"Fossies" - the Fresh Open Source Software Archive

Member "keystone-17.0.0/keystone/tests/unit/mapping_fixtures.py" (13 May 2020, 42043 Bytes) of package /linux/misc/openstack/keystone-17.0.0.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Python source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "mapping_fixtures.py": 16.0.1_vs_17.0.0.

    1 # -*- coding: utf-8 -*-
    2 
    3 # Licensed under the Apache License, Version 2.0 (the "License"); you may
    4 # not use this file except in compliance with the License. You may obtain
    5 # a copy of the License at
    6 #
    7 #      http://www.apache.org/licenses/LICENSE-2.0
    8 #
    9 # Unless required by applicable law or agreed to in writing, software
   10 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
   11 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
   12 # License for the specific language governing permissions and limitations
   13 # under the License.
   14 
   15 """Fixtures for Federation Mapping."""
   16 
   17 
   18 EMPLOYEE_GROUP_ID = "0cd5e9"
   19 CONTRACTOR_GROUP_ID = "85a868"
   20 TESTER_GROUP_ID = "123"
   21 TESTER_GROUP_NAME = "tester"
   22 DEVELOPER_GROUP_ID = "xyz"
   23 DEVELOPER_GROUP_NAME = "Developer"
   24 CONTRACTOR_GROUP_NAME = "Contractor"
   25 DEVELOPER_GROUP_DOMAIN_NAME = "outsourcing"
   26 DEVELOPER_GROUP_DOMAIN_ID = "5abc43"
   27 FEDERATED_DOMAIN = "Federated"
   28 LOCAL_DOMAIN = "Local"
   29 
   30 # Mapping summary:
   31 # LastName Smith & Not Contractor or SubContractor -> group 0cd5e9
   32 # FirstName Jill & Contractor or SubContractor -> to group 85a868
   33 MAPPING_SMALL = {
   34     "rules": [
   35         {
   36             "local": [
   37                 {
   38                     "group": {
   39                         "id": EMPLOYEE_GROUP_ID
   40                     }
   41                 },
   42                 {
   43                     "user": {
   44                         "name": "{0}"
   45                     }
   46                 }
   47             ],
   48             "remote": [
   49                 {
   50                     "type": "UserName"
   51                 },
   52                 {
   53                     "type": "orgPersonType",
   54                     "not_any_of": [
   55                         "Contractor",
   56                         "SubContractor"
   57                     ]
   58                 },
   59                 {
   60                     "type": "LastName",
   61                     "any_one_of": [
   62                         "Bo"
   63                     ]
   64                 }
   65             ]
   66         },
   67         {
   68             "local": [
   69                 {
   70                     "group": {
   71                         "id": CONTRACTOR_GROUP_ID
   72                     }
   73                 },
   74                 {
   75                     "user": {
   76                         "name": "{0}"
   77                     }
   78                 }
   79             ],
   80             "remote": [
   81                 {
   82                     "type": "UserName"
   83                 },
   84                 {
   85                     "type": "orgPersonType",
   86                     "any_one_of": [
   87                         "Contractor",
   88                         "SubContractor"
   89                     ]
   90                 },
   91                 {
   92                     "type": "FirstName",
   93                     "any_one_of": [
   94                         "Jill"
   95                     ]
   96                 }
   97             ]
   98         }
   99     ]
  100 }
  101 
  102 # Mapping summary:
  103 # orgPersonType Admin or Big Cheese -> name {0} {1} email {2} and group 0cd5e9
  104 # orgPersonType Customer -> user name {0} email {1}
  105 # orgPersonType Test and email ^@example.com$ -> group 123 and xyz
  106 MAPPING_LARGE = {
  107     "rules": [
  108         {
  109             "local": [
  110                 {
  111                     "user": {
  112                         "name": "{0} {1}",
  113                         "email": "{2}"
  114                     },
  115                     "group": {
  116                         "id": EMPLOYEE_GROUP_ID
  117                     }
  118                 }
  119             ],
  120             "remote": [
  121                 {
  122                     "type": "FirstName"
  123                 },
  124                 {
  125                     "type": "LastName"
  126                 },
  127                 {
  128                     "type": "Email"
  129                 },
  130                 {
  131                     "type": "orgPersonType",
  132                     "any_one_of": [
  133                         "Admin",
  134                         "Big Cheese"
  135                     ]
  136                 }
  137             ]
  138         },
  139         {
  140             "local": [
  141                 {
  142                     "user": {
  143                         "name": "{0}",
  144                         "email": "{1}"
  145                     }
  146                 }
  147             ],
  148             "remote": [
  149                 {
  150                     "type": "UserName"
  151                 },
  152                 {
  153                     "type": "Email"
  154                 },
  155                 {
  156                     "type": "orgPersonType",
  157                     "not_any_of": [
  158                         "Admin",
  159                         "Employee",
  160                         "Contractor",
  161                         "Tester"
  162                     ]
  163                 }
  164             ]
  165         },
  166         {
  167             "local": [
  168                 {
  169                     "group": {
  170                         "id": TESTER_GROUP_ID
  171                     }
  172                 },
  173                 {
  174                     "group": {
  175                         "id": DEVELOPER_GROUP_ID
  176                     }
  177                 },
  178                 {
  179                     "user": {
  180                         "name": "{0}"
  181                     }
  182                 }
  183             ],
  184             "remote": [
  185                 {
  186                     "type": "UserName"
  187                 },
  188                 {
  189                     "type": "orgPersonType",
  190                     "any_one_of": [
  191                         "Tester"
  192                     ]
  193                 },
  194                 {
  195                     "type": "Email",
  196                     "any_one_of": [
  197                         ".*@example.com$"
  198                     ],
  199                     "regex": True
  200                 }
  201             ]
  202         }
  203     ]
  204 }
  205 
  206 MAPPING_BAD_REQ = {
  207     "rules": [
  208         {
  209             "local": [
  210                 {
  211                     "user": "name"
  212                 }
  213             ],
  214             "remote": [
  215                 {
  216                     "type": "UserName",
  217                     "bad_requirement": [
  218                         "Young"
  219                     ]
  220                 }
  221             ]
  222         }
  223     ]
  224 }
  225 
  226 MAPPING_BAD_VALUE = {
  227     "rules": [
  228         {
  229             "local": [
  230                 {
  231                     "user": "name"
  232                 }
  233             ],
  234             "remote": [
  235                 {
  236                     "type": "UserName",
  237                     "any_one_of": "should_be_list"
  238                 }
  239             ]
  240         }
  241     ]
  242 }
  243 
  244 MAPPING_NO_RULES = {
  245     'rules': []
  246 }
  247 
  248 MAPPING_NO_REMOTE = {
  249     "rules": [
  250         {
  251             "local": [
  252                 {
  253                     "user": "name"
  254                 }
  255             ],
  256             "remote": []
  257         }
  258     ]
  259 }
  260 
  261 MAPPING_MISSING_LOCAL = {
  262     "rules": [
  263         {
  264             "remote": [
  265                 {
  266                     "type": "UserName",
  267                     "any_one_of": "should_be_list"
  268                 }
  269             ]
  270         }
  271     ]
  272 }
  273 
  274 MAPPING_WRONG_TYPE = {
  275     "rules": [
  276         {
  277             "local": [
  278                 {
  279                     "user": "{1}"
  280                 }
  281             ],
  282             "remote": [
  283                 {
  284                     "not_type": "UserName"
  285                 }
  286             ]
  287         }
  288     ]
  289 }
  290 
  291 MAPPING_MISSING_TYPE = {
  292     "rules": [
  293         {
  294             "local": [
  295                 {
  296                     "user": "{1}"
  297                 }
  298             ],
  299             "remote": [
  300                 {}
  301             ]
  302         }
  303     ]
  304 }
  305 
  306 MAPPING_EXTRA_REMOTE_PROPS_NOT_ANY_OF = {
  307     "rules": [
  308         {
  309             "local": [
  310                 {
  311                     "group": {
  312                         "id": "0cd5e9"
  313                     }
  314                 },
  315                 {
  316                     "user": {
  317                         "name": "{0}"
  318                     }
  319                 }
  320             ],
  321             "remote": [
  322                 {
  323                     "type": "UserName"
  324                 },
  325                 {
  326                     "type": "orgPersonType",
  327                     "not_any_of": [
  328                         "SubContractor"
  329                     ],
  330                     "invalid_type": "xyz"
  331                 }
  332             ]
  333         }
  334     ]
  335 }
  336 
  337 MAPPING_EXTRA_REMOTE_PROPS_ANY_ONE_OF = {
  338     "rules": [
  339         {
  340             "local": [
  341                 {
  342                     "group": {
  343                         "id": "0cd5e9"
  344                     }
  345                 },
  346                 {
  347                     "user": {
  348                         "name": "{0}"
  349                     }
  350                 }
  351             ],
  352             "remote": [
  353                 {
  354                     "type": "UserName"
  355                 },
  356                 {
  357                     "type": "orgPersonType",
  358                     "any_one_of": [
  359                         "SubContractor"
  360                     ],
  361                     "invalid_type": "xyz"
  362                 }
  363             ]
  364         }
  365     ]
  366 }
  367 
  368 MAPPING_EXTRA_REMOTE_PROPS_JUST_TYPE = {
  369     "rules": [
  370         {
  371             "local": [
  372                 {
  373                     "group": {
  374                         "id": "0cd5e9"
  375                     }
  376                 },
  377                 {
  378                     "user": {
  379                         "name": "{0}"
  380                     }
  381                 }
  382             ],
  383             "remote": [
  384                 {
  385                     "type": "UserName"
  386                 },
  387                 {
  388                     "type": "orgPersonType",
  389                     "invalid_type": "xyz"
  390                 }
  391             ]
  392         }
  393     ]
  394 }
  395 
  396 MAPPING_EXTRA_RULES_PROPS = {
  397     "rules": [
  398         {
  399             "local": [
  400                 {
  401                     "group": {
  402                         "id": "0cd5e9"
  403                     }
  404                 },
  405                 {
  406                     "user": {
  407                         "name": "{0}"
  408                     }
  409                 }
  410             ],
  411             "invalid_type": {
  412                 "id": "xyz",
  413             },
  414             "remote": [
  415                 {
  416                     "type": "UserName"
  417                 },
  418                 {
  419                     "type": "orgPersonType",
  420                     "not_any_of": [
  421                         "SubContractor"
  422                     ]
  423                 }
  424             ]
  425         }
  426     ]
  427 }
  428 
  429 MAPPING_TESTER_REGEX = {
  430     "rules": [
  431         {
  432             "local": [
  433                 {
  434                     "user": {
  435                         "name": "{0}",
  436                     }
  437                 }
  438             ],
  439             "remote": [
  440                 {
  441                     "type": "UserName"
  442                 }
  443             ]
  444         },
  445         {
  446             "local": [
  447                 {
  448                     "group": {
  449                         "id": TESTER_GROUP_ID
  450                     }
  451                 }
  452             ],
  453             "remote": [
  454                 {
  455                     "type": "orgPersonType",
  456                     "any_one_of": [
  457                         ".*Tester*"
  458                     ],
  459                     "regex": True
  460                 }
  461             ]
  462         }
  463     ]
  464 }
  465 
  466 
  467 MAPPING_DIRECT_MAPPING_THROUGH_KEYWORD = {
  468     "rules": [
  469         {
  470             "local": [
  471                 {
  472                     "user": {
  473                         "name": "{0}",
  474                     }
  475 
  476                 },
  477                 {
  478                     "group": {
  479                         "id": TESTER_GROUP_ID
  480                     }
  481                 }
  482             ],
  483             "remote": [
  484                 {
  485                     "type": "UserName",
  486                     "any_one_of": [
  487                         "bwilliams"
  488                     ]
  489                 }
  490             ]
  491         }
  492     ]
  493 }
  494 
  495 MAPPING_DEVELOPER_REGEX = {
  496     "rules": [
  497         {
  498             "local": [
  499                 {
  500                     "user": {
  501                         "name": "{0}",
  502                     },
  503                     "group": {
  504                         "id": DEVELOPER_GROUP_ID
  505                     }
  506                 }
  507             ],
  508             "remote": [
  509                 {
  510                     "type": "UserName"
  511                 },
  512                 {
  513                     "type": "orgPersonType",
  514                     "any_one_of": [
  515                         "Developer"
  516                     ],
  517                 },
  518                 {
  519                     "type": "Email",
  520                     "not_any_of": [
  521                         ".*@example.org$"
  522                     ],
  523                     "regex": True
  524                 }
  525             ]
  526         }
  527     ]
  528 }
  529 
  530 MAPPING_GROUP_NAMES = {
  531 
  532     "rules": [
  533         {
  534             "local": [
  535                 {
  536                     "user": {
  537                         "name": "{0}",
  538                     }
  539                 }
  540             ],
  541             "remote": [
  542                 {
  543                     "type": "UserName"
  544                 }
  545             ]
  546         },
  547         {
  548             "local": [
  549                 {
  550                     "group": {
  551                         "name": DEVELOPER_GROUP_NAME,
  552                         "domain": {
  553                             "name": DEVELOPER_GROUP_DOMAIN_NAME
  554                         }
  555                     }
  556                 }
  557             ],
  558             "remote": [
  559                 {
  560                     "type": "orgPersonType",
  561                     "any_one_of": [
  562                         "Employee"
  563                     ],
  564                 }
  565             ]
  566         },
  567         {
  568             "local": [
  569                 {
  570                     "group": {
  571                         "name": TESTER_GROUP_NAME,
  572                         "domain": {
  573                             "id": DEVELOPER_GROUP_DOMAIN_ID
  574                         }
  575                     }
  576                 }
  577             ],
  578             "remote": [
  579                 {
  580                     "type": "orgPersonType",
  581                     "any_one_of": [
  582                         "BuildingX"
  583                     ]
  584                 }
  585             ]
  586         },
  587     ]
  588 }
  589 
  590 MAPPING_GROUP_NAME_WITHOUT_DOMAIN = {
  591 
  592     "rules": [
  593         {
  594             "local": [
  595                 {
  596                     "group": {
  597                         "name": DEVELOPER_GROUP_NAME,
  598                     }
  599                 }
  600             ],
  601             "remote": [
  602                 {
  603                     "type": "orgPersonType",
  604                     "any_one_of": [
  605                         "Employee"
  606                     ],
  607                 }
  608             ]
  609         },
  610     ]
  611 }
  612 
  613 MAPPING_GROUP_ID_WITH_DOMAIN = {
  614 
  615     "rules": [
  616         {
  617             "local": [
  618                 {
  619                     "group": {
  620                         "id": EMPLOYEE_GROUP_ID,
  621                         "domain": {
  622                             "id": DEVELOPER_GROUP_DOMAIN_ID
  623                         }
  624                     }
  625                 }
  626             ],
  627             "remote": [
  628                 {
  629                     "type": "orgPersonType",
  630                     "any_one_of": [
  631                         "Employee"
  632                     ],
  633                 }
  634             ]
  635         },
  636     ]
  637 }
  638 
  639 MAPPING_BAD_GROUP = {
  640 
  641     "rules": [
  642         {
  643             "local": [
  644                 {
  645                     "group": {
  646                     }
  647                 }
  648             ],
  649             "remote": [
  650                 {
  651                     "type": "orgPersonType",
  652                     "any_one_of": [
  653                         "Employee"
  654                     ],
  655                 }
  656             ]
  657         },
  658     ]
  659 }
  660 
  661 MAPPING_BAD_DOMAIN = {
  662 
  663     "rules": [
  664         {
  665             "local": [
  666                 {
  667                     "group": {
  668                         "id": EMPLOYEE_GROUP_ID,
  669                         "domain": {
  670                             "id": DEVELOPER_GROUP_DOMAIN_ID,
  671                             "badkey": "badvalue"
  672                         }
  673                     }
  674                 }
  675             ],
  676             "remote": [
  677                 {
  678                     "type": "orgPersonType",
  679                     "any_one_of": [
  680                         "Employee"
  681                     ],
  682                 }
  683             ]
  684         },
  685     ]
  686 }
  687 
  688 MAPPING_EPHEMERAL_USER = {
  689     "rules": [
  690         {
  691             "local": [
  692                 {
  693                     "user": {
  694                         "name": "{0}",
  695                         "domain": {
  696                             "id": FEDERATED_DOMAIN
  697                         },
  698                         "type": "ephemeral"
  699                     }
  700                 }
  701             ],
  702             "remote": [
  703                 {
  704                     "type": "UserName"
  705                 },
  706                 {
  707                     "type": "UserName",
  708                     "any_one_of": [
  709                         "tbo"
  710                     ]
  711                 }
  712             ]
  713         }
  714     ]
  715 }
  716 
  717 MAPPING_GROUPS_WHITELIST = {
  718     "rules": [
  719         {
  720             "remote": [
  721                 {
  722                     "type": "orgPersonType",
  723                     "whitelist": [
  724                         "Developer", "Contractor"
  725                     ]
  726                 },
  727                 {
  728                     "type": "UserName"
  729                 }
  730             ],
  731             "local": [
  732                 {
  733                     "groups": "{0}",
  734                     "domain": {
  735                         "id": DEVELOPER_GROUP_DOMAIN_ID
  736                     }
  737                 },
  738                 {
  739                     "user": {
  740                         "name": "{1}"
  741                     }
  742                 }
  743             ]
  744         }
  745     ]
  746 }
  747 
  748 MAPPING_EPHEMERAL_USER_LOCAL_DOMAIN = {
  749     "rules": [
  750         {
  751             "local": [
  752                 {
  753                     "user": {
  754                         "name": "{0}",
  755                         "domain": {
  756                             "id": LOCAL_DOMAIN
  757                         },
  758                         "type": "ephemeral"
  759                     }
  760                 }
  761             ],
  762             "remote": [
  763                 {
  764                     "type": "UserName"
  765                 },
  766                 {
  767                     "type": "UserName",
  768                     "any_one_of": [
  769                         "jsmith"
  770                     ]
  771                 }
  772             ]
  773         }
  774     ]
  775 }
  776 
  777 MAPPING_GROUPS_WHITELIST_MISSING_DOMAIN = {
  778     "rules": [
  779         {
  780             "remote": [
  781                 {
  782                     "type": "orgPersonType",
  783                     "whitelist": [
  784                         "Developer", "Contractor"
  785                     ]
  786                 },
  787             ],
  788             "local": [
  789                 {
  790                     "groups": "{0}",
  791                 }
  792             ]
  793         }
  794     ]
  795 }
  796 
  797 MAPPING_LOCAL_USER_LOCAL_DOMAIN = {
  798     "rules": [
  799         {
  800             "local": [
  801                 {
  802                     "user": {
  803                         "name": "{0}",
  804                         "domain": {
  805                             "id": LOCAL_DOMAIN
  806                         },
  807                         "type": "local"
  808                     }
  809                 }
  810             ],
  811             "remote": [
  812                 {
  813                     "type": "UserName"
  814                 },
  815                 {
  816                     "type": "UserName",
  817                     "any_one_of": [
  818                         "jsmith"
  819                     ]
  820                 }
  821             ]
  822         }
  823     ]
  824 }
  825 
  826 MAPPING_GROUPS_BLACKLIST_MULTIPLES = {
  827     "rules": [
  828         {
  829             "remote": [
  830                 {
  831                     "type": "orgPersonType",
  832                     "blacklist": [
  833                         "Developer", "Manager"
  834                     ]
  835                 },
  836                 {
  837                     "type": "Thing"  # this could be variable length!
  838                 },
  839                 {
  840                     "type": "UserName"
  841                 },
  842             ],
  843             "local": [
  844                 {
  845                     "groups": "{0}",
  846                     "domain": {
  847                         "id": DEVELOPER_GROUP_DOMAIN_ID
  848                     }
  849                 },
  850                 {
  851                     "user": {
  852                         "name": "{2}",
  853                     }
  854                 }
  855             ]
  856         }
  857     ]
  858 }
  859 MAPPING_GROUPS_BLACKLIST = {
  860     "rules": [
  861         {
  862             "remote": [
  863                 {
  864                     "type": "orgPersonType",
  865                     "blacklist": [
  866                         "Developer", "Manager"
  867                     ]
  868                 },
  869                 {
  870                     "type": "UserName"
  871                 }
  872             ],
  873             "local": [
  874                 {
  875                     "groups": "{0}",
  876                     "domain": {
  877                         "id": DEVELOPER_GROUP_DOMAIN_ID
  878                     }
  879                 },
  880                 {
  881                     "user": {
  882                         "name": "{1}"
  883                     }
  884                 }
  885             ]
  886         }
  887     ]
  888 }
  889 
  890 # Exercise all possibilities of user identification. Values are hardcoded on
  891 # purpose.
  892 MAPPING_USER_IDS = {
  893     "rules": [
  894         {
  895             "local": [
  896                 {
  897                     "user": {
  898                         "name": "{0}"
  899                     }
  900                 }
  901             ],
  902             "remote": [
  903                 {
  904                     "type": "UserName"
  905                 },
  906                 {
  907                     "type": "UserName",
  908                     "any_one_of": [
  909                         "jsmith"
  910                     ]
  911                 }
  912             ]
  913         },
  914         {
  915             "local": [
  916                 {
  917                     "user": {
  918                         "name": "{0}",
  919                         "id": "abc123@example.com",
  920                         "domain": {
  921                             "id": "federated"
  922                         }
  923                     }
  924                 }
  925             ],
  926             "remote": [
  927                 {
  928                     "type": "UserName"
  929                 },
  930                 {
  931                     "type": "UserName",
  932                     "any_one_of": [
  933                         "tbo"
  934                     ]
  935                 }
  936             ]
  937         },
  938         {
  939             "local": [
  940                 {
  941                     "user": {
  942                         "id": "{0}"
  943                     }
  944                 }
  945             ],
  946             "remote": [
  947                 {
  948                     "type": "UserName"
  949                 },
  950                 {
  951                     "type": "UserName",
  952                     "any_one_of": [
  953                         "bob"
  954                     ]
  955                 }
  956             ]
  957         },
  958         {
  959             "local": [
  960                 {
  961                     "user": {
  962                         "id": "abc123@example.com",
  963                         "name": "{0}",
  964                         "domain": {
  965                             "id": "federated"
  966                         }
  967                     }
  968                 }
  969             ],
  970             "remote": [
  971                 {
  972                     "type": "UserName"
  973                 },
  974                 {
  975                     "type": "UserName",
  976                     "any_one_of": [
  977                         "bwilliams"
  978                     ]
  979                 }
  980             ]
  981         }
  982     ]
  983 }
  984 
  985 MAPPING_GROUPS_BLACKLIST_MISSING_DOMAIN = {
  986     "rules": [
  987         {
  988             "remote": [
  989                 {
  990                     "type": "orgPersonType",
  991                     "blacklist": [
  992                         "Developer", "Manager"
  993                     ]
  994                 },
  995             ],
  996             "local": [
  997                 {
  998                     "groups": "{0}",
  999                 },
 1000             ]
 1001         }
 1002     ]
 1003 }
 1004 
 1005 MAPPING_GROUPS_WHITELIST_AND_BLACKLIST = {
 1006     "rules": [
 1007         {
 1008             "remote": [
 1009                 {
 1010                     "type": "orgPersonType",
 1011                     "blacklist": [
 1012                         "Employee"
 1013                     ],
 1014                     "whitelist": [
 1015                         "Contractor"
 1016                     ]
 1017                 },
 1018             ],
 1019             "local": [
 1020                 {
 1021                     "groups": "{0}",
 1022                     "domain": {
 1023                         "id": DEVELOPER_GROUP_DOMAIN_ID
 1024                     }
 1025                 },
 1026             ]
 1027         }
 1028     ]
 1029 }
 1030 
 1031 # Mapping used by tokenless test cases, it maps the user_name
 1032 # and domain_name.
 1033 MAPPING_WITH_USERNAME_AND_DOMAINNAME = {
 1034     'rules': [
 1035         {
 1036             'local': [
 1037                 {
 1038                     'user': {
 1039                         'name': '{0}',
 1040                         'domain': {
 1041                             'name': '{1}'
 1042                         },
 1043                         'type': 'local'
 1044                     }
 1045                 }
 1046             ],
 1047             'remote': [
 1048                 {
 1049                     'type': 'SSL_CLIENT_USER_NAME'
 1050                 },
 1051                 {
 1052                     'type': 'SSL_CLIENT_DOMAIN_NAME'
 1053                 }
 1054             ]
 1055         }
 1056     ]
 1057 }
 1058 
 1059 # Mapping used by tokenless test cases, it maps the user_id
 1060 # and domain_name.
 1061 MAPPING_WITH_USERID_AND_DOMAINNAME = {
 1062     'rules': [
 1063         {
 1064             'local': [
 1065                 {
 1066                     'user': {
 1067                         'id': '{0}',
 1068                         'domain': {
 1069                             'name': '{1}'
 1070                         },
 1071                         'type': 'local'
 1072                     }
 1073                 }
 1074             ],
 1075             'remote': [
 1076                 {
 1077                     'type': 'SSL_CLIENT_USER_ID'
 1078                 },
 1079                 {
 1080                     'type': 'SSL_CLIENT_DOMAIN_NAME'
 1081                 }
 1082             ]
 1083         }
 1084     ]
 1085 }
 1086 
 1087 # Mapping used by tokenless test cases, it maps the user_name
 1088 # and domain_id.
 1089 MAPPING_WITH_USERNAME_AND_DOMAINID = {
 1090     'rules': [
 1091         {
 1092             'local': [
 1093                 {
 1094                     'user': {
 1095                         'name': '{0}',
 1096                         'domain': {
 1097                             'id': '{1}'
 1098                         },
 1099                         'type': 'local'
 1100                     }
 1101                 }
 1102             ],
 1103             'remote': [
 1104                 {
 1105                     'type': 'SSL_CLIENT_USER_NAME'
 1106                 },
 1107                 {
 1108                     'type': 'SSL_CLIENT_DOMAIN_ID'
 1109                 }
 1110             ]
 1111         }
 1112     ]
 1113 }
 1114 
 1115 # Mapping used by tokenless test cases, it maps the user_id
 1116 # and domain_id.
 1117 MAPPING_WITH_USERID_AND_DOMAINID = {
 1118     'rules': [
 1119         {
 1120             'local': [
 1121                 {
 1122                     'user': {
 1123                         'id': '{0}',
 1124                         'domain': {
 1125                             'id': '{1}'
 1126                         },
 1127                         'type': 'local'
 1128                     }
 1129                 }
 1130             ],
 1131             'remote': [
 1132                 {
 1133                     'type': 'SSL_CLIENT_USER_ID'
 1134                 },
 1135                 {
 1136                     'type': 'SSL_CLIENT_DOMAIN_ID'
 1137                 }
 1138             ]
 1139         }
 1140     ]
 1141 }
 1142 
 1143 # Mapping used by tokenless test cases, it maps the domain_id only.
 1144 MAPPING_WITH_DOMAINID_ONLY = {
 1145     'rules': [
 1146         {
 1147             'local': [
 1148                 {
 1149                     'user': {
 1150                         'domain': {
 1151                             'id': '{0}'
 1152                         },
 1153                         'type': 'local'
 1154                     }
 1155                 }
 1156             ],
 1157             'remote': [
 1158                 {
 1159                     'type': 'SSL_CLIENT_DOMAIN_ID'
 1160                 }
 1161             ]
 1162         }
 1163     ]
 1164 }
 1165 
 1166 MAPPING_GROUPS_IDS_WHITELIST = {
 1167     "rules": [
 1168         {
 1169             "local": [
 1170                 {
 1171                     "user": {
 1172                         "name": "{0}"
 1173                     }
 1174                 },
 1175                 {
 1176                     "group_ids": "{1}"
 1177                 },
 1178                 {
 1179                     "group": {
 1180                         "id": "{2}"
 1181                     }
 1182                 }
 1183             ],
 1184             "remote": [
 1185                 {
 1186                     "type": "name"
 1187                 },
 1188                 {
 1189                     "type": "group_ids",
 1190                     "whitelist": [
 1191                         "abc123", "ghi789", "321cba"
 1192                     ]
 1193                 },
 1194                 {
 1195                     "type": "group"
 1196                 }
 1197             ]
 1198         }
 1199     ]
 1200 }
 1201 
 1202 MAPPING_GROUPS_IDS_BLACKLIST = {
 1203     "rules": [
 1204         {
 1205             "local": [
 1206                 {
 1207                     "user": {
 1208                         "name": "{0}"
 1209                     }
 1210                 },
 1211                 {
 1212                     "group_ids": "{1}"
 1213                 },
 1214                 {
 1215                     "group": {
 1216                         "id": "{2}"
 1217                     }
 1218                 }
 1219             ],
 1220             "remote": [
 1221                 {
 1222                     "type": "name"
 1223                 },
 1224                 {
 1225                     "type": "group_ids",
 1226                     "blacklist": [
 1227                         "def456"
 1228                     ]
 1229                 },
 1230                 {
 1231                     "type": "group"
 1232                 }
 1233             ]
 1234         }
 1235     ]
 1236 }
 1237 
 1238 # Mapping used by tokenless test cases, it maps the domain_name only.
 1239 MAPPING_WITH_DOMAINNAME_ONLY = {
 1240     'rules': [
 1241         {
 1242             'local': [
 1243                 {
 1244                     'user': {
 1245                         'domain': {
 1246                             'name': '{0}'
 1247                         },
 1248                         'type': 'local'
 1249                     }
 1250                 }
 1251             ],
 1252             'remote': [
 1253                 {
 1254                     'type': 'SSL_CLIENT_DOMAIN_NAME'
 1255                 }
 1256             ]
 1257         }
 1258     ]
 1259 }
 1260 
 1261 # Mapping used by tokenless test cases, it maps the user_name only.
 1262 MAPPING_WITH_USERNAME_ONLY = {
 1263     'rules': [
 1264         {
 1265             'local': [
 1266                 {
 1267                     'user': {
 1268                         'name': '{0}',
 1269                         'type': 'local'
 1270                     }
 1271                 }
 1272             ],
 1273             'remote': [
 1274                 {
 1275                     'type': 'SSL_CLIENT_USER_NAME'
 1276                 }
 1277             ]
 1278         }
 1279     ]
 1280 }
 1281 
 1282 # Mapping used by tokenless test cases, it maps the user_id only.
 1283 MAPPING_WITH_USERID_ONLY = {
 1284     'rules': [
 1285         {
 1286             'local': [
 1287                 {
 1288                     'user': {
 1289                         'id': '{0}',
 1290                         'type': 'local'
 1291                     }
 1292                 }
 1293             ],
 1294             'remote': [
 1295                 {
 1296                     'type': 'SSL_CLIENT_USER_ID'
 1297                 }
 1298             ]
 1299         }
 1300     ]
 1301 }
 1302 
 1303 MAPPING_FOR_EPHEMERAL_USER = {
 1304     'rules': [
 1305         {
 1306             'local': [
 1307                 {
 1308                     'user': {
 1309                         'name': '{0}',
 1310                         'type': 'ephemeral'
 1311                     },
 1312                     'group': {
 1313                         'id': 'dummy'
 1314                     }
 1315                 }
 1316             ],
 1317             'remote': [
 1318                 {
 1319                     'type': 'SSL_CLIENT_USER_NAME'
 1320                 }
 1321             ]
 1322         }
 1323     ]
 1324 }
 1325 
 1326 MAPPING_FOR_EPHEMERAL_USER_AND_GROUP_DOMAIN_NAME = {
 1327     'rules': [
 1328         {
 1329             'local': [
 1330                 {
 1331                     'user': {
 1332                         'name': '{0}',
 1333                         'type': 'ephemeral'
 1334                     },
 1335                     'group': {
 1336                         'name': 'dummy',
 1337                         'domain': {
 1338                             'name': 'dummy'
 1339                         }
 1340                     }
 1341                 }
 1342             ],
 1343             'remote': [
 1344                 {
 1345                     'type': 'SSL_CLIENT_USER_NAME'
 1346                 }
 1347             ]
 1348         }
 1349     ]
 1350 }
 1351 
 1352 MAPPING_FOR_DEFAULT_EPHEMERAL_USER = {
 1353     'rules': [
 1354         {
 1355             'local': [
 1356                 {
 1357                     'user': {
 1358                         'name': '{0}'
 1359                     },
 1360                     'group': {
 1361                         'id': 'dummy'
 1362                     }
 1363                 }
 1364             ],
 1365             'remote': [
 1366                 {
 1367                     'type': 'SSL_CLIENT_USER_NAME'
 1368                 }
 1369             ]
 1370         }
 1371     ]
 1372 }
 1373 
 1374 MAPPING_GROUPS_WHITELIST_PASS_THROUGH = {
 1375     "rules": [
 1376         {
 1377             "remote": [
 1378                 {
 1379                     "type": "UserName"
 1380                 }
 1381             ],
 1382             "local": [
 1383                 {
 1384                     "user": {
 1385                         "name": "{0}",
 1386                         "domain": {
 1387                             "id": DEVELOPER_GROUP_DOMAIN_ID
 1388                         }
 1389                     }
 1390                 }
 1391             ]
 1392         },
 1393         {
 1394             "remote": [
 1395                 {
 1396                     "type": "orgPersonType",
 1397                     "whitelist": ['Developer']
 1398                 }
 1399             ],
 1400             "local": [
 1401                 {
 1402                     "groups": "{0}",
 1403                     "domain": {
 1404                         "id": DEVELOPER_GROUP_DOMAIN_ID
 1405                     }
 1406                 }
 1407             ]
 1408         }
 1409     ]
 1410 }
 1411 
 1412 MAPPING_BAD_LOCAL_SETUP = {
 1413     "rules": [
 1414         {
 1415             "local": [
 1416                 {
 1417                     "user": {
 1418                         "name": "{0}",
 1419                         "domain": {"id": "default"}
 1420                     },
 1421                     "whatisthis": "local"
 1422                 }
 1423             ],
 1424             "remote": [
 1425                 {
 1426                     "type": "UserName"
 1427                 }
 1428             ]
 1429         }
 1430     ]
 1431 }
 1432 
 1433 MAPPING_BAD_LOCAL_TYPE_USER_IN_ASSERTION = {
 1434     "rules": [
 1435         {
 1436             "local": [
 1437                 {
 1438                     "user": {
 1439                         "name": "{0}",
 1440                         "groups": "{1}"
 1441                     }
 1442                 }
 1443             ],
 1444             "remote": [
 1445                 {
 1446                     "type": "openstack_user"
 1447                 },
 1448                 {
 1449                     "type": "openstack_groups"
 1450 
 1451                 },
 1452                 {
 1453                     "type": "openstack_roles",
 1454                     "any_one_of": [
 1455                         "Admin"
 1456                     ]
 1457                 }
 1458             ]
 1459         },
 1460     ]
 1461 }
 1462 
 1463 MAPPING_GROUPS_WITH_EMAIL = {
 1464     "rules": [
 1465         {
 1466             "remote": [
 1467                 {
 1468                     "type": "groups",
 1469                 },
 1470                 {
 1471                     "type": "userEmail",
 1472                 },
 1473                 {
 1474                     "type": "UserName"
 1475                 }
 1476             ],
 1477             "local": [
 1478                 {
 1479                     "groups": "{0}",
 1480                     "domain": {
 1481                         "id": DEVELOPER_GROUP_DOMAIN_ID
 1482                     }
 1483                 },
 1484                 {
 1485                     "user": {
 1486                         "name": "{2}",
 1487                         "email": "{1}"
 1488                     }
 1489                 }
 1490             ]
 1491         }
 1492     ]
 1493 }
 1494 
 1495 
 1496 MAPPING_GROUPS_DOMAIN_OF_USER = {
 1497     "rules": [
 1498         {
 1499             "local":
 1500             [
 1501                 {
 1502                     "user":
 1503                         {
 1504                             "name": "{0}"
 1505                         }
 1506                 },
 1507                 {
 1508                     "groups": "{1}"
 1509                 }
 1510             ],
 1511             "remote":
 1512             [
 1513                 {
 1514                     "type": "openstack_user"
 1515                 },
 1516                 {
 1517                     "type": "openstack_groups"
 1518                 }
 1519             ]
 1520         }
 1521     ]
 1522 }
 1523 
 1524 EMPLOYEE_ASSERTION = {
 1525     'Email': 'tim@example.com',
 1526     'UserName': 'tbo',
 1527     'FirstName': 'Tim',
 1528     'LastName': 'Bo',
 1529     'orgPersonType': 'Employee;BuildingX'
 1530 }
 1531 
 1532 EMPLOYEE_ASSERTION_MULTIPLE_GROUPS = {
 1533     'Email': 'tim@example.com',
 1534     'UserName': 'tbo',
 1535     'FirstName': 'Tim',
 1536     'LastName': 'Bo',
 1537     'orgPersonType': 'Developer;Manager;Contractor',
 1538     'Thing': 'yes!;maybe!;no!!'
 1539 }
 1540 
 1541 EMPLOYEE_ASSERTION_PREFIXED = {
 1542     'PREFIX_Email': 'tim@example.com',
 1543     'PREFIX_UserName': 'tbo',
 1544     'PREFIX_FirstName': 'Tim',
 1545     'PREFIX_LastName': 'Bo',
 1546     'PREFIX_orgPersonType': 'SuperEmployee;BuildingX'
 1547 }
 1548 
 1549 CONTRACTOR_ASSERTION = {
 1550     'Email': 'jill@example.com',
 1551     'UserName': 'jsmith',
 1552     'FirstName': 'Jill',
 1553     'LastName': 'Smith',
 1554     'orgPersonType': 'Contractor;Non-Dev'
 1555 }
 1556 
 1557 ADMIN_ASSERTION = {
 1558     'Email': 'bob@example.com',
 1559     'UserName': 'bob',
 1560     'FirstName': 'Bob',
 1561     'LastName': 'Thompson',
 1562     'orgPersonType': 'Admin;Chief'
 1563 }
 1564 
 1565 CUSTOMER_ASSERTION = {
 1566     'Email': 'beth@example.com',
 1567     'UserName': 'bwilliams',
 1568     'FirstName': 'Beth',
 1569     'LastName': 'Williams',
 1570     'orgPersonType': 'Customer'
 1571 }
 1572 
 1573 ANOTHER_CUSTOMER_ASSERTION = {
 1574     'Email': 'mark@example.com',
 1575     'UserName': 'markcol',
 1576     'FirstName': 'Mark',
 1577     'LastName': 'Collins',
 1578     'orgPersonType': 'Managers;CEO;CTO'
 1579 }
 1580 
 1581 TESTER_ASSERTION = {
 1582     'Email': 'testacct@example.com',
 1583     'UserName': 'testacct',
 1584     'FirstName': 'Test',
 1585     'LastName': 'Account',
 1586     'orgPersonType': 'MadeupGroup;Tester;GroupX'
 1587 }
 1588 
 1589 ANOTHER_TESTER_ASSERTION = {
 1590     'Email': 'testacct@example.com',
 1591     'UserName': 'IamTester'
 1592 }
 1593 
 1594 BAD_TESTER_ASSERTION = {
 1595     'Email': 'eviltester@example.org',
 1596     'UserName': 'Evil',
 1597     'FirstName': 'Test',
 1598     'LastName': 'Account',
 1599     'orgPersonType': 'Tester'
 1600 }
 1601 
 1602 BAD_DEVELOPER_ASSERTION = {
 1603     'Email': 'evildeveloper@example.org',
 1604     'UserName': 'Evil',
 1605     'FirstName': 'Develop',
 1606     'LastName': 'Account',
 1607     'orgPersonType': 'Developer'
 1608 }
 1609 
 1610 MALFORMED_TESTER_ASSERTION = {
 1611     'Email': 'testacct@example.com',
 1612     'UserName': 'testacct',
 1613     'FirstName': 'Test',
 1614     'LastName': 'Account',
 1615     'orgPersonType': 'Tester',
 1616     'object': object(),
 1617     'dictionary': dict(zip('teststring', range(10))),
 1618     'tuple': tuple(range(5))
 1619 }
 1620 
 1621 DEVELOPER_ASSERTION = {
 1622     'Email': 'developacct@example.com',
 1623     'UserName': 'developacct',
 1624     'FirstName': 'Develop',
 1625     'LastName': 'Account',
 1626     'orgPersonType': 'Developer'
 1627 }
 1628 
 1629 CONTRACTOR_MALFORMED_ASSERTION = {
 1630     'UserName': 'user',
 1631     'FirstName': object(),
 1632     'orgPersonType': 'Contractor'
 1633 }
 1634 
 1635 LOCAL_USER_ASSERTION = {
 1636     'UserName': 'marek',
 1637     'UserType': 'random'
 1638 }
 1639 
 1640 ANOTHER_LOCAL_USER_ASSERTION = {
 1641     'UserName': 'marek',
 1642     'Position': 'DirectorGeneral'
 1643 }
 1644 
 1645 USER_NO_GROUPS_ASSERTION = {
 1646     'Email': 'nogroupsuser1@example.org',
 1647     'UserName': 'nogroupsuser1',
 1648     'orgPersonType': 'NoGroupsOrg'
 1649 }
 1650 
 1651 UNMATCHED_GROUP_ASSERTION = {
 1652     'REMOTE_USER': 'Any Momoose',
 1653     'REMOTE_USER_GROUPS': 'EXISTS;NO_EXISTS'
 1654 }
 1655 
 1656 GROUP_IDS_ASSERTION = {
 1657     'name': 'opilotte',
 1658     'group_ids': 'abc123;def456;ghi789',
 1659     'group': 'klm012'
 1660 }
 1661 
 1662 GROUP_IDS_ASSERTION_ONLY_ONE_GROUP = {
 1663     'name': 'opilotte',
 1664     'group_ids': '321cba',
 1665     'group': '210mlk'
 1666 }
 1667 
 1668 UNICODE_NAME_ASSERTION = {
 1669     'PFX_Email': 'jon@example.com',
 1670     'PFX_UserName': 'jonkare',
 1671     'PFX_FirstName': 'Jon Kåre',
 1672     'PFX_LastName': 'Hellån',
 1673     'PFX_orgPersonType': 'Admin;Chief'
 1674 }
 1675 
 1676 GROUPS_ASSERTION_ONLY_ONE_GROUP = {
 1677     'userEmail': 'jill@example.com',
 1678     'UserName': 'jsmith',
 1679     'groups': 'ALL USERS'
 1680 }
 1681 
 1682 GROUPS_DOMAIN_ASSERTION = {
 1683     'openstack_user': 'bwilliams',
 1684     'openstack_user_domain': 'default',
 1685     'openstack_roles': 'Admin',
 1686     'openstack_groups': 'JSON:{"name":"group1","domain":{"name":"xxx"}};'
 1687                         'JSON:{"name":"group2","domain":{"name":"yyy"}}'
 1688 }
 1689 
 1690 MAPPING_UNICODE = {
 1691     "rules": [
 1692         {
 1693             "local": [
 1694                 {
 1695                     "user": {
 1696                         "name": "{0} {1}",
 1697                         "email": "{2}"
 1698                     },
 1699                     "group": {
 1700                         "id": EMPLOYEE_GROUP_ID
 1701                     }
 1702                 }
 1703             ],
 1704             "remote": [
 1705                 {
 1706                     "type": "PFX_FirstName"
 1707                 },
 1708                 {
 1709                     "type": "PFX_LastName"
 1710                 },
 1711                 {
 1712                     "type": "PFX_Email"
 1713                 },
 1714                 {
 1715                     "type": "PFX_orgPersonType",
 1716                     "any_one_of": [
 1717                         "Admin",
 1718                         "Big Cheese"
 1719                     ]
 1720                 }
 1721             ]
 1722         },
 1723     ],
 1724 }
 1725 
 1726 MAPPING_PROJECTS = {
 1727     "rules": [
 1728         {
 1729             "local": [
 1730                 {
 1731                     "user": {
 1732                         "name": "{0}"
 1733                     }
 1734                 },
 1735                 {
 1736                     "projects": [
 1737                         {"name": "Production",
 1738                          "roles": [{"name": "observer"}]},
 1739                         {"name": "Staging",
 1740                          "roles": [{"name": "member"}]},
 1741                         {"name": "Project for {0}",
 1742                          "roles": [{"name": "admin"}]},
 1743                     ],
 1744                 }
 1745             ],
 1746             "remote": [
 1747                 {
 1748                     "type": "UserName"
 1749                 },
 1750                 {
 1751                     "type": "Email",
 1752                 },
 1753                 {
 1754                     "type": "orgPersonType",
 1755                     "any_one_of": [
 1756                         "Employee"
 1757                     ]
 1758                 }
 1759             ]
 1760         }
 1761     ]
 1762 }
 1763 
 1764 MAPPING_PROJECTS_WITHOUT_ROLES = {
 1765     "rules": [
 1766         {
 1767             "local": [
 1768                 {
 1769                     "user": {
 1770                         "name": "{0}"
 1771                     },
 1772                     "projects": [
 1773                         {"name": "a"},
 1774                         {"name": "b"},
 1775                         {"name": "Project for {0}"},
 1776                     ],
 1777                 }
 1778             ],
 1779             "remote": [
 1780                 {
 1781                     "type": "UserName"
 1782                 }
 1783             ]
 1784         },
 1785     ]
 1786 }
 1787 
 1788 MAPPING_PROJECTS_WITHOUT_NAME = {
 1789     "rules": [
 1790         {
 1791             "local": [
 1792                 {
 1793                     "user": {
 1794                         "name": "{0}"
 1795                     },
 1796                     "projects": [
 1797                         {"roles": [{"name": "observer"}]},
 1798                         {"name": "Staging",
 1799                          "roles": [{"name": "member"}]},
 1800                         {"name": "Project for {0}",
 1801                          "roles": [{"name": "admin"}]},
 1802                     ]
 1803                 }
 1804             ],
 1805             "remote": [
 1806                 {
 1807                     "type": "UserName"
 1808                 }
 1809             ]
 1810         },
 1811     ]
 1812 }