From 52727bcea3a98e72331e748ce5f9e3a111a64cd1 Mon Sep 17 00:00:00 2001 From: Dolph Mathews Date: Wed, 20 Aug 2014 15:18:22 -0500 Subject: add federated credential This is in support of bp audit-support-for-federation in Keystone. Change-Id: Ibba203b4131a46fcfd7cc1e54b480b9c1392fe83 Closes-Bug: 1359495 --- pycadf/credential.py | 48 +++++++++++++++++++++++++++++++++++++++--- pycadf/tests/test_cadf_spec.py | 15 +++++++++++++ 2 files changed, 60 insertions(+), 3 deletions(-) diff --git a/pycadf/credential.py b/pycadf/credential.py index e6e045d..45e2789 100644 --- a/pycadf/credential.py +++ b/pycadf/credential.py @@ -26,8 +26,16 @@ CRED_KEYNAMES = [CRED_KEYNAME_TYPE, CRED_KEYNAME_TOKEN] -class Credential(cadftype.CADFAbstractType): +FED_CRED_KEYNAME_IDENTITY_PROVIDER = "identity_provider" +FED_CRED_KEYNAME_USER = "user" +FED_CRED_KEYNAME_GROUPS = "groups" + +FED_CRED_KEYNAMES = CRED_KEYNAMES + [FED_CRED_KEYNAME_IDENTITY_PROVIDER, + FED_CRED_KEYNAME_USER, + FED_CRED_KEYNAME_GROUPS] + +class Credential(cadftype.CADFAbstractType): type = cadftype.ValidatorDescriptor( CRED_KEYNAME_TYPE, lambda x: isinstance(x, six.string_types)) @@ -51,7 +59,41 @@ class Credential(cadftype.CADFAbstractType): # TODO(mrutkows): validate this cadf:Credential type against schema def is_valid(self): - """Validation to ensure Credential required attributes are set. - """ + """Validation to ensure Credential required attributes are set.""" # TODO(mrutkows): validate specific attribute type/format return self._isset(CRED_KEYNAME_TOKEN) + + +class FederatedCredential(Credential): + identity_provider = cadftype.ValidatorDescriptor( + FED_CRED_KEYNAME_IDENTITY_PROVIDER, + lambda x: isinstance(x, six.string_types)) + user = cadftype.ValidatorDescriptor( + FED_CRED_KEYNAME_USER, + lambda x: isinstance(x, six.string_types)) + groups = cadftype.ValidatorDescriptor( + FED_CRED_KEYNAME_GROUPS, + lambda x: isinstance(x, list)) + + def __init__(self, token, type, identity_provider, user, groups): + super(FederatedCredential, self).__init__( + token=token, + type=type) + + # FederatedCredential.identity_provider + setattr(self, FED_CRED_KEYNAME_IDENTITY_PROVIDER, identity_provider) + + # FederatedCredential.user + setattr(self, FED_CRED_KEYNAME_USER, user) + + # FederatedCredential.groups + setattr(self, FED_CRED_KEYNAME_GROUPS, groups) + + def is_valid(self): + """Validation to ensure Credential required attributes are set.""" + return ( + super(FederatedCredential, self).is_valid() + and self._isset(CRED_KEYNAME_TYPE) + and self._isset(FED_CRED_KEYNAME_IDENTITY_PROVIDER) + and self._isset(FED_CRED_KEYNAME_USER) + and self._isset(FED_CRED_KEYNAME_GROUPS)) diff --git a/pycadf/tests/test_cadf_spec.py b/pycadf/tests/test_cadf_spec.py index 68761a4..577f429 100644 --- a/pycadf/tests/test_cadf_spec.py +++ b/pycadf/tests/test_cadf_spec.py @@ -59,6 +59,21 @@ class TestCADFSpec(base.TestCase): for key in credential.CRED_KEYNAMES: self.assertIn(key, dict_cred) + def test_federated_credential(self): + cred = credential.FederatedCredential( + token=identifier.generate_uuid(), + type='http://docs.oasis-open.org/security/saml/v2.0', + identity_provider=identifier.generate_uuid(), + user=identifier.generate_uuid(), + groups=[ + identifier.generate_uuid(), + identifier.generate_uuid(), + identifier.generate_uuid()]) + self.assertEqual(cred.is_valid(), True) + dict_cred = cred.as_dict() + for key in credential.FED_CRED_KEYNAMES: + self.assertIn(key, dict_cred) + def test_geolocation(self): geo = geolocation.Geolocation(id=identifier.generate_uuid(), latitude='43.6481 N', -- cgit v1.2.1