Rename userAttributes to attributeMappings and make whitelist a list

[#104349358] https://www.pivotaltracker.com/story/show/104349358 Signed-off-by: Leslie Chang <lescha@pivotal.io>
cloudfoundry · Sep 30, 2015 · 3abfcb2 · 3abfcb2
1 parent 24d12a8
commit 3abfcb2
Show file tree

Hide file tree

Showing 8 changed files with 61 additions and 57 deletions.
diff --git a/common/src/main/java/org/cloudfoundry/identity/uaa/ExternalIdentityProviderDefinition.java b/common/src/main/java/org/cloudfoundry/identity/uaa/ExternalIdentityProviderDefinition.java
@@ -1,6 +1,5 @@
 package org.cloudfoundry.identity.uaa;
 
-import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
 
@@ -18,24 +17,24 @@
  *******************************************************************************/
 public class ExternalIdentityProviderDefinition extends AbstractIdentityProviderDefinition {
     public static final String EXTERNAL_GROUPS_WHITELIST = "externalGroupsWhitelist";
-    public static final String USER_ATTRIBUTES = "userAttributes";
+    public static final String ATTRIBUTE_MAPPINGS = "attributeMappings";
 
-    private Map<String, List<String>> externalGroupsWhitelist;
+    private List<String> externalGroupsWhitelist;
-    private Map<String, String> userAttributes;
+    private Map<String, Object> attributeMappings;
 
-    public Map<String, List<String>> getExternalGroupsWhitelist() {
+    public List<String> getExternalGroupsWhitelist() {
         return externalGroupsWhitelist;
     }
 
-    public void setExternalGroupsWhitelist(Map<String, List<String>> externalGroupsWhitelist) {
+    public void setExternalGroupsWhitelist(List<String> externalGroupsWhitelist) {
         this.externalGroupsWhitelist = externalGroupsWhitelist;
     }
 
-    public void setUserAttributes(Map<String, String> userAttributes) {
+    public void setAttributeMappings(Map<String, Object> attributeMappings) {
-        this.userAttributes = userAttributes;
+        this.attributeMappings = attributeMappings;
     }
 
-    public Map<String, String> getUserAttributes() {
+    public Map<String, Object> getAttributeMappings() {
-        return userAttributes;
+        return attributeMappings;
     }
 }
diff --git a/common/src/main/java/org/cloudfoundry/identity/uaa/ldap/LdapIdentityProviderDefinition.java b/common/src/main/java/org/cloudfoundry/identity/uaa/ldap/LdapIdentityProviderDefinition.java
@@ -21,7 +21,6 @@
 import org.springframework.util.StringUtils;
 
 import java.util.HashMap;
-import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
 
@@ -99,10 +98,10 @@ public static LdapIdentityProviderDefinition fromConfig(Map<String,Object> ldapC
             definition.setEmailDomain((List<String>) source.getProperty("emailDomain"));
         }
         if (source.getProperty("externalGroupsWhitelist")!=null) {
-            definition.setExternalGroupsWhitelist((Map<String, List<String>>) source.getProperty("externalGroupsWhitelist"));
+            definition.setExternalGroupsWhitelist((List<String>) source.getProperty("externalGroupsWhitelist"));
         }
-        if (source.getProperty(USER_ATTRIBUTES)!=null) {
+        if (source.getProperty(ATTRIBUTE_MAPPINGS)!=null) {
-            definition.setUserAttributes((Map<String, String>) source.getProperty(USER_ATTRIBUTES));
+            definition.setAttributeMappings((Map<String, Object>) source.getProperty(ATTRIBUTE_MAPPINGS));
         }
 
         definition.setLdapProfileFile((String) source.getProperty("profile.file"));

diff --git a/.../main/java/org/cloudfoundry/identity/uaa/login/saml/SamlIdentityProviderConfigurator.java b/.../main/java/org/cloudfoundry/identity/uaa/login/saml/SamlIdentityProviderConfigurator.java
@@ -38,7 +38,6 @@
 import java.util.Date;
 import java.util.HashMap;
 import java.util.HashSet;
-import java.util.LinkedHashMap;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
@@ -48,7 +47,7 @@
 
 import static org.cloudfoundry.identity.uaa.AbstractIdentityProviderDefinition.EMAIL_DOMAIN_ATTR;
 import static org.cloudfoundry.identity.uaa.ExternalIdentityProviderDefinition.EXTERNAL_GROUPS_WHITELIST;
-import static org.cloudfoundry.identity.uaa.ExternalIdentityProviderDefinition.USER_ATTRIBUTES;
+import static org.cloudfoundry.identity.uaa.ExternalIdentityProviderDefinition.ATTRIBUTE_MAPPINGS;
 
 public class SamlIdentityProviderConfigurator implements InitializingBean {
     private static Log logger = LogFactory.getLog(SamlIdentityProviderConfigurator.class);
@@ -349,8 +348,8 @@ public void setIdentityProviders(Map<String, Map<String, Object>> providers) {
             String iconUrl  = (String)((Map)entry.getValue()).get("iconUrl");
             String zoneId  = (String)((Map)entry.getValue()).get("zoneId");
             List<String> emailDomain = (List<String>) saml.get(EMAIL_DOMAIN_ATTR);
-            Map<String, List<String>> externalGroupsWhitelist = (Map<String, List<String>>) saml.get(EXTERNAL_GROUPS_WHITELIST);
+            List<String> externalGroupsWhitelist = (List<String>) saml.get(EXTERNAL_GROUPS_WHITELIST);
-            Map<String, String> userAttributes = (Map<String, String>) saml.get(USER_ATTRIBUTES);
+            Map<String, Object> attributeMappings = (Map<String, Object>) saml.get(ATTRIBUTE_MAPPINGS);
             SamlIdentityProviderDefinition def = new SamlIdentityProviderDefinition();
             if (alias==null) {
                 throw new IllegalArgumentException("Invalid IDP - alias must not be null ["+metaDataLocation+"]");
@@ -369,7 +368,7 @@ public void setIdentityProviders(Map<String, Map<String, Object>> providers) {
             def.setIconUrl(iconUrl);
             def.setEmailDomain(emailDomain);
             def.setExternalGroupsWhitelist(externalGroupsWhitelist);
-            def.setUserAttributes(userAttributes);
+            def.setAttributeMappings(attributeMappings);
             def.setZoneId(StringUtils.hasText(zoneId) ? zoneId : IdentityZone.getUaa().getId());
             toBeFetchedProviders.add(def);
         }

diff --git a/...rc/main/java/org/cloudfoundry/identity/uaa/login/saml/SamlIdentityProviderDefinition.java b/...rc/main/java/org/cloudfoundry/identity/uaa/login/saml/SamlIdentityProviderDefinition.java
@@ -65,7 +65,7 @@ public SamlIdentityProviderDefinition(String metaDataLocation, String idpEntityA
     public SamlIdentityProviderDefinition(String metaDataLocation, String idpEntityAlias, String nameID, int assertionConsumerIndex,
                                           boolean metadataTrustCheck, boolean showSamlLink, String linkText, String iconUrl,
                                           String zoneId, boolean addShadowUserOnLogin, List<String> emailDomain,
-                                          Map<String, List<String>> externalGroupsWhitelist, Map<String, String> userAttributes) {
+                                          List<String> externalGroupsWhitelist, Map<String, Object> attributeMappings) {
         this.metaDataLocation = metaDataLocation;
         this.idpEntityAlias = idpEntityAlias;
         this.nameID = nameID;
@@ -78,7 +78,7 @@ public SamlIdentityProviderDefinition(String metaDataLocation, String idpEntityA
         this.addShadowUserOnLogin = addShadowUserOnLogin;
         setEmailDomain(emailDomain);
         setExternalGroupsWhitelist(externalGroupsWhitelist);
-        setUserAttributes(userAttributes);
+        setAttributeMappings(attributeMappings);
     }
 
     @JsonIgnore
@@ -217,7 +217,7 @@ public void setAddShadowUserOnLogin(boolean addShadowUserOnLogin) {
     }
 
     public SamlIdentityProviderDefinition clone() {
-        return new SamlIdentityProviderDefinition(metaDataLocation, idpEntityAlias, nameID, assertionConsumerIndex, metadataTrustCheck, showSamlLink, linkText, iconUrl, zoneId, addShadowUserOnLogin, getEmailDomain()!=null ? new ArrayList<>(getEmailDomain()) : null, getExternalGroupsWhitelist()!=null ? new LinkedHashMap(getExternalGroupsWhitelist()) : null, getUserAttributes()!=null ? new HashMap(getUserAttributes()) : null);
+        return new SamlIdentityProviderDefinition(metaDataLocation, idpEntityAlias, nameID, assertionConsumerIndex, metadataTrustCheck, showSamlLink, linkText, iconUrl, zoneId, addShadowUserOnLogin, getEmailDomain()!=null ? new ArrayList<>(getEmailDomain()) : null, getExternalGroupsWhitelist()!=null ? new ArrayList<>(getExternalGroupsWhitelist()) : null, getAttributeMappings()!=null ? new HashMap(getAttributeMappings()) : null);
     }
 
     @Override

diff --git a/common/src/test/java/org/cloudfoundry/identity/uaa/config/IdentityProviderBootstrapTest.java b/common/src/test/java/org/cloudfoundry/identity/uaa/config/IdentityProviderBootstrapTest.java
@@ -32,6 +32,7 @@
 import org.junit.Test;
 import org.springframework.mock.env.MockEnvironment;
 
+import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.HashMap;
 import java.util.LinkedHashMap;
@@ -41,7 +42,7 @@
 
 import static org.cloudfoundry.identity.uaa.AbstractIdentityProviderDefinition.EMAIL_DOMAIN_ATTR;
 import static org.cloudfoundry.identity.uaa.ExternalIdentityProviderDefinition.EXTERNAL_GROUPS_WHITELIST;
-import static org.cloudfoundry.identity.uaa.ExternalIdentityProviderDefinition.USER_ATTRIBUTES;
+import static org.cloudfoundry.identity.uaa.ExternalIdentityProviderDefinition.ATTRIBUTE_MAPPINGS;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotNull;
@@ -81,13 +82,13 @@ public void testLdapBootstrap() throws Exception {
         IdentityProviderBootstrap bootstrap = new IdentityProviderBootstrap(provisioning, new MockEnvironment());
         HashMap<String, Object> ldapConfig = new HashMap<>();
         ldapConfig.put(EMAIL_DOMAIN_ATTR, Arrays.asList("test.domain"));
-        Map<String, List<String>> attrMap = new LinkedHashMap<>();
+        List<String> attrMap = new ArrayList<>();
-        attrMap.put("key", Arrays.asList("value"));
+        attrMap.add("value");
         ldapConfig.put(EXTERNAL_GROUPS_WHITELIST, attrMap);
 
-        Map<String, String> userAttributes = new HashMap<>();
+        Map<String, Object> attributeMappings = new HashMap<>();
-        userAttributes.put("given_name", "first_name");
+        attributeMappings.put("given_name", "first_name");
-        ldapConfig.put(USER_ATTRIBUTES, userAttributes);
+        ldapConfig.put(ATTRIBUTE_MAPPINGS, attributeMappings);
 
         bootstrap.setLdapConfig(ldapConfig);
         bootstrap.afterPropertiesSet();
@@ -98,8 +99,8 @@ public void testLdapBootstrap() throws Exception {
         assertNotNull(ldapProvider.getLastModified());
         assertEquals(Origin.LDAP, ldapProvider.getType());
         assertEquals("test.domain", ldapProvider.getConfigValue(LdapIdentityProviderDefinition.class).getEmailDomain().get(0));
-        assertEquals(Arrays.asList("value"), ldapProvider.getConfigValue(LdapIdentityProviderDefinition.class).getExternalGroupsWhitelist().get("key"));
+        assertEquals(Arrays.asList("value"), ldapProvider.getConfigValue(LdapIdentityProviderDefinition.class).getExternalGroupsWhitelist());
-        assertEquals("first_name", ldapProvider.getConfigValue(LdapIdentityProviderDefinition.class).getUserAttributes().get("given_name"));
+        assertEquals("first_name", ldapProvider.getConfigValue(LdapIdentityProviderDefinition.class).getAttributeMappings().get("given_name"));
     }
 
     @Test
@@ -225,13 +226,14 @@ public void testSamlBootstrap() throws Exception {
         definition.setShowSamlLink(true);
         definition.setMetadataTrustCheck(true);
         definition.setEmailDomain(Arrays.asList("test.domain"));
-        Map<String, List<String>> externalGroupsWhitelist = new LinkedHashMap<>();
+        List<String> externalGroupsWhitelist = new ArrayList<>();
-        externalGroupsWhitelist.put("key", Arrays.asList("value1", "value2"));
+        externalGroupsWhitelist.add("value1");
+        externalGroupsWhitelist.add("value2");
         definition.setExternalGroupsWhitelist(externalGroupsWhitelist);
 
-        Map<String,String> userAttributes = new HashMap<>();
+        Map<String, Object> attributeMappings = new HashMap<>();
-        userAttributes.put("given_name", "first_name");
+        attributeMappings.put("given_name", "first_name");
-        definition.setUserAttributes(userAttributes);
+        definition.setAttributeMappings(attributeMappings);
 
         SamlIdentityProviderConfigurator configurator = mock(SamlIdentityProviderConfigurator.class);
         when(configurator.getIdentityProviderDefinitions()).thenReturn(Arrays.asList(definition));

diff --git a/.../src/test/java/org/cloudfoundry/identity/uaa/ldap/LdapIdentityProviderDefinitionTest.java b/.../src/test/java/org/cloudfoundry/identity/uaa/ldap/LdapIdentityProviderDefinitionTest.java
@@ -22,6 +22,7 @@
 import org.springframework.core.io.Resource;
 
 import java.io.UnsupportedEncodingException;
+import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.HashMap;
 import java.util.LinkedHashMap;
@@ -349,22 +350,22 @@ public void testSetEmailDomain() {
     @Test
     public void set_external_groups_whitelist() {
         LdapIdentityProviderDefinition def = new LdapIdentityProviderDefinition();
-        Map<String, List<String>> externalGroupsWhitelist = new LinkedHashMap<>();
+        List<String> externalGroupsWhitelist = new ArrayList<>();
-        externalGroupsWhitelist.put("key", Arrays.asList("value"));
+        externalGroupsWhitelist.add("value");
         def.setExternalGroupsWhitelist(externalGroupsWhitelist);
-        assertEquals(Arrays.asList("value"), def.getExternalGroupsWhitelist().get("key"));
+        assertEquals(Arrays.asList("value"), def.getExternalGroupsWhitelist());
         def = JsonUtils.readValue(JsonUtils.writeValueAsString(def), LdapIdentityProviderDefinition.class);
-        assertEquals(Arrays.asList("value"), def.getExternalGroupsWhitelist().get("key"));
+        assertEquals(Arrays.asList("value"), def.getExternalGroupsWhitelist());
     }
 
     @Test
     public void set_user_attributes() {
         LdapIdentityProviderDefinition def = new LdapIdentityProviderDefinition();
-        Map<String, String> userAttributes = new HashMap<>();
+        Map<String, Object> attributeMappings = new HashMap<>();
-        userAttributes.put("given_name", "first_name");
+        attributeMappings.put("given_name", "first_name");
-        def.setUserAttributes(userAttributes);
+        def.setAttributeMappings(attributeMappings);
-        assertEquals("first_name", def.getUserAttributes().get("given_name"));
+        assertEquals("first_name", def.getAttributeMappings().get("given_name"));
         def = JsonUtils.readValue(JsonUtils.writeValueAsString(def), LdapIdentityProviderDefinition.class);
-        assertEquals("first_name", def.getUserAttributes().get("given_name"));
+        assertEquals("first_name", def.getAttributeMappings().get("given_name"));
     }
 }
diff --git a/...test/java/org/cloudfoundry/identity/uaa/login/saml/IdentityProviderConfiguratorTests.java b/...test/java/org/cloudfoundry/identity/uaa/login/saml/IdentityProviderConfiguratorTests.java
@@ -34,7 +34,6 @@
 import org.springframework.security.saml.trust.httpclient.TLSProtocolSocketFactory;
 
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
@@ -98,11 +97,12 @@ public static void initializeOpenSAML() throws Exception {
         "       - test.org\n" +
         "       - test.com\n" +
         "      externalGroupsWhitelist:\n" +
-        "        roles:\n" +
+        "       - admin\n" +
-        "          - admin\n" +
+        "       - user\n" +
-        "          - user\n" +
+        "      attributeMappings:\n" +
-        "      userAttributes:\n" +
         "        given_name: first_name\n" +
+        "        external_groups:\n" +
+        "         - roles\n" +
         "    okta-local-2:\n" +
         "      idpMetadata: |\n" +
         "        <?xml version=\"1.0\" encoding=\"UTF-8\"?><md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" entityID=\"http://www.okta.com/k2lw4l5bPODCMIIDBRYZ\"><md:IDPSSODescriptor WantAuthnRequestsSigned=\"true\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"><md:KeyDescriptor use=\"signing\"><ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:X509Data><ds:X509Certificate>MIICmTCCAgKgAwIBAgIGAUPATqmEMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYDVQQGEwJVUzETMBEG\n" +
@@ -338,8 +338,11 @@ protected void testGetIdentityProviderDefinitions(int count, boolean addData) th
                     assertEquals(0, idp.getAssertionConsumerIndex());
                     assertEquals("Okta Preview 1", idp.getLinkText());
                     assertEquals("http://link.to/icon.jpg", idp.getIconUrl());
-                    assertEquals(singletonMap("given_name", "first_name"), idp.getUserAttributes());
+                    Map<String, Object> attributeMappings = new HashMap<>();
-                    assertEquals(singletonMap("roles", asList("admin", "user")), idp.getExternalGroupsWhitelist());
+                    attributeMappings.put("given_name", "first_name");
+                    attributeMappings.put("external_groups", asList("roles"));
+                    assertEquals(attributeMappings, idp.getAttributeMappings());
+                    assertEquals(asList("admin", "user"), idp.getExternalGroupsWhitelist());
                     assertTrue(idp.isShowSamlLink());
                     assertTrue(idp.isMetadataTrustCheck());
                     assertTrue(idp.getEmailDomain().containsAll(asList("test.com", "test.org")));

diff --git a/.../java/org/cloudfoundry/identity/uaa/mock/zones/IdentityProviderEndpointsMockMvcTests.java b/.../java/org/cloudfoundry/identity/uaa/mock/zones/IdentityProviderEndpointsMockMvcTests.java
@@ -41,6 +41,7 @@
 import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder;
 import org.springframework.util.StringUtils;
 
+import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.HashMap;
 import java.util.LinkedHashMap;
@@ -108,12 +109,12 @@ public void testCreateSamlProvider() throws Exception {
         provider.setOriginKey(origin);
         SamlIdentityProviderDefinition samlDefinition = new SamlIdentityProviderDefinition(metadata, null, null, 0, false, true, "Test SAML Provider", null, null);
         samlDefinition.setEmailDomain(Arrays.asList("test.com", "test2.com"));
-        Map<String,List<String>> externalGroupsWhitelist = new LinkedHashMap<>();
+        List<String> externalGroupsWhitelist = new ArrayList<>();
-        externalGroupsWhitelist.put("key", Arrays.asList("value"));
+        externalGroupsWhitelist.add("value");
-        Map<String,String> userAttributes = new HashMap<>();
+        Map<String, Object> attributeMappings = new HashMap<>();
-        userAttributes.put("given_name", "first_name");
+        attributeMappings.put("given_name", "first_name");
         samlDefinition.setExternalGroupsWhitelist(externalGroupsWhitelist);
-        samlDefinition.setUserAttributes(userAttributes);
+        samlDefinition.setAttributeMappings(attributeMappings);
 
         provider.setConfig(JsonUtils.writeValueAsString(samlDefinition));
 
@@ -123,7 +124,7 @@ public void testCreateSamlProvider() throws Exception {
         SamlIdentityProviderDefinition samlCreated = created.getConfigValue(SamlIdentityProviderDefinition.class);
         assertEquals(Arrays.asList("test.com", "test2.com"), samlCreated.getEmailDomain());
         assertEquals(externalGroupsWhitelist, samlCreated.getExternalGroupsWhitelist());
-        assertEquals(userAttributes, samlCreated.getUserAttributes());
+        assertEquals(attributeMappings, samlCreated.getAttributeMappings());
         assertEquals(IdentityZone.getUaa().getId(), samlCreated.getZoneId());
         assertEquals(provider.getOriginKey(), samlCreated.getIdpEntityAlias());
     }