From 92d11d139e9f76d4fd76859aea78643fc32ef36b Mon Sep 17 00:00:00 2001
From: asteroide <thomas.duval@orange.com>
Date: Thu, 24 Sep 2015 16:27:16 +0200
Subject: Update Keystone code from repository.

Change-Id: Ib3d0a06b10902fcc6d520f58e85aa617bc326d00
---
 .../tests/unit/contrib/federation/test_utils.py    | 23 ++++++++++++++++++++++
 1 file changed, 23 insertions(+)

(limited to 'keystone-moon/keystone/tests/unit/contrib')

diff --git a/keystone-moon/keystone/tests/unit/contrib/federation/test_utils.py b/keystone-moon/keystone/tests/unit/contrib/federation/test_utils.py
index a8b4ae76..5804f1c0 100644
--- a/keystone-moon/keystone/tests/unit/contrib/federation/test_utils.py
+++ b/keystone-moon/keystone/tests/unit/contrib/federation/test_utils.py
@@ -10,6 +10,7 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 
+import uuid
 
 from keystone.auth.plugins import mapped
 from keystone.contrib.federation import utils as mapping_utils
@@ -609,3 +610,25 @@ class MappingRuleEngineTests(unit.BaseTestCase):
             self.assertEqual(exp_user_name, mapped_properties['user']['name'])
             self.assertEqual('abc123%40example.com',
                              mapped_properties['user']['id'])
+
+    def test_whitelist_pass_through(self):
+        mapping = mapping_fixtures.MAPPING_GROUPS_WHITELIST_PASS_THROUGH
+        rp = mapping_utils.RuleProcessor(mapping['rules'])
+        assertion = mapping_fixtures.DEVELOPER_ASSERTION
+        mapped_properties = rp.process(assertion)
+        self.assertValidMappedUserObject(mapped_properties)
+
+        self.assertEqual('developacct', mapped_properties['user']['name'])
+        self.assertEqual('Developer',
+                         mapped_properties['group_names'][0]['name'])
+
+    def test_type_not_in_assertion(self):
+        """Test that if the remote "type" is not in the assertion it fails."""
+        mapping = mapping_fixtures.MAPPING_GROUPS_WHITELIST_PASS_THROUGH
+        rp = mapping_utils.RuleProcessor(mapping['rules'])
+        assertion = {uuid.uuid4().hex: uuid.uuid4().hex}
+        mapped_properties = rp.process(assertion)
+        self.assertValidMappedUserObject(mapped_properties)
+
+        self.assertNotIn('id', mapped_properties['user'])
+        self.assertNotIn('name', mapped_properties['user'])
-- 
cgit 1.2.3-korg