Handle federated tokens

Federated tokens don't include domains in the user object. Keystoneclient should be able to estimate whether the token is a federated one and, if so, don't expect user domain information. In case of the federated token keystoneclient returns None in response to user_domain_name and user_domain_id calls. Co-Authored-By: Steve Martinelli <stevemar@ca.ibm.com> Closes-Bug: #1346820 Change-Id: I3453275fa1b0a41b1c015b0c3a92895a77d69a41
author: Marek Denis <marek.denis@cern.ch> 2014-09-12 17:24:59 +0200
committer: Steve Martinelli <stevemar@ca.ibm.com> 2014-09-17 15:46:49 -0400
commit: 7006f9b0088eb1828f4da24b62e306b37eef79d2 (patch)
tree: 789acbf1a5da4fd4e6ee0a546e8032b5e165d98a /keystoneclient/fixture
parent: 3305c7be4b726de4dcc889006d0be30eb46d3ad9 (diff)
download: python-keystoneclient-7006f9b0088eb1828f4da24b62e306b37eef79d2.tar.gz
2 files changed, 30 insertions, 0 deletions
diff --git a/keystoneclient/fixture/__init__.py b/keystoneclient/fixture/__init__.py
index faece1e..ad93704 100644
--- a/keystoneclient/fixture/__init__.py
+++ b/keystoneclient/fixture/__init__.py
@@ -25,6 +25,7 @@ from keystoneclient.fixture.discovery import *  # noqa
 from keystoneclient.fixture.exception import FixtureValidationError  # noqa
 from keystoneclient.fixture.v2 import Token as V2Token  # noqa
 from keystoneclient.fixture.v3 import Token as V3Token  # noqa
+from keystoneclient.fixture.v3 import V3FederationToken  # noqa
 
 __all__ = ['DiscoveryList',
            'FixtureValidationError',
@@ -32,4 +33,5 @@ __all__ = ['DiscoveryList',
            'V3Discovery',
            'V2Token',
            'V3Token',
+           'V3FederationToken',
            ]
diff --git a/keystoneclient/fixture/v3.py b/keystoneclient/fixture/v3.py
index 18286e3..e40b314 100644
--- a/keystoneclient/fixture/v3.py
+++ b/keystoneclient/fixture/v3.py
@@ -352,3 +352,31 @@ class Token(dict):
     def set_oauth(self, access_token_id=None, consumer_id=None):
         self.oauth_access_token_id = access_token_id or uuid.uuid4().hex
         self.oauth_consumer_id = consumer_id or uuid.uuid4().hex
+
+
+class V3FederationToken(Token):
+    """A V3 Keystone Federation token that can be used for testing.
+
+    Similar to V3Token, this object is designed to allow clients to generate
+    a correct V3 federation token for use in test code.
+    """
+
+    def __init__(self, methods=None, identity_provider=None, protocol=None,
+                 groups=None):
+        methods = methods or ['saml2']
+        super(V3FederationToken, self).__init__(methods=methods)
+        # NOTE(stevemar): Federated tokens do not have a domain for the user
+        del self._user['domain']
+        self.add_federation_info_to_user(identity_provider, protocol, groups)
+
+    def add_federation_info_to_user(self, identity_provider=None,
+                                    protocol=None, groups=None):
+        data = {
+            "OS-FEDERATION": {
+                "identity_provider": identity_provider or uuid.uuid4().hex,
+                "protocol": protocol or uuid.uuid4().hex,
+                "groups": groups or [{"id": uuid.uuid4().hex}]
+            }
+        }
+        self._user.update(data)
+        return data
author	Marek Denis <marek.denis@cern.ch>	2014-09-12 17:24:59 +0200
committer	Steve Martinelli <stevemar@ca.ibm.com>	2014-09-17 15:46:49 -0400
commit	7006f9b0088eb1828f4da24b62e306b37eef79d2 (patch)
tree	789acbf1a5da4fd4e6ee0a546e8032b5e165d98a /keystoneclient/fixture
parent	3305c7be4b726de4dcc889006d0be30eb46d3ad9 (diff)
download	python-keystoneclient-7006f9b0088eb1828f4da24b62e306b37eef79d2.tar.gz