"Fossies" - the Fresh Open Source Software Archive

Member "keystone-18.0.0/keystone/tests/unit/mapping_fixtures.py" (14 Oct 2020, 43320 Bytes) of package /linux/misc/openstack/keystone-18.0.0.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Python source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "mapping_fixtures.py": 17.0.0_vs_18.0.0.

    1 # -*- coding: utf-8 -*-
    2 
    3 # Licensed under the Apache License, Version 2.0 (the "License"); you may
    4 # not use this file except in compliance with the License. You may obtain
    5 # a copy of the License at
    6 #
    7 #      http://www.apache.org/licenses/LICENSE-2.0
    8 #
    9 # Unless required by applicable law or agreed to in writing, software
   10 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
   11 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
   12 # License for the specific language governing permissions and limitations
   13 # under the License.
   14 
   15 """Fixtures for Federation Mapping."""
   16 
   17 
   18 EMPLOYEE_GROUP_ID = "0cd5e9"
   19 CONTRACTOR_GROUP_ID = "85a868"
   20 TESTER_GROUP_ID = "123"
   21 TESTER_GROUP_NAME = "tester"
   22 DEVELOPER_GROUP_ID = "xyz"
   23 DEVELOPER_GROUP_NAME = "Developer"
   24 CONTRACTOR_GROUP_NAME = "Contractor"
   25 DEVELOPER_GROUP_DOMAIN_NAME = "outsourcing"
   26 DEVELOPER_GROUP_DOMAIN_ID = "5abc43"
   27 FEDERATED_DOMAIN = "Federated"
   28 LOCAL_DOMAIN = "Local"
   29 
   30 # Mapping summary:
   31 # LastName Smith & Not Contractor or SubContractor -> group 0cd5e9
   32 # FirstName Jill & Contractor or SubContractor -> to group 85a868
   33 MAPPING_SMALL = {
   34     "rules": [
   35         {
   36             "local": [
   37                 {
   38                     "group": {
   39                         "id": EMPLOYEE_GROUP_ID
   40                     }
   41                 },
   42                 {
   43                     "user": {
   44                         "name": "{0}"
   45                     }
   46                 }
   47             ],
   48             "remote": [
   49                 {
   50                     "type": "UserName"
   51                 },
   52                 {
   53                     "type": "orgPersonType",
   54                     "not_any_of": [
   55                         "Contractor",
   56                         "SubContractor"
   57                     ]
   58                 },
   59                 {
   60                     "type": "LastName",
   61                     "any_one_of": [
   62                         "Bo"
   63                     ]
   64                 }
   65             ]
   66         },
   67         {
   68             "local": [
   69                 {
   70                     "group": {
   71                         "id": CONTRACTOR_GROUP_ID
   72                     }
   73                 },
   74                 {
   75                     "user": {
   76                         "name": "{0}"
   77                     }
   78                 }
   79             ],
   80             "remote": [
   81                 {
   82                     "type": "UserName"
   83                 },
   84                 {
   85                     "type": "orgPersonType",
   86                     "any_one_of": [
   87                         "Contractor",
   88                         "SubContractor"
   89                     ]
   90                 },
   91                 {
   92                     "type": "FirstName",
   93                     "any_one_of": [
   94                         "Jill"
   95                     ]
   96                 }
   97             ]
   98         }
   99     ]
  100 }
  101 
  102 # Mapping summary:
  103 # orgPersonType Admin or Big Cheese -> name {0} {1} email {2} and group 0cd5e9
  104 # orgPersonType Customer -> user name {0} email {1}
  105 # orgPersonType Test and email ^@example.com$ -> group 123 and xyz
  106 MAPPING_LARGE = {
  107     "rules": [
  108         {
  109             "local": [
  110                 {
  111                     "user": {
  112                         "name": "{0} {1}",
  113                         "email": "{2}"
  114                     },
  115                     "group": {
  116                         "id": EMPLOYEE_GROUP_ID
  117                     }
  118                 }
  119             ],
  120             "remote": [
  121                 {
  122                     "type": "FirstName"
  123                 },
  124                 {
  125                     "type": "LastName"
  126                 },
  127                 {
  128                     "type": "Email"
  129                 },
  130                 {
  131                     "type": "orgPersonType",
  132                     "any_one_of": [
  133                         "Admin",
  134                         "Big Cheese"
  135                     ]
  136                 }
  137             ]
  138         },
  139         {
  140             "local": [
  141                 {
  142                     "user": {
  143                         "name": "{0}",
  144                         "email": "{1}"
  145                     }
  146                 }
  147             ],
  148             "remote": [
  149                 {
  150                     "type": "UserName"
  151                 },
  152                 {
  153                     "type": "Email"
  154                 },
  155                 {
  156                     "type": "orgPersonType",
  157                     "not_any_of": [
  158                         "Admin",
  159                         "Employee",
  160                         "Contractor",
  161                         "Tester"
  162                     ]
  163                 }
  164             ]
  165         },
  166         {
  167             "local": [
  168                 {
  169                     "group": {
  170                         "id": TESTER_GROUP_ID
  171                     }
  172                 },
  173                 {
  174                     "group": {
  175                         "id": DEVELOPER_GROUP_ID
  176                     }
  177                 },
  178                 {
  179                     "user": {
  180                         "name": "{0}"
  181                     }
  182                 }
  183             ],
  184             "remote": [
  185                 {
  186                     "type": "UserName"
  187                 },
  188                 {
  189                     "type": "orgPersonType",
  190                     "any_one_of": [
  191                         "Tester"
  192                     ]
  193                 },
  194                 {
  195                     "type": "Email",
  196                     "any_one_of": [
  197                         ".*@example.com$"
  198                     ],
  199                     "regex": True
  200                 }
  201             ]
  202         }
  203     ]
  204 }
  205 
  206 MAPPING_BAD_REQ = {
  207     "rules": [
  208         {
  209             "local": [
  210                 {
  211                     "user": "name"
  212                 }
  213             ],
  214             "remote": [
  215                 {
  216                     "type": "UserName",
  217                     "bad_requirement": [
  218                         "Young"
  219                     ]
  220                 }
  221             ]
  222         }
  223     ]
  224 }
  225 
  226 MAPPING_BAD_VALUE = {
  227     "rules": [
  228         {
  229             "local": [
  230                 {
  231                     "user": "name"
  232                 }
  233             ],
  234             "remote": [
  235                 {
  236                     "type": "UserName",
  237                     "any_one_of": "should_be_list"
  238                 }
  239             ]
  240         }
  241     ]
  242 }
  243 
  244 MAPPING_NO_RULES = {
  245     'rules': []
  246 }
  247 
  248 MAPPING_NO_REMOTE = {
  249     "rules": [
  250         {
  251             "local": [
  252                 {
  253                     "user": "name"
  254                 }
  255             ],
  256             "remote": []
  257         }
  258     ]
  259 }
  260 
  261 MAPPING_MISSING_LOCAL = {
  262     "rules": [
  263         {
  264             "remote": [
  265                 {
  266                     "type": "UserName",
  267                     "any_one_of": "should_be_list"
  268                 }
  269             ]
  270         }
  271     ]
  272 }
  273 
  274 MAPPING_WRONG_TYPE = {
  275     "rules": [
  276         {
  277             "local": [
  278                 {
  279                     "user": "{1}"
  280                 }
  281             ],
  282             "remote": [
  283                 {
  284                     "not_type": "UserName"
  285                 }
  286             ]
  287         }
  288     ]
  289 }
  290 
  291 MAPPING_MISSING_TYPE = {
  292     "rules": [
  293         {
  294             "local": [
  295                 {
  296                     "user": "{1}"
  297                 }
  298             ],
  299             "remote": [
  300                 {}
  301             ]
  302         }
  303     ]
  304 }
  305 
  306 MAPPING_EXTRA_REMOTE_PROPS_NOT_ANY_OF = {
  307     "rules": [
  308         {
  309             "local": [
  310                 {
  311                     "group": {
  312                         "id": "0cd5e9"
  313                     }
  314                 },
  315                 {
  316                     "user": {
  317                         "name": "{0}"
  318                     }
  319                 }
  320             ],
  321             "remote": [
  322                 {
  323                     "type": "UserName"
  324                 },
  325                 {
  326                     "type": "orgPersonType",
  327                     "not_any_of": [
  328                         "SubContractor"
  329                     ],
  330                     "invalid_type": "xyz"
  331                 }
  332             ]
  333         }
  334     ]
  335 }
  336 
  337 MAPPING_EXTRA_REMOTE_PROPS_ANY_ONE_OF = {
  338     "rules": [
  339         {
  340             "local": [
  341                 {
  342                     "group": {
  343                         "id": "0cd5e9"
  344                     }
  345                 },
  346                 {
  347                     "user": {
  348                         "name": "{0}"
  349                     }
  350                 }
  351             ],
  352             "remote": [
  353                 {
  354                     "type": "UserName"
  355                 },
  356                 {
  357                     "type": "orgPersonType",
  358                     "any_one_of": [
  359                         "SubContractor"
  360                     ],
  361                     "invalid_type": "xyz"
  362                 }
  363             ]
  364         }
  365     ]
  366 }
  367 
  368 MAPPING_EXTRA_REMOTE_PROPS_JUST_TYPE = {
  369     "rules": [
  370         {
  371             "local": [
  372                 {
  373                     "group": {
  374                         "id": "0cd5e9"
  375                     }
  376                 },
  377                 {
  378                     "user": {
  379                         "name": "{0}"
  380                     }
  381                 }
  382             ],
  383             "remote": [
  384                 {
  385                     "type": "UserName"
  386                 },
  387                 {
  388                     "type": "orgPersonType",
  389                     "invalid_type": "xyz"
  390                 }
  391             ]
  392         }
  393     ]
  394 }
  395 
  396 MAPPING_EXTRA_RULES_PROPS = {
  397     "rules": [
  398         {
  399             "local": [
  400                 {
  401                     "group": {
  402                         "id": "0cd5e9"
  403                     }
  404                 },
  405                 {
  406                     "user": {
  407                         "name": "{0}"
  408                     }
  409                 }
  410             ],
  411             "invalid_type": {
  412                 "id": "xyz",
  413             },
  414             "remote": [
  415                 {
  416                     "type": "UserName"
  417                 },
  418                 {
  419                     "type": "orgPersonType",
  420                     "not_any_of": [
  421                         "SubContractor"
  422                     ]
  423                 }
  424             ]
  425         }
  426     ]
  427 }
  428 
  429 MAPPING_TESTER_REGEX = {
  430     "rules": [
  431         {
  432             "local": [
  433                 {
  434                     "user": {
  435                         "name": "{0}",
  436                     }
  437                 }
  438             ],
  439             "remote": [
  440                 {
  441                     "type": "UserName"
  442                 }
  443             ]
  444         },
  445         {
  446             "local": [
  447                 {
  448                     "group": {
  449                         "id": TESTER_GROUP_ID
  450                     }
  451                 }
  452             ],
  453             "remote": [
  454                 {
  455                     "type": "orgPersonType",
  456                     "any_one_of": [
  457                         ".*Tester*"
  458                     ],
  459                     "regex": True
  460                 }
  461             ]
  462         }
  463     ]
  464 }
  465 
  466 
  467 MAPPING_DIRECT_MAPPING_THROUGH_KEYWORD = {
  468     "rules": [
  469         {
  470             "local": [
  471                 {
  472                     "user": {
  473                         "name": "{0}",
  474                     }
  475 
  476                 },
  477                 {
  478                     "group": {
  479                         "id": TESTER_GROUP_ID
  480                     }
  481                 }
  482             ],
  483             "remote": [
  484                 {
  485                     "type": "UserName",
  486                     "any_one_of": [
  487                         "bwilliams"
  488                     ]
  489                 }
  490             ]
  491         }
  492     ]
  493 }
  494 
  495 MAPPING_DEVELOPER_REGEX = {
  496     "rules": [
  497         {
  498             "local": [
  499                 {
  500                     "user": {
  501                         "name": "{0}",
  502                     },
  503                     "group": {
  504                         "id": DEVELOPER_GROUP_ID
  505                     }
  506                 }
  507             ],
  508             "remote": [
  509                 {
  510                     "type": "UserName"
  511                 },
  512                 {
  513                     "type": "orgPersonType",
  514                     "any_one_of": [
  515                         "Developer"
  516                     ],
  517                 },
  518                 {
  519                     "type": "Email",
  520                     "not_any_of": [
  521                         ".*@example.org$"
  522                     ],
  523                     "regex": True
  524                 }
  525             ]
  526         }
  527     ]
  528 }
  529 
  530 MAPPING_GROUP_NAMES = {
  531 
  532     "rules": [
  533         {
  534             "local": [
  535                 {
  536                     "user": {
  537                         "name": "{0}",
  538                     }
  539                 }
  540             ],
  541             "remote": [
  542                 {
  543                     "type": "UserName"
  544                 }
  545             ]
  546         },
  547         {
  548             "local": [
  549                 {
  550                     "group": {
  551                         "name": DEVELOPER_GROUP_NAME,
  552                         "domain": {
  553                             "name": DEVELOPER_GROUP_DOMAIN_NAME
  554                         }
  555                     }
  556                 }
  557             ],
  558             "remote": [
  559                 {
  560                     "type": "orgPersonType",
  561                     "any_one_of": [
  562                         "Employee"
  563                     ],
  564                 }
  565             ]
  566         },
  567         {
  568             "local": [
  569                 {
  570                     "group": {
  571                         "name": TESTER_GROUP_NAME,
  572                         "domain": {
  573                             "id": DEVELOPER_GROUP_DOMAIN_ID
  574                         }
  575                     }
  576                 }
  577             ],
  578             "remote": [
  579                 {
  580                     "type": "orgPersonType",
  581                     "any_one_of": [
  582                         "BuildingX"
  583                     ]
  584                 }
  585             ]
  586         },
  587     ]
  588 }
  589 
  590 MAPPING_GROUP_NAME_WITHOUT_DOMAIN = {
  591 
  592     "rules": [
  593         {
  594             "local": [
  595                 {
  596                     "group": {
  597                         "name": DEVELOPER_GROUP_NAME,
  598                     }
  599                 }
  600             ],
  601             "remote": [
  602                 {
  603                     "type": "orgPersonType",
  604                     "any_one_of": [
  605                         "Employee"
  606                     ],
  607                 }
  608             ]
  609         },
  610     ]
  611 }
  612 
  613 MAPPING_GROUP_ID_WITH_DOMAIN = {
  614 
  615     "rules": [
  616         {
  617             "local": [
  618                 {
  619                     "group": {
  620                         "id": EMPLOYEE_GROUP_ID,
  621                         "domain": {
  622                             "id": DEVELOPER_GROUP_DOMAIN_ID
  623                         }
  624                     }
  625                 }
  626             ],
  627             "remote": [
  628                 {
  629                     "type": "orgPersonType",
  630                     "any_one_of": [
  631                         "Employee"
  632                     ],
  633                 }
  634             ]
  635         },
  636     ]
  637 }
  638 
  639 MAPPING_BAD_GROUP = {
  640 
  641     "rules": [
  642         {
  643             "local": [
  644                 {
  645                     "group": {
  646                     }
  647                 }
  648             ],
  649             "remote": [
  650                 {
  651                     "type": "orgPersonType",
  652                     "any_one_of": [
  653                         "Employee"
  654                     ],
  655                 }
  656             ]
  657         },
  658     ]
  659 }
  660 
  661 MAPPING_BAD_DOMAIN = {
  662 
  663     "rules": [
  664         {
  665             "local": [
  666                 {
  667                     "group": {
  668                         "id": EMPLOYEE_GROUP_ID,
  669                         "domain": {
  670                             "id": DEVELOPER_GROUP_DOMAIN_ID,
  671                             "badkey": "badvalue"
  672                         }
  673                     }
  674                 }
  675             ],
  676             "remote": [
  677                 {
  678                     "type": "orgPersonType",
  679                     "any_one_of": [
  680                         "Employee"
  681                     ],
  682                 }
  683             ]
  684         },
  685     ]
  686 }
  687 
  688 MAPPING_EPHEMERAL_USER = {
  689     "rules": [
  690         {
  691             "local": [
  692                 {
  693                     "user": {
  694                         "name": "{0}",
  695                         "domain": {
  696                             "id": FEDERATED_DOMAIN
  697                         },
  698                         "type": "ephemeral"
  699                     }
  700                 }
  701             ],
  702             "remote": [
  703                 {
  704                     "type": "UserName"
  705                 },
  706                 {
  707                     "type": "UserName",
  708                     "any_one_of": [
  709                         "tbo"
  710                     ]
  711                 }
  712             ]
  713         }
  714     ]
  715 }
  716 
  717 MAPPING_GROUPS_WHITELIST = {
  718     "rules": [
  719         {
  720             "remote": [
  721                 {
  722                     "type": "orgPersonType",
  723                     "whitelist": [
  724                         "Developer", "Contractor"
  725                     ]
  726                 },
  727                 {
  728                     "type": "UserName"
  729                 }
  730             ],
  731             "local": [
  732                 {
  733                     "groups": "{0}",
  734                     "domain": {
  735                         "id": DEVELOPER_GROUP_DOMAIN_ID
  736                     }
  737                 },
  738                 {
  739                     "user": {
  740                         "name": "{1}"
  741                     }
  742                 }
  743             ]
  744         }
  745     ]
  746 }
  747 
  748 MAPPING_EPHEMERAL_USER_LOCAL_DOMAIN = {
  749     "rules": [
  750         {
  751             "local": [
  752                 {
  753                     "user": {
  754                         "name": "{0}",
  755                         "domain": {
  756                             "id": LOCAL_DOMAIN
  757                         },
  758                         "type": "ephemeral"
  759                     }
  760                 }
  761             ],
  762             "remote": [
  763                 {
  764                     "type": "UserName"
  765                 },
  766                 {
  767                     "type": "UserName",
  768                     "any_one_of": [
  769                         "jsmith"
  770                     ]
  771                 }
  772             ]
  773         }
  774     ]
  775 }
  776 
  777 MAPPING_GROUPS_WHITELIST_MISSING_DOMAIN = {
  778     "rules": [
  779         {
  780             "remote": [
  781                 {
  782                     "type": "orgPersonType",
  783                     "whitelist": [
  784                         "Developer", "Contractor"
  785                     ]
  786                 },
  787             ],
  788             "local": [
  789                 {
  790                     "groups": "{0}",
  791                 }
  792             ]
  793         }
  794     ]
  795 }
  796 
  797 MAPPING_LOCAL_USER_LOCAL_DOMAIN = {
  798     "rules": [
  799         {
  800             "local": [
  801                 {
  802                     "user": {
  803                         "name": "{0}",
  804                         "domain": {
  805                             "id": LOCAL_DOMAIN
  806                         },
  807                         "type": "local"
  808                     }
  809                 }
  810             ],
  811             "remote": [
  812                 {
  813                     "type": "UserName"
  814                 },
  815                 {
  816                     "type": "UserName",
  817                     "any_one_of": [
  818                         "jsmith"
  819                     ]
  820                 }
  821             ]
  822         }
  823     ]
  824 }
  825 
  826 MAPPING_GROUPS_BLACKLIST_MULTIPLES = {
  827     "rules": [
  828         {
  829             "remote": [
  830                 {
  831                     "type": "orgPersonType",
  832                     "blacklist": [
  833                         "Developer", "Manager"
  834                     ]
  835                 },
  836                 {
  837                     "type": "Thing"  # this could be variable length!
  838                 },
  839                 {
  840                     "type": "UserName"
  841                 },
  842             ],
  843             "local": [
  844                 {
  845                     "groups": "{0}",
  846                     "domain": {
  847                         "id": DEVELOPER_GROUP_DOMAIN_ID
  848                     }
  849                 },
  850                 {
  851                     "user": {
  852                         "name": "{2}",
  853                     }
  854                 }
  855             ]
  856         }
  857     ]
  858 }
  859 MAPPING_GROUPS_BLACKLIST = {
  860     "rules": [
  861         {
  862             "remote": [
  863                 {
  864                     "type": "orgPersonType",
  865                     "blacklist": [
  866                         "Developer", "Manager"
  867                     ]
  868                 },
  869                 {
  870                     "type": "UserName"
  871                 }
  872             ],
  873             "local": [
  874                 {
  875                     "groups": "{0}",
  876                     "domain": {
  877                         "id": DEVELOPER_GROUP_DOMAIN_ID
  878                     }
  879                 },
  880                 {
  881                     "user": {
  882                         "name": "{1}"
  883                     }
  884                 }
  885             ]
  886         }
  887     ]
  888 }
  889 
  890 MAPPING_GROUPS_BLACKLIST_REGEX = {
  891     "rules": [
  892         {
  893             "remote": [
  894                 {
  895                     "type": "orgPersonType",
  896                     "blacklist": [
  897                         ".*Employee$"
  898                     ],
  899                     "regex": True
  900                 },
  901             ],
  902             "local": [
  903                 {
  904                     "groups": "{0}",
  905                     "domain": {
  906                         "id": FEDERATED_DOMAIN
  907                     }
  908                 },
  909             ]
  910         }
  911     ]
  912 }
  913 
  914 MAPPING_GROUPS_WHITELIST_REGEX = {
  915     "rules": [
  916         {
  917             "remote": [
  918                 {
  919                     "type": "orgPersonType",
  920                     "whitelist": [
  921                         ".*Employee$"
  922                     ],
  923                     "regex": True
  924                 },
  925             ],
  926             "local": [
  927                 {
  928                     "groups": "{0}",
  929                     "domain": {
  930                         "id": FEDERATED_DOMAIN
  931                     }
  932                 },
  933             ]
  934         }
  935     ]
  936 }
  937 
  938 # Exercise all possibilities of user identification. Values are hardcoded on
  939 # purpose.
  940 MAPPING_USER_IDS = {
  941     "rules": [
  942         {
  943             "local": [
  944                 {
  945                     "user": {
  946                         "name": "{0}"
  947                     }
  948                 }
  949             ],
  950             "remote": [
  951                 {
  952                     "type": "UserName"
  953                 },
  954                 {
  955                     "type": "UserName",
  956                     "any_one_of": [
  957                         "jsmith"
  958                     ]
  959                 }
  960             ]
  961         },
  962         {
  963             "local": [
  964                 {
  965                     "user": {
  966                         "name": "{0}",
  967                         "id": "abc123@example.com",
  968                         "domain": {
  969                             "id": "federated"
  970                         }
  971                     }
  972                 }
  973             ],
  974             "remote": [
  975                 {
  976                     "type": "UserName"
  977                 },
  978                 {
  979                     "type": "UserName",
  980                     "any_one_of": [
  981                         "tbo"
  982                     ]
  983                 }
  984             ]
  985         },
  986         {
  987             "local": [
  988                 {
  989                     "user": {
  990                         "id": "{0}"
  991                     }
  992                 }
  993             ],
  994             "remote": [
  995                 {
  996                     "type": "UserName"
  997                 },
  998                 {
  999                     "type": "UserName",
 1000                     "any_one_of": [
 1001                         "bob"
 1002                     ]
 1003                 }
 1004             ]
 1005         },
 1006         {
 1007             "local": [
 1008                 {
 1009                     "user": {
 1010                         "id": "abc123@example.com",
 1011                         "name": "{0}",
 1012                         "domain": {
 1013                             "id": "federated"
 1014                         }
 1015                     }
 1016                 }
 1017             ],
 1018             "remote": [
 1019                 {
 1020                     "type": "UserName"
 1021                 },
 1022                 {
 1023                     "type": "UserName",
 1024                     "any_one_of": [
 1025                         "bwilliams"
 1026                     ]
 1027                 }
 1028             ]
 1029         }
 1030     ]
 1031 }
 1032 
 1033 MAPPING_GROUPS_BLACKLIST_MISSING_DOMAIN = {
 1034     "rules": [
 1035         {
 1036             "remote": [
 1037                 {
 1038                     "type": "orgPersonType",
 1039                     "blacklist": [
 1040                         "Developer", "Manager"
 1041                     ]
 1042                 },
 1043             ],
 1044             "local": [
 1045                 {
 1046                     "groups": "{0}",
 1047                 },
 1048             ]
 1049         }
 1050     ]
 1051 }
 1052 
 1053 MAPPING_GROUPS_WHITELIST_AND_BLACKLIST = {
 1054     "rules": [
 1055         {
 1056             "remote": [
 1057                 {
 1058                     "type": "orgPersonType",
 1059                     "blacklist": [
 1060                         "Employee"
 1061                     ],
 1062                     "whitelist": [
 1063                         "Contractor"
 1064                     ]
 1065                 },
 1066             ],
 1067             "local": [
 1068                 {
 1069                     "groups": "{0}",
 1070                     "domain": {
 1071                         "id": DEVELOPER_GROUP_DOMAIN_ID
 1072                     }
 1073                 },
 1074             ]
 1075         }
 1076     ]
 1077 }
 1078 
 1079 # Mapping used by tokenless test cases, it maps the user_name
 1080 # and domain_name.
 1081 MAPPING_WITH_USERNAME_AND_DOMAINNAME = {
 1082     'rules': [
 1083         {
 1084             'local': [
 1085                 {
 1086                     'user': {
 1087                         'name': '{0}',
 1088                         'domain': {
 1089                             'name': '{1}'
 1090                         },
 1091                         'type': 'local'
 1092                     }
 1093                 }
 1094             ],
 1095             'remote': [
 1096                 {
 1097                     'type': 'SSL_CLIENT_USER_NAME'
 1098                 },
 1099                 {
 1100                     'type': 'SSL_CLIENT_DOMAIN_NAME'
 1101                 }
 1102             ]
 1103         }
 1104     ]
 1105 }
 1106 
 1107 # Mapping used by tokenless test cases, it maps the user_id
 1108 # and domain_name.
 1109 MAPPING_WITH_USERID_AND_DOMAINNAME = {
 1110     'rules': [
 1111         {
 1112             'local': [
 1113                 {
 1114                     'user': {
 1115                         'id': '{0}',
 1116                         'domain': {
 1117                             'name': '{1}'
 1118                         },
 1119                         'type': 'local'
 1120                     }
 1121                 }
 1122             ],
 1123             'remote': [
 1124                 {
 1125                     'type': 'SSL_CLIENT_USER_ID'
 1126                 },
 1127                 {
 1128                     'type': 'SSL_CLIENT_DOMAIN_NAME'
 1129                 }
 1130             ]
 1131         }
 1132     ]
 1133 }
 1134 
 1135 # Mapping used by tokenless test cases, it maps the user_name
 1136 # and domain_id.
 1137 MAPPING_WITH_USERNAME_AND_DOMAINID = {
 1138     'rules': [
 1139         {
 1140             'local': [
 1141                 {
 1142                     'user': {
 1143                         'name': '{0}',
 1144                         'domain': {
 1145                             'id': '{1}'
 1146                         },
 1147                         'type': 'local'
 1148                     }
 1149                 }
 1150             ],
 1151             'remote': [
 1152                 {
 1153                     'type': 'SSL_CLIENT_USER_NAME'
 1154                 },
 1155                 {
 1156                     'type': 'SSL_CLIENT_DOMAIN_ID'
 1157                 }
 1158             ]
 1159         }
 1160     ]
 1161 }
 1162 
 1163 # Mapping used by tokenless test cases, it maps the user_id
 1164 # and domain_id.
 1165 MAPPING_WITH_USERID_AND_DOMAINID = {
 1166     'rules': [
 1167         {
 1168             'local': [
 1169                 {
 1170                     'user': {
 1171                         'id': '{0}',
 1172                         'domain': {
 1173                             'id': '{1}'
 1174                         },
 1175                         'type': 'local'
 1176                     }
 1177                 }
 1178             ],
 1179             'remote': [
 1180                 {
 1181                     'type': 'SSL_CLIENT_USER_ID'
 1182                 },
 1183                 {
 1184                     'type': 'SSL_CLIENT_DOMAIN_ID'
 1185                 }
 1186             ]
 1187         }
 1188     ]
 1189 }
 1190 
 1191 # Mapping used by tokenless test cases, it maps the domain_id only.
 1192 MAPPING_WITH_DOMAINID_ONLY = {
 1193     'rules': [
 1194         {
 1195             'local': [
 1196                 {
 1197                     'user': {
 1198                         'domain': {
 1199                             'id': '{0}'
 1200                         },
 1201                         'type': 'local'
 1202                     }
 1203                 }
 1204             ],
 1205             'remote': [
 1206                 {
 1207                     'type': 'SSL_CLIENT_DOMAIN_ID'
 1208                 }
 1209             ]
 1210         }
 1211     ]
 1212 }
 1213 
 1214 MAPPING_GROUPS_IDS_WHITELIST = {
 1215     "rules": [
 1216         {
 1217             "local": [
 1218                 {
 1219                     "user": {
 1220                         "name": "{0}"
 1221                     }
 1222                 },
 1223                 {
 1224                     "group_ids": "{1}"
 1225                 },
 1226                 {
 1227                     "group": {
 1228                         "id": "{2}"
 1229                     }
 1230                 }
 1231             ],
 1232             "remote": [
 1233                 {
 1234                     "type": "name"
 1235                 },
 1236                 {
 1237                     "type": "group_ids",
 1238                     "whitelist": [
 1239                         "abc123", "ghi789", "321cba"
 1240                     ]
 1241                 },
 1242                 {
 1243                     "type": "group"
 1244                 }
 1245             ]
 1246         }
 1247     ]
 1248 }
 1249 
 1250 MAPPING_GROUPS_IDS_BLACKLIST = {
 1251     "rules": [
 1252         {
 1253             "local": [
 1254                 {
 1255                     "user": {
 1256                         "name": "{0}"
 1257                     }
 1258                 },
 1259                 {
 1260                     "group_ids": "{1}"
 1261                 },
 1262                 {
 1263                     "group": {
 1264                         "id": "{2}"
 1265                     }
 1266                 }
 1267             ],
 1268             "remote": [
 1269                 {
 1270                     "type": "name"
 1271                 },
 1272                 {
 1273                     "type": "group_ids",
 1274                     "blacklist": [
 1275                         "def456"
 1276                     ]
 1277                 },
 1278                 {
 1279                     "type": "group"
 1280                 }
 1281             ]
 1282         }
 1283     ]
 1284 }
 1285 
 1286 # Mapping used by tokenless test cases, it maps the domain_name only.
 1287 MAPPING_WITH_DOMAINNAME_ONLY = {
 1288     'rules': [
 1289         {
 1290             'local': [
 1291                 {
 1292                     'user': {
 1293                         'domain': {
 1294                             'name': '{0}'
 1295                         },
 1296                         'type': 'local'
 1297                     }
 1298                 }
 1299             ],
 1300             'remote': [
 1301                 {
 1302                     'type': 'SSL_CLIENT_DOMAIN_NAME'
 1303                 }
 1304             ]
 1305         }
 1306     ]
 1307 }
 1308 
 1309 # Mapping used by tokenless test cases, it maps the user_name only.
 1310 MAPPING_WITH_USERNAME_ONLY = {
 1311     'rules': [
 1312         {
 1313             'local': [
 1314                 {
 1315                     'user': {
 1316                         'name': '{0}',
 1317                         'type': 'local'
 1318                     }
 1319                 }
 1320             ],
 1321             'remote': [
 1322                 {
 1323                     'type': 'SSL_CLIENT_USER_NAME'
 1324                 }
 1325             ]
 1326         }
 1327     ]
 1328 }
 1329 
 1330 # Mapping used by tokenless test cases, it maps the user_id only.
 1331 MAPPING_WITH_USERID_ONLY = {
 1332     'rules': [
 1333         {
 1334             'local': [
 1335                 {
 1336                     'user': {
 1337                         'id': '{0}',
 1338                         'type': 'local'
 1339                     }
 1340                 }
 1341             ],
 1342             'remote': [
 1343                 {
 1344                     'type': 'SSL_CLIENT_USER_ID'
 1345                 }
 1346             ]
 1347         }
 1348     ]
 1349 }
 1350 
 1351 MAPPING_FOR_EPHEMERAL_USER = {
 1352     'rules': [
 1353         {
 1354             'local': [
 1355                 {
 1356                     'user': {
 1357                         'name': '{0}',
 1358                         'type': 'ephemeral'
 1359                     },
 1360                     'group': {
 1361                         'id': 'dummy'
 1362                     }
 1363                 }
 1364             ],
 1365             'remote': [
 1366                 {
 1367                     'type': 'SSL_CLIENT_USER_NAME'
 1368                 }
 1369             ]
 1370         }
 1371     ]
 1372 }
 1373 
 1374 MAPPING_FOR_EPHEMERAL_USER_AND_GROUP_DOMAIN_NAME = {
 1375     'rules': [
 1376         {
 1377             'local': [
 1378                 {
 1379                     'user': {
 1380                         'name': '{0}',
 1381                         'type': 'ephemeral'
 1382                     },
 1383                     'group': {
 1384                         'name': 'dummy',
 1385                         'domain': {
 1386                             'name': 'dummy'
 1387                         }
 1388                     }
 1389                 }
 1390             ],
 1391             'remote': [
 1392                 {
 1393                     'type': 'SSL_CLIENT_USER_NAME'
 1394                 }
 1395             ]
 1396         }
 1397     ]
 1398 }
 1399 
 1400 MAPPING_FOR_DEFAULT_EPHEMERAL_USER = {
 1401     'rules': [
 1402         {
 1403             'local': [
 1404                 {
 1405                     'user': {
 1406                         'name': '{0}'
 1407                     },
 1408                     'group': {
 1409                         'id': 'dummy'
 1410                     }
 1411                 }
 1412             ],
 1413             'remote': [
 1414                 {
 1415                     'type': 'SSL_CLIENT_USER_NAME'
 1416                 }
 1417             ]
 1418         }
 1419     ]
 1420 }
 1421 
 1422 MAPPING_GROUPS_WHITELIST_PASS_THROUGH = {
 1423     "rules": [
 1424         {
 1425             "remote": [
 1426                 {
 1427                     "type": "UserName"
 1428                 }
 1429             ],
 1430             "local": [
 1431                 {
 1432                     "user": {
 1433                         "name": "{0}",
 1434                         "domain": {
 1435                             "id": DEVELOPER_GROUP_DOMAIN_ID
 1436                         }
 1437                     }
 1438                 }
 1439             ]
 1440         },
 1441         {
 1442             "remote": [
 1443                 {
 1444                     "type": "orgPersonType",
 1445                     "whitelist": ['Developer']
 1446                 }
 1447             ],
 1448             "local": [
 1449                 {
 1450                     "groups": "{0}",
 1451                     "domain": {
 1452                         "id": DEVELOPER_GROUP_DOMAIN_ID
 1453                     }
 1454                 }
 1455             ]
 1456         }
 1457     ]
 1458 }
 1459 
 1460 MAPPING_BAD_LOCAL_SETUP = {
 1461     "rules": [
 1462         {
 1463             "local": [
 1464                 {
 1465                     "user": {
 1466                         "name": "{0}",
 1467                         "domain": {"id": "default"}
 1468                     },
 1469                     "whatisthis": "local"
 1470                 }
 1471             ],
 1472             "remote": [
 1473                 {
 1474                     "type": "UserName"
 1475                 }
 1476             ]
 1477         }
 1478     ]
 1479 }
 1480 
 1481 MAPPING_BAD_LOCAL_TYPE_USER_IN_ASSERTION = {
 1482     "rules": [
 1483         {
 1484             "local": [
 1485                 {
 1486                     "user": {
 1487                         "name": "{0}",
 1488                         "groups": "{1}"
 1489                     }
 1490                 }
 1491             ],
 1492             "remote": [
 1493                 {
 1494                     "type": "openstack_user"
 1495                 },
 1496                 {
 1497                     "type": "openstack_groups"
 1498 
 1499                 },
 1500                 {
 1501                     "type": "openstack_roles",
 1502                     "any_one_of": [
 1503                         "Admin"
 1504                     ]
 1505                 }
 1506             ]
 1507         },
 1508     ]
 1509 }
 1510 
 1511 MAPPING_GROUPS_WITH_EMAIL = {
 1512     "rules": [
 1513         {
 1514             "remote": [
 1515                 {
 1516                     "type": "groups",
 1517                 },
 1518                 {
 1519                     "type": "userEmail",
 1520                 },
 1521                 {
 1522                     "type": "UserName"
 1523                 }
 1524             ],
 1525             "local": [
 1526                 {
 1527                     "groups": "{0}",
 1528                     "domain": {
 1529                         "id": DEVELOPER_GROUP_DOMAIN_ID
 1530                     }
 1531                 },
 1532                 {
 1533                     "user": {
 1534                         "name": "{2}",
 1535                         "email": "{1}"
 1536                     }
 1537                 }
 1538             ]
 1539         }
 1540     ]
 1541 }
 1542 
 1543 
 1544 MAPPING_GROUPS_DOMAIN_OF_USER = {
 1545     "rules": [
 1546         {
 1547             "local":
 1548             [
 1549                 {
 1550                     "user":
 1551                         {
 1552                             "name": "{0}"
 1553                         }
 1554                 },
 1555                 {
 1556                     "groups": "{1}"
 1557                 }
 1558             ],
 1559             "remote":
 1560             [
 1561                 {
 1562                     "type": "openstack_user"
 1563                 },
 1564                 {
 1565                     "type": "openstack_groups"
 1566                 }
 1567             ]
 1568         }
 1569     ]
 1570 }
 1571 
 1572 EMPLOYEE_ASSERTION = {
 1573     'Email': 'tim@example.com',
 1574     'UserName': 'tbo',
 1575     'FirstName': 'Tim',
 1576     'LastName': 'Bo',
 1577     'orgPersonType': 'Employee;BuildingX'
 1578 }
 1579 
 1580 EMPLOYEE_PARTTIME_ASSERTION = {
 1581     'Email': 'tim@example.com',
 1582     'UserName': 'tbo',
 1583     'FirstName': 'Tim',
 1584     'LastName': 'Bo',
 1585     'orgPersonType': 'Employee;PartTimeEmployee;Manager'
 1586 }
 1587 
 1588 EMPLOYEE_ASSERTION_MULTIPLE_GROUPS = {
 1589     'Email': 'tim@example.com',
 1590     'UserName': 'tbo',
 1591     'FirstName': 'Tim',
 1592     'LastName': 'Bo',
 1593     'orgPersonType': 'Developer;Manager;Contractor',
 1594     'Thing': 'yes!;maybe!;no!!'
 1595 }
 1596 
 1597 EMPLOYEE_ASSERTION_PREFIXED = {
 1598     'PREFIX_Email': 'tim@example.com',
 1599     'PREFIX_UserName': 'tbo',
 1600     'PREFIX_FirstName': 'Tim',
 1601     'PREFIX_LastName': 'Bo',
 1602     'PREFIX_orgPersonType': 'SuperEmployee;BuildingX'
 1603 }
 1604 
 1605 CONTRACTOR_ASSERTION = {
 1606     'Email': 'jill@example.com',
 1607     'UserName': 'jsmith',
 1608     'FirstName': 'Jill',
 1609     'LastName': 'Smith',
 1610     'orgPersonType': 'Contractor;Non-Dev'
 1611 }
 1612 
 1613 ADMIN_ASSERTION = {
 1614     'Email': 'bob@example.com',
 1615     'UserName': 'bob',
 1616     'FirstName': 'Bob',
 1617     'LastName': 'Thompson',
 1618     'orgPersonType': 'Admin;Chief'
 1619 }
 1620 
 1621 CUSTOMER_ASSERTION = {
 1622     'Email': 'beth@example.com',
 1623     'UserName': 'bwilliams',
 1624     'FirstName': 'Beth',
 1625     'LastName': 'Williams',
 1626     'orgPersonType': 'Customer'
 1627 }
 1628 
 1629 ANOTHER_CUSTOMER_ASSERTION = {
 1630     'Email': 'mark@example.com',
 1631     'UserName': 'markcol',
 1632     'FirstName': 'Mark',
 1633     'LastName': 'Collins',
 1634     'orgPersonType': 'Managers;CEO;CTO'
 1635 }
 1636 
 1637 TESTER_ASSERTION = {
 1638     'Email': 'testacct@example.com',
 1639     'UserName': 'testacct',
 1640     'FirstName': 'Test',
 1641     'LastName': 'Account',
 1642     'orgPersonType': 'MadeupGroup;Tester;GroupX'
 1643 }
 1644 
 1645 ANOTHER_TESTER_ASSERTION = {
 1646     'Email': 'testacct@example.com',
 1647     'UserName': 'IamTester'
 1648 }
 1649 
 1650 BAD_TESTER_ASSERTION = {
 1651     'Email': 'eviltester@example.org',
 1652     'UserName': 'Evil',
 1653     'FirstName': 'Test',
 1654     'LastName': 'Account',
 1655     'orgPersonType': 'Tester'
 1656 }
 1657 
 1658 BAD_DEVELOPER_ASSERTION = {
 1659     'Email': 'evildeveloper@example.org',
 1660     'UserName': 'Evil',
 1661     'FirstName': 'Develop',
 1662     'LastName': 'Account',
 1663     'orgPersonType': 'Developer'
 1664 }
 1665 
 1666 MALFORMED_TESTER_ASSERTION = {
 1667     'Email': 'testacct@example.com',
 1668     'UserName': 'testacct',
 1669     'FirstName': 'Test',
 1670     'LastName': 'Account',
 1671     'orgPersonType': 'Tester',
 1672     'object': object(),
 1673     'dictionary': dict(zip('teststring', range(10))),
 1674     'tuple': tuple(range(5))
 1675 }
 1676 
 1677 DEVELOPER_ASSERTION = {
 1678     'Email': 'developacct@example.com',
 1679     'UserName': 'developacct',
 1680     'FirstName': 'Develop',
 1681     'LastName': 'Account',
 1682     'orgPersonType': 'Developer'
 1683 }
 1684 
 1685 CONTRACTOR_MALFORMED_ASSERTION = {
 1686     'UserName': 'user',
 1687     'FirstName': object(),
 1688     'orgPersonType': 'Contractor'
 1689 }
 1690 
 1691 LOCAL_USER_ASSERTION = {
 1692     'UserName': 'marek',
 1693     'UserType': 'random'
 1694 }
 1695 
 1696 ANOTHER_LOCAL_USER_ASSERTION = {
 1697     'UserName': 'marek',
 1698     'Position': 'DirectorGeneral'
 1699 }
 1700 
 1701 USER_NO_GROUPS_ASSERTION = {
 1702     'Email': 'nogroupsuser1@example.org',
 1703     'UserName': 'nogroupsuser1',
 1704     'orgPersonType': 'NoGroupsOrg'
 1705 }
 1706 
 1707 UNMATCHED_GROUP_ASSERTION = {
 1708     'REMOTE_USER': 'Any Momoose',
 1709     'REMOTE_USER_GROUPS': 'EXISTS;NO_EXISTS'
 1710 }
 1711 
 1712 GROUP_IDS_ASSERTION = {
 1713     'name': 'opilotte',
 1714     'group_ids': 'abc123;def456;ghi789',
 1715     'group': 'klm012'
 1716 }
 1717 
 1718 GROUP_IDS_ASSERTION_ONLY_ONE_GROUP = {
 1719     'name': 'opilotte',
 1720     'group_ids': '321cba',
 1721     'group': '210mlk'
 1722 }
 1723 
 1724 UNICODE_NAME_ASSERTION = {
 1725     'PFX_Email': 'jon@example.com',
 1726     'PFX_UserName': 'jonkare',
 1727     'PFX_FirstName': 'Jon Kåre',
 1728     'PFX_LastName': 'Hellån',
 1729     'PFX_orgPersonType': 'Admin;Chief'
 1730 }
 1731 
 1732 GROUPS_ASSERTION_ONLY_ONE_GROUP = {
 1733     'userEmail': 'jill@example.com',
 1734     'UserName': 'jsmith',
 1735     'groups': 'ALL USERS'
 1736 }
 1737 
 1738 GROUPS_DOMAIN_ASSERTION = {
 1739     'openstack_user': 'bwilliams',
 1740     'openstack_user_domain': 'default',
 1741     'openstack_roles': 'Admin',
 1742     'openstack_groups': 'JSON:{"name":"group1","domain":{"name":"xxx"}};'
 1743                         'JSON:{"name":"group2","domain":{"name":"yyy"}}'
 1744 }
 1745 
 1746 MAPPING_UNICODE = {
 1747     "rules": [
 1748         {
 1749             "local": [
 1750                 {
 1751                     "user": {
 1752                         "name": "{0} {1}",
 1753                         "email": "{2}"
 1754                     },
 1755                     "group": {
 1756                         "id": EMPLOYEE_GROUP_ID
 1757                     }
 1758                 }
 1759             ],
 1760             "remote": [
 1761                 {
 1762                     "type": "PFX_FirstName"
 1763                 },
 1764                 {
 1765                     "type": "PFX_LastName"
 1766                 },
 1767                 {
 1768                     "type": "PFX_Email"
 1769                 },
 1770                 {
 1771                     "type": "PFX_orgPersonType",
 1772                     "any_one_of": [
 1773                         "Admin",
 1774                         "Big Cheese"
 1775                     ]
 1776                 }
 1777             ]
 1778         },
 1779     ],
 1780 }
 1781 
 1782 MAPPING_PROJECTS = {
 1783     "rules": [
 1784         {
 1785             "local": [
 1786                 {
 1787                     "user": {
 1788                         "name": "{0}"
 1789                     }
 1790                 },
 1791                 {
 1792                     "projects": [
 1793                         {"name": "Production",
 1794                          "roles": [{"name": "observer"}]},
 1795                         {"name": "Staging",
 1796                          "roles": [{"name": "member"}]},
 1797                         {"name": "Project for {0}",
 1798                          "roles": [{"name": "admin"}]},
 1799                     ],
 1800                 }
 1801             ],
 1802             "remote": [
 1803                 {
 1804                     "type": "UserName"
 1805                 },
 1806                 {
 1807                     "type": "Email",
 1808                 },
 1809                 {
 1810                     "type": "orgPersonType",
 1811                     "any_one_of": [
 1812                         "Employee"
 1813                     ]
 1814                 }
 1815             ]
 1816         }
 1817     ]
 1818 }
 1819 
 1820 MAPPING_PROJECTS_WITHOUT_ROLES = {
 1821     "rules": [
 1822         {
 1823             "local": [
 1824                 {
 1825                     "user": {
 1826                         "name": "{0}"
 1827                     },
 1828                     "projects": [
 1829                         {"name": "a"},
 1830                         {"name": "b"},
 1831                         {"name": "Project for {0}"},
 1832                     ],
 1833                 }
 1834             ],
 1835             "remote": [
 1836                 {
 1837                     "type": "UserName"
 1838                 }
 1839             ]
 1840         },
 1841     ]
 1842 }
 1843 
 1844 MAPPING_PROJECTS_WITHOUT_NAME = {
 1845     "rules": [
 1846         {
 1847             "local": [
 1848                 {
 1849                     "user": {
 1850                         "name": "{0}"
 1851                     },
 1852                     "projects": [
 1853                         {"roles": [{"name": "observer"}]},
 1854                         {"name": "Staging",
 1855                          "roles": [{"name": "member"}]},
 1856                         {"name": "Project for {0}",
 1857                          "roles": [{"name": "admin"}]},
 1858                     ]
 1859                 }
 1860             ],
 1861             "remote": [
 1862                 {
 1863                     "type": "UserName"
 1864                 }
 1865             ]
 1866         },
 1867     ]
 1868 }