_formatters.py
+++ b/keystone/token/providers/fernet/token_formatters.py
@ -504,7 +504,7 @@ class FederatedPayload(BasePayload):

        """
        def pack_group_ids(group_dict):
-            return cls.convert_uuid_hex_to_bytes(group_dict['id'])
+            return cls.attempt_convert_uuid_hex_to_bytes(group_dict['id'])

        b_user_id = cls.attempt_convert_uuid_hex_to_bytes(user_id)
        methods = auth_plugins.convert_method_list_to_integer(methods)
@ -531,7 +531,7 @@ class FederatedPayload(BasePayload):

        """
        def unpack_group_ids(group_id_in_bytes):
-            group_id = cls.convert_uuid_bytes_to_hex(group_id_in_bytes)
+            group_id = cls.attempt_convert_uuid_bytes_to_hex(group_id_in_bytes)
            return {'id': group_id}

        user_id = cls.attempt_convert_uuid_bytes_to_hex(payload[0])