1 files changed, 23 insertions, 0 deletions

diff --git a/keystone-moon/keystone/tests/unit/contrib/federation/test_utils.py b/keystone-moon/keystone/tests/unit/contrib/federation/test_utils.py
index a8b4ae76..5804f1c0 100644
--- a/keystone-moon/keystone/tests/unit/contrib/federation/test_utils.py
+++ b/keystone-moon/keystone/tests/unit/contrib/federation/test_utils.py
@@ -10,6 +10,7 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 
+import uuid
 
 from keystone.auth.plugins import mapped
 from keystone.contrib.federation import utils as mapping_utils
@@ -609,3 +610,25 @@ class MappingRuleEngineTests(unit.BaseTestCase):
             self.assertEqual(exp_user_name, mapped_properties['user']['name'])
             self.assertEqual('abc123%40example.com',
                              mapped_properties['user']['id'])
+
+    def test_whitelist_pass_through(self):
+        mapping = mapping_fixtures.MAPPING_GROUPS_WHITELIST_PASS_THROUGH
+        rp = mapping_utils.RuleProcessor(mapping['rules'])
+        assertion = mapping_fixtures.DEVELOPER_ASSERTION
+        mapped_properties = rp.process(assertion)
+        self.assertValidMappedUserObject(mapped_properties)
+
+        self.assertEqual('developacct', mapped_properties['user']['name'])
+        self.assertEqual('Developer',
+                         mapped_properties['group_names'][0]['name'])
+
+    def test_type_not_in_assertion(self):
+        """Test that if the remote "type" is not in the assertion it fails."""
+        mapping = mapping_fixtures.MAPPING_GROUPS_WHITELIST_PASS_THROUGH
+        rp = mapping_utils.RuleProcessor(mapping['rules'])
+        assertion = {uuid.uuid4().hex: uuid.uuid4().hex}
+        mapped_properties = rp.process(assertion)
+        self.assertValidMappedUserObject(mapped_properties)
+
+        self.assertNotIn('id', mapped_properties['user'])
+        self.assertNotIn('name', mapped_properties['user'])