summaryrefslogtreecommitdiff
path: root/keystone/tests/unit/test_v3_federation.py
diff options
context:
space:
mode:
Diffstat (limited to 'keystone/tests/unit/test_v3_federation.py')
-rw-r--r--keystone/tests/unit/test_v3_federation.py37
1 files changed, 30 insertions, 7 deletions
diff --git a/keystone/tests/unit/test_v3_federation.py b/keystone/tests/unit/test_v3_federation.py
index 804320a27..c332bb6d8 100644
--- a/keystone/tests/unit/test_v3_federation.py
+++ b/keystone/tests/unit/test_v3_federation.py
@@ -3817,6 +3817,8 @@ class SAMLGenerationTests(test_v3.RestfulTestCase):
ROLES = ['admin', 'member']
PROJECT = 'development'
PROJECT_DOMAIN = 'project_domain'
+ GROUPS = ['JSON:{"name":"group1","domain":{"name":"Default"}}',
+ 'JSON:{"name":"group2","domain":{"name":"Default"}}']
SAML_GENERATION_ROUTE = '/auth/OS-FEDERATION/saml2'
ECP_GENERATION_ROUTE = '/auth/OS-FEDERATION/saml2/ecp'
ASSERTION_VERSION = "2.0"
@@ -3848,7 +3850,8 @@ class SAMLGenerationTests(test_v3.RestfulTestCase):
self.SUBJECT,
self.SUBJECT_DOMAIN,
self.ROLES, self.PROJECT,
- self.PROJECT_DOMAIN)
+ self.PROJECT_DOMAIN,
+ self.GROUPS)
assertion = response.assertion
self.assertIsNotNone(assertion)
@@ -3878,6 +3881,10 @@ class SAMLGenerationTests(test_v3.RestfulTestCase):
self.assertEqual(self.PROJECT_DOMAIN,
project_domain_attribute.attribute_value[0].text)
+ group_attribute = assertion.attribute_statement[0].attribute[5]
+ for attribute_value in group_attribute.attribute_value:
+ self.assertIn(attribute_value.text, self.GROUPS)
+
def test_comma_in_certfile_path(self):
self.config_fixture.config(
group='saml',
@@ -3892,7 +3899,8 @@ class SAMLGenerationTests(test_v3.RestfulTestCase):
self.SUBJECT_DOMAIN,
self.ROLES,
self.PROJECT,
- self.PROJECT_DOMAIN)
+ self.PROJECT_DOMAIN,
+ self.GROUPS)
def test_comma_in_keyfile_path(self):
self.config_fixture.config(
@@ -3908,7 +3916,8 @@ class SAMLGenerationTests(test_v3.RestfulTestCase):
self.SUBJECT_DOMAIN,
self.ROLES,
self.PROJECT,
- self.PROJECT_DOMAIN)
+ self.PROJECT_DOMAIN,
+ self.GROUPS)
def test_verify_assertion_object(self):
"""Test that the Assertion object is built properly.
@@ -3924,7 +3933,8 @@ class SAMLGenerationTests(test_v3.RestfulTestCase):
self.SUBJECT,
self.SUBJECT_DOMAIN,
self.ROLES, self.PROJECT,
- self.PROJECT_DOMAIN)
+ self.PROJECT_DOMAIN,
+ self.GROUPS)
assertion = response.assertion
self.assertEqual(self.ASSERTION_VERSION, assertion.version)
@@ -3943,7 +3953,8 @@ class SAMLGenerationTests(test_v3.RestfulTestCase):
self.SUBJECT,
self.SUBJECT_DOMAIN,
self.ROLES, self.PROJECT,
- self.PROJECT_DOMAIN)
+ self.PROJECT_DOMAIN,
+ self.GROUPS)
saml_str = response.to_string()
response = etree.fromstring(saml_str)
@@ -3969,6 +3980,10 @@ class SAMLGenerationTests(test_v3.RestfulTestCase):
project_domain_attribute = assertion[4][4]
self.assertEqual(self.PROJECT_DOMAIN, project_domain_attribute[0].text)
+ group_attribute = assertion[4][5]
+ for attribute_value in group_attribute:
+ self.assertIn(attribute_value.text, self.GROUPS)
+
def test_assertion_using_explicit_namespace_prefixes(self):
def mocked_subprocess_check_output(*popenargs, **kwargs):
# the last option is the assertion file to be signed
@@ -3987,7 +4002,8 @@ class SAMLGenerationTests(test_v3.RestfulTestCase):
self.SUBJECT,
self.SUBJECT_DOMAIN,
self.ROLES, self.PROJECT,
- self.PROJECT_DOMAIN)
+ self.PROJECT_DOMAIN,
+ self.GROUPS)
assertion_xml = response.assertion.to_string()
# The expected values in the assertions bellow need to be 'str' in
# Python 2 and 'bytes' in Python 3
@@ -4016,7 +4032,8 @@ class SAMLGenerationTests(test_v3.RestfulTestCase):
response = generator.samlize_token(self.ISSUER, self.RECIPIENT,
self.SUBJECT, self.SUBJECT_DOMAIN,
self.ROLES, self.PROJECT,
- self.PROJECT_DOMAIN)
+ self.PROJECT_DOMAIN,
+ self.GROUPS)
signature = response.assertion.signature
self.assertIsNotNone(signature)
@@ -4131,6 +4148,9 @@ class SAMLGenerationTests(test_v3.RestfulTestCase):
project_domain_attribute = assertion[4][4]
self.assertIsInstance(project_domain_attribute[0].text, str)
+ group_attribute = assertion[4][5]
+ self.assertIsInstance(group_attribute[0].text, str)
+
def test_invalid_scope_body(self):
"""Test that missing the scope in request body raises an exception.
@@ -4246,6 +4266,9 @@ class SAMLGenerationTests(test_v3.RestfulTestCase):
project_domain_attribute = assertion[4][4]
self.assertIsInstance(project_domain_attribute[0].text, str)
+ group_attribute = assertion[4][5]
+ self.assertIsInstance(group_attribute[0].text, str)
+
@mock.patch('saml2.create_class_from_xml_string')
@mock.patch('oslo_utils.fileutils.write_to_tempfile')
@mock.patch.object(subprocess, 'check_output')
View Lorry Controller Status