Don't assume group IDs are UUID format

When using the Fernet token provider to build a federated payload, we can't assume that the group ID will always be a UUID format that we can convert to bytes. This change makes the Fernet code smart enough to pass the original group ID in the payload if it can't convert it to bytes. Change-Id: I6d00902eb461c22aafd9cb5ca706b05bedefd37d Related-Bug: 1459382 (cherry picked from commit 5b650ff3f9)
2015-05-28 13:35:30 +00:00 · 2015-05-28 13:35:30 +00:00 · f8afb29a9d
parent b255b8ff71
commit f8afb29a9d
2 changed files with 29 additions and 2 deletions
--- a/keystone/tests/unit/token/test_fernet_provider.py
+++ b/keystone/tests/unit/token/test_fernet_provider.py
@ -260,3 +260,30 @@ class TestPayloads(tests.TestCase):
        self.assertEqual(exp_expires_at, expires_at)
        self.assertEqual(exp_audit_ids, audit_ids)
        self.assertEqual(exp_trust_id, trust_id)
+
+    def test_federated_payload_with_non_uuid_ids(self):
+        exp_user_id = 'someNonUuidUserId'
+        exp_methods = ['password']
+        exp_expires_at = timeutils.isotime(timeutils.utcnow())
+        exp_audit_ids = [provider.random_urlsafe_str()]
+        exp_federated_info = {'group_ids': [{'id': 'someNonUuidGroupId'}],
+                              'idp_id': uuid.uuid4().hex,
+                              'protocol_id': uuid.uuid4().hex}
+
+        payload = token_formatters.FederatedPayload.assemble(
+            exp_user_id, exp_methods, exp_expires_at, exp_audit_ids,
+            exp_federated_info)
+
+        (user_id, methods, expires_at, audit_ids, federated_info) = (
+            token_formatters.FederatedPayload.disassemble(payload))
+
+        self.assertEqual(exp_user_id, user_id)
+        self.assertEqual(exp_methods, methods)
+        self.assertEqual(exp_expires_at, expires_at)
+        self.assertEqual(exp_audit_ids, audit_ids)
+        self.assertEqual(exp_federated_info['group_ids'][0]['id'],
+                         federated_info['group_ids'][0]['id'])
+        self.assertEqual(exp_federated_info['idp_id'],
+                         federated_info['idp_id'])
+        self.assertEqual(exp_federated_info['protocol_id'],
+                         federated_info['protocol_id'])
--- a/keystone/token/providers/fernet/token_formatters.py
+++ b/keystone/token/providers/fernet/token_formatters.py
@ -504,7 +504,7 @@ class FederatedPayload(BasePayload):

        """
        def pack_group_ids(group_dict):
-            return cls.convert_uuid_hex_to_bytes(group_dict['id'])
+            return cls.attempt_convert_uuid_hex_to_bytes(group_dict['id'])

        b_user_id = cls.attempt_convert_uuid_hex_to_bytes(user_id)
        methods = auth_plugins.convert_method_list_to_integer(methods)
@ -530,7 +530,7 @@ class FederatedPayload(BasePayload):

        """
        def unpack_group_ids(group_id_in_bytes):
-            group_id = cls.convert_uuid_bytes_to_hex(group_id_in_bytes)
+            group_id = cls.attempt_convert_uuid_bytes_to_hex(group_id_in_bytes)
            return {'id': group_id}

        user_id = cls.attempt_convert_uuid_bytes_to_hex(payload[0])