Merge "Fixes incorrect params"

2019-02-15 23:06:20 +00:00 · 2019-02-15 23:06:20 +00:00 · f770e29829
parent d263c022ac 505fe20479
commit f770e29829
4 changed files with 54 additions and 1 deletions
--- a/keystone/common/tokenless_auth.py
+++ b/keystone/common/tokenless_auth.py
@ -135,7 +135,7 @@ class TokenlessAuthHelper(provider_api.ProviderAPIMixin, object):
            group_ids.extend(
                utils.transform_to_group_ids(
                    mapped_properties['group_names'], mapping_id,
-                    self.identity_api, self.assignment_api))
+                    self.identity_api, self.resource_api))
            roles = self.assignment_api.get_roles_for_groups(group_ids,
                                                             project_id,
                                                             domain_id)
--- a/keystone/tests/unit/mapping_fixtures.py
+++ b/keystone/tests/unit/mapping_fixtures.py
@ -1325,6 +1325,32 @@ MAPPING_FOR_EPHEMERAL_USER = {
    ]
 }

+MAPPING_FOR_EPHEMERAL_USER_AND_GROUP_DOMAIN_NAME = {
+    'rules': [
+        {
+            'local': [
+                {
+                    'user': {
+                        'name': '{0}',
+                        'type': 'ephemeral'
+                    },
+                    'group': {
+                        'name': 'dummy',
+                        'domain': {
+                            'name': 'dummy'
+                        }
+                    }
+                }
+            ],
+            'remote': [
+                {
+                    'type': 'SSL_CLIENT_USER_NAME'
+                }
+            ]
+        }
+    ]
+}
+
 MAPPING_FOR_DEFAULT_EPHEMERAL_USER = {
    'rules': [
        {
--- a/keystone/tests/unit/test_middleware.py
+++ b/keystone/tests/unit/test_middleware.py
@ -544,6 +544,26 @@ class AuthContextMiddlewareTest(test_backend_sql.SqlTests,
        context = req.environ.get(authorization.AUTH_CONTEXT_ENV)
        self._assert_tokenless_auth_context(context, ephemeral_user=True)

+    def test_ephemeral_and_group_domain_name_mapping_success(self):
+        env = {}
+        env['SSL_CLIENT_I_DN'] = self.client_issuer
+        env['HTTP_X_PROJECT_NAME'] = self.project_name
+        env['HTTP_X_PROJECT_DOMAIN_NAME'] = self.domain_name
+        env['SSL_CLIENT_USER_NAME'] = self.user['name']
+        self.config_fixture.config(group='tokenless_auth',
+                                   protocol='ephemeral')
+        self.protocol_id = 'ephemeral'
+        mapping = copy.deepcopy(
+            mapping_fixtures.MAPPING_FOR_EPHEMERAL_USER_AND_GROUP_DOMAIN_NAME)
+        mapping['rules'][0]['local'][0]['group']['name'] = self.group['name']
+        mapping['rules'][0]['local'][0]['group']['domain']['name'] = \
+            self.domain['name']
+        self._load_mapping_rules(mapping)
+
+        req = self._do_middleware_request(extra_environ=env)
+        context = req.environ.get(authorization.AUTH_CONTEXT_ENV)
+        self._assert_tokenless_auth_context(context, ephemeral_user=True)
+
    def test_ephemeral_with_default_user_type_success(self):
        env = {}
        env['SSL_CLIENT_I_DN'] = self.client_issuer
--- a/releasenotes/notes/bug-1814589-f3e7f554bee1c317.yaml
+++ b/releasenotes/notes/bug-1814589-f3e7f554bee1c317.yaml
@ -0,0 +1,7 @@
+---
+fixes:
+  - |
+    [`bug 1814589 <https://bugs.launchpad.net/keystone/+bug/1814589>`_]
+    Fixes incorrect parameters passed into
+    keystone.federation.utils.transform_to_group_ids() which resulted
+    in HTTP 500 internal error.