add federated credential0.6.0

This is in support of bp audit-support-for-federation in Keystone.

Change-Id: Ibba203b4131a46fcfd7cc1e54b480b9c1392fe83
Closes-Bug: 1359495

2 files changed, 60 insertions, 3 deletions

diff --git a/pycadf/credential.py b/pycadf/credential.py
index e6e045d..45e2789 100644
--- a/pycadf/credential.py
+++ b/pycadf/credential.py
@@ -26,8 +26,16 @@ CRED_KEYNAMES = [CRED_KEYNAME_TYPE,
                  CRED_KEYNAME_TOKEN]
 
 
-class Credential(cadftype.CADFAbstractType):
+FED_CRED_KEYNAME_IDENTITY_PROVIDER = "identity_provider"
+FED_CRED_KEYNAME_USER = "user"
+FED_CRED_KEYNAME_GROUPS = "groups"
+
+FED_CRED_KEYNAMES = CRED_KEYNAMES + [FED_CRED_KEYNAME_IDENTITY_PROVIDER,
+                                     FED_CRED_KEYNAME_USER,
+                                     FED_CRED_KEYNAME_GROUPS]
 
+
+class Credential(cadftype.CADFAbstractType):
     type = cadftype.ValidatorDescriptor(
         CRED_KEYNAME_TYPE,
         lambda x: isinstance(x, six.string_types))
@@ -51,7 +59,41 @@ class Credential(cadftype.CADFAbstractType):
 
     # TODO(mrutkows): validate this cadf:Credential type against schema
     def is_valid(self):
-        """Validation to ensure Credential required attributes are set.
-        """
+        """Validation to ensure Credential required attributes are set."""
         # TODO(mrutkows): validate specific attribute type/format
         return self._isset(CRED_KEYNAME_TOKEN)
+
+
+class FederatedCredential(Credential):
+    identity_provider = cadftype.ValidatorDescriptor(
+        FED_CRED_KEYNAME_IDENTITY_PROVIDER,
+        lambda x: isinstance(x, six.string_types))
+    user = cadftype.ValidatorDescriptor(
+        FED_CRED_KEYNAME_USER,
+        lambda x: isinstance(x, six.string_types))
+    groups = cadftype.ValidatorDescriptor(
+        FED_CRED_KEYNAME_GROUPS,
+        lambda x: isinstance(x, list))
+
+    def __init__(self, token, type, identity_provider, user, groups):
+        super(FederatedCredential, self).__init__(
+            token=token,
+            type=type)
+
+        # FederatedCredential.identity_provider
+        setattr(self, FED_CRED_KEYNAME_IDENTITY_PROVIDER, identity_provider)
+
+        # FederatedCredential.user
+        setattr(self, FED_CRED_KEYNAME_USER, user)
+
+        # FederatedCredential.groups
+        setattr(self, FED_CRED_KEYNAME_GROUPS, groups)
+
+    def is_valid(self):
+        """Validation to ensure Credential required attributes are set."""
+        return (
+            super(FederatedCredential, self).is_valid()
+            and self._isset(CRED_KEYNAME_TYPE)
+            and self._isset(FED_CRED_KEYNAME_IDENTITY_PROVIDER)
+            and self._isset(FED_CRED_KEYNAME_USER)
+            and self._isset(FED_CRED_KEYNAME_GROUPS))
diff --git a/pycadf/tests/test_cadf_spec.py b/pycadf/tests/test_cadf_spec.py
index 68761a4..577f429 100644
--- a/pycadf/tests/test_cadf_spec.py
+++ b/pycadf/tests/test_cadf_spec.py
@@ -59,6 +59,21 @@ class TestCADFSpec(base.TestCase):
         for key in credential.CRED_KEYNAMES:
             self.assertIn(key, dict_cred)
 
+    def test_federated_credential(self):
+        cred = credential.FederatedCredential(
+            token=identifier.generate_uuid(),
+            type='http://docs.oasis-open.org/security/saml/v2.0',
+            identity_provider=identifier.generate_uuid(),
+            user=identifier.generate_uuid(),
+            groups=[
+                identifier.generate_uuid(),
+                identifier.generate_uuid(),
+                identifier.generate_uuid()])
+        self.assertEqual(cred.is_valid(), True)
+        dict_cred = cred.as_dict()
+        for key in credential.FED_CRED_KEYNAMES:
+            self.assertIn(key, dict_cred)
+
     def test_geolocation(self):
         geo = geolocation.Geolocation(id=identifier.generate_uuid(),
                                       latitude='43.6481 N',