Fixing mapping schema to allow local user

Mapping to local user was broken since we introduced JSON schema for
mapping. That was because we've never accounted for the "type" attribute
in the "user" object. This patch add it back so that we can map a
remote user to either a local or ephemeral user.

Closes-Bug: 1555403

Change-Id: I7ae69b143e1bdade3e8ea9e2036227c7a38b3b10

1 files changed, 12 insertions, 7 deletions

diff --git a/keystone/federation/utils.py b/keystone/federation/utils.py
index b9dc8f903..18cbf0f28 100644
--- a/keystone/federation/utils.py
+++ b/keystone/federation/utils.py
@@ -29,6 +29,13 @@ CONF = cfg.CONF
 LOG = log.getLogger(__name__)
 
 
+class UserType(object):
+    """User mapping type."""
+
+    EPHEMERAL = 'ephemeral'
+    LOCAL = 'local'
+
+
 MAPPING_SCHEMA = {
     "type": "object",
     "required": ['rules'],
@@ -60,6 +67,11 @@ MAPPING_SCHEMA = {
                                                 "name": {"type": "string"}
                                             },
                                             "additionalProperties": False,
+                                        },
+                                        "type": {
+                                            "type": "string",
+                                            "enum": [UserType.EPHEMERAL,
+                                                     UserType.LOCAL]
                                         }
                                     },
                                     "additionalProperties": False
@@ -412,13 +424,6 @@ def get_assertion_params_from_env(context):
         yield (k, v)
 
 
-class UserType(object):
-    """User mapping type."""
-
-    EPHEMERAL = 'ephemeral'
-    LOCAL = 'local'
-
-
 class RuleProcessor(object):
     """A class to process assertions and mapping rules."""