diff options
| author | Zuul <zuul@review.opendev.org> | 2023-04-21 17:30:22 +0000 |
|---|---|---|
| committer | Gerrit Code Review <review@openstack.org> | 2023-04-21 17:30:22 +0000 |
| commit | 95288d2ce36e14d9a8466c05240fd7e1aca004d2 (patch) | |
| tree | e0437c1c31f0f66014fb5e7f7a935909ffe45d6c /keystone/federation/utils.py | |
| parent | f5db9801c23bde15d162a67d4fd6621e5bd09719 (diff) | |
| parent | c70d0c33a5977ca7208fbadd876a646cd37ffb31 (diff) | |
| download | keystone-95288d2ce36e14d9a8466c05240fd7e1aca004d2.tar.gz | |
Merge "fix(federation): allow using numerical group names"
Diffstat (limited to 'keystone/federation/utils.py')
| -rw-r--r-- | keystone/federation/utils.py | 38 |
1 files changed, 23 insertions, 15 deletions
diff --git a/keystone/federation/utils.py b/keystone/federation/utils.py index 7c1f0c901..71e6318a4 100644 --- a/keystone/federation/utils.py +++ b/keystone/federation/utils.py @@ -562,17 +562,31 @@ class RuleProcessor(object): LOG.debug('mapped_properties: %s', mapped_properties) return mapped_properties + def _ast_literal_eval(self, value): + # This is a workaround for the fact that ast.literal_eval handles the + # case of either a string or a list of strings, but not a potential + # list of ints. + + try: + values = ast.literal_eval(value) + # NOTE(mnaser): It's possible that the group_names_list is a + # numerical value which would successfully parse + # and not raise an exception, so we forcefully + # raise is here. + if not isinstance(values, list): + raise ValueError + except (ValueError, SyntaxError): + values = [value] + + return values + def _normalize_groups(self, identity_value): # In this case, identity_value['groups'] is a string # representation of a list, and we want a real list. This is # due to the way we do direct mapping substitutions today (see # function _update_local_mapping() ) if 'name' in identity_value['groups']: - try: - group_names_list = ast.literal_eval( - identity_value['groups']) - except (ValueError, SyntaxError): - group_names_list = [identity_value['groups']] + group_names_list = self._ast_literal_eval(identity_value['groups']) def convert_json(group): if group.startswith('JSON:'): @@ -594,11 +608,8 @@ class RuleProcessor(object): "specified.") msg = msg % {'identity_value': identity_value} raise exception.ValidationError(msg) - try: - group_names_list = ast.literal_eval( - identity_value['groups']) - except (ValueError, SyntaxError): - group_names_list = [identity_value['groups']] + group_names_list = self._ast_literal_eval( + identity_value['groups']) domain = identity_value['domain'] group_dicts = [{'name': name, 'domain': domain} for name in group_names_list] @@ -699,11 +710,8 @@ class RuleProcessor(object): # group_ids parameter contains only one element, it will be # parsed as a simple string, and not a list or the # representation of a list. - try: - group_ids.update( - ast.literal_eval(identity_value['group_ids'])) - except (ValueError, SyntaxError): - group_ids.update([identity_value['group_ids']]) + group_ids.update( + self._ast_literal_eval(identity_value['group_ids'])) if 'projects' in identity_value: projects = identity_value['projects'] |