| # Copyright 2016 Red Hat, Inc. |
| # All Rights Reserved. |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); you may |
| # not use this file except in compliance with the License. You may obtain |
| # a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
| # License for the specific language governing permissions and limitations |
| # under the License. |
| |
| from oslo_config import cfg |
| |
| identity_feature_options = [ |
| cfg.BoolOpt('federation', |
| default=False, |
| help='Does the environment support the Federated Identity ' |
| 'feature?'), |
| cfg.BoolOpt('external_idp', |
| default=True, |
| help='Whether to test federated scenarios against an external ' |
| 'identity provider. If disabled, only ' |
| 'Keystone-to-Keystone tests will be enabled.'), |
| cfg.BoolOpt('enforce_scope', |
| default=False, |
| help='Does the keystone service enforce scope and use ' |
| 'scope-aware policies?'), |
| ] |
| |
| fed_scenario_group = cfg.OptGroup(name='fed_scenario', |
| title='Federation Scenario Tests Options') |
| |
| FedScenarioGroup = [ |
| # Identity Provider |
| cfg.StrOpt('idp_id', |
| help='The Identity Provider ID'), |
| cfg.ListOpt('idp_remote_ids', |
| default=[], |
| help='The Identity Provider remote IDs list'), |
| cfg.StrOpt('idp_username', |
| help='Username used to login in the Identity Provider'), |
| cfg.StrOpt('idp_password', |
| help='Password used to login in the Identity Provider', |
| secret=True), |
| cfg.StrOpt('idp_ecp_url', |
| help='Identity Provider SAML2/ECP URL'), |
| cfg.StrOpt('idp_oidc_url', |
| help='Identity Provider OIDC URL'), |
| |
| # client id (oidc) |
| cfg.StrOpt('idp_client_id', |
| help='Identity Provider Client ID'), |
| cfg.StrOpt('idp_client_secret', |
| help='Identity Provider Client Secret'), |
| |
| # existing user (oidc) |
| cfg.StrOpt('idp_test_user_name', |
| help='Identity Provider Test User Name'), |
| cfg.StrOpt('idp_test_user_password', |
| help='Identity Provider Test User Password', |
| secret=True), |
| |
| # Mapping rules |
| cfg.StrOpt('mapping_remote_type', |
| help='The assertion attribute to be used in the remote rules'), |
| cfg.StrOpt('mapping_user_name', |
| default='{0}', |
| help='The username to be used in the local rules.'), |
| cfg.StrOpt('mapping_group_name', |
| default='federated_users', |
| help='The group name to be used in the local rules. The group ' |
| 'must have at least one assignment in one project.'), |
| cfg.StrOpt('mapping_group_domain_name', |
| default='federated_domain', |
| help='The domain name where the "mapping_group_name" is ' |
| 'created.'), |
| # TODO(cmurphy): remove this option and set to true when all supported |
| # branches support the openstack_groups feature |
| cfg.BoolOpt('enable_k2k_groups_mapping', |
| default=False, |
| help='Whether to test support for openstack_groups in the K2K ' |
| 'SAML assertion (lp#1687593)'), |
| |
| # Protocol |
| cfg.StrOpt('protocol_id', |
| default='mapped', |
| help='The Protocol ID'), |
| ] |