1 files changed, 45 insertions, 3 deletions

diff --git a/pycadf/credential.py b/pycadf/credential.py
index e6e045d..45e2789 100644
--- a/pycadf/credential.py
+++ b/pycadf/credential.py
@@ -26,8 +26,16 @@ CRED_KEYNAMES = [CRED_KEYNAME_TYPE,
                  CRED_KEYNAME_TOKEN]
 
 
-class Credential(cadftype.CADFAbstractType):
+FED_CRED_KEYNAME_IDENTITY_PROVIDER = "identity_provider"
+FED_CRED_KEYNAME_USER = "user"
+FED_CRED_KEYNAME_GROUPS = "groups"
+
+FED_CRED_KEYNAMES = CRED_KEYNAMES + [FED_CRED_KEYNAME_IDENTITY_PROVIDER,
+                                     FED_CRED_KEYNAME_USER,
+                                     FED_CRED_KEYNAME_GROUPS]
 
+
+class Credential(cadftype.CADFAbstractType):
     type = cadftype.ValidatorDescriptor(
         CRED_KEYNAME_TYPE,
         lambda x: isinstance(x, six.string_types))
@@ -51,7 +59,41 @@ class Credential(cadftype.CADFAbstractType):
 
     # TODO(mrutkows): validate this cadf:Credential type against schema
     def is_valid(self):
-        """Validation to ensure Credential required attributes are set.
-        """
+        """Validation to ensure Credential required attributes are set."""
         # TODO(mrutkows): validate specific attribute type/format
         return self._isset(CRED_KEYNAME_TOKEN)
+
+
+class FederatedCredential(Credential):
+    identity_provider = cadftype.ValidatorDescriptor(
+        FED_CRED_KEYNAME_IDENTITY_PROVIDER,
+        lambda x: isinstance(x, six.string_types))
+    user = cadftype.ValidatorDescriptor(
+        FED_CRED_KEYNAME_USER,
+        lambda x: isinstance(x, six.string_types))
+    groups = cadftype.ValidatorDescriptor(
+        FED_CRED_KEYNAME_GROUPS,
+        lambda x: isinstance(x, list))
+
+    def __init__(self, token, type, identity_provider, user, groups):
+        super(FederatedCredential, self).__init__(
+            token=token,
+            type=type)
+
+        # FederatedCredential.identity_provider
+        setattr(self, FED_CRED_KEYNAME_IDENTITY_PROVIDER, identity_provider)
+
+        # FederatedCredential.user
+        setattr(self, FED_CRED_KEYNAME_USER, user)
+
+        # FederatedCredential.groups
+        setattr(self, FED_CRED_KEYNAME_GROUPS, groups)
+
+    def is_valid(self):
+        """Validation to ensure Credential required attributes are set."""
+        return (
+            super(FederatedCredential, self).is_valid()
+            and self._isset(CRED_KEYNAME_TYPE)
+            and self._isset(FED_CRED_KEYNAME_IDENTITY_PROVIDER)
+            and self._isset(FED_CRED_KEYNAME_USER)
+            and self._isset(FED_CRED_KEYNAME_GROUPS))