Utilities for Federation Extension.
keystone.federation.utils.
DirectMaps
[source]¶Bases: object
An abstraction around the remote matches.
Each match is treated internally as a list.
keystone.federation.utils.
RuleProcessor
(mapping_id, rules)[source]¶Bases: object
A class to process assertions and mapping rules.
process
(assertion_data)[source]¶Transform assertion to a dictionary.
The dictionary contains mapping of user name and group ids based on mapping rules.
This function will iterate through the mapping rules to find assertions that are valid.
Parameters: | assertion_data (dict) – an assertion containing values from an IdP |
---|
Example assertion_data:
{
'Email': 'testacct@example.com',
'UserName': 'testacct',
'FirstName': 'Test',
'LastName': 'Account',
'orgPersonType': 'Tester'
}
Returns: | dictionary with user and group_ids |
---|
The expected return structure is:
{
'name': 'foobar',
'group_ids': ['abc123', 'def456'],
'group_names': [
{
'name': 'group_name_1',
'domain': {
'name': 'domain1'
}
},
{
'name': 'group_name_1_1',
'domain': {
'name': 'domain1'
}
},
{
'name': 'group_name_2',
'domain': {
'id': 'xyz132'
}
}
]
}
keystone.federation.utils.
UserType
[source]¶Bases: object
User mapping type.
EPHEMERAL
= 'ephemeral'¶LOCAL
= 'local'¶keystone.federation.utils.
transform_to_group_ids
(group_names, mapping_id, identity_api, resource_api)[source]¶Transform groups identified by name/domain to their ids.
Function accepts list of groups identified by a name and domain giving a list of group ids in return.
Example of group_names parameter:
[
{
"name": "group_name",
"domain": {
"id": "domain_id"
},
},
{
"name": "group_name_2",
"domain": {
"name": "domain_name"
}
}
]
Parameters: |
|
---|---|
Returns: | generator object with group ids |
Raises: | keystone.exception.MappedGroupNotFound – in case asked group doesn’t exist in the backend. |
keystone.federation.utils.
validate_idp
(idp, protocol, assertion)[source]¶The IdP providing the assertion should be registered for the mapping.
keystone.federation.utils.
validate_mapped_group_ids
(group_ids, mapping_id, identity_api)[source]¶Iterate over group ids and make sure they are present in the backend.
This call is not transactional. :param group_ids: IDs of the groups to be checked :type group_ids: list of str
Parameters: |
|
---|---|
Raises: | keystone.exception.MappedGroupNotFound – If the group returned by mapping was not found in the backend. |
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.