summaryrefslogtreecommitdiff
path: root/keystone/federation/utils.py
diff options
context:
space:
mode:
authorZuul <zuul@review.opendev.org>2023-04-21 17:30:22 +0000
committerGerrit Code Review <review@openstack.org>2023-04-21 17:30:22 +0000
commit95288d2ce36e14d9a8466c05240fd7e1aca004d2 (patch)
treee0437c1c31f0f66014fb5e7f7a935909ffe45d6c /keystone/federation/utils.py
parentf5db9801c23bde15d162a67d4fd6621e5bd09719 (diff)
parentc70d0c33a5977ca7208fbadd876a646cd37ffb31 (diff)
downloadkeystone-95288d2ce36e14d9a8466c05240fd7e1aca004d2.tar.gz
Merge "fix(federation): allow using numerical group names"
Diffstat (limited to 'keystone/federation/utils.py')
-rw-r--r--keystone/federation/utils.py38
1 files changed, 23 insertions, 15 deletions
diff --git a/keystone/federation/utils.py b/keystone/federation/utils.py
index 7c1f0c901..71e6318a4 100644
--- a/keystone/federation/utils.py
+++ b/keystone/federation/utils.py
@@ -562,17 +562,31 @@ class RuleProcessor(object):
LOG.debug('mapped_properties: %s', mapped_properties)
return mapped_properties
+ def _ast_literal_eval(self, value):
+ # This is a workaround for the fact that ast.literal_eval handles the
+ # case of either a string or a list of strings, but not a potential
+ # list of ints.
+
+ try:
+ values = ast.literal_eval(value)
+ # NOTE(mnaser): It's possible that the group_names_list is a
+ # numerical value which would successfully parse
+ # and not raise an exception, so we forcefully
+ # raise is here.
+ if not isinstance(values, list):
+ raise ValueError
+ except (ValueError, SyntaxError):
+ values = [value]
+
+ return values
+
def _normalize_groups(self, identity_value):
# In this case, identity_value['groups'] is a string
# representation of a list, and we want a real list. This is
# due to the way we do direct mapping substitutions today (see
# function _update_local_mapping() )
if 'name' in identity_value['groups']:
- try:
- group_names_list = ast.literal_eval(
- identity_value['groups'])
- except (ValueError, SyntaxError):
- group_names_list = [identity_value['groups']]
+ group_names_list = self._ast_literal_eval(identity_value['groups'])
def convert_json(group):
if group.startswith('JSON:'):
@@ -594,11 +608,8 @@ class RuleProcessor(object):
"specified.")
msg = msg % {'identity_value': identity_value}
raise exception.ValidationError(msg)
- try:
- group_names_list = ast.literal_eval(
- identity_value['groups'])
- except (ValueError, SyntaxError):
- group_names_list = [identity_value['groups']]
+ group_names_list = self._ast_literal_eval(
+ identity_value['groups'])
domain = identity_value['domain']
group_dicts = [{'name': name, 'domain': domain} for name in
group_names_list]
@@ -699,11 +710,8 @@ class RuleProcessor(object):
# group_ids parameter contains only one element, it will be
# parsed as a simple string, and not a list or the
# representation of a list.
- try:
- group_ids.update(
- ast.literal_eval(identity_value['group_ids']))
- except (ValueError, SyntaxError):
- group_ids.update([identity_value['group_ids']])
+ group_ids.update(
+ self._ast_literal_eval(identity_value['group_ids']))
if 'projects' in identity_value:
projects = identity_value['projects']