)]}'
{"doc/source/configure_federation.rst":[{"author":{"_account_id":13055,"name":"Alexander Makarov","email":"ajiekcahdp.makapob@gmail.com","username":"amakarov"},"change_message_id":"b3d2bc82f3ef487151e4e980f0ddb07ea465ba67","unresolved":false,"context_lines":[{"line_number":137,"context_line":"and users."},{"line_number":138,"context_line":""},{"line_number":139,"context_line":"Mapping adds a set of rules to map federation protocol attributes to Identity API objects."},{"line_number":140,"context_line":"More information on rules can be found on the :doc:`mapping_combinations` page."},{"line_number":141,"context_line":""},{"line_number":142,"context_line":"An Identity Provider has exactly one mapping specified per protocol."},{"line_number":143,"context_line":"Mapping objects can be used multiple times by different combinations of Identity Provider and Protocol."}],"source_content_type":"text/x-rst","patch_set":14,"id":"ba3cc151_2d081628","line":140,"updated":"2015-07-06 14:51:17.000000000","message":"It is better to have a brief description here for reader not to dig deeper if he doesn\u0027t need details.","commit_id":"b70781718924c0014d91e6a20f5e47716ce92cb4"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"968cb13477e83dac58fb7d99f83502fa7201271e","unresolved":false,"context_lines":[{"line_number":137,"context_line":"and users."},{"line_number":138,"context_line":""},{"line_number":139,"context_line":"Mapping adds a set of rules to map federation protocol attributes to Identity API objects."},{"line_number":140,"context_line":"More information on rules can be found on the :doc:`mapping_combinations` page."},{"line_number":141,"context_line":""},{"line_number":142,"context_line":"An Identity Provider has exactly one mapping specified per protocol."},{"line_number":143,"context_line":"Mapping objects can be used multiple times by different combinations of Identity Provider and Protocol."}],"source_content_type":"text/x-rst","patch_set":14,"id":"ba3cc151_ff4ac2ab","line":140,"in_reply_to":"ba3cc151_2d081628","updated":"2015-07-06 20:25:18.000000000","message":"Good idea, 1st time users will most likely need to look at that page to see how to create a mapping.","commit_id":"b70781718924c0014d91e6a20f5e47716ce92cb4"}],"doc/source/mapping_combinations.rst":[{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"94eddf65090af80d28552059fd8bcf61fa955b5e","unresolved":false,"context_lines":[{"line_number":156,"context_line":"            }"},{"line_number":157,"context_line":"        }"},{"line_number":158,"context_line":"    }"},{"line_number":159,"context_line":""},{"line_number":160,"context_line":"Supported Mappings Examples"},{"line_number":161,"context_line":"---------------------------"},{"line_number":162,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"fa32b979_e72ebba4","line":159,"updated":"2015-06-22 08:54:56.000000000","message":"i am just wondering whether such schemas are a good way to put it in a first place. We know jsonschema, most people probably don\u0027t so they may get scared after seeing such thing. How about either moving somewhere to the bottom or adding a link to external resource (also in the keystone/doc scope) with schema presented and explained?","commit_id":"30880a0ee0c375a2e5289f36dbe5ce8cc4fb7fb2"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"933ab7fa6788c7efa03a884548cd9d3d04d41b2a","unresolved":false,"context_lines":[{"line_number":156,"context_line":"            }"},{"line_number":157,"context_line":"        }"},{"line_number":158,"context_line":"    }"},{"line_number":159,"context_line":""},{"line_number":160,"context_line":"Supported Mappings Examples"},{"line_number":161,"context_line":"---------------------------"},{"line_number":162,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"fa32b979_d1e9e0b8","line":159,"in_reply_to":"fa32b979_e72ebba4","updated":"2015-06-22 19:35:41.000000000","message":"Good idea. I have moved it to another keystone/doc/mapping_schema.rst and added a link.","commit_id":"30880a0ee0c375a2e5289f36dbe5ce8cc4fb7fb2"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"94eddf65090af80d28552059fd8bcf61fa955b5e","unresolved":false,"context_lines":[{"line_number":184,"context_line":"                ]"},{"line_number":185,"context_line":"            }"},{"line_number":186,"context_line":"        ]"},{"line_number":187,"context_line":"    }"},{"line_number":188,"context_line":""},{"line_number":189,"context_line":"any_one_of:"},{"line_number":190,"context_line":"~~~~~~~~~~~"}],"source_content_type":"text/x-rst","patch_set":6,"id":"fa32b979_02486d5a","line":187,"updated":"2015-06-22 08:54:56.000000000","message":"either make a big warning, that for brevity you are presenting excerpts from the mapping rules, or make the complete. For instance this mapping rule would not work (a HTTP 401 Unauthorized would be returned) because the \u0027local\u0027 section doesn\u0027t define users\u0027 identity (id, or {name, domain} )\n\nThis applies to all the rules.","commit_id":"30880a0ee0c375a2e5289f36dbe5ce8cc4fb7fb2"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"933ab7fa6788c7efa03a884548cd9d3d04d41b2a","unresolved":false,"context_lines":[{"line_number":184,"context_line":"                ]"},{"line_number":185,"context_line":"            }"},{"line_number":186,"context_line":"        ]"},{"line_number":187,"context_line":"    }"},{"line_number":188,"context_line":""},{"line_number":189,"context_line":"any_one_of:"},{"line_number":190,"context_line":"~~~~~~~~~~~"}],"source_content_type":"text/x-rst","patch_set":6,"id":"fa32b979_11666829","line":187,"in_reply_to":"fa32b979_02486d5a","updated":"2015-06-22 19:35:41.000000000","message":"I have listed the different types of items that can be provided in the local section.\n\nI don\u0027t think that users\u0027 identity is required. I have done mappings as follows:\n\n{\n    \"mapping\": {\n        \"rules\": [\n            {\n                \"local\": [\n                    {\n                        \"group\": {\n                            \"id\": \"\u003cgroup_id\u003e\"\n                        }\n                    }\n                ],\n                \"remote\": [\n                    {\n                        \"type\": \"HTTP_OIDC_ISS\",\n                        \"any_one_of\": [\n                            \"accounts.google.com\"\n                        ]\n                    }\n                ]\n            }\n        ]\n    }\n}\n\nand they have been tested.\n\nQuestion: what does the {0} in:\n\"local\": [\n        {\n            \"user\": {\n                \"name\": \"{0}\"\n            }\n        }\n    ]\n\nmean and how is the user used?","commit_id":"30880a0ee0c375a2e5289f36dbe5ce8cc4fb7fb2"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"1388653b3836d7cf13863a9873ea39aca3b230de","unresolved":false,"context_lines":[{"line_number":184,"context_line":"                ]"},{"line_number":185,"context_line":"            }"},{"line_number":186,"context_line":"        ]"},{"line_number":187,"context_line":"    }"},{"line_number":188,"context_line":""},{"line_number":189,"context_line":"any_one_of:"},{"line_number":190,"context_line":"~~~~~~~~~~~"}],"source_content_type":"text/x-rst","patch_set":6,"id":"fa32b979_19ee83b4","line":187,"in_reply_to":"fa32b979_11666829","updated":"2015-06-22 21:17:52.000000000","message":"Can you explain how exactly did you test those mappings? Did you actually authenticate using those rules? \nI am almost sure there is something itchy here -\u003d either somehow oidc plugin sets REMOTE_USER or  some other rules are setting user_id. https://github.com/openstack/keystone/blob/master/keystone/auth/plugins/mapped.py#L213","commit_id":"30880a0ee0c375a2e5289f36dbe5ce8cc4fb7fb2"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"68541123e3532bdfb7fab15d1b8dd173277ba0f6","unresolved":false,"context_lines":[{"line_number":184,"context_line":"                ]"},{"line_number":185,"context_line":"            }"},{"line_number":186,"context_line":"        ]"},{"line_number":187,"context_line":"    }"},{"line_number":188,"context_line":""},{"line_number":189,"context_line":"any_one_of:"},{"line_number":190,"context_line":"~~~~~~~~~~~"}],"source_content_type":"text/x-rst","patch_set":6,"id":"fa32b979_9c7fe165","line":187,"in_reply_to":"fa32b979_19e1a39a","updated":"2015-06-22 21:26:57.000000000","message":"Hey Marek,\n\nI tested it actually authenticating with google+.  I believe mappings previously required user, but not anymore.","commit_id":"30880a0ee0c375a2e5289f36dbe5ce8cc4fb7fb2"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"8640cff406b39fdc1bc6032ae4836d5d6b7e56e9","unresolved":false,"context_lines":[{"line_number":184,"context_line":"                ]"},{"line_number":185,"context_line":"            }"},{"line_number":186,"context_line":"        ]"},{"line_number":187,"context_line":"    }"},{"line_number":188,"context_line":""},{"line_number":189,"context_line":"any_one_of:"},{"line_number":190,"context_line":"~~~~~~~~~~~"}],"source_content_type":"text/x-rst","patch_set":6,"id":"fa32b979_19e1a39a","line":187,"in_reply_to":"fa32b979_19ee83b4","updated":"2015-06-22 21:19:38.000000000","message":"Let me guess: by saying \u0027testing\u0027 you mean you used keystone-manage and assumed the rules are ok as they don\u0027t compained? If so, I actually should thank you as this got me thinking i need to fix keystone-manage.","commit_id":"30880a0ee0c375a2e5289f36dbe5ce8cc4fb7fb2"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"d7b326863c458ce9dc38ad8f38dc7ad4f10fa9c2","unresolved":false,"context_lines":[{"line_number":184,"context_line":"                ]"},{"line_number":185,"context_line":"            }"},{"line_number":186,"context_line":"        ]"},{"line_number":187,"context_line":"    }"},{"line_number":188,"context_line":""},{"line_number":189,"context_line":"any_one_of:"},{"line_number":190,"context_line":"~~~~~~~~~~~"}],"source_content_type":"text/x-rst","patch_set":6,"id":"fa32b979_ad2fff3c","line":187,"in_reply_to":"fa32b979_9c7fe165","updated":"2015-06-23 08:46:05.000000000","message":"and what user_id did it have? There was some user_id, right? What was that if you didn\u0027t specify it? I bet the mod_auth_oidc sets REMOTE_USER. Then, I can agree user section in the mapping rules is not required. But in my opinion a REMOTE_USER set by some external plugins is not a default situation (it shouldn\u0027t be) and for sure we cannot say that not setting \u0027user\u0027 not defined in the mapping will work always. \nHowever, if you think I am wrong can you point me to the code that will automatically set user_id and not really complain when the user is missing? The only place I can spot is https://github.com/openstack/keystone/blob/master/keystone/auth/plugins/mapped.py#L213 and there the only place to fetch apart from the mapping is REMOTE_USER.","commit_id":"30880a0ee0c375a2e5289f36dbe5ce8cc4fb7fb2"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"56042e63ae64e6361e59c230b478094bdd06d6d6","unresolved":false,"context_lines":[{"line_number":184,"context_line":"                ]"},{"line_number":185,"context_line":"            }"},{"line_number":186,"context_line":"        ]"},{"line_number":187,"context_line":"    }"},{"line_number":188,"context_line":""},{"line_number":189,"context_line":"any_one_of:"},{"line_number":190,"context_line":"~~~~~~~~~~~"}],"source_content_type":"text/x-rst","patch_set":6,"id":"fa32b979_7e618638","line":187,"in_reply_to":"fa32b979_ad2fff3c","updated":"2015-06-23 18:33:38.000000000","message":"I will continue to look into this.","commit_id":"30880a0ee0c375a2e5289f36dbe5ce8cc4fb7fb2"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"933ab7fa6788c7efa03a884548cd9d3d04d41b2a","unresolved":false,"context_lines":[{"line_number":186,"context_line":"        ]"},{"line_number":187,"context_line":"    }"},{"line_number":188,"context_line":""},{"line_number":189,"context_line":"any_one_of:"},{"line_number":190,"context_line":"~~~~~~~~~~~"},{"line_number":191,"context_line":""},{"line_number":192,"context_line":".. code-block:: json"}],"source_content_type":"text/x-rst","patch_set":6,"id":"fa32b979_a2088829","line":189,"updated":"2015-06-22 19:35:41.000000000","message":"Put all mapping types into one, since it was very repetitive.","commit_id":"30880a0ee0c375a2e5289f36dbe5ce8cc4fb7fb2"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"94eddf65090af80d28552059fd8bcf61fa955b5e","unresolved":false,"context_lines":[{"line_number":306,"context_line":"      \"group_ids\": ["},{"line_number":307,"context_line":"        \"0cd5e9\""},{"line_number":308,"context_line":"      ],"},{"line_number":309,"context_line":"      \"user\": {"},{"line_number":310,"context_line":"        \"domain\": {"},{"line_number":311,"context_line":"          \"id\": ``\"Federated\"`` or ``\"local\"``"},{"line_number":312,"context_line":"        },"}],"source_content_type":"text/x-rst","patch_set":6,"id":"fa32b979_c29fe5b2","line":309,"updated":"2015-06-22 08:54:56.000000000","message":"yeah, with the examples presented above there is no clue how user was created.","commit_id":"30880a0ee0c375a2e5289f36dbe5ce8cc4fb7fb2"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"933ab7fa6788c7efa03a884548cd9d3d04d41b2a","unresolved":false,"context_lines":[{"line_number":306,"context_line":"      \"group_ids\": ["},{"line_number":307,"context_line":"        \"0cd5e9\""},{"line_number":308,"context_line":"      ],"},{"line_number":309,"context_line":"      \"user\": {"},{"line_number":310,"context_line":"        \"domain\": {"},{"line_number":311,"context_line":"          \"id\": ``\"Federated\"`` or ``\"local\"``"},{"line_number":312,"context_line":"        },"}],"source_content_type":"text/x-rst","patch_set":6,"id":"fa32b979_2f02200a","line":309,"in_reply_to":"fa32b979_c29fe5b2","updated":"2015-06-22 19:35:41.000000000","message":"Added an example for using username","commit_id":"30880a0ee0c375a2e5289f36dbe5ce8cc4fb7fb2"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"94eddf65090af80d28552059fd8bcf61fa955b5e","unresolved":false,"context_lines":[{"line_number":308,"context_line":"      ],"},{"line_number":309,"context_line":"      \"user\": {"},{"line_number":310,"context_line":"        \"domain\": {"},{"line_number":311,"context_line":"          \"id\": ``\"Federated\"`` or ``\"local\"``"},{"line_number":312,"context_line":"        },"},{"line_number":313,"context_line":"        \"type\": ``\"ephemeral\"`` or ``\"local\"``"},{"line_number":314,"context_line":"      },"}],"source_content_type":"text/x-rst","patch_set":6,"id":"fa32b979_e28f8973","line":311,"updated":"2015-06-22 08:54:56.000000000","message":"it\u0027s either \u0027Federated\u0027 or a name of an existing domain, not \"local\" - make it \u003cname\u003e or something indicating this will be substituted with a real name.\nAlso, domain can be (as usuall) identified by id or name.","commit_id":"30880a0ee0c375a2e5289f36dbe5ce8cc4fb7fb2"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"933ab7fa6788c7efa03a884548cd9d3d04d41b2a","unresolved":false,"context_lines":[{"line_number":308,"context_line":"      ],"},{"line_number":309,"context_line":"      \"user\": {"},{"line_number":310,"context_line":"        \"domain\": {"},{"line_number":311,"context_line":"          \"id\": ``\"Federated\"`` or ``\"local\"``"},{"line_number":312,"context_line":"        },"},{"line_number":313,"context_line":"        \"type\": ``\"ephemeral\"`` or ``\"local\"``"},{"line_number":314,"context_line":"      },"}],"source_content_type":"text/x-rst","patch_set":6,"id":"fa32b979_2f29c089","line":311,"in_reply_to":"fa32b979_e28f8973","updated":"2015-06-22 19:35:41.000000000","message":"Changed it to \u003clocal\u003e.\nProvided more info into it.","commit_id":"30880a0ee0c375a2e5289f36dbe5ce8cc4fb7fb2"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"94eddf65090af80d28552059fd8bcf61fa955b5e","unresolved":false,"context_lines":[{"line_number":315,"context_line":"      \"group_names\": []"},{"line_number":316,"context_line":"    }"},{"line_number":317,"context_line":""},{"line_number":318,"context_line":"``local``: If the user has domain specified, the user is treated as existing in the backend,"},{"line_number":319,"context_line":"hence the server will fetch user details (id, name, roles, groups)."},{"line_number":320,"context_line":""},{"line_number":321,"context_line":"``Federated``: If no domain is specified in the local rule,"}],"source_content_type":"text/x-rst","patch_set":6,"id":"fa32b979_a2cf41b2","line":318,"updated":"2015-06-22 08:54:56.000000000","message":"same comment for \"local\" vs \u003cname\u003e","commit_id":"30880a0ee0c375a2e5289f36dbe5ce8cc4fb7fb2"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"933ab7fa6788c7efa03a884548cd9d3d04d41b2a","unresolved":false,"context_lines":[{"line_number":315,"context_line":"      \"group_names\": []"},{"line_number":316,"context_line":"    }"},{"line_number":317,"context_line":""},{"line_number":318,"context_line":"``local``: If the user has domain specified, the user is treated as existing in the backend,"},{"line_number":319,"context_line":"hence the server will fetch user details (id, name, roles, groups)."},{"line_number":320,"context_line":""},{"line_number":321,"context_line":"``Federated``: If no domain is specified in the local rule,"}],"source_content_type":"text/x-rst","patch_set":6,"id":"fa32b979_cf1ff459","line":318,"in_reply_to":"fa32b979_a2cf41b2","updated":"2015-06-22 19:35:41.000000000","message":"Fixed.","commit_id":"30880a0ee0c375a2e5289f36dbe5ce8cc4fb7fb2"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"94eddf65090af80d28552059fd8bcf61fa955b5e","unresolved":false,"context_lines":[{"line_number":321,"context_line":"``Federated``: If no domain is specified in the local rule,"},{"line_number":322,"context_line":"user is deemed ephemeral and becomes a member of service domain named Federated."},{"line_number":323,"context_line":""},{"line_number":324,"context_line":"``ephemeral``: A user is not existing in the backend."},{"line_number":325,"context_line":""},{"line_number":326,"context_line":"Note: group_ids and/or group_names will only be displayed if they were set in the rules under local, otherwise"},{"line_number":327,"context_line":"they will be empty."}],"source_content_type":"text/x-rst","patch_set":6,"id":"fa32b979_22c49190","line":324,"updated":"2015-06-22 08:54:56.000000000","message":"\"A user does not exist in the backend\" ?","commit_id":"30880a0ee0c375a2e5289f36dbe5ce8cc4fb7fb2"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"933ab7fa6788c7efa03a884548cd9d3d04d41b2a","unresolved":false,"context_lines":[{"line_number":321,"context_line":"``Federated``: If no domain is specified in the local rule,"},{"line_number":322,"context_line":"user is deemed ephemeral and becomes a member of service domain named Federated."},{"line_number":323,"context_line":""},{"line_number":324,"context_line":"``ephemeral``: A user is not existing in the backend."},{"line_number":325,"context_line":""},{"line_number":326,"context_line":"Note: group_ids and/or group_names will only be displayed if they were set in the rules under local, otherwise"},{"line_number":327,"context_line":"they will be empty."}],"source_content_type":"text/x-rst","patch_set":6,"id":"fa32b979_3d501dd4","line":324,"in_reply_to":"fa32b979_22c49190","updated":"2015-06-22 19:35:41.000000000","message":"Fixed Wording.","commit_id":"30880a0ee0c375a2e5289f36dbe5ce8cc4fb7fb2"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"933ab7fa6788c7efa03a884548cd9d3d04d41b2a","unresolved":false,"context_lines":[{"line_number":326,"context_line":"Note: group_ids and/or group_names will only be displayed if they were set in the rules under local, otherwise"},{"line_number":327,"context_line":"they will be empty."},{"line_number":328,"context_line":""},{"line_number":329,"context_line":"Group Id:"},{"line_number":330,"context_line":""},{"line_number":331,"context_line":".. code-block:: json"},{"line_number":332,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"fa32b979_6fd6e8f2","line":329,"updated":"2015-06-22 19:35:41.000000000","message":"Removed this section completely and added all samples in one.","commit_id":"30880a0ee0c375a2e5289f36dbe5ce8cc4fb7fb2"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"94eddf65090af80d28552059fd8bcf61fa955b5e","unresolved":false,"context_lines":[{"line_number":363,"context_line":"        }"},{"line_number":364,"context_line":"    ]"},{"line_number":365,"context_line":""},{"line_number":366,"context_line":"wills supply:"},{"line_number":367,"context_line":""},{"line_number":368,"context_line":".. code-block:: json"},{"line_number":369,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"fa32b979_62405908","line":366,"updated":"2015-06-22 08:54:56.000000000","message":"typo","commit_id":"30880a0ee0c375a2e5289f36dbe5ce8cc4fb7fb2"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"94eddf65090af80d28552059fd8bcf61fa955b5e","unresolved":false,"context_lines":[{"line_number":374,"context_line":"            },"},{"line_number":375,"context_line":"            \"name\": \"developer_group\""},{"line_number":376,"context_line":"        }"},{"line_number":377,"context_line":"    ]"},{"line_number":378,"context_line":""},{"line_number":379,"context_line":"Combinations:"},{"line_number":380,"context_line":"-------------"}],"source_content_type":"text/x-rst","patch_set":6,"id":"fa32b979_e2f0e9cb","line":377,"updated":"2015-06-22 08:54:56.000000000","message":"Well, yes and no. They will be transformed to canonical structure of the groups, but eventually it will be transformed to group ids and this is how a user will see them in the resulting token: https://github.com/openstack/keystone/blob/master/keystone/contrib/federation/utils.py#L289 later called here: https://github.com/openstack/keystone/blob/master/keystone/auth/plugins/mapped.py#L205","commit_id":"30880a0ee0c375a2e5289f36dbe5ce8cc4fb7fb2"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"94eddf65090af80d28552059fd8bcf61fa955b5e","unresolved":false,"context_lines":[{"line_number":382,"context_line":"Combinations of the Supported Mappings can also be done."},{"line_number":383,"context_line":""},{"line_number":384,"context_line":"empty, any_one_of, and not_any_of can all be used in the same mapping."},{"line_number":385,"context_line":"any_one_of and not_any_of are mutually exclusive."},{"line_number":386,"context_line":"whitelist and blacklist cannot be used together."},{"line_number":387,"context_line":""},{"line_number":388,"context_line":".. code-block:: json"}],"source_content_type":"text/x-rst","patch_set":6,"id":"fa32b979_02738d4e","line":385,"updated":"2015-06-22 08:54:56.000000000","message":"this needs to be checked but my bet is that keywords cannot be used withing same RULE.","commit_id":"30880a0ee0c375a2e5289f36dbe5ce8cc4fb7fb2"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"933ab7fa6788c7efa03a884548cd9d3d04d41b2a","unresolved":false,"context_lines":[{"line_number":382,"context_line":"Combinations of the Supported Mappings can also be done."},{"line_number":383,"context_line":""},{"line_number":384,"context_line":"empty, any_one_of, and not_any_of can all be used in the same mapping."},{"line_number":385,"context_line":"any_one_of and not_any_of are mutually exclusive."},{"line_number":386,"context_line":"whitelist and blacklist cannot be used together."},{"line_number":387,"context_line":""},{"line_number":388,"context_line":".. code-block:: json"}],"source_content_type":"text/x-rst","patch_set":6,"id":"fa32b979_f2709fa6","line":385,"in_reply_to":"fa32b979_02738d4e","updated":"2015-06-22 19:35:41.000000000","message":"empty, any_one_of, and not_any_of can be used in the same rule.\nSee: https://github.com/openstack/keystone/blob/master/keystone/tests/unit/mapping_fixtures.py#L48-L65\n\nblacklist and whitelist cannot be in the same rule:\nhttps://github.com/openstack/keystone-specs/blob/master/specs/kilo/mapping-enhancements.rst","commit_id":"30880a0ee0c375a2e5289f36dbe5ce8cc4fb7fb2"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"d7b326863c458ce9dc38ad8f38dc7ad4f10fa9c2","unresolved":false,"context_lines":[{"line_number":382,"context_line":"Combinations of the Supported Mappings can also be done."},{"line_number":383,"context_line":""},{"line_number":384,"context_line":"empty, any_one_of, and not_any_of can all be used in the same mapping."},{"line_number":385,"context_line":"any_one_of and not_any_of are mutually exclusive."},{"line_number":386,"context_line":"whitelist and blacklist cannot be used together."},{"line_number":387,"context_line":""},{"line_number":388,"context_line":".. code-block:: json"}],"source_content_type":"text/x-rst","patch_set":6,"id":"fa32b979_0da4eba3","line":385,"in_reply_to":"fa32b979_f2709fa6","updated":"2015-06-23 08:46:05.000000000","message":"Ok, i think we need to go slightly deeper and start with some definitions. \nWhat is the rule? Is this a dictionary with two keys \u0027local\u0027 and \u0027remote\u0027 or a list being a value of \u0027remote\u0027 or an element of such list? \nI claim that within one element one cannot put more than one keyword, and looks like we agree on that.\nI strongly suggest adding definitions at the top of the document.\nHappy to discuss this on IRC.","commit_id":"30880a0ee0c375a2e5289f36dbe5ce8cc4fb7fb2"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"94eddf65090af80d28552059fd8bcf61fa955b5e","unresolved":false,"context_lines":[{"line_number":390,"context_line":"    {"},{"line_number":391,"context_line":"        \"rules\": ["},{"line_number":392,"context_line":"            {"},{"line_number":393,"context_line":"                \"local\": ["},{"line_number":394,"context_line":"                    {"},{"line_number":395,"context_line":"                        \"group\": {"},{"line_number":396,"context_line":"                            \"id\": \"0cd5e9\""}],"source_content_type":"text/x-rst","patch_set":6,"id":"fa32b979_e2c78962","line":393,"updated":"2015-06-22 08:54:56.000000000","message":"missing \u0027user\u0027","commit_id":"30880a0ee0c375a2e5289f36dbe5ce8cc4fb7fb2"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"d7b326863c458ce9dc38ad8f38dc7ad4f10fa9c2","unresolved":false,"context_lines":[{"line_number":390,"context_line":"    {"},{"line_number":391,"context_line":"        \"rules\": ["},{"line_number":392,"context_line":"            {"},{"line_number":393,"context_line":"                \"local\": ["},{"line_number":394,"context_line":"                    {"},{"line_number":395,"context_line":"                        \"group\": {"},{"line_number":396,"context_line":"                            \"id\": \"0cd5e9\""}],"source_content_type":"text/x-rst","patch_set":6,"id":"fa32b979_eda8a779","line":393,"in_reply_to":"fa32b979_52762b3f","updated":"2015-06-23 08:46:05.000000000","message":"In testing scenario or in general?","commit_id":"30880a0ee0c375a2e5289f36dbe5ce8cc4fb7fb2"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"933ab7fa6788c7efa03a884548cd9d3d04d41b2a","unresolved":false,"context_lines":[{"line_number":390,"context_line":"    {"},{"line_number":391,"context_line":"        \"rules\": ["},{"line_number":392,"context_line":"            {"},{"line_number":393,"context_line":"                \"local\": ["},{"line_number":394,"context_line":"                    {"},{"line_number":395,"context_line":"                        \"group\": {"},{"line_number":396,"context_line":"                            \"id\": \"0cd5e9\""}],"source_content_type":"text/x-rst","patch_set":6,"id":"fa32b979_52762b3f","line":393,"in_reply_to":"fa32b979_e2c78962","updated":"2015-06-22 19:35:41.000000000","message":"User is a possible case, but shouldn\u0027t be needed. I added a Note.","commit_id":"30880a0ee0c375a2e5289f36dbe5ce8cc4fb7fb2"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"933ab7fa6788c7efa03a884548cd9d3d04d41b2a","unresolved":false,"context_lines":[{"line_number":419,"context_line":"            }"},{"line_number":420,"context_line":"        ]"},{"line_number":421,"context_line":"    }"},{"line_number":422,"context_line":""},{"line_number":423,"context_line":"This allows any user with the following claim information:"},{"line_number":424,"context_line":"TODO"}],"source_content_type":"text/x-rst","patch_set":6,"id":"fa32b979_c5a4b309","line":422,"updated":"2015-06-22 19:35:41.000000000","message":"Added to this TODO. Please review.","commit_id":"30880a0ee0c375a2e5289f36dbe5ce8cc4fb7fb2"},{"author":{"_account_id":11022,"name":"Rodrigo Duarte Sousa","email":"rodrigodsousa@gmail.com","username":"rodrigods"},"change_message_id":"01cabc4fa02ec82584490ad7808073dff722b9c2","unresolved":false,"context_lines":[{"line_number":50,"context_line":"``not_any_of``: The rule is not matched if any of the specified strings appear"},{"line_number":51,"context_line":"in the remote attribute type."},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"``blacklist``: The rule allows all except specified specified set of groups"},{"line_number":54,"context_line":""},{"line_number":55,"context_line":"``whitelist``: The rules allows specified set of groups"},{"line_number":56,"context_line":""}],"source_content_type":"text/x-rst","patch_set":7,"id":"fa32b979_f8262715","line":53,"updated":"2015-06-23 09:04:54.000000000","message":"s/specified specified/specified","commit_id":"32fe07fc268167d575b69660213dbba4068c4d5f"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"8be2999cd204f2837c057ea27649f25d44e12b24","unresolved":false,"context_lines":[{"line_number":50,"context_line":"``not_any_of``: The rule is not matched if any of the specified strings appear"},{"line_number":51,"context_line":"in the remote attribute type."},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"``blacklist``: The rule allows all except specified specified set of groups"},{"line_number":54,"context_line":""},{"line_number":55,"context_line":"``whitelist``: The rules allows specified set of groups"},{"line_number":56,"context_line":""}],"source_content_type":"text/x-rst","patch_set":7,"id":"fa32b979_5e004266","line":53,"in_reply_to":"fa32b979_f8262715","updated":"2015-06-23 18:33:31.000000000","message":"FIxed","commit_id":"32fe07fc268167d575b69660213dbba4068c4d5f"},{"author":{"_account_id":11022,"name":"Rodrigo Duarte Sousa","email":"rodrigodsousa@gmail.com","username":"rodrigods"},"change_message_id":"01cabc4fa02ec82584490ad7808073dff722b9c2","unresolved":false,"context_lines":[{"line_number":125,"context_line":"    \"local\": ["},{"line_number":126,"context_line":"        {"},{"line_number":127,"context_line":"            \"user\": {"},{"line_number":128,"context_line":"                \"name\": \"{0}\""},{"line_number":129,"context_line":"            }"},{"line_number":130,"context_line":"        }"},{"line_number":131,"context_line":"    ]"}],"source_content_type":"text/x-rst","patch_set":7,"id":"fa32b979_b8aadf17","line":128,"updated":"2015-06-23 09:04:54.000000000","message":"this direct mapping only appears for the first time here. This can be a bit confusing, mostly because we can use {0}, {1}... Suggest to add a section about this kind of mapping","commit_id":"32fe07fc268167d575b69660213dbba4068c4d5f"},{"author":{"_account_id":11022,"name":"Rodrigo Duarte Sousa","email":"rodrigodsousa@gmail.com","username":"rodrigods"},"change_message_id":"01cabc4fa02ec82584490ad7808073dff722b9c2","unresolved":false,"context_lines":[{"line_number":137,"context_line":"            \"group\": {"},{"line_number":138,"context_line":"                \"name\": \"developer_group\","},{"line_number":139,"context_line":"                \"domain\": {"},{"line_number":140,"context_line":"                    \"id\": \"abc1234\""},{"line_number":141,"context_line":"                }"},{"line_number":142,"context_line":"            }"},{"line_number":143,"context_line":"        }"}],"source_content_type":"text/x-rst","patch_set":7,"id":"fa32b979_98f11b6d","line":140,"updated":"2015-06-23 09:04:54.000000000","message":"add another example using the domain name?","commit_id":"32fe07fc268167d575b69660213dbba4068c4d5f"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"8be2999cd204f2837c057ea27649f25d44e12b24","unresolved":false,"context_lines":[{"line_number":137,"context_line":"            \"group\": {"},{"line_number":138,"context_line":"                \"name\": \"developer_group\","},{"line_number":139,"context_line":"                \"domain\": {"},{"line_number":140,"context_line":"                    \"id\": \"abc1234\""},{"line_number":141,"context_line":"                }"},{"line_number":142,"context_line":"            }"},{"line_number":143,"context_line":"        }"}],"source_content_type":"text/x-rst","patch_set":7,"id":"fa32b979_dea4524c","line":140,"in_reply_to":"fa32b979_98f11b6d","updated":"2015-06-23 18:33:31.000000000","message":"Added.","commit_id":"32fe07fc268167d575b69660213dbba4068c4d5f"},{"author":{"_account_id":11022,"name":"Rodrigo Duarte Sousa","email":"rodrigodsousa@gmail.com","username":"rodrigods"},"change_message_id":"01cabc4fa02ec82584490ad7808073dff722b9c2","unresolved":false,"context_lines":[{"line_number":158,"context_line":"        \"domain\": {"},{"line_number":159,"context_line":"          \"id\": \"Federated\" or \"\u003clocal\u003e\""},{"line_number":160,"context_line":"        },"},{"line_number":161,"context_line":"        \"type\": \"ephemeral\" or \"\u003clocal\u003e\","},{"line_number":162,"context_line":"        \"name\": \"\u003clocal\u003e\","},{"line_number":163,"context_line":"        \"id\": \"\u003clocal\u003e\""},{"line_number":164,"context_line":"      },"}],"source_content_type":"text/x-rst","patch_set":7,"id":"fa32b979_532374a7","line":161,"updated":"2015-06-23 09:04:54.000000000","message":"\"ephemeral\" or \"local\"\n\n(\"local\" is not an attribute here)","commit_id":"32fe07fc268167d575b69660213dbba4068c4d5f"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"8be2999cd204f2837c057ea27649f25d44e12b24","unresolved":false,"context_lines":[{"line_number":158,"context_line":"        \"domain\": {"},{"line_number":159,"context_line":"          \"id\": \"Federated\" or \"\u003clocal\u003e\""},{"line_number":160,"context_line":"        },"},{"line_number":161,"context_line":"        \"type\": \"ephemeral\" or \"\u003clocal\u003e\","},{"line_number":162,"context_line":"        \"name\": \"\u003clocal\u003e\","},{"line_number":163,"context_line":"        \"id\": \"\u003clocal\u003e\""},{"line_number":164,"context_line":"      },"}],"source_content_type":"text/x-rst","patch_set":7,"id":"fa32b979_de29b29c","line":161,"in_reply_to":"fa32b979_532374a7","updated":"2015-06-23 18:33:31.000000000","message":"Hey Rodrigo,\n\nusing \u003c\u003e with local. Below it explains that local is replaced by the user information.","commit_id":"32fe07fc268167d575b69660213dbba4068c4d5f"},{"author":{"_account_id":11022,"name":"Rodrigo Duarte Sousa","email":"rodrigodsousa@gmail.com","username":"rodrigods"},"change_message_id":"01cabc4fa02ec82584490ad7808073dff722b9c2","unresolved":false,"context_lines":[{"line_number":179,"context_line":"    group_ids and/or group_names will only be displayed if they were set in the rules under local, otherwise"},{"line_number":180,"context_line":"    they will be empty."},{"line_number":181,"context_line":""},{"line_number":182,"context_line":"Combinations:"},{"line_number":183,"context_line":"-------------"},{"line_number":184,"context_line":""},{"line_number":185,"context_line":"Combinations of the Supported Mappings can also be done."}],"source_content_type":"text/x-rst","patch_set":7,"id":"fa32b979_f3dde870","line":182,"updated":"2015-06-23 09:04:54.000000000","message":"suggest to add an extra section for mappings with more than one rule","commit_id":"32fe07fc268167d575b69660213dbba4068c4d5f"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"8be2999cd204f2837c057ea27649f25d44e12b24","unresolved":false,"context_lines":[{"line_number":179,"context_line":"    group_ids and/or group_names will only be displayed if they were set in the rules under local, otherwise"},{"line_number":180,"context_line":"    they will be empty."},{"line_number":181,"context_line":""},{"line_number":182,"context_line":"Combinations:"},{"line_number":183,"context_line":"-------------"},{"line_number":184,"context_line":""},{"line_number":185,"context_line":"Combinations of the Supported Mappings can also be done."}],"source_content_type":"text/x-rst","patch_set":7,"id":"fa32b979_e01ad06e","line":182,"in_reply_to":"fa32b979_f3dde870","updated":"2015-06-23 18:33:31.000000000","message":"Good idea. It has been added in the newest patch.","commit_id":"32fe07fc268167d575b69660213dbba4068c4d5f"},{"author":{"_account_id":11022,"name":"Rodrigo Duarte Sousa","email":"rodrigodsousa@gmail.com","username":"rodrigods"},"change_message_id":"54e7101ead502f99ef7effa24628d411f40d61a1","unresolved":false,"context_lines":[{"line_number":33,"context_line":".. code-block:: json"},{"line_number":34,"context_line":""},{"line_number":35,"context_line":"    Mapping Set {"},{"line_number":36,"context_line":"        Rule Set {"},{"line_number":37,"context_line":"            Rule \u003clocal\u003e {"},{"line_number":38,"context_line":"            },"},{"line_number":39,"context_line":"            Rule \u003cremote\u003e {"}],"source_content_type":"text/x-rst","patch_set":9,"id":"fa32b979_1ed9f021","line":36,"updated":"2015-06-25 16:03:51.000000000","message":"isn\u0027t this a list? [...]","commit_id":"0b05ac11a83dadf573134dbcb91498bd66c8deb5"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"9c9520f8b498da04dec117a2833e0730eb30c89d","unresolved":false,"context_lines":[{"line_number":33,"context_line":".. code-block:: json"},{"line_number":34,"context_line":""},{"line_number":35,"context_line":"    Mapping Set {"},{"line_number":36,"context_line":"        Rule Set {"},{"line_number":37,"context_line":"            Rule \u003clocal\u003e {"},{"line_number":38,"context_line":"            },"},{"line_number":39,"context_line":"            Rule \u003cremote\u003e {"}],"source_content_type":"text/x-rst","patch_set":9,"id":"fa32b979_8ace162b","line":36,"in_reply_to":"fa32b979_1ed9f021","updated":"2015-06-25 21:06:28.000000000","message":"Eventhough Rules is a list I wanted to show the whole Mapping.\nWanted to show it as a json. \n\nI used Marek\u0027s diagram: https://docs.google.com/drawings/d/1vmu3Lu7Fye5vNUqCn7iSh_maMQ6UJGnhKh-EMFKfnlY/edit?pli\u003d1\n\nadded the top level {","commit_id":"0b05ac11a83dadf573134dbcb91498bd66c8deb5"},{"author":{"_account_id":11022,"name":"Rodrigo Duarte Sousa","email":"rodrigodsousa@gmail.com","username":"rodrigods"},"change_message_id":"54e7101ead502f99ef7effa24628d411f40d61a1","unresolved":false,"context_lines":[{"line_number":82,"context_line":""},{"line_number":83,"context_line":"Mappings support 5 different types of conditions:"},{"line_number":84,"context_line":""},{"line_number":85,"context_line":"``empty``: The rule is matched to all claims containing the remote attribute type."},{"line_number":86,"context_line":""},{"line_number":87,"context_line":"``any_one_of``: The rule is matched only if any of the specified strings appear"},{"line_number":88,"context_line":"in the remote attribute type."}],"source_content_type":"text/x-rst","patch_set":9,"id":"fa32b979_de1388b6","line":85,"updated":"2015-06-25 16:03:51.000000000","message":"suggest to add a sentence to say you shouldn\u0027t specify it (despite the example below)","commit_id":"0b05ac11a83dadf573134dbcb91498bd66c8deb5"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"9c9520f8b498da04dec117a2833e0730eb30c89d","unresolved":false,"context_lines":[{"line_number":82,"context_line":""},{"line_number":83,"context_line":"Mappings support 5 different types of conditions:"},{"line_number":84,"context_line":""},{"line_number":85,"context_line":"``empty``: The rule is matched to all claims containing the remote attribute type."},{"line_number":86,"context_line":""},{"line_number":87,"context_line":"``any_one_of``: The rule is matched only if any of the specified strings appear"},{"line_number":88,"context_line":"in the remote attribute type."}],"source_content_type":"text/x-rst","patch_set":9,"id":"fa32b979_8fb38899","line":85,"in_reply_to":"fa32b979_de1388b6","updated":"2015-06-25 21:06:28.000000000","message":"Sounds Good. Added in latest patch.","commit_id":"0b05ac11a83dadf573134dbcb91498bd66c8deb5"},{"author":{"_account_id":11022,"name":"Rodrigo Duarte Sousa","email":"rodrigodsousa@gmail.com","username":"rodrigods"},"change_message_id":"54e7101ead502f99ef7effa24628d411f40d61a1","unresolved":false,"context_lines":[{"line_number":245,"context_line":"                \"local\": ["},{"line_number":246,"context_line":"                    {"},{"line_number":247,"context_line":"                        \"user\": {"},{"line_number":248,"context_line":"                            \"name\": \"{0}\""},{"line_number":249,"context_line":"                        },"},{"line_number":250,"context_line":"                        \"group\": {"},{"line_number":251,"context_line":"                            \"id\": \"0cd5e9\""}],"source_content_type":"text/x-rst","patch_set":9,"id":"fa32b979_9eb3c099","line":248,"updated":"2015-06-25 16:03:51.000000000","message":"all examples with \"user\" so far use \"{0}\", maybe use one somewhere where you specify the username.\n\nalso, I miss an example of the usage of other indexes like {1}, {2}... This isn\u0027t always straight forward to understand","commit_id":"0b05ac11a83dadf573134dbcb91498bd66c8deb5"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"9c9520f8b498da04dec117a2833e0730eb30c89d","unresolved":false,"context_lines":[{"line_number":245,"context_line":"                \"local\": ["},{"line_number":246,"context_line":"                    {"},{"line_number":247,"context_line":"                        \"user\": {"},{"line_number":248,"context_line":"                            \"name\": \"{0}\""},{"line_number":249,"context_line":"                        },"},{"line_number":250,"context_line":"                        \"group\": {"},{"line_number":251,"context_line":"                            \"id\": \"0cd5e9\""}],"source_content_type":"text/x-rst","patch_set":9,"id":"fa32b979_8a3856ef","line":248,"in_reply_to":"fa32b979_9eb3c099","updated":"2015-06-25 21:06:28.000000000","message":"Added some extra documentation on this.","commit_id":"0b05ac11a83dadf573134dbcb91498bd66c8deb5"},{"author":{"_account_id":11022,"name":"Rodrigo Duarte Sousa","email":"rodrigodsousa@gmail.com","username":"rodrigods"},"change_message_id":"c2509811959cce9b4d652f1609e57128800ee3ff","unresolved":false,"context_lines":[{"line_number":34,"context_line":""},{"line_number":35,"context_line":"    {"},{"line_number":36,"context_line":"        Mapping Set"},{"line_number":37,"context_line":"        {"},{"line_number":38,"context_line":"            Rule Set"},{"line_number":39,"context_line":"            {"},{"line_number":40,"context_line":"                Rule \u003clocal\u003e"}],"source_content_type":"text/x-rst","patch_set":11,"id":"fa32b979_88027408","line":37,"updated":"2015-06-26 14:33:06.000000000","message":"sorry, but I believe you need to represent with [...] where you are referring to sets (we represent mapping rules with JSON and it contains [...]).\n\nif you are suggesting that JSON objects syntax is defined like that, than I believe that you may need to add this information above","commit_id":"36829f32c81612988d517f760b7dfb9de3b2cc70"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"b630778dec53fba4667eec5d038f2f82e2320add","unresolved":false,"context_lines":[{"line_number":34,"context_line":""},{"line_number":35,"context_line":"    {"},{"line_number":36,"context_line":"        Mapping Set"},{"line_number":37,"context_line":"        {"},{"line_number":38,"context_line":"            Rule Set"},{"line_number":39,"context_line":"            {"},{"line_number":40,"context_line":"                Rule \u003clocal\u003e"}],"source_content_type":"text/x-rst","patch_set":11,"id":"fa32b979_d561ec12","line":37,"in_reply_to":"fa32b979_88027408","updated":"2015-06-26 18:13:20.000000000","message":"Your right about this. Didn\u0027t realize it till now.\nI changed up this section a bit.","commit_id":"36829f32c81612988d517f760b7dfb9de3b2cc70"},{"author":{"_account_id":11022,"name":"Rodrigo Duarte Sousa","email":"rodrigodsousa@gmail.com","username":"rodrigods"},"change_message_id":"c2509811959cce9b4d652f1609e57128800ee3ff","unresolved":false,"context_lines":[{"line_number":92,"context_line":"Mappings support 5 different types of conditions:"},{"line_number":93,"context_line":""},{"line_number":94,"context_line":"``empty``: The rule is matched to all claims containing the remote attribute type."},{"line_number":95,"context_line":"This condition does not need to be specified. Example is shown below."},{"line_number":96,"context_line":""},{"line_number":97,"context_line":"``any_one_of``: The rule is matched only if any of the specified strings appear"},{"line_number":98,"context_line":"in the remote attribute type."}],"source_content_type":"text/x-rst","patch_set":11,"id":"fa32b979_6824d0b1","line":95,"updated":"2015-06-26 14:33:06.000000000","message":"nice!","commit_id":"36829f32c81612988d517f760b7dfb9de3b2cc70"},{"author":{"_account_id":11022,"name":"Rodrigo Duarte Sousa","email":"rodrigodsousa@gmail.com","username":"rodrigods"},"change_message_id":"c2509811959cce9b4d652f1609e57128800ee3ff","unresolved":false,"context_lines":[{"line_number":142,"context_line":"                    {"},{"line_number":143,"context_line":"                        \"type\": \"Email\""},{"line_number":144,"context_line":"                    },"},{"line_number":145,"context_line":"                    {"},{"line_number":146,"context_line":"                        \"type\": \"OIDC_GROUPS\""},{"line_number":147,"context_line":"                    }"},{"line_number":148,"context_line":"                ]"}],"source_content_type":"text/x-rst","patch_set":11,"id":"fa32b979_281ec85f","line":145,"updated":"2015-06-26 14:33:06.000000000","message":"really great example, thanks for adding!","commit_id":"36829f32c81612988d517f760b7dfb9de3b2cc70"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"c4949cb52539b574ebef43f09397c1f99fb3e4c6","unresolved":false,"context_lines":[{"line_number":19,"context_line":"Description"},{"line_number":20,"context_line":"-----------"},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"Mapping adds a set of rules to map federation protocol attributes to Identity API objects."},{"line_number":23,"context_line":"An Identity Provider has exactly one mapping specified per protocol."},{"line_number":24,"context_line":""},{"line_number":25,"context_line":"Mapping objects can be used multiple times by different combinations of Identity Provider and Protocol."}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_505e2a13","line":22,"updated":"2015-06-30 15:40:23.000000000","message":"federation attributes* (not federation protocol attributes)","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"113e848c01df03c6e8e9e680b97648deb9010e29","unresolved":false,"context_lines":[{"line_number":19,"context_line":"Description"},{"line_number":20,"context_line":"-----------"},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"Mapping adds a set of rules to map federation protocol attributes to Identity API objects."},{"line_number":23,"context_line":"An Identity Provider has exactly one mapping specified per protocol."},{"line_number":24,"context_line":""},{"line_number":25,"context_line":"Mapping objects can be used multiple times by different combinations of Identity Provider and Protocol."}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_695b2f2f","line":22,"in_reply_to":"ba3cc151_505e2a13","updated":"2015-07-01 19:28:53.000000000","message":"Done","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"c4949cb52539b574ebef43f09397c1f99fb3e4c6","unresolved":false,"context_lines":[{"line_number":22,"context_line":"Mapping adds a set of rules to map federation protocol attributes to Identity API objects."},{"line_number":23,"context_line":"An Identity Provider has exactly one mapping specified per protocol."},{"line_number":24,"context_line":""},{"line_number":25,"context_line":"Mapping objects can be used multiple times by different combinations of Identity Provider and Protocol."},{"line_number":26,"context_line":""},{"line_number":27,"context_line":"-----------"},{"line_number":28,"context_line":"Definitions"}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_304cc66f","line":25,"updated":"2015-06-30 15:40:23.000000000","message":"restrict this to 80 characters or less","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"113e848c01df03c6e8e9e680b97648deb9010e29","unresolved":false,"context_lines":[{"line_number":22,"context_line":"Mapping adds a set of rules to map federation protocol attributes to Identity API objects."},{"line_number":23,"context_line":"An Identity Provider has exactly one mapping specified per protocol."},{"line_number":24,"context_line":""},{"line_number":25,"context_line":"Mapping objects can be used multiple times by different combinations of Identity Provider and Protocol."},{"line_number":26,"context_line":""},{"line_number":27,"context_line":"-----------"},{"line_number":28,"context_line":"Definitions"}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_293e87b8","line":25,"in_reply_to":"ba3cc151_304cc66f","updated":"2015-07-01 19:28:53.000000000","message":"Done","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"c4949cb52539b574ebef43f09397c1f99fb3e4c6","unresolved":false,"context_lines":[{"line_number":30,"context_line":""},{"line_number":31,"context_line":"A mapping hierarchy looks as follows:"},{"line_number":32,"context_line":""},{"line_number":33,"context_line":".. code-block:: json"},{"line_number":34,"context_line":""},{"line_number":35,"context_line":"    {"},{"line_number":36,"context_line":"        \"mapping\": {"}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_9036f2e5","line":33,"updated":"2015-06-30 15:40:23.000000000","message":"use \u0027javascript\u0027 instead of \u0027json\u0027","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"113e848c01df03c6e8e9e680b97648deb9010e29","unresolved":false,"context_lines":[{"line_number":30,"context_line":""},{"line_number":31,"context_line":"A mapping hierarchy looks as follows:"},{"line_number":32,"context_line":""},{"line_number":33,"context_line":".. code-block:: json"},{"line_number":34,"context_line":""},{"line_number":35,"context_line":"    {"},{"line_number":36,"context_line":"        \"mapping\": {"}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_e9473f49","line":33,"in_reply_to":"ba3cc151_9036f2e5","updated":"2015-07-01 19:28:53.000000000","message":"Done","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"5cfd47ecfedfbdf9c1c29b20bcfcf9bdd8c86ab7","unresolved":false,"context_lines":[{"line_number":33,"context_line":".. code-block:: json"},{"line_number":34,"context_line":""},{"line_number":35,"context_line":"    {"},{"line_number":36,"context_line":"        \"mapping\": {"},{"line_number":37,"context_line":"            \"rules\": ["},{"line_number":38,"context_line":"                {"},{"line_number":39,"context_line":"                    \"local\": ["}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_ad0f23e0","line":36,"updated":"2015-06-30 16:07:08.000000000","message":"i think keystone-manage will expect top level key \u0027rules\u0027\nhttps://github.com/openstack/keystone/blob/master/keystone/cli.py#L593","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"113e848c01df03c6e8e9e680b97648deb9010e29","unresolved":false,"context_lines":[{"line_number":33,"context_line":".. code-block:: json"},{"line_number":34,"context_line":""},{"line_number":35,"context_line":"    {"},{"line_number":36,"context_line":"        \"mapping\": {"},{"line_number":37,"context_line":"            \"rules\": ["},{"line_number":38,"context_line":"                {"},{"line_number":39,"context_line":"                    \"local\": ["}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_c9635bdb","line":36,"in_reply_to":"ba3cc151_ad0f23e0","updated":"2015-07-01 19:28:53.000000000","message":"This document is about rules. Changed it to top level being rules.","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"5cfd47ecfedfbdf9c1c29b20bcfcf9bdd8c86ab7","unresolved":false,"context_lines":[{"line_number":52,"context_line":"    }"},{"line_number":53,"context_line":""},{"line_number":54,"context_line":""},{"line_number":55,"context_line":"* `mapping`: top-level of a mapping."},{"line_number":56,"context_line":"* `rules`: top-level of a set of rules."},{"line_number":57,"context_line":"* `local`: a rule containing information on what local attributes will be mapped."},{"line_number":58,"context_line":"* `remote`: a rule containing information on what remote attributes will be mapped."}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_ad0c0395","line":55,"updated":"2015-06-30 16:07:08.000000000","message":"keystone-manage will not accept this.","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"c4949cb52539b574ebef43f09397c1f99fb3e4c6","unresolved":false,"context_lines":[{"line_number":52,"context_line":"    }"},{"line_number":53,"context_line":""},{"line_number":54,"context_line":""},{"line_number":55,"context_line":"* `mapping`: top-level of a mapping."},{"line_number":56,"context_line":"* `rules`: top-level of a set of rules."},{"line_number":57,"context_line":"* `local`: a rule containing information on what local attributes will be mapped."},{"line_number":58,"context_line":"* `remote`: a rule containing information on what remote attributes will be mapped."}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_70b00e44","line":55,"updated":"2015-06-30 15:40:23.000000000","message":"top-level key of a mapping","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"113e848c01df03c6e8e9e680b97648deb9010e29","unresolved":false,"context_lines":[{"line_number":52,"context_line":"    }"},{"line_number":53,"context_line":""},{"line_number":54,"context_line":""},{"line_number":55,"context_line":"* `mapping`: top-level of a mapping."},{"line_number":56,"context_line":"* `rules`: top-level of a set of rules."},{"line_number":57,"context_line":"* `local`: a rule containing information on what local attributes will be mapped."},{"line_number":58,"context_line":"* `remote`: a rule containing information on what remote attributes will be mapped."}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_e98c1f81","line":55,"in_reply_to":"ba3cc151_70b00e44","updated":"2015-07-01 19:28:53.000000000","message":"Removed","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"113e848c01df03c6e8e9e680b97648deb9010e29","unresolved":false,"context_lines":[{"line_number":52,"context_line":"    }"},{"line_number":53,"context_line":""},{"line_number":54,"context_line":""},{"line_number":55,"context_line":"* `mapping`: top-level of a mapping."},{"line_number":56,"context_line":"* `rules`: top-level of a set of rules."},{"line_number":57,"context_line":"* `local`: a rule containing information on what local attributes will be mapped."},{"line_number":58,"context_line":"* `remote`: a rule containing information on what remote attributes will be mapped."}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_a9edb726","line":55,"in_reply_to":"ba3cc151_ad0c0395","updated":"2015-07-01 19:28:53.000000000","message":"Removed","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"c4949cb52539b574ebef43f09397c1f99fb3e4c6","unresolved":false,"context_lines":[{"line_number":53,"context_line":""},{"line_number":54,"context_line":""},{"line_number":55,"context_line":"* `mapping`: top-level of a mapping."},{"line_number":56,"context_line":"* `rules`: top-level of a set of rules."},{"line_number":57,"context_line":"* `local`: a rule containing information on what local attributes will be mapped."},{"line_number":58,"context_line":"* `remote`: a rule containing information on what remote attributes will be mapped."},{"line_number":59,"context_line":"* `\u003ccondition\u003e`: contains information on conditions that allow a rule, can only"}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_508cea7e","line":56,"updated":"2015-06-30 15:40:23.000000000","message":"top-level list of rules","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"113e848c01df03c6e8e9e680b97648deb9010e29","unresolved":false,"context_lines":[{"line_number":53,"context_line":""},{"line_number":54,"context_line":""},{"line_number":55,"context_line":"* `mapping`: top-level of a mapping."},{"line_number":56,"context_line":"* `rules`: top-level of a set of rules."},{"line_number":57,"context_line":"* `local`: a rule containing information on what local attributes will be mapped."},{"line_number":58,"context_line":"* `remote`: a rule containing information on what remote attributes will be mapped."},{"line_number":59,"context_line":"* `\u003ccondition\u003e`: contains information on conditions that allow a rule, can only"}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_09df036a","line":56,"in_reply_to":"ba3cc151_508cea7e","updated":"2015-07-01 19:28:53.000000000","message":"Done","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"c4949cb52539b574ebef43f09397c1f99fb3e4c6","unresolved":false,"context_lines":[{"line_number":54,"context_line":""},{"line_number":55,"context_line":"* `mapping`: top-level of a mapping."},{"line_number":56,"context_line":"* `rules`: top-level of a set of rules."},{"line_number":57,"context_line":"* `local`: a rule containing information on what local attributes will be mapped."},{"line_number":58,"context_line":"* `remote`: a rule containing information on what remote attributes will be mapped."},{"line_number":59,"context_line":"* `\u003ccondition\u003e`: contains information on conditions that allow a rule, can only"},{"line_number":60,"context_line":"  be set in a `remote` rule."}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_30c92679","line":57,"updated":"2015-06-30 15:40:23.000000000","message":"a representation of Identity API attributes","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"113e848c01df03c6e8e9e680b97648deb9010e29","unresolved":false,"context_lines":[{"line_number":54,"context_line":""},{"line_number":55,"context_line":"* `mapping`: top-level of a mapping."},{"line_number":56,"context_line":"* `rules`: top-level of a set of rules."},{"line_number":57,"context_line":"* `local`: a rule containing information on what local attributes will be mapped."},{"line_number":58,"context_line":"* `remote`: a rule containing information on what remote attributes will be mapped."},{"line_number":59,"context_line":"* `\u003ccondition\u003e`: contains information on conditions that allow a rule, can only"},{"line_number":60,"context_line":"  be set in a `remote` rule."}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_8932330f","line":57,"in_reply_to":"ba3cc151_30c92679","updated":"2015-07-01 19:28:53.000000000","message":"Not sure what to put here.","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"c4949cb52539b574ebef43f09397c1f99fb3e4c6","unresolved":false,"context_lines":[{"line_number":66,"context_line":"Mapping Engine"},{"line_number":67,"context_line":"--------------"},{"line_number":68,"context_line":""},{"line_number":69,"context_line":"The mapping engine can be tested before creating a federated setup."},{"line_number":70,"context_line":"It can be tested with the keystone-manage command:"},{"line_number":71,"context_line":""},{"line_number":72,"context_line":".. code-block:: bash"}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_30c5a63b","line":69,"updated":"2015-06-30 15:40:23.000000000","message":"use up the full 80 characters in a line","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"113e848c01df03c6e8e9e680b97648deb9010e29","unresolved":false,"context_lines":[{"line_number":66,"context_line":"Mapping Engine"},{"line_number":67,"context_line":"--------------"},{"line_number":68,"context_line":""},{"line_number":69,"context_line":"The mapping engine can be tested before creating a federated setup."},{"line_number":70,"context_line":"It can be tested with the keystone-manage command:"},{"line_number":71,"context_line":""},{"line_number":72,"context_line":".. code-block:: bash"}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_2948c72c","line":69,"in_reply_to":"ba3cc151_30c5a63b","updated":"2015-07-01 19:28:53.000000000","message":"Done","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"5cfd47ecfedfbdf9c1c29b20bcfcf9bdd8c86ab7","unresolved":false,"context_lines":[{"line_number":71,"context_line":""},{"line_number":72,"context_line":".. code-block:: bash"},{"line_number":73,"context_line":""},{"line_number":74,"context_line":"    $ keystone-manage --mapping_engine --rules \u003cfile\u003e --input \u003cfile\u003e"},{"line_number":75,"context_line":""},{"line_number":76,"context_line":"--rules will be the path to the file with the rules which will be"},{"line_number":77,"context_line":"executed. The file must be a proper JSON structure with the top-level"}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_8d69ff27","line":74,"updated":"2015-06-30 16:07:08.000000000","message":"keystone-manage mapping_engine, drop \u0027--\u0027","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"113e848c01df03c6e8e9e680b97648deb9010e29","unresolved":false,"context_lines":[{"line_number":71,"context_line":""},{"line_number":72,"context_line":".. code-block:: bash"},{"line_number":73,"context_line":""},{"line_number":74,"context_line":"    $ keystone-manage --mapping_engine --rules \u003cfile\u003e --input \u003cfile\u003e"},{"line_number":75,"context_line":""},{"line_number":76,"context_line":"--rules will be the path to the file with the rules which will be"},{"line_number":77,"context_line":"executed. The file must be a proper JSON structure with the top-level"}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_c956fbd1","line":74,"in_reply_to":"ba3cc151_8d69ff27","updated":"2015-07-01 19:28:53.000000000","message":"Done","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"c4949cb52539b574ebef43f09397c1f99fb3e4c6","unresolved":false,"context_lines":[{"line_number":73,"context_line":""},{"line_number":74,"context_line":"    $ keystone-manage --mapping_engine --rules \u003cfile\u003e --input \u003cfile\u003e"},{"line_number":75,"context_line":""},{"line_number":76,"context_line":"--rules will be the path to the file with the rules which will be"},{"line_number":77,"context_line":"executed. The file must be a proper JSON structure with the top-level"},{"line_number":78,"context_line":"key \u0027rules\u0027 and all corresponding values being a list."},{"line_number":79,"context_line":""}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_aa44e973","line":76,"updated":"2015-06-30 15:40:23.000000000","message":"``--rules``","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"113e848c01df03c6e8e9e680b97648deb9010e29","unresolved":false,"context_lines":[{"line_number":73,"context_line":""},{"line_number":74,"context_line":"    $ keystone-manage --mapping_engine --rules \u003cfile\u003e --input \u003cfile\u003e"},{"line_number":75,"context_line":""},{"line_number":76,"context_line":"--rules will be the path to the file with the rules which will be"},{"line_number":77,"context_line":"executed. The file must be a proper JSON structure with the top-level"},{"line_number":78,"context_line":"key \u0027rules\u0027 and all corresponding values being a list."},{"line_number":79,"context_line":""}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_8906b3cc","line":76,"in_reply_to":"ba3cc151_aa44e973","updated":"2015-07-01 19:28:53.000000000","message":"Done","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"c4949cb52539b574ebef43f09397c1f99fb3e4c6","unresolved":false,"context_lines":[{"line_number":75,"context_line":""},{"line_number":76,"context_line":"--rules will be the path to the file with the rules which will be"},{"line_number":77,"context_line":"executed. The file must be a proper JSON structure with the top-level"},{"line_number":78,"context_line":"key \u0027rules\u0027 and all corresponding values being a list."},{"line_number":79,"context_line":""},{"line_number":80,"context_line":"--input will be the path to a file containing the input attributes."},{"line_number":81,"context_line":""}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_b0e776e3","line":78,"updated":"2015-06-30 15:40:23.000000000","message":"`rules`, drop the rest of the sentence after `rules`","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"113e848c01df03c6e8e9e680b97648deb9010e29","unresolved":false,"context_lines":[{"line_number":75,"context_line":""},{"line_number":76,"context_line":"--rules will be the path to the file with the rules which will be"},{"line_number":77,"context_line":"executed. The file must be a proper JSON structure with the top-level"},{"line_number":78,"context_line":"key \u0027rules\u0027 and all corresponding values being a list."},{"line_number":79,"context_line":""},{"line_number":80,"context_line":"--input will be the path to a file containing the input attributes."},{"line_number":81,"context_line":""}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_ecff4da8","line":78,"in_reply_to":"ba3cc151_b0e776e3","updated":"2015-07-01 19:28:53.000000000","message":"Done","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"c4949cb52539b574ebef43f09397c1f99fb3e4c6","unresolved":false,"context_lines":[{"line_number":77,"context_line":"executed. The file must be a proper JSON structure with the top-level"},{"line_number":78,"context_line":"key \u0027rules\u0027 and all corresponding values being a list."},{"line_number":79,"context_line":""},{"line_number":80,"context_line":"--input will be the path to a file containing the input attributes."},{"line_number":81,"context_line":""},{"line_number":82,"context_line":".. NOTE::"},{"line_number":83,"context_line":""}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_30ae0686","line":80,"updated":"2015-06-30 15:40:23.000000000","message":"``--input``","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"113e848c01df03c6e8e9e680b97648deb9010e29","unresolved":false,"context_lines":[{"line_number":77,"context_line":"executed. The file must be a proper JSON structure with the top-level"},{"line_number":78,"context_line":"key \u0027rules\u0027 and all corresponding values being a list."},{"line_number":79,"context_line":""},{"line_number":80,"context_line":"--input will be the path to a file containing the input attributes."},{"line_number":81,"context_line":""},{"line_number":82,"context_line":".. NOTE::"},{"line_number":83,"context_line":""}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_a90937df","line":80,"in_reply_to":"ba3cc151_30ae0686","updated":"2015-07-01 19:28:53.000000000","message":"Done","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"c4949cb52539b574ebef43f09397c1f99fb3e4c6","unresolved":false,"context_lines":[{"line_number":81,"context_line":""},{"line_number":82,"context_line":".. NOTE::"},{"line_number":83,"context_line":""},{"line_number":84,"context_line":"    Here is an example of a file that --input can use:"},{"line_number":85,"context_line":""},{"line_number":86,"context_line":"    ::"},{"line_number":87,"context_line":""}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_aa3b89ea","line":84,"updated":"2015-06-30 15:40:23.000000000","message":"``--input``","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"113e848c01df03c6e8e9e680b97648deb9010e29","unresolved":false,"context_lines":[{"line_number":81,"context_line":""},{"line_number":82,"context_line":".. NOTE::"},{"line_number":83,"context_line":""},{"line_number":84,"context_line":"    Here is an example of a file that --input can use:"},{"line_number":85,"context_line":""},{"line_number":86,"context_line":"    ::"},{"line_number":87,"context_line":""}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_892d5348","line":84,"in_reply_to":"ba3cc151_aa3b89ea","updated":"2015-07-01 19:28:53.000000000","message":"Done","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"c4949cb52539b574ebef43f09397c1f99fb3e4c6","unresolved":false,"context_lines":[{"line_number":94,"context_line":"Mappings support 5 different types of conditions:"},{"line_number":95,"context_line":""},{"line_number":96,"context_line":"``empty``: The rule is matched to all claims containing the remote attribute type."},{"line_number":97,"context_line":"This condition does not need to be specified. Example is shown below."},{"line_number":98,"context_line":""},{"line_number":99,"context_line":"``any_one_of``: The rule is matched only if any of the specified strings appear"},{"line_number":100,"context_line":"in the remote attribute type."}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_10642247","line":97,"updated":"2015-06-30 15:40:23.000000000","message":"remove \u0027Example is shown below.\u0027 as it\u0027s not shown immediately below","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"113e848c01df03c6e8e9e680b97648deb9010e29","unresolved":false,"context_lines":[{"line_number":94,"context_line":"Mappings support 5 different types of conditions:"},{"line_number":95,"context_line":""},{"line_number":96,"context_line":"``empty``: The rule is matched to all claims containing the remote attribute type."},{"line_number":97,"context_line":"This condition does not need to be specified. Example is shown below."},{"line_number":98,"context_line":""},{"line_number":99,"context_line":"``any_one_of``: The rule is matched only if any of the specified strings appear"},{"line_number":100,"context_line":"in the remote attribute type."}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_a930579f","line":97,"in_reply_to":"ba3cc151_10642247","updated":"2015-07-01 19:28:53.000000000","message":"Done","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"5cfd47ecfedfbdf9c1c29b20bcfcf9bdd8c86ab7","unresolved":false,"context_lines":[{"line_number":96,"context_line":"``empty``: The rule is matched to all claims containing the remote attribute type."},{"line_number":97,"context_line":"This condition does not need to be specified. Example is shown below."},{"line_number":98,"context_line":""},{"line_number":99,"context_line":"``any_one_of``: The rule is matched only if any of the specified strings appear"},{"line_number":100,"context_line":"in the remote attribute type."},{"line_number":101,"context_line":""},{"line_number":102,"context_line":"``not_any_of``: The rule is not matched if any of the specified strings appear"}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_4de1b799","line":99,"updated":"2015-06-30 16:07:08.000000000","message":"let\u0027s be super verbose - specify, that with that keyword the condition result is boolean (true/false), not the argument passed as input.","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"113e848c01df03c6e8e9e680b97648deb9010e29","unresolved":false,"context_lines":[{"line_number":96,"context_line":"``empty``: The rule is matched to all claims containing the remote attribute type."},{"line_number":97,"context_line":"This condition does not need to be specified. Example is shown below."},{"line_number":98,"context_line":""},{"line_number":99,"context_line":"``any_one_of``: The rule is matched only if any of the specified strings appear"},{"line_number":100,"context_line":"in the remote attribute type."},{"line_number":101,"context_line":""},{"line_number":102,"context_line":"``not_any_of``: The rule is not matched if any of the specified strings appear"}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_eced0df0","line":99,"in_reply_to":"ba3cc151_4de1b799","updated":"2015-07-01 19:28:53.000000000","message":"Done","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"5cfd47ecfedfbdf9c1c29b20bcfcf9bdd8c86ab7","unresolved":false,"context_lines":[{"line_number":99,"context_line":"``any_one_of``: The rule is matched only if any of the specified strings appear"},{"line_number":100,"context_line":"in the remote attribute type."},{"line_number":101,"context_line":""},{"line_number":102,"context_line":"``not_any_of``: The rule is not matched if any of the specified strings appear"},{"line_number":103,"context_line":"in the remote attribute type."},{"line_number":104,"context_line":""},{"line_number":105,"context_line":"``blacklist``: The rule allows all except specified set of groups"}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_0df2cf6f","line":102,"updated":"2015-06-30 16:07:08.000000000","message":"let\u0027s be super verbose - specify, that with that keyword the condition result is boolean (true/false), not the argument passed as input.","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"113e848c01df03c6e8e9e680b97648deb9010e29","unresolved":false,"context_lines":[{"line_number":99,"context_line":"``any_one_of``: The rule is matched only if any of the specified strings appear"},{"line_number":100,"context_line":"in the remote attribute type."},{"line_number":101,"context_line":""},{"line_number":102,"context_line":"``not_any_of``: The rule is not matched if any of the specified strings appear"},{"line_number":103,"context_line":"in the remote attribute type."},{"line_number":104,"context_line":""},{"line_number":105,"context_line":"``blacklist``: The rule allows all except specified set of groups"}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_6cb81de6","line":102,"in_reply_to":"ba3cc151_0df2cf6f","updated":"2015-07-01 19:28:53.000000000","message":"Done","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"5cfd47ecfedfbdf9c1c29b20bcfcf9bdd8c86ab7","unresolved":false,"context_lines":[{"line_number":102,"context_line":"``not_any_of``: The rule is not matched if any of the specified strings appear"},{"line_number":103,"context_line":"in the remote attribute type."},{"line_number":104,"context_line":""},{"line_number":105,"context_line":"``blacklist``: The rule allows all except specified set of groups"},{"line_number":106,"context_line":""},{"line_number":107,"context_line":"``whitelist``: The rules allows specified set of groups"},{"line_number":108,"context_line":""}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_6d8a7bc1","line":105,"updated":"2015-06-30 16:07:08.000000000","message":"let\u0027s be super verbose - specify, that with that keyword the condition result  argument(s) passed as input minus what was matched in the blacklist.","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"113e848c01df03c6e8e9e680b97648deb9010e29","unresolved":false,"context_lines":[{"line_number":102,"context_line":"``not_any_of``: The rule is not matched if any of the specified strings appear"},{"line_number":103,"context_line":"in the remote attribute type."},{"line_number":104,"context_line":""},{"line_number":105,"context_line":"``blacklist``: The rule allows all except specified set of groups"},{"line_number":106,"context_line":""},{"line_number":107,"context_line":"``whitelist``: The rules allows specified set of groups"},{"line_number":108,"context_line":""}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_6c86dd14","line":105,"in_reply_to":"ba3cc151_6d8a7bc1","updated":"2015-07-01 19:28:53.000000000","message":"Done","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"5cfd47ecfedfbdf9c1c29b20bcfcf9bdd8c86ab7","unresolved":false,"context_lines":[{"line_number":104,"context_line":""},{"line_number":105,"context_line":"``blacklist``: The rule allows all except specified set of groups"},{"line_number":106,"context_line":""},{"line_number":107,"context_line":"``whitelist``: The rules allows specified set of groups"},{"line_number":108,"context_line":""},{"line_number":109,"context_line":"You can combine multiple rules in a single mapping."},{"line_number":110,"context_line":"The schema that needs to be followed for the mapping rules can be seen"}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_edbc4b6e","line":107,"updated":"2015-06-30 16:07:08.000000000","message":"let\u0027s be super verbose - specify, that with that keyword the condition result  argument(s) passed as input and was also present in the whitelist.","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"113e848c01df03c6e8e9e680b97648deb9010e29","unresolved":false,"context_lines":[{"line_number":104,"context_line":""},{"line_number":105,"context_line":"``blacklist``: The rule allows all except specified set of groups"},{"line_number":106,"context_line":""},{"line_number":107,"context_line":"``whitelist``: The rules allows specified set of groups"},{"line_number":108,"context_line":""},{"line_number":109,"context_line":"You can combine multiple rules in a single mapping."},{"line_number":110,"context_line":"The schema that needs to be followed for the mapping rules can be seen"}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_8cb7a1d7","line":107,"in_reply_to":"ba3cc151_edbc4b6e","updated":"2015-07-01 19:28:53.000000000","message":"Done","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"5cfd47ecfedfbdf9c1c29b20bcfcf9bdd8c86ab7","unresolved":false,"context_lines":[{"line_number":105,"context_line":"``blacklist``: The rule allows all except specified set of groups"},{"line_number":106,"context_line":""},{"line_number":107,"context_line":"``whitelist``: The rules allows specified set of groups"},{"line_number":108,"context_line":""},{"line_number":109,"context_line":"You can combine multiple rules in a single mapping."},{"line_number":110,"context_line":"The schema that needs to be followed for the mapping rules can be seen"},{"line_number":111,"context_line":"in the :doc:`mapping_schema` page."}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_8d21ffb6","line":108,"updated":"2015-06-30 16:07:08.000000000","message":"for blacklist/whitelist also specify that those conditions can actually be used in a direct mapping ({0}, {1} etc), while this doesn\u0027t work for conditions with any_one_of, not_any_of keywords.","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"113e848c01df03c6e8e9e680b97648deb9010e29","unresolved":false,"context_lines":[{"line_number":105,"context_line":"``blacklist``: The rule allows all except specified set of groups"},{"line_number":106,"context_line":""},{"line_number":107,"context_line":"``whitelist``: The rules allows specified set of groups"},{"line_number":108,"context_line":""},{"line_number":109,"context_line":"You can combine multiple rules in a single mapping."},{"line_number":110,"context_line":"The schema that needs to be followed for the mapping rules can be seen"},{"line_number":111,"context_line":"in the :doc:`mapping_schema` page."}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_e8c63967","line":108,"in_reply_to":"ba3cc151_8d21ffb6","updated":"2015-07-01 19:28:53.000000000","message":"Added a note","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"5cfd47ecfedfbdf9c1c29b20bcfcf9bdd8c86ab7","unresolved":false,"context_lines":[{"line_number":106,"context_line":""},{"line_number":107,"context_line":"``whitelist``: The rules allows specified set of groups"},{"line_number":108,"context_line":""},{"line_number":109,"context_line":"You can combine multiple rules in a single mapping."},{"line_number":110,"context_line":"The schema that needs to be followed for the mapping rules can be seen"},{"line_number":111,"context_line":"in the :doc:`mapping_schema` page."},{"line_number":112,"context_line":""}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_50306ae8","line":109,"updated":"2015-06-30 16:07:08.000000000","message":"Please specify that rules are additive - if i have 3 rules and I sucees only in rules 1,3 i will be granted permisions specified by rules 1,3.\n\nAt the same time we must mention, that one must sucees in all the remote: conditions of a rule.","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"c4949cb52539b574ebef43f09397c1f99fb3e4c6","unresolved":false,"context_lines":[{"line_number":106,"context_line":""},{"line_number":107,"context_line":"``whitelist``: The rules allows specified set of groups"},{"line_number":108,"context_line":""},{"line_number":109,"context_line":"You can combine multiple rules in a single mapping."},{"line_number":110,"context_line":"The schema that needs to be followed for the mapping rules can be seen"},{"line_number":111,"context_line":"in the :doc:`mapping_schema` page."},{"line_number":112,"context_line":""}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_10cbc21f","line":109,"updated":"2015-06-30 15:40:23.000000000","message":"use up all 80 characters in a line","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"113e848c01df03c6e8e9e680b97648deb9010e29","unresolved":false,"context_lines":[{"line_number":106,"context_line":""},{"line_number":107,"context_line":"``whitelist``: The rules allows specified set of groups"},{"line_number":108,"context_line":""},{"line_number":109,"context_line":"You can combine multiple rules in a single mapping."},{"line_number":110,"context_line":"The schema that needs to be followed for the mapping rules can be seen"},{"line_number":111,"context_line":"in the :doc:`mapping_schema` page."},{"line_number":112,"context_line":""}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_49274b64","line":109,"in_reply_to":"ba3cc151_10cbc21f","updated":"2015-07-01 19:28:53.000000000","message":"Done","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"113e848c01df03c6e8e9e680b97648deb9010e29","unresolved":false,"context_lines":[{"line_number":106,"context_line":""},{"line_number":107,"context_line":"``whitelist``: The rules allows specified set of groups"},{"line_number":108,"context_line":""},{"line_number":109,"context_line":"You can combine multiple rules in a single mapping."},{"line_number":110,"context_line":"The schema that needs to be followed for the mapping rules can be seen"},{"line_number":111,"context_line":"in the :doc:`mapping_schema` page."},{"line_number":112,"context_line":""}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_7d565ecf","line":109,"in_reply_to":"ba3cc151_50306ae8","updated":"2015-07-01 19:28:53.000000000","message":"Added this to the section in the bottom.","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"c4949cb52539b574ebef43f09397c1f99fb3e4c6","unresolved":false,"context_lines":[{"line_number":115,"context_line":""},{"line_number":116,"context_line":"The following are all examples of supported mapping rule types."},{"line_number":117,"context_line":""},{"line_number":118,"context_line":"empty condition:"},{"line_number":119,"context_line":"~~~~~~~~~~~~~~~~"},{"line_number":120,"context_line":""},{"line_number":121,"context_line":".. code-block:: json"}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_d39c845f","line":118,"updated":"2015-06-30 15:40:23.000000000","message":"remove the :","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"113e848c01df03c6e8e9e680b97648deb9010e29","unresolved":false,"context_lines":[{"line_number":115,"context_line":""},{"line_number":116,"context_line":"The following are all examples of supported mapping rule types."},{"line_number":117,"context_line":""},{"line_number":118,"context_line":"empty condition:"},{"line_number":119,"context_line":"~~~~~~~~~~~~~~~~"},{"line_number":120,"context_line":""},{"line_number":121,"context_line":".. code-block:: json"}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_692a4f2e","line":118,"in_reply_to":"ba3cc151_d39c845f","updated":"2015-07-01 19:28:53.000000000","message":"Done","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"c4949cb52539b574ebef43f09397c1f99fb3e4c6","unresolved":false,"context_lines":[{"line_number":154,"context_line":""},{"line_number":155,"context_line":".. NOTE::"},{"line_number":156,"context_line":""},{"line_number":157,"context_line":"    The numbers in {} are are indices. They map in order. For Example:"},{"line_number":158,"context_line":""},{"line_number":159,"context_line":"    ::"},{"line_number":160,"context_line":""}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_6d691bbe","line":157,"updated":"2015-06-30 15:40:23.000000000","message":"The number in braces {} are indicies, they map in order. For example:","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"113e848c01df03c6e8e9e680b97648deb9010e29","unresolved":false,"context_lines":[{"line_number":154,"context_line":""},{"line_number":155,"context_line":".. NOTE::"},{"line_number":156,"context_line":""},{"line_number":157,"context_line":"    The numbers in {} are are indices. They map in order. For Example:"},{"line_number":158,"context_line":""},{"line_number":159,"context_line":"    ::"},{"line_number":160,"context_line":""}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_69e1effd","line":157,"in_reply_to":"ba3cc151_6d691bbe","updated":"2015-07-01 19:28:53.000000000","message":"Done","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"5cfd47ecfedfbdf9c1c29b20bcfcf9bdd8c86ab7","unresolved":false,"context_lines":[{"line_number":163,"context_line":"        Mapping to user with the email matching value in remote attribute OS_EMAIL"},{"line_number":164,"context_line":"        Mapping to a group(s) with the name matching the value(s) in remote attribute OIDC_GROUPS"},{"line_number":165,"context_line":""},{"line_number":166,"context_line":"    Groups can have multiple values."},{"line_number":167,"context_line":"    Example: OIDC_GROUPS\u003ddevelopers;testers"},{"line_number":168,"context_line":""},{"line_number":169,"context_line":""}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_f0373eae","line":166,"updated":"2015-06-30 16:07:08.000000000","message":"specify that currently they MUST be \u0027;\u0027 separated.","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"113e848c01df03c6e8e9e680b97648deb9010e29","unresolved":false,"context_lines":[{"line_number":163,"context_line":"        Mapping to user with the email matching value in remote attribute OS_EMAIL"},{"line_number":164,"context_line":"        Mapping to a group(s) with the name matching the value(s) in remote attribute OIDC_GROUPS"},{"line_number":165,"context_line":""},{"line_number":166,"context_line":"    Groups can have multiple values."},{"line_number":167,"context_line":"    Example: OIDC_GROUPS\u003ddevelopers;testers"},{"line_number":168,"context_line":""},{"line_number":169,"context_line":""}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_a98cd735","line":166,"in_reply_to":"ba3cc151_f0373eae","updated":"2015-07-01 19:28:53.000000000","message":"Done","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"c4949cb52539b574ebef43f09397c1f99fb3e4c6","unresolved":false,"context_lines":[{"line_number":167,"context_line":"    Example: OIDC_GROUPS\u003ddevelopers;testers"},{"line_number":168,"context_line":""},{"line_number":169,"context_line":""},{"line_number":170,"context_line":"other conditions:"},{"line_number":171,"context_line":"~~~~~~~~~~~~~~~~~"},{"line_number":172,"context_line":""},{"line_number":173,"context_line":"In ``\u003cother_condition\u003e`` please supply one of the following:"}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_939fdc4f","line":170,"updated":"2015-06-30 15:40:23.000000000","message":"remove :","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"113e848c01df03c6e8e9e680b97648deb9010e29","unresolved":false,"context_lines":[{"line_number":167,"context_line":"    Example: OIDC_GROUPS\u003ddevelopers;testers"},{"line_number":168,"context_line":""},{"line_number":169,"context_line":""},{"line_number":170,"context_line":"other conditions:"},{"line_number":171,"context_line":"~~~~~~~~~~~~~~~~~"},{"line_number":172,"context_line":""},{"line_number":173,"context_line":"In ``\u003cother_condition\u003e`` please supply one of the following:"}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_c977db38","line":170,"in_reply_to":"ba3cc151_939fdc4f","updated":"2015-07-01 19:28:53.000000000","message":"Done","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"5cfd47ecfedfbdf9c1c29b20bcfcf9bdd8c86ab7","unresolved":false,"context_lines":[{"line_number":171,"context_line":"~~~~~~~~~~~~~~~~~"},{"line_number":172,"context_line":""},{"line_number":173,"context_line":"In ``\u003cother_condition\u003e`` please supply one of the following:"},{"line_number":174,"context_line":"``any_one_of``, ``not_any_of``, ``blacklist``, or ``whitelist``."},{"line_number":175,"context_line":""},{"line_number":176,"context_line":".. code-block:: json"},{"line_number":177,"context_line":""}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_be0f4787","line":174,"updated":"2015-06-30 16:07:08.000000000","message":"i think blacklist/whitelist in this example is inappropriate - those keywords are for direct mapping (to be used with {0}, {1} etc). In the provided example literally everybody will be granted access to group id 0cd5ed. If a user doesn\u0027t have HTTP_OIDC_EMAIL specified a value of HTTP_OIDC_GROUPIDS this value will simply not be passed. I think the more appropriate example would be \u003cother_condition\u003e set to any_one_of or it\u0027s counterpart, while you may want to add similar with local rule set to group: { \u0027id\u0027: {1} } and then blacklist/whitelist in the \u0027remote\u0027","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"113e848c01df03c6e8e9e680b97648deb9010e29","unresolved":false,"context_lines":[{"line_number":171,"context_line":"~~~~~~~~~~~~~~~~~"},{"line_number":172,"context_line":""},{"line_number":173,"context_line":"In ``\u003cother_condition\u003e`` please supply one of the following:"},{"line_number":174,"context_line":"``any_one_of``, ``not_any_of``, ``blacklist``, or ``whitelist``."},{"line_number":175,"context_line":""},{"line_number":176,"context_line":".. code-block:: json"},{"line_number":177,"context_line":""}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_825501fb","line":174,"in_reply_to":"ba3cc151_be0f4787","updated":"2015-07-01 19:28:53.000000000","message":"This has been resolved. I changed \"HTTP_OIDC_EMAIL\" to be an actual email.","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"5cfd47ecfedfbdf9c1c29b20bcfcf9bdd8c86ab7","unresolved":false,"context_lines":[{"line_number":205,"context_line":""},{"line_number":206,"context_line":".. NOTE::"},{"line_number":207,"context_line":""},{"line_number":208,"context_line":"    If the user attribute is missing when processing an assertion, the server tries to"},{"line_number":209,"context_line":"    directly map REMOTE_USER environment variable. If this variable is also unavailable"},{"line_number":210,"context_line":"    the server returns an HTTP 401 Unauthorized error."},{"line_number":211,"context_line":""}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_906ef294","line":208,"updated":"2015-06-30 16:07:08.000000000","message":"\"if the user_name attribute is missing when...\"","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"113e848c01df03c6e8e9e680b97648deb9010e29","unresolved":false,"context_lines":[{"line_number":205,"context_line":""},{"line_number":206,"context_line":".. NOTE::"},{"line_number":207,"context_line":""},{"line_number":208,"context_line":"    If the user attribute is missing when processing an assertion, the server tries to"},{"line_number":209,"context_line":"    directly map REMOTE_USER environment variable. If this variable is also unavailable"},{"line_number":210,"context_line":"    the server returns an HTTP 401 Unauthorized error."},{"line_number":211,"context_line":""}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_09a5c3a0","line":208,"in_reply_to":"ba3cc151_906ef294","updated":"2015-07-01 19:28:53.000000000","message":"Done","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"5cfd47ecfedfbdf9c1c29b20bcfcf9bdd8c86ab7","unresolved":false,"context_lines":[{"line_number":236,"context_line":"            }"},{"line_number":237,"context_line":"        }"},{"line_number":238,"context_line":"    ]"},{"line_number":239,"context_line":""},{"line_number":240,"context_line":""},{"line_number":241,"context_line":"Output:"},{"line_number":242,"context_line":"-------"}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_90911255","line":239,"updated":"2015-06-30 16:07:08.000000000","message":"for the completeness, please add an example while you map to group id. It will give a full spectrum of available options.","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"113e848c01df03c6e8e9e680b97648deb9010e29","unresolved":false,"context_lines":[{"line_number":236,"context_line":"            }"},{"line_number":237,"context_line":"        }"},{"line_number":238,"context_line":"    ]"},{"line_number":239,"context_line":""},{"line_number":240,"context_line":""},{"line_number":241,"context_line":"Output:"},{"line_number":242,"context_line":"-------"}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_29ce875a","line":239,"in_reply_to":"ba3cc151_90911255","updated":"2015-07-01 19:28:53.000000000","message":"Done","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"c4949cb52539b574ebef43f09397c1f99fb3e4c6","unresolved":false,"context_lines":[{"line_number":238,"context_line":"    ]"},{"line_number":239,"context_line":""},{"line_number":240,"context_line":""},{"line_number":241,"context_line":"Output:"},{"line_number":242,"context_line":"-------"},{"line_number":243,"context_line":""},{"line_number":244,"context_line":"If a mapping is valid you will receive the following output."}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_138c2c34","line":241,"updated":"2015-06-30 15:40:23.000000000","message":"remove :","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"113e848c01df03c6e8e9e680b97648deb9010e29","unresolved":false,"context_lines":[{"line_number":238,"context_line":"    ]"},{"line_number":239,"context_line":""},{"line_number":240,"context_line":""},{"line_number":241,"context_line":"Output:"},{"line_number":242,"context_line":"-------"},{"line_number":243,"context_line":""},{"line_number":244,"context_line":"If a mapping is valid you will receive the following output."}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_a9085792","line":241,"in_reply_to":"ba3cc151_138c2c34","updated":"2015-07-01 19:28:53.000000000","message":"Done","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"5cfd47ecfedfbdf9c1c29b20bcfcf9bdd8c86ab7","unresolved":false,"context_lines":[{"line_number":251,"context_line":"        \"domain\": {"},{"line_number":252,"context_line":"          \"id\": \"Federated\" or \"\u003clocal\u003e\""},{"line_number":253,"context_line":"        },"},{"line_number":254,"context_line":"        \"type\": \"ephemeral\" or \"\u003clocal\u003e\","},{"line_number":255,"context_line":"        \"name\": \"\u003clocal\u003e\","},{"line_number":256,"context_line":"        \"id\": \"\u003clocal\u003e\""},{"line_number":257,"context_line":"      },"}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_fe638f3f","line":254,"updated":"2015-06-30 16:07:08.000000000","message":"This will be literally either \"ephemeral\" or \"local\"","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"113e848c01df03c6e8e9e680b97648deb9010e29","unresolved":false,"context_lines":[{"line_number":251,"context_line":"        \"domain\": {"},{"line_number":252,"context_line":"          \"id\": \"Federated\" or \"\u003clocal\u003e\""},{"line_number":253,"context_line":"        },"},{"line_number":254,"context_line":"        \"type\": \"ephemeral\" or \"\u003clocal\u003e\","},{"line_number":255,"context_line":"        \"name\": \"\u003clocal\u003e\","},{"line_number":256,"context_line":"        \"id\": \"\u003clocal\u003e\""},{"line_number":257,"context_line":"      },"}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_09faa375","line":254,"in_reply_to":"ba3cc151_fe638f3f","updated":"2015-07-01 19:28:53.000000000","message":"Changed to \"local\"","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"5cfd47ecfedfbdf9c1c29b20bcfcf9bdd8c86ab7","unresolved":false,"context_lines":[{"line_number":252,"context_line":"          \"id\": \"Federated\" or \"\u003clocal\u003e\""},{"line_number":253,"context_line":"        },"},{"line_number":254,"context_line":"        \"type\": \"ephemeral\" or \"\u003clocal\u003e\","},{"line_number":255,"context_line":"        \"name\": \"\u003clocal\u003e\","},{"line_number":256,"context_line":"        \"id\": \"\u003clocal\u003e\""},{"line_number":257,"context_line":"      },"},{"line_number":258,"context_line":"      \"group_names\": [\u003cgroup_names\u003e]"}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_3ee1f79a","line":255,"updated":"2015-06-30 16:07:08.000000000","message":"\u003clocal\u003e doesn\u0027t make much sense with regard to explanation below. It may be confusing.","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"113e848c01df03c6e8e9e680b97648deb9010e29","unresolved":false,"context_lines":[{"line_number":252,"context_line":"          \"id\": \"Federated\" or \"\u003clocal\u003e\""},{"line_number":253,"context_line":"        },"},{"line_number":254,"context_line":"        \"type\": \"ephemeral\" or \"\u003clocal\u003e\","},{"line_number":255,"context_line":"        \"name\": \"\u003clocal\u003e\","},{"line_number":256,"context_line":"        \"id\": \"\u003clocal\u003e\""},{"line_number":257,"context_line":"      },"},{"line_number":258,"context_line":"      \"group_names\": [\u003cgroup_names\u003e]"}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_e91c1fc3","line":255,"in_reply_to":"ba3cc151_3ee1f79a","updated":"2015-07-01 19:28:53.000000000","message":"Changed this to include more information.","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"c4949cb52539b574ebef43f09397c1f99fb3e4c6","unresolved":false,"context_lines":[{"line_number":262,"context_line":"hence the server will fetch user details (id, name, roles, groups). ``\u003clocal\u003e`` will be replaced"},{"line_number":263,"context_line":"by the user\u0027s information."},{"line_number":264,"context_line":""},{"line_number":265,"context_line":"``Federated``: If no domain is specified in the local rule,"},{"line_number":266,"context_line":"user is deemed ephemeral and becomes a member of service domain named Federated."},{"line_number":267,"context_line":""},{"line_number":268,"context_line":"``ephemeral``: A user that does not exist in the backend."}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_734c9842","line":265,"updated":"2015-06-30 15:40:23.000000000","message":"use up all 80 chars!","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"113e848c01df03c6e8e9e680b97648deb9010e29","unresolved":false,"context_lines":[{"line_number":262,"context_line":"hence the server will fetch user details (id, name, roles, groups). ``\u003clocal\u003e`` will be replaced"},{"line_number":263,"context_line":"by the user\u0027s information."},{"line_number":264,"context_line":""},{"line_number":265,"context_line":"``Federated``: If no domain is specified in the local rule,"},{"line_number":266,"context_line":"user is deemed ephemeral and becomes a member of service domain named Federated."},{"line_number":267,"context_line":""},{"line_number":268,"context_line":"``ephemeral``: A user that does not exist in the backend."}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_a964d748","line":265,"in_reply_to":"ba3cc151_734c9842","updated":"2015-07-01 19:28:53.000000000","message":"Done","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"5cfd47ecfedfbdf9c1c29b20bcfcf9bdd8c86ab7","unresolved":false,"context_lines":[{"line_number":265,"context_line":"``Federated``: If no domain is specified in the local rule,"},{"line_number":266,"context_line":"user is deemed ephemeral and becomes a member of service domain named Federated."},{"line_number":267,"context_line":""},{"line_number":268,"context_line":"``ephemeral``: A user that does not exist in the backend."},{"line_number":269,"context_line":""},{"line_number":270,"context_line":".. NOTE::"},{"line_number":271,"context_line":""}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_1efd133a","line":268,"updated":"2015-06-30 16:07:08.000000000","message":"``local`` - user that exists in the backend.","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"113e848c01df03c6e8e9e680b97648deb9010e29","unresolved":false,"context_lines":[{"line_number":265,"context_line":"``Federated``: If no domain is specified in the local rule,"},{"line_number":266,"context_line":"user is deemed ephemeral and becomes a member of service domain named Federated."},{"line_number":267,"context_line":""},{"line_number":268,"context_line":"``ephemeral``: A user that does not exist in the backend."},{"line_number":269,"context_line":""},{"line_number":270,"context_line":".. NOTE::"},{"line_number":271,"context_line":""}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_695ecf77","line":268,"in_reply_to":"ba3cc151_1efd133a","updated":"2015-07-01 19:28:53.000000000","message":"Replaced ``\u003clocal\u003e`` with ``local``","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"c4949cb52539b574ebef43f09397c1f99fb3e4c6","unresolved":false,"context_lines":[{"line_number":269,"context_line":""},{"line_number":270,"context_line":".. NOTE::"},{"line_number":271,"context_line":""},{"line_number":272,"context_line":"    group_ids and/or group_names will only be displayed if they were set in the rules under local, otherwise"},{"line_number":273,"context_line":"    they will be empty."},{"line_number":274,"context_line":""},{"line_number":275,"context_line":"Regular Expressions:"}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_335610d3","line":272,"updated":"2015-06-30 15:40:23.000000000","message":"spilling over, try and limit to 80 characters","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"113e848c01df03c6e8e9e680b97648deb9010e29","unresolved":false,"context_lines":[{"line_number":269,"context_line":""},{"line_number":270,"context_line":".. NOTE::"},{"line_number":271,"context_line":""},{"line_number":272,"context_line":"    group_ids and/or group_names will only be displayed if they were set in the rules under local, otherwise"},{"line_number":273,"context_line":"    they will be empty."},{"line_number":274,"context_line":""},{"line_number":275,"context_line":"Regular Expressions:"}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_2951a762","line":272,"in_reply_to":"ba3cc151_335610d3","updated":"2015-07-01 19:28:53.000000000","message":"Done","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"c4949cb52539b574ebef43f09397c1f99fb3e4c6","unresolved":false,"context_lines":[{"line_number":272,"context_line":"    group_ids and/or group_names will only be displayed if they were set in the rules under local, otherwise"},{"line_number":273,"context_line":"    they will be empty."},{"line_number":274,"context_line":""},{"line_number":275,"context_line":"Regular Expressions:"},{"line_number":276,"context_line":"--------------------"},{"line_number":277,"context_line":""},{"line_number":278,"context_line":"Regular Expressions can be used in a mapping."}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_936efc94","line":275,"updated":"2015-06-30 15:40:23.000000000","message":"no need for a : at the end here","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"113e848c01df03c6e8e9e680b97648deb9010e29","unresolved":false,"context_lines":[{"line_number":272,"context_line":"    group_ids and/or group_names will only be displayed if they were set in the rules under local, otherwise"},{"line_number":273,"context_line":"    they will be empty."},{"line_number":274,"context_line":""},{"line_number":275,"context_line":"Regular Expressions:"},{"line_number":276,"context_line":"--------------------"},{"line_number":277,"context_line":""},{"line_number":278,"context_line":"Regular Expressions can be used in a mapping."}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_e94adfab","line":275,"in_reply_to":"ba3cc151_936efc94","updated":"2015-07-01 19:28:53.000000000","message":"Done","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"c4949cb52539b574ebef43f09397c1f99fb3e4c6","unresolved":false,"context_lines":[{"line_number":275,"context_line":"Regular Expressions:"},{"line_number":276,"context_line":"--------------------"},{"line_number":277,"context_line":""},{"line_number":278,"context_line":"Regular Expressions can be used in a mapping."},{"line_number":279,"context_line":""},{"line_number":280,"context_line":".. code-block:: json"},{"line_number":281,"context_line":""}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_336db098","line":278,"updated":"2015-06-30 15:40:23.000000000","message":"lower case E for expressions\n\nRegular expressions can be used in a mapping by specifying the ``regex`` key, and setting it to ``True``","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"113e848c01df03c6e8e9e680b97648deb9010e29","unresolved":false,"context_lines":[{"line_number":275,"context_line":"Regular Expressions:"},{"line_number":276,"context_line":"--------------------"},{"line_number":277,"context_line":""},{"line_number":278,"context_line":"Regular Expressions can be used in a mapping."},{"line_number":279,"context_line":""},{"line_number":280,"context_line":".. code-block:: json"},{"line_number":281,"context_line":""}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_c994bbe3","line":278,"in_reply_to":"ba3cc151_336db098","updated":"2015-07-01 19:28:53.000000000","message":"Done","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"5cfd47ecfedfbdf9c1c29b20bcfcf9bdd8c86ab7","unresolved":false,"context_lines":[{"line_number":297,"context_line":"                    \"type\": \"UserName\""},{"line_number":298,"context_line":"                    },"},{"line_number":299,"context_line":"                    {"},{"line_number":300,"context_line":"                        \"type\": \"cn\u003dIBM_USA_Lab\","},{"line_number":301,"context_line":"                        \"any_one_of\": ["},{"line_number":302,"context_line":"                            \".*@yeah.com$\""},{"line_number":303,"context_line":"                        ]"}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_fe4dcf99","line":300,"updated":"2015-06-30 16:07:08.000000000","message":"this is a value from your examples at the top of the document, while it should be attribute name.","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"113e848c01df03c6e8e9e680b97648deb9010e29","unresolved":false,"context_lines":[{"line_number":297,"context_line":"                    \"type\": \"UserName\""},{"line_number":298,"context_line":"                    },"},{"line_number":299,"context_line":"                    {"},{"line_number":300,"context_line":"                        \"type\": \"cn\u003dIBM_USA_Lab\","},{"line_number":301,"context_line":"                        \"any_one_of\": ["},{"line_number":302,"context_line":"                            \".*@yeah.com$\""},{"line_number":303,"context_line":"                        ]"}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_2c6f7593","line":300,"in_reply_to":"ba3cc151_fe4dcf99","updated":"2015-07-01 19:28:53.000000000","message":"Made more consistent with the rest of the document.","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"5cfd47ecfedfbdf9c1c29b20bcfcf9bdd8c86ab7","unresolved":false,"context_lines":[{"line_number":314,"context_line":".. code-block:: json"},{"line_number":315,"context_line":""},{"line_number":316,"context_line":"    {\"cn\u003dIBM_USA_Lab\":\"\u003cany_name\u003e@yeah.com\"}"},{"line_number":317,"context_line":""},{"line_number":318,"context_line":""},{"line_number":319,"context_line":"Condition Combinations:"},{"line_number":320,"context_line":"-----------------------"}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_d9ffc5ff","line":317,"updated":"2015-06-30 16:07:08.000000000","message":"this is inconsistent with the example you provided at the top, as this looks like a group name.....","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"113e848c01df03c6e8e9e680b97648deb9010e29","unresolved":false,"context_lines":[{"line_number":314,"context_line":".. code-block:: json"},{"line_number":315,"context_line":""},{"line_number":316,"context_line":"    {\"cn\u003dIBM_USA_Lab\":\"\u003cany_name\u003e@yeah.com\"}"},{"line_number":317,"context_line":""},{"line_number":318,"context_line":""},{"line_number":319,"context_line":"Condition Combinations:"},{"line_number":320,"context_line":"-----------------------"}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_4c5999fd","line":317,"in_reply_to":"ba3cc151_d9ffc5ff","updated":"2015-07-01 19:28:53.000000000","message":"Made more consistent with the rest of the documentation.","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"c4949cb52539b574ebef43f09397c1f99fb3e4c6","unresolved":false,"context_lines":[{"line_number":316,"context_line":"    {\"cn\u003dIBM_USA_Lab\":\"\u003cany_name\u003e@yeah.com\"}"},{"line_number":317,"context_line":""},{"line_number":318,"context_line":""},{"line_number":319,"context_line":"Condition Combinations:"},{"line_number":320,"context_line":"-----------------------"},{"line_number":321,"context_line":""},{"line_number":322,"context_line":"Combinations of the Supported Mappings can also be done."}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_33f290d3","line":319,"updated":"2015-06-30 15:40:23.000000000","message":"no need for : here","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"113e848c01df03c6e8e9e680b97648deb9010e29","unresolved":false,"context_lines":[{"line_number":316,"context_line":"    {\"cn\u003dIBM_USA_Lab\":\"\u003cany_name\u003e@yeah.com\"}"},{"line_number":317,"context_line":""},{"line_number":318,"context_line":""},{"line_number":319,"context_line":"Condition Combinations:"},{"line_number":320,"context_line":"-----------------------"},{"line_number":321,"context_line":""},{"line_number":322,"context_line":"Combinations of the Supported Mappings can also be done."}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_69ba4f70","line":319,"in_reply_to":"ba3cc151_33f290d3","updated":"2015-07-01 19:28:53.000000000","message":"Done","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"c4949cb52539b574ebef43f09397c1f99fb3e4c6","unresolved":false,"context_lines":[{"line_number":322,"context_line":"Combinations of the Supported Mappings can also be done."},{"line_number":323,"context_line":""},{"line_number":324,"context_line":"``empty``, ``any_one_of``, and ``not_any_of`` can all be used in the same mapping."},{"line_number":325,"context_line":"``any_one_of`` and ``not_any_of`` are mutually exclusive. ``whitelist`` and ``blacklist`` cannot be used together."},{"line_number":326,"context_line":""},{"line_number":327,"context_line":".. code-block:: json"},{"line_number":328,"context_line":""}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_93911c55","line":325,"updated":"2015-06-30 15:40:23.000000000","message":"spillover","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"113e848c01df03c6e8e9e680b97648deb9010e29","unresolved":false,"context_lines":[{"line_number":322,"context_line":"Combinations of the Supported Mappings can also be done."},{"line_number":323,"context_line":""},{"line_number":324,"context_line":"``empty``, ``any_one_of``, and ``not_any_of`` can all be used in the same mapping."},{"line_number":325,"context_line":"``any_one_of`` and ``not_any_of`` are mutually exclusive. ``whitelist`` and ``blacklist`` cannot be used together."},{"line_number":326,"context_line":""},{"line_number":327,"context_line":".. code-block:: json"},{"line_number":328,"context_line":""}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_29ad2731","line":325,"in_reply_to":"ba3cc151_93911c55","updated":"2015-07-01 19:28:53.000000000","message":"Done","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"c4949cb52539b574ebef43f09397c1f99fb3e4c6","unresolved":false,"context_lines":[{"line_number":379,"context_line":"    any claim containing key cn\u003dIBM_Canada_Lab that doesn\u0027t have the value \u003cany_name\u003e@naww.com."},{"line_number":380,"context_line":"    any claim containing key cn\u003dIBM_USA_Lab that has value \u003cany_name\u003e@yeah.com."},{"line_number":381,"context_line":""},{"line_number":382,"context_line":"Multiple Rules:"},{"line_number":383,"context_line":"---------------"},{"line_number":384,"context_line":""},{"line_number":385,"context_line":"Multiple rules can also be utilized in a mapping."}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_93ca7c6d","line":382,"updated":"2015-06-30 15:40:23.000000000","message":"remove :","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"113e848c01df03c6e8e9e680b97648deb9010e29","unresolved":false,"context_lines":[{"line_number":379,"context_line":"    any claim containing key cn\u003dIBM_Canada_Lab that doesn\u0027t have the value \u003cany_name\u003e@naww.com."},{"line_number":380,"context_line":"    any claim containing key cn\u003dIBM_USA_Lab that has value \u003cany_name\u003e@yeah.com."},{"line_number":381,"context_line":""},{"line_number":382,"context_line":"Multiple Rules:"},{"line_number":383,"context_line":"---------------"},{"line_number":384,"context_line":""},{"line_number":385,"context_line":"Multiple rules can also be utilized in a mapping."}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_496e6b02","line":382,"in_reply_to":"ba3cc151_93ca7c6d","updated":"2015-07-01 19:28:53.000000000","message":"Done","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"5cfd47ecfedfbdf9c1c29b20bcfcf9bdd8c86ab7","unresolved":false,"context_lines":[{"line_number":443,"context_line":"                ]"},{"line_number":444,"context_line":"            }"},{"line_number":445,"context_line":"        ]"},{"line_number":446,"context_line":"    }"},{"line_number":447,"context_line":""},{"line_number":448,"context_line":"The above shows that all orgPersonType:"},{"line_number":449,"context_line":"::"}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_d9ba65e1","line":446,"updated":"2015-06-30 16:07:08.000000000","message":"it\u0027s worth explaining that:\n\nin two rules you can specify more than one effective user identification but only the first one will be considered and another ignored (order from the top to the bottom), as well as explain that since rules are additive one can spcdy one user identificatin and this will also work. \nAnd the last, let\u0027s suggest that the best way is to make separate rule for just user and others for groups.","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"113e848c01df03c6e8e9e680b97648deb9010e29","unresolved":false,"context_lines":[{"line_number":443,"context_line":"                ]"},{"line_number":444,"context_line":"            }"},{"line_number":445,"context_line":"        ]"},{"line_number":446,"context_line":"    }"},{"line_number":447,"context_line":""},{"line_number":448,"context_line":"The above shows that all orgPersonType:"},{"line_number":449,"context_line":"::"}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_0257b126","line":446,"in_reply_to":"ba3cc151_d9ba65e1","updated":"2015-07-01 19:28:53.000000000","message":"Good Idea. I reworded and added this.","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"c4949cb52539b574ebef43f09397c1f99fb3e4c6","unresolved":false,"context_lines":[{"line_number":445,"context_line":"        ]"},{"line_number":446,"context_line":"    }"},{"line_number":447,"context_line":""},{"line_number":448,"context_line":"The above shows that all orgPersonType:"},{"line_number":449,"context_line":"::"},{"line_number":450,"context_line":""},{"line_number":451,"context_line":"    that are not Contractor or SubContractor will belong to the non-contractors group."}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_d3aec497","line":448,"updated":"2015-06-30 15:40:23.000000000","message":"remove \u0027that\u0027","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"113e848c01df03c6e8e9e680b97648deb9010e29","unresolved":false,"context_lines":[{"line_number":445,"context_line":"        ]"},{"line_number":446,"context_line":"    }"},{"line_number":447,"context_line":""},{"line_number":448,"context_line":"The above shows that all orgPersonType:"},{"line_number":449,"context_line":"::"},{"line_number":450,"context_line":""},{"line_number":451,"context_line":"    that are not Contractor or SubContractor will belong to the non-contractors group."}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_a94e1794","line":448,"in_reply_to":"ba3cc151_d3aec497","updated":"2015-07-01 19:28:53.000000000","message":"Done","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"d4f13be0f42ae4c83889569412913f6848de5e55","unresolved":false,"context_lines":[{"line_number":51,"context_line":"    }"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"* `rules`: top-level list of rules."},{"line_number":54,"context_line":"* `local`: a rule containing information on what local attributes will be mapped."},{"line_number":55,"context_line":"* `remote`: a rule containing information on what remote attributes will be mapped."},{"line_number":56,"context_line":"* `\u003ccondition\u003e`: contains information on conditions that allow a rule, can only"},{"line_number":57,"context_line":"  be set in a `remote` rule."}],"source_content_type":"text/x-rst","patch_set":13,"id":"ba3cc151_8788a1c6","line":54,"updated":"2015-07-02 03:07:10.000000000","message":"use the wording done in ps12","commit_id":"7959536226e361f83664ccb5109a2cbb03b92d09"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"6ee8891a81e651c011f05095b145fdda44742720","unresolved":false,"context_lines":[{"line_number":51,"context_line":"    }"},{"line_number":52,"context_line":""},{"line_number":53,"context_line":"* `rules`: top-level list of rules."},{"line_number":54,"context_line":"* `local`: a rule containing information on what local attributes will be mapped."},{"line_number":55,"context_line":"* `remote`: a rule containing information on what remote attributes will be mapped."},{"line_number":56,"context_line":"* `\u003ccondition\u003e`: contains information on conditions that allow a rule, can only"},{"line_number":57,"context_line":"  be set in a `remote` rule."}],"source_content_type":"text/x-rst","patch_set":13,"id":"ba3cc151_081b24cb","line":54,"in_reply_to":"ba3cc151_8788a1c6","updated":"2015-07-02 15:43:59.000000000","message":"Same as in ps12.","commit_id":"7959536226e361f83664ccb5109a2cbb03b92d09"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"d4f13be0f42ae4c83889569412913f6848de5e55","unresolved":false,"context_lines":[{"line_number":242,"context_line":""},{"line_number":243,"context_line":".. NOTE::"},{"line_number":244,"context_line":""},{"line_number":245,"context_line":"    If the user_name attribute is missing when processing an assertion, the server tries to"},{"line_number":246,"context_line":"    directly map REMOTE_USER environment variable. If this variable is also unavailable"},{"line_number":247,"context_line":"    the server returns an HTTP 401 Unauthorized error."},{"line_number":248,"context_line":""}],"source_content_type":"text/x-rst","patch_set":13,"id":"ba3cc151_c7ea2974","line":245,"updated":"2015-07-02 03:07:10.000000000","message":"`UserName`","commit_id":"7959536226e361f83664ccb5109a2cbb03b92d09"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"6ee8891a81e651c011f05095b145fdda44742720","unresolved":false,"context_lines":[{"line_number":242,"context_line":""},{"line_number":243,"context_line":".. NOTE::"},{"line_number":244,"context_line":""},{"line_number":245,"context_line":"    If the user_name attribute is missing when processing an assertion, the server tries to"},{"line_number":246,"context_line":"    directly map REMOTE_USER environment variable. If this variable is also unavailable"},{"line_number":247,"context_line":"    the server returns an HTTP 401 Unauthorized error."},{"line_number":248,"context_line":""}],"source_content_type":"text/x-rst","patch_set":13,"id":"ba3cc151_c80bfcd4","line":245,"in_reply_to":"ba3cc151_c7ea2974","updated":"2015-07-02 15:43:59.000000000","message":"Done","commit_id":"7959536226e361f83664ccb5109a2cbb03b92d09"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"d4f13be0f42ae4c83889569412913f6848de5e55","unresolved":false,"context_lines":[{"line_number":315,"context_line":""},{"line_number":316,"context_line":".. NOTE::"},{"line_number":317,"context_line":""},{"line_number":318,"context_line":"    group_ids and/or group_names will only be displayed if they were set in the"},{"line_number":319,"context_line":"    rules under local, otherwise they will be empty."},{"line_number":320,"context_line":""},{"line_number":321,"context_line":"Regular Expressions"}],"source_content_type":"text/x-rst","patch_set":13,"id":"ba3cc151_27a8b51f","line":318,"updated":"2015-07-02 03:07:10.000000000","message":"`group_ids` and/or `group_names`","commit_id":"7959536226e361f83664ccb5109a2cbb03b92d09"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"6ee8891a81e651c011f05095b145fdda44742720","unresolved":false,"context_lines":[{"line_number":315,"context_line":""},{"line_number":316,"context_line":".. NOTE::"},{"line_number":317,"context_line":""},{"line_number":318,"context_line":"    group_ids and/or group_names will only be displayed if they were set in the"},{"line_number":319,"context_line":"    rules under local, otherwise they will be empty."},{"line_number":320,"context_line":""},{"line_number":321,"context_line":"Regular Expressions"}],"source_content_type":"text/x-rst","patch_set":13,"id":"ba3cc151_e88fe072","line":318,"in_reply_to":"ba3cc151_27a8b51f","updated":"2015-07-02 15:43:59.000000000","message":"Done","commit_id":"7959536226e361f83664ccb5109a2cbb03b92d09"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"d4f13be0f42ae4c83889569412913f6848de5e55","unresolved":false,"context_lines":[{"line_number":316,"context_line":".. NOTE::"},{"line_number":317,"context_line":""},{"line_number":318,"context_line":"    group_ids and/or group_names will only be displayed if they were set in the"},{"line_number":319,"context_line":"    rules under local, otherwise they will be empty."},{"line_number":320,"context_line":""},{"line_number":321,"context_line":"Regular Expressions"},{"line_number":322,"context_line":"-------------------"}],"source_content_type":"text/x-rst","patch_set":13,"id":"ba3cc151_47a5b944","line":319,"updated":"2015-07-02 03:07:10.000000000","message":"`local`","commit_id":"7959536226e361f83664ccb5109a2cbb03b92d09"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"6ee8891a81e651c011f05095b145fdda44742720","unresolved":false,"context_lines":[{"line_number":316,"context_line":".. NOTE::"},{"line_number":317,"context_line":""},{"line_number":318,"context_line":"    group_ids and/or group_names will only be displayed if they were set in the"},{"line_number":319,"context_line":"    rules under local, otherwise they will be empty."},{"line_number":320,"context_line":""},{"line_number":321,"context_line":"Regular Expressions"},{"line_number":322,"context_line":"-------------------"}],"source_content_type":"text/x-rst","patch_set":13,"id":"ba3cc151_a850f80b","line":319,"in_reply_to":"ba3cc151_47a5b944","updated":"2015-07-02 15:43:59.000000000","message":"Done","commit_id":"7959536226e361f83664ccb5109a2cbb03b92d09"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"d4f13be0f42ae4c83889569412913f6848de5e55","unresolved":false,"context_lines":[{"line_number":432,"context_line":""},{"line_number":433,"context_line":"Multiple rules can also be utilized in a mapping."},{"line_number":434,"context_line":""},{"line_number":435,"context_line":".. code-block:: json"},{"line_number":436,"context_line":""},{"line_number":437,"context_line":"    {"},{"line_number":438,"context_line":"        \"rules\": ["}],"source_content_type":"text/x-rst","patch_set":13,"id":"ba3cc151_076a51ee","line":435,"updated":"2015-07-02 03:07:10.000000000","message":"code-block: javascript","commit_id":"7959536226e361f83664ccb5109a2cbb03b92d09"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"6ee8891a81e651c011f05095b145fdda44742720","unresolved":false,"context_lines":[{"line_number":432,"context_line":""},{"line_number":433,"context_line":"Multiple rules can also be utilized in a mapping."},{"line_number":434,"context_line":""},{"line_number":435,"context_line":".. code-block:: json"},{"line_number":436,"context_line":""},{"line_number":437,"context_line":"    {"},{"line_number":438,"context_line":"        \"rules\": ["}],"source_content_type":"text/x-rst","patch_set":13,"id":"ba3cc151_c82c5c9b","line":435,"in_reply_to":"ba3cc151_076a51ee","updated":"2015-07-02 15:43:59.000000000","message":"Done","commit_id":"7959536226e361f83664ccb5109a2cbb03b92d09"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"4b515f4faeacbd5cdec64e5714036fddb37fb812","unresolved":false,"context_lines":[{"line_number":160,"context_line":""},{"line_number":161,"context_line":".. NOTE::"},{"line_number":162,"context_line":""},{"line_number":163,"context_line":"    The numbers in braces {} are are indices. They map in order. For Example:"},{"line_number":164,"context_line":""},{"line_number":165,"context_line":"    ::"},{"line_number":166,"context_line":""}],"source_content_type":"text/x-rst","patch_set":14,"id":"ba3cc151_669403e8","line":163,"updated":"2015-07-06 14:10:26.000000000","message":"double \u0027are\u0027","commit_id":"b70781718924c0014d91e6a20f5e47716ce92cb4"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"968cb13477e83dac58fb7d99f83502fa7201271e","unresolved":false,"context_lines":[{"line_number":160,"context_line":""},{"line_number":161,"context_line":".. NOTE::"},{"line_number":162,"context_line":""},{"line_number":163,"context_line":"    The numbers in braces {} are are indices. They map in order. For Example:"},{"line_number":164,"context_line":""},{"line_number":165,"context_line":"    ::"},{"line_number":166,"context_line":""}],"source_content_type":"text/x-rst","patch_set":14,"id":"ba3cc151_8e86ee11","line":163,"in_reply_to":"ba3cc151_669403e8","updated":"2015-07-06 20:25:18.000000000","message":"Done","commit_id":"b70781718924c0014d91e6a20f5e47716ce92cb4"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"4b515f4faeacbd5cdec64e5714036fddb37fb812","unresolved":false,"context_lines":[{"line_number":222,"context_line":"                        \"user\": {"},{"line_number":223,"context_line":"                            \"name\": \"{0}\""},{"line_number":224,"context_line":"                        },"},{"line_number":225,"context_line":"                        \"groups\": \"{1}\""},{"line_number":226,"context_line":"                    }"},{"line_number":227,"context_line":"                ],"},{"line_number":228,"context_line":"                \"remote\": ["}],"source_content_type":"text/x-rst","patch_set":14,"id":"ba3cc151_863587f8","line":225,"updated":"2015-07-06 14:10:26.000000000","message":"this should be more like:\n\ngroups: {\n    \u0027name\u0027: {1}\n    \u0027domain\u0027:  {\n         \u0027id\u0027: \u0027\u003cdomainid\u003e\u0027\n     }\n}\n\n\ngroups identified by names must have corresponding domain they belong to.","commit_id":"b70781718924c0014d91e6a20f5e47716ce92cb4"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"968cb13477e83dac58fb7d99f83502fa7201271e","unresolved":false,"context_lines":[{"line_number":222,"context_line":"                        \"user\": {"},{"line_number":223,"context_line":"                            \"name\": \"{0}\""},{"line_number":224,"context_line":"                        },"},{"line_number":225,"context_line":"                        \"groups\": \"{1}\""},{"line_number":226,"context_line":"                    }"},{"line_number":227,"context_line":"                ],"},{"line_number":228,"context_line":"                \"remote\": ["}],"source_content_type":"text/x-rst","patch_set":14,"id":"ba3cc151_4ed8e6ef","line":225,"in_reply_to":"ba3cc151_863587f8","updated":"2015-07-06 20:25:18.000000000","message":"Fixed","commit_id":"b70781718924c0014d91e6a20f5e47716ce92cb4"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"4b515f4faeacbd5cdec64e5714036fddb37fb812","unresolved":false,"context_lines":[{"line_number":242,"context_line":""},{"line_number":243,"context_line":".. NOTE::"},{"line_number":244,"context_line":""},{"line_number":245,"context_line":"    If the `UserName` attribute is missing when processing an assertion, the server tries to"},{"line_number":246,"context_line":"    directly map REMOTE_USER environment variable. If this variable is also unavailable"},{"line_number":247,"context_line":"    the server returns an HTTP 401 Unauthorized error."},{"line_number":248,"context_line":""}],"source_content_type":"text/x-rst","patch_set":14,"id":"ba3cc151_79d4a446","line":245,"updated":"2015-07-06 14:10:26.000000000","message":"UserName is just an ordinary attribute, we use it widely in our tests, but it could be anything. To be honest parameters names are strongly connected with the configuration of corresponding apache modules. \nI suggest changing to something like:\n\n\" If the user id or name is not mapped, the server tries to get user\u0027s name from env variable REMOTE_USER\"","commit_id":"b70781718924c0014d91e6a20f5e47716ce92cb4"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"968cb13477e83dac58fb7d99f83502fa7201271e","unresolved":false,"context_lines":[{"line_number":242,"context_line":""},{"line_number":243,"context_line":".. NOTE::"},{"line_number":244,"context_line":""},{"line_number":245,"context_line":"    If the `UserName` attribute is missing when processing an assertion, the server tries to"},{"line_number":246,"context_line":"    directly map REMOTE_USER environment variable. If this variable is also unavailable"},{"line_number":247,"context_line":"    the server returns an HTTP 401 Unauthorized error."},{"line_number":248,"context_line":""}],"source_content_type":"text/x-rst","patch_set":14,"id":"ba3cc151_8924a8af","line":245,"in_reply_to":"ba3cc151_79d4a446","updated":"2015-07-06 20:25:18.000000000","message":"Changed it to be more broad","commit_id":"b70781718924c0014d91e6a20f5e47716ce92cb4"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"4b515f4faeacbd5cdec64e5714036fddb37fb812","unresolved":false,"context_lines":[{"line_number":246,"context_line":"    directly map REMOTE_USER environment variable. If this variable is also unavailable"},{"line_number":247,"context_line":"    the server returns an HTTP 401 Unauthorized error."},{"line_number":248,"context_line":""},{"line_number":249,"context_line":"Group ids and names can be provided in the local section:"},{"line_number":250,"context_line":""},{"line_number":251,"context_line":".. code-block:: javascript"},{"line_number":252,"context_line":""}],"source_content_type":"text/x-rst","patch_set":14,"id":"ba3cc151_d9c37089","line":249,"updated":"2015-07-06 14:10:26.000000000","message":"local should be probably decorated with some RsT structure like parenthesis or sth?","commit_id":"b70781718924c0014d91e6a20f5e47716ce92cb4"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"968cb13477e83dac58fb7d99f83502fa7201271e","unresolved":false,"context_lines":[{"line_number":246,"context_line":"    directly map REMOTE_USER environment variable. If this variable is also unavailable"},{"line_number":247,"context_line":"    the server returns an HTTP 401 Unauthorized error."},{"line_number":248,"context_line":""},{"line_number":249,"context_line":"Group ids and names can be provided in the local section:"},{"line_number":250,"context_line":""},{"line_number":251,"context_line":".. code-block:: javascript"},{"line_number":252,"context_line":""}],"source_content_type":"text/x-rst","patch_set":14,"id":"ba3cc151_a49431e8","line":249,"in_reply_to":"ba3cc151_d9c37089","updated":"2015-07-06 20:25:18.000000000","message":"enclosed in {}","commit_id":"b70781718924c0014d91e6a20f5e47716ce92cb4"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"4b515f4faeacbd5cdec64e5714036fddb37fb812","unresolved":false,"context_lines":[{"line_number":311,"context_line":"``Federated``: If no domain is specified in the local rule, user is deemed"},{"line_number":312,"context_line":"ephemeral and becomes a member of service domain named Federated."},{"line_number":313,"context_line":""},{"line_number":314,"context_line":"``ephemeral``: A user that does not exist in the backend."},{"line_number":315,"context_line":""},{"line_number":316,"context_line":".. NOTE::"},{"line_number":317,"context_line":""}],"source_content_type":"text/x-rst","patch_set":14,"id":"ba3cc151_f9f514cb","line":314,"updated":"2015-07-06 14:10:26.000000000","message":"put local and ephemeral together, as they correspond to eatch other. Move domain description somewhere else and make a comment about mapping to a existing user/domain.","commit_id":"b70781718924c0014d91e6a20f5e47716ce92cb4"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"968cb13477e83dac58fb7d99f83502fa7201271e","unresolved":false,"context_lines":[{"line_number":311,"context_line":"``Federated``: If no domain is specified in the local rule, user is deemed"},{"line_number":312,"context_line":"ephemeral and becomes a member of service domain named Federated."},{"line_number":313,"context_line":""},{"line_number":314,"context_line":"``ephemeral``: A user that does not exist in the backend."},{"line_number":315,"context_line":""},{"line_number":316,"context_line":".. NOTE::"},{"line_number":317,"context_line":""}],"source_content_type":"text/x-rst","patch_set":14,"id":"ba3cc151_ff8c0281","line":314,"in_reply_to":"ba3cc151_f9f514cb","updated":"2015-07-06 20:25:18.000000000","message":"Moved local and ephemeral together. Not sure what to do about the other items here.","commit_id":"b70781718924c0014d91e6a20f5e47716ce92cb4"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"4b515f4faeacbd5cdec64e5714036fddb37fb812","unresolved":false,"context_lines":[{"line_number":362,"context_line":""},{"line_number":363,"context_line":"    {\"cn\u003dIBM_Canada_Lab\":\"\u003cany_name\u003e@yeah.com\"}"},{"line_number":364,"context_line":"    {\"cn\u003dIBM_USA_Lab\":\"\u003cany_name\u003e@yeah.com\"}"},{"line_number":365,"context_line":""},{"line_number":366,"context_line":"Condition Combinations"},{"line_number":367,"context_line":"----------------------"},{"line_number":368,"context_line":""}],"source_content_type":"text/x-rst","patch_set":14,"id":"ba3cc151_99f088cb","line":365,"updated":"2015-07-06 14:10:26.000000000","message":"this will actually not work, as in the mapping rule you are watching attribute called HTTP_OIDC_GROUPIDS.","commit_id":"b70781718924c0014d91e6a20f5e47716ce92cb4"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"968cb13477e83dac58fb7d99f83502fa7201271e","unresolved":false,"context_lines":[{"line_number":362,"context_line":""},{"line_number":363,"context_line":"    {\"cn\u003dIBM_Canada_Lab\":\"\u003cany_name\u003e@yeah.com\"}"},{"line_number":364,"context_line":"    {\"cn\u003dIBM_USA_Lab\":\"\u003cany_name\u003e@yeah.com\"}"},{"line_number":365,"context_line":""},{"line_number":366,"context_line":"Condition Combinations"},{"line_number":367,"context_line":"----------------------"},{"line_number":368,"context_line":""}],"source_content_type":"text/x-rst","patch_set":14,"id":"ba3cc151_49a0e090","line":365,"in_reply_to":"ba3cc151_99f088cb","updated":"2015-07-06 20:25:18.000000000","message":"HTTP_OIDC_GROUPIDS is cn\u003dIBM_Canada_Lab;cn\u003dIBM_USA_Lab as shown above. Added this here to make it more clear","commit_id":"b70781718924c0014d91e6a20f5e47716ce92cb4"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"4b515f4faeacbd5cdec64e5714036fddb37fb812","unresolved":false,"context_lines":[{"line_number":366,"context_line":"Condition Combinations"},{"line_number":367,"context_line":"----------------------"},{"line_number":368,"context_line":""},{"line_number":369,"context_line":"Combinations of the Supported Mappings can also be done."},{"line_number":370,"context_line":""},{"line_number":371,"context_line":"``empty``, ``any_one_of``, and ``not_any_of`` can all be used in the same mapping."},{"line_number":372,"context_line":"``any_one_of`` and ``not_any_of`` are mutually exclusive. ``whitelist`` and ``blacklist``"}],"source_content_type":"text/x-rst","patch_set":14,"id":"ba3cc151_1c40e606","line":369,"updated":"2015-07-06 14:10:26.000000000","message":"Suppoerted Mapping are used here and only once in the whole document. What are these?","commit_id":"b70781718924c0014d91e6a20f5e47716ce92cb4"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"968cb13477e83dac58fb7d99f83502fa7201271e","unresolved":false,"context_lines":[{"line_number":366,"context_line":"Condition Combinations"},{"line_number":367,"context_line":"----------------------"},{"line_number":368,"context_line":""},{"line_number":369,"context_line":"Combinations of the Supported Mappings can also be done."},{"line_number":370,"context_line":""},{"line_number":371,"context_line":"``empty``, ``any_one_of``, and ``not_any_of`` can all be used in the same mapping."},{"line_number":372,"context_line":"``any_one_of`` and ``not_any_of`` are mutually exclusive. ``whitelist`` and ``blacklist``"}],"source_content_type":"text/x-rst","patch_set":14,"id":"ba3cc151_c97dd0e8","line":369,"in_reply_to":"ba3cc151_1c40e606","updated":"2015-07-06 20:25:18.000000000","message":"Removed Supported in whole document for clarity. Fixed up a couple sections that had that word","commit_id":"b70781718924c0014d91e6a20f5e47716ce92cb4"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"4b515f4faeacbd5cdec64e5714036fddb37fb812","unresolved":false,"context_lines":[{"line_number":370,"context_line":""},{"line_number":371,"context_line":"``empty``, ``any_one_of``, and ``not_any_of`` can all be used in the same mapping."},{"line_number":372,"context_line":"``any_one_of`` and ``not_any_of`` are mutually exclusive. ``whitelist`` and ``blacklist``"},{"line_number":373,"context_line":"cannot be used together."},{"line_number":374,"context_line":""},{"line_number":375,"context_line":".. code-block:: javascript"},{"line_number":376,"context_line":""}],"source_content_type":"text/x-rst","patch_set":14,"id":"ba3cc151_b9c0ec2b","line":373,"updated":"2015-07-06 14:10:26.000000000","message":"Sorry, this sentence doesn\u0027t make much sense to me.\nI suggest changing to:\n\n\"Combinations of `empty``, ``any_one_of``, ``not_any_of`` [...] cannot be used multiple times withing a CONDITION\"","commit_id":"b70781718924c0014d91e6a20f5e47716ce92cb4"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"968cb13477e83dac58fb7d99f83502fa7201271e","unresolved":false,"context_lines":[{"line_number":370,"context_line":""},{"line_number":371,"context_line":"``empty``, ``any_one_of``, and ``not_any_of`` can all be used in the same mapping."},{"line_number":372,"context_line":"``any_one_of`` and ``not_any_of`` are mutually exclusive. ``whitelist`` and ``blacklist``"},{"line_number":373,"context_line":"cannot be used together."},{"line_number":374,"context_line":""},{"line_number":375,"context_line":".. code-block:: javascript"},{"line_number":376,"context_line":""}],"source_content_type":"text/x-rst","patch_set":14,"id":"ba3cc151_84b80de7","line":373,"in_reply_to":"ba3cc151_b9c0ec2b","updated":"2015-07-06 20:25:18.000000000","message":"I was just letting the reader know that they can use it once within the same rule. Changed the sentence to make it more clear","commit_id":"b70781718924c0014d91e6a20f5e47716ce92cb4"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"4b515f4faeacbd5cdec64e5714036fddb37fb812","unresolved":false,"context_lines":[{"line_number":417,"context_line":""},{"line_number":418,"context_line":".. code-block:: javascript"},{"line_number":419,"context_line":""},{"line_number":420,"context_line":"     {\"Email\":\"\u003cany_name\u003e@yeah.com\"}"},{"line_number":421,"context_line":"     {\"cn\u003dIBM_USA_Lab\":\"\u003cany_name\u003e@yeah.com\"}"},{"line_number":422,"context_line":"     {\"cn\u003dIBM_Canada_Lab\":\"\u003cany_name\u003e@yeah.com\"}"},{"line_number":423,"context_line":""}],"source_content_type":"text/x-rst","patch_set":14,"id":"ba3cc151_f98514ad","line":420,"updated":"2015-07-06 14:10:26.000000000","message":"We don\u0027t use Email in the mapping rules, I guess you should change either Email to UseRName ot UserName to Email.","commit_id":"b70781718924c0014d91e6a20f5e47716ce92cb4"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"968cb13477e83dac58fb7d99f83502fa7201271e","unresolved":false,"context_lines":[{"line_number":417,"context_line":""},{"line_number":418,"context_line":".. code-block:: javascript"},{"line_number":419,"context_line":""},{"line_number":420,"context_line":"     {\"Email\":\"\u003cany_name\u003e@yeah.com\"}"},{"line_number":421,"context_line":"     {\"cn\u003dIBM_USA_Lab\":\"\u003cany_name\u003e@yeah.com\"}"},{"line_number":422,"context_line":"     {\"cn\u003dIBM_Canada_Lab\":\"\u003cany_name\u003e@yeah.com\"}"},{"line_number":423,"context_line":""}],"source_content_type":"text/x-rst","patch_set":14,"id":"ba3cc151_246d8132","line":420,"in_reply_to":"ba3cc151_f98514ad","updated":"2015-07-06 20:25:18.000000000","message":"Good Catch","commit_id":"b70781718924c0014d91e6a20f5e47716ce92cb4"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"4b515f4faeacbd5cdec64e5714036fddb37fb812","unresolved":false,"context_lines":[{"line_number":503,"context_line":"Since rules are additive one can specify one user identification and this"},{"line_number":504,"context_line":"will also work. The best practice for multiple rules is to create a rule for just"},{"line_number":505,"context_line":"user and another rule for just groups."},{"line_number":506,"context_line":""},{"line_number":507,"context_line":"The above shows all orgPersonType:"},{"line_number":508,"context_line":"::"},{"line_number":509,"context_line":""}],"source_content_type":"text/x-rst","patch_set":14,"id":"ba3cc151_5c250eac","line":506,"updated":"2015-07-06 14:10:26.000000000","message":"Great description! Clear and  concise!","commit_id":"b70781718924c0014d91e6a20f5e47716ce92cb4"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"968cb13477e83dac58fb7d99f83502fa7201271e","unresolved":false,"context_lines":[{"line_number":503,"context_line":"Since rules are additive one can specify one user identification and this"},{"line_number":504,"context_line":"will also work. The best practice for multiple rules is to create a rule for just"},{"line_number":505,"context_line":"user and another rule for just groups."},{"line_number":506,"context_line":""},{"line_number":507,"context_line":"The above shows all orgPersonType:"},{"line_number":508,"context_line":"::"},{"line_number":509,"context_line":""}],"source_content_type":"text/x-rst","patch_set":14,"id":"ba3cc151_e44d59c5","line":506,"in_reply_to":"ba3cc151_5c250eac","updated":"2015-07-06 20:25:18.000000000","message":"Thank you!!","commit_id":"b70781718924c0014d91e6a20f5e47716ce92cb4"},{"author":{"_account_id":6486,"name":"Brant Knudson","email":"blk@acm.org","username":"blk-u"},"change_message_id":"17687381f2f575fb817c24ba5e529bf8823bbc30","unresolved":false,"context_lines":[{"line_number":19,"context_line":"Description"},{"line_number":20,"context_line":"-----------"},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"Mapping adds a set of rules to map federation attributes to Identity API objects."},{"line_number":23,"context_line":"An Identity Provider has exactly one mapping specified per protocol."},{"line_number":24,"context_line":""},{"line_number":25,"context_line":"Mapping objects can be used multiple times by different combinations of Identity"}],"source_content_type":"text/x-rst","patch_set":15,"id":"ba3cc151_a6da324a","line":22,"updated":"2015-07-10 00:44:42.000000000","message":"what is an identity API object?","commit_id":"b53ce4883469a2129af6a2db279eaf429287c435"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"f41b2d58577bb1531308c19b585fa318f96b962c","unresolved":false,"context_lines":[{"line_number":19,"context_line":"Description"},{"line_number":20,"context_line":"-----------"},{"line_number":21,"context_line":""},{"line_number":22,"context_line":"Mapping adds a set of rules to map federation attributes to Identity API objects."},{"line_number":23,"context_line":"An Identity Provider has exactly one mapping specified per protocol."},{"line_number":24,"context_line":""},{"line_number":25,"context_line":"Mapping objects can be used multiple times by different combinations of Identity"}],"source_content_type":"text/x-rst","patch_set":15,"id":"9a41bdd9_e95e7fe8","line":22,"in_reply_to":"ba3cc151_a6da324a","updated":"2015-07-13 16:42:15.000000000","message":"Fixed.","commit_id":"b53ce4883469a2129af6a2db279eaf429287c435"},{"author":{"_account_id":6486,"name":"Brant Knudson","email":"blk@acm.org","username":"blk-u"},"change_message_id":"17687381f2f575fb817c24ba5e529bf8823bbc30","unresolved":false,"context_lines":[{"line_number":64,"context_line":"--------------"},{"line_number":65,"context_line":""},{"line_number":66,"context_line":"The mapping engine can be tested before creating a federated setup. It can be"},{"line_number":67,"context_line":"tested with the keystone-manage command:"},{"line_number":68,"context_line":""},{"line_number":69,"context_line":".. code-block:: bash"},{"line_number":70,"context_line":""}],"source_content_type":"text/x-rst","patch_set":15,"id":"ba3cc151_2674e234","line":67,"updated":"2015-07-10 00:44:42.000000000","message":"put keystone-manage in `` , also should be ``keystone-manage mapping_engine``","commit_id":"b53ce4883469a2129af6a2db279eaf429287c435"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"f41b2d58577bb1531308c19b585fa318f96b962c","unresolved":false,"context_lines":[{"line_number":64,"context_line":"--------------"},{"line_number":65,"context_line":""},{"line_number":66,"context_line":"The mapping engine can be tested before creating a federated setup. It can be"},{"line_number":67,"context_line":"tested with the keystone-manage command:"},{"line_number":68,"context_line":""},{"line_number":69,"context_line":".. code-block:: bash"},{"line_number":70,"context_line":""}],"source_content_type":"text/x-rst","patch_set":15,"id":"9a41bdd9_8a21e6fd","line":67,"in_reply_to":"ba3cc151_2674e234","updated":"2015-07-13 16:42:15.000000000","message":"Done","commit_id":"b53ce4883469a2129af6a2db279eaf429287c435"},{"author":{"_account_id":6486,"name":"Brant Knudson","email":"blk@acm.org","username":"blk-u"},"change_message_id":"17687381f2f575fb817c24ba5e529bf8823bbc30","unresolved":false,"context_lines":[{"line_number":70,"context_line":""},{"line_number":71,"context_line":"    $ keystone-manage mapping_engine --rules \u003cfile\u003e --input \u003cfile\u003e"},{"line_number":72,"context_line":""},{"line_number":73,"context_line":"``--rules`` will be the path to the file with the rules which will be"},{"line_number":74,"context_line":"executed. The file must be a proper JSON structure with the top-level"},{"line_number":75,"context_line":"key `rules`."},{"line_number":76,"context_line":""}],"source_content_type":"text/x-rst","patch_set":15,"id":"ba3cc151_c6009669","line":73,"updated":"2015-07-10 00:44:42.000000000","message":"the fact that we need this separate documentation says that the mapping_engine subcommand documentation isn\u0027t good enough.","commit_id":"b53ce4883469a2129af6a2db279eaf429287c435"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"f41b2d58577bb1531308c19b585fa318f96b962c","unresolved":false,"context_lines":[{"line_number":70,"context_line":""},{"line_number":71,"context_line":"    $ keystone-manage mapping_engine --rules \u003cfile\u003e --input \u003cfile\u003e"},{"line_number":72,"context_line":""},{"line_number":73,"context_line":"``--rules`` will be the path to the file with the rules which will be"},{"line_number":74,"context_line":"executed. The file must be a proper JSON structure with the top-level"},{"line_number":75,"context_line":"key `rules`."},{"line_number":76,"context_line":""}],"source_content_type":"text/x-rst","patch_set":15,"id":"9a41bdd9_2a021a70","line":73,"in_reply_to":"9a41bdd9_7ded57ee","updated":"2015-07-13 16:42:15.000000000","message":"I agree, this should only be supported in one area. Marek does show a good help screen.\n\n--rules RULES    Path to the file with rules to be executed. Content must be a proper JSON structure, with a top-level key \u0027rules\u0027 and corresponding value being a list.\n--input INPUT    Path to the file with input attributes. The content consists of \u0027:\u0027 separated parameter names and their values. There is only one key-value pair per line. A \u0027;\u0027 in the value is a separator and then a value is treated as a list. Example: EMAIL: me@example.com LOGIN: me GROUPS: group1;group2;group3","commit_id":"b53ce4883469a2129af6a2db279eaf429287c435"},{"author":{"_account_id":6486,"name":"Brant Knudson","email":"blk@acm.org","username":"blk-u"},"change_message_id":"9c6bcf6f9dc8f3617b6a185e66df3919e300e71d","unresolved":false,"context_lines":[{"line_number":70,"context_line":""},{"line_number":71,"context_line":"    $ keystone-manage mapping_engine --rules \u003cfile\u003e --input \u003cfile\u003e"},{"line_number":72,"context_line":""},{"line_number":73,"context_line":"``--rules`` will be the path to the file with the rules which will be"},{"line_number":74,"context_line":"executed. The file must be a proper JSON structure with the top-level"},{"line_number":75,"context_line":"key `rules`."},{"line_number":76,"context_line":""}],"source_content_type":"text/x-rst","patch_set":15,"id":"9a41bdd9_7ded57ee","line":73,"in_reply_to":"9a41bdd9_e7eec421","updated":"2015-07-13 12:46:57.000000000","message":"If this is supposed to be an explanation of mapping language grammar then leave it at that. Let\u0027s not duplicate documentation for the keystone-manage mapping_engine command, otherwise we\u0027ll just have to maintain the same thing in 2 places. It would be better to link to the existing documentation.","commit_id":"b53ce4883469a2129af6a2db279eaf429287c435"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"4bcfda54507a6abd0fbd33296d7043df69de7900","unresolved":false,"context_lines":[{"line_number":70,"context_line":""},{"line_number":71,"context_line":"    $ keystone-manage mapping_engine --rules \u003cfile\u003e --input \u003cfile\u003e"},{"line_number":72,"context_line":""},{"line_number":73,"context_line":"``--rules`` will be the path to the file with the rules which will be"},{"line_number":74,"context_line":"executed. The file must be a proper JSON structure with the top-level"},{"line_number":75,"context_line":"key `rules`."},{"line_number":76,"context_line":""}],"source_content_type":"text/x-rst","patch_set":15,"id":"9a41bdd9_e7eec421","line":73,"in_reply_to":"ba3cc151_c6009669","updated":"2015-07-13 09:35:54.000000000","message":"this documentation is an explanation of not-so-simple mapping language gramar and keystone-manage is used here as an example to execute maping engine. \nI wouldn\u0027t expect explaining mapping language in a mapping_engine subcommand help message.","commit_id":"b53ce4883469a2129af6a2db279eaf429287c435"},{"author":{"_account_id":6486,"name":"Brant Knudson","email":"blk@acm.org","username":"blk-u"},"change_message_id":"17687381f2f575fb817c24ba5e529bf8823bbc30","unresolved":false,"context_lines":[{"line_number":160,"context_line":""},{"line_number":161,"context_line":".. NOTE::"},{"line_number":162,"context_line":""},{"line_number":163,"context_line":"    The numbers in braces {} are indices. They map in order. For Example:"},{"line_number":164,"context_line":""},{"line_number":165,"context_line":"    ::"},{"line_number":166,"context_line":""}],"source_content_type":"text/x-rst","patch_set":15,"id":"ba3cc151_66242a0e","line":163,"updated":"2015-07-10 00:44:42.000000000","message":"lowercase example\n\nalso, should coobine : and :: here and use :: at the end of this line.","commit_id":"b53ce4883469a2129af6a2db279eaf429287c435"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"f41b2d58577bb1531308c19b585fa318f96b962c","unresolved":false,"context_lines":[{"line_number":160,"context_line":""},{"line_number":161,"context_line":".. NOTE::"},{"line_number":162,"context_line":""},{"line_number":163,"context_line":"    The numbers in braces {} are indices. They map in order. For Example:"},{"line_number":164,"context_line":""},{"line_number":165,"context_line":"    ::"},{"line_number":166,"context_line":""}],"source_content_type":"text/x-rst","patch_set":15,"id":"9a41bdd9_13e53308","line":163,"in_reply_to":"ba3cc151_66242a0e","updated":"2015-07-13 16:42:15.000000000","message":"Done","commit_id":"b53ce4883469a2129af6a2db279eaf429287c435"},{"author":{"_account_id":6486,"name":"Brant Knudson","email":"blk@acm.org","username":"blk-u"},"change_message_id":"17687381f2f575fb817c24ba5e529bf8823bbc30","unresolved":false,"context_lines":[{"line_number":164,"context_line":""},{"line_number":165,"context_line":"    ::"},{"line_number":166,"context_line":""},{"line_number":167,"context_line":"        Mapping to user with the name matching the value in remote attribute OS_FIRST_NAME"},{"line_number":168,"context_line":"        Mapping to user with the name matching the value in remote attribute OS_LAST_NAME"},{"line_number":169,"context_line":"        Mapping to user with the email matching value in remote attribute OS_EMAIL"},{"line_number":170,"context_line":"        Mapping to a group(s) with the name matching the value(s) in remote attribute OIDC_GROUPS"}],"source_content_type":"text/x-rst","patch_set":15,"id":"ba3cc151_e676fa0b","line":167,"updated":"2015-07-10 00:44:42.000000000","message":"this should be a list and not a preformatted section.","commit_id":"b53ce4883469a2129af6a2db279eaf429287c435"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"f41b2d58577bb1531308c19b585fa318f96b962c","unresolved":false,"context_lines":[{"line_number":164,"context_line":""},{"line_number":165,"context_line":"    ::"},{"line_number":166,"context_line":""},{"line_number":167,"context_line":"        Mapping to user with the name matching the value in remote attribute OS_FIRST_NAME"},{"line_number":168,"context_line":"        Mapping to user with the name matching the value in remote attribute OS_LAST_NAME"},{"line_number":169,"context_line":"        Mapping to user with the email matching value in remote attribute OS_EMAIL"},{"line_number":170,"context_line":"        Mapping to a group(s) with the name matching the value(s) in remote attribute OIDC_GROUPS"}],"source_content_type":"text/x-rst","patch_set":15,"id":"9a41bdd9_131e930c","line":167,"in_reply_to":"ba3cc151_e676fa0b","updated":"2015-07-13 16:42:15.000000000","message":"Done","commit_id":"b53ce4883469a2129af6a2db279eaf429287c435"},{"author":{"_account_id":6486,"name":"Brant Knudson","email":"blk@acm.org","username":"blk-u"},"change_message_id":"17687381f2f575fb817c24ba5e529bf8823bbc30","unresolved":false,"context_lines":[{"line_number":177,"context_line":"~~~~~~~~~~~~~~~~"},{"line_number":178,"context_line":""},{"line_number":179,"context_line":"In ``\u003cother_condition\u003e`` please supply one of the following:"},{"line_number":180,"context_line":"``any_one_of``, or ``not_any_of``."},{"line_number":181,"context_line":""},{"line_number":182,"context_line":".. code-block:: javascript"},{"line_number":183,"context_line":""}],"source_content_type":"text/x-rst","patch_set":15,"id":"ba3cc151_06cafe1a","line":180,"updated":"2015-07-10 00:44:42.000000000","message":"is this referring to line 203?","commit_id":"b53ce4883469a2129af6a2db279eaf429287c435"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"f41b2d58577bb1531308c19b585fa318f96b962c","unresolved":false,"context_lines":[{"line_number":177,"context_line":"~~~~~~~~~~~~~~~~"},{"line_number":178,"context_line":""},{"line_number":179,"context_line":"In ``\u003cother_condition\u003e`` please supply one of the following:"},{"line_number":180,"context_line":"``any_one_of``, or ``not_any_of``."},{"line_number":181,"context_line":""},{"line_number":182,"context_line":".. code-block:: javascript"},{"line_number":183,"context_line":""}],"source_content_type":"text/x-rst","patch_set":15,"id":"9a41bdd9_532bbb30","line":180,"in_reply_to":"ba3cc151_06cafe1a","updated":"2015-07-13 16:42:15.000000000","message":"Yup, added a comment.","commit_id":"b53ce4883469a2129af6a2db279eaf429287c435"},{"author":{"_account_id":6486,"name":"Brant Knudson","email":"blk@acm.org","username":"blk-u"},"change_message_id":"17687381f2f575fb817c24ba5e529bf8823bbc30","unresolved":false,"context_lines":[{"line_number":210,"context_line":"    }"},{"line_number":211,"context_line":""},{"line_number":212,"context_line":"In ``\u003cother_condition\u003e`` please supply one of the following:"},{"line_number":213,"context_line":"``blacklist``, or ``whitelist``."},{"line_number":214,"context_line":""},{"line_number":215,"context_line":".. code-block:: javascript"},{"line_number":216,"context_line":""}],"source_content_type":"text/x-rst","patch_set":15,"id":"ba3cc151_46f7a659","line":213,"updated":"2015-07-10 00:44:42.000000000","message":"is this referring to line 239?","commit_id":"b53ce4883469a2129af6a2db279eaf429287c435"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"f41b2d58577bb1531308c19b585fa318f96b962c","unresolved":false,"context_lines":[{"line_number":210,"context_line":"    }"},{"line_number":211,"context_line":""},{"line_number":212,"context_line":"In ``\u003cother_condition\u003e`` please supply one of the following:"},{"line_number":213,"context_line":"``blacklist``, or ``whitelist``."},{"line_number":214,"context_line":""},{"line_number":215,"context_line":".. code-block:: javascript"},{"line_number":216,"context_line":""}],"source_content_type":"text/x-rst","patch_set":15,"id":"9a41bdd9_b30327b8","line":213,"in_reply_to":"ba3cc151_46f7a659","updated":"2015-07-13 16:42:15.000000000","message":"Yup, added a comment.","commit_id":"b53ce4883469a2129af6a2db279eaf429287c435"},{"author":{"_account_id":6486,"name":"Brant Knudson","email":"blk@acm.org","username":"blk-u"},"change_message_id":"17687381f2f575fb817c24ba5e529bf8823bbc30","unresolved":false,"context_lines":[{"line_number":248,"context_line":".. NOTE::"},{"line_number":249,"context_line":""},{"line_number":250,"context_line":"    If the user id or name is missing when processing an assertion, the server tries to"},{"line_number":251,"context_line":"    directly map REMOTE_USER environment variable. If this variable is also unavailable"},{"line_number":252,"context_line":"    the server returns an HTTP 401 Unauthorized error."},{"line_number":253,"context_line":""},{"line_number":254,"context_line":"Group ids and names can be provided in the local section:"}],"source_content_type":"text/x-rst","patch_set":15,"id":"ba3cc151_e6927afc","line":251,"updated":"2015-07-10 00:44:42.000000000","message":"put REMOTE_USER in ``","commit_id":"b53ce4883469a2129af6a2db279eaf429287c435"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"f41b2d58577bb1531308c19b585fa318f96b962c","unresolved":false,"context_lines":[{"line_number":248,"context_line":".. NOTE::"},{"line_number":249,"context_line":""},{"line_number":250,"context_line":"    If the user id or name is missing when processing an assertion, the server tries to"},{"line_number":251,"context_line":"    directly map REMOTE_USER environment variable. If this variable is also unavailable"},{"line_number":252,"context_line":"    the server returns an HTTP 401 Unauthorized error."},{"line_number":253,"context_line":""},{"line_number":254,"context_line":"Group ids and names can be provided in the local section:"}],"source_content_type":"text/x-rst","patch_set":15,"id":"9a41bdd9_930aa3d1","line":251,"in_reply_to":"ba3cc151_e6927afc","updated":"2015-07-13 16:42:15.000000000","message":"Done","commit_id":"b53ce4883469a2129af6a2db279eaf429287c435"},{"author":{"_account_id":6486,"name":"Brant Knudson","email":"blk@acm.org","username":"blk-u"},"change_message_id":"17687381f2f575fb817c24ba5e529bf8823bbc30","unresolved":false,"context_lines":[{"line_number":251,"context_line":"    directly map REMOTE_USER environment variable. If this variable is also unavailable"},{"line_number":252,"context_line":"    the server returns an HTTP 401 Unauthorized error."},{"line_number":253,"context_line":""},{"line_number":254,"context_line":"Group ids and names can be provided in the local section:"},{"line_number":255,"context_line":""},{"line_number":256,"context_line":".. code-block:: javascript"},{"line_number":257,"context_line":""}],"source_content_type":"text/x-rst","patch_set":15,"id":"ba3cc151_46a56645","line":254,"updated":"2015-07-10 00:44:42.000000000","message":"multiple groups? how?","commit_id":"b53ce4883469a2129af6a2db279eaf429287c435"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"f41b2d58577bb1531308c19b585fa318f96b962c","unresolved":false,"context_lines":[{"line_number":251,"context_line":"    directly map REMOTE_USER environment variable. If this variable is also unavailable"},{"line_number":252,"context_line":"    the server returns an HTTP 401 Unauthorized error."},{"line_number":253,"context_line":""},{"line_number":254,"context_line":"Group ids and names can be provided in the local section:"},{"line_number":255,"context_line":""},{"line_number":256,"context_line":".. code-block:: javascript"},{"line_number":257,"context_line":""}],"source_content_type":"text/x-rst","patch_set":15,"id":"9a41bdd9_ea3672e6","line":254,"in_reply_to":"ba3cc151_46a56645","updated":"2015-07-13 16:42:15.000000000","message":"Have yet to see this done.\nPlease confirm if the following is accurate.\n\n{\n    \"group\": {\n        \"id\": [\"89678b\", \"abcdefg\"]\n    }\n}","commit_id":"b53ce4883469a2129af6a2db279eaf429287c435"},{"author":{"_account_id":6486,"name":"Brant Knudson","email":"blk@acm.org","username":"blk-u"},"change_message_id":"17687381f2f575fb817c24ba5e529bf8823bbc30","unresolved":false,"context_lines":[{"line_number":299,"context_line":"Output"},{"line_number":300,"context_line":"------"},{"line_number":301,"context_line":""},{"line_number":302,"context_line":"If a mapping is valid you will receive the following output."},{"line_number":303,"context_line":""},{"line_number":304,"context_line":".. code-block:: javascript"},{"line_number":305,"context_line":""}],"source_content_type":"text/x-rst","patch_set":15,"id":"ba3cc151_c646567b","line":302,"updated":"2015-07-10 00:44:42.000000000","message":"should be : at end of line.","commit_id":"b53ce4883469a2129af6a2db279eaf429287c435"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"f41b2d58577bb1531308c19b585fa318f96b962c","unresolved":false,"context_lines":[{"line_number":299,"context_line":"Output"},{"line_number":300,"context_line":"------"},{"line_number":301,"context_line":""},{"line_number":302,"context_line":"If a mapping is valid you will receive the following output."},{"line_number":303,"context_line":""},{"line_number":304,"context_line":".. code-block:: javascript"},{"line_number":305,"context_line":""}],"source_content_type":"text/x-rst","patch_set":15,"id":"9a41bdd9_335877fa","line":302,"in_reply_to":"ba3cc151_c646567b","updated":"2015-07-13 16:42:15.000000000","message":"Done","commit_id":"b53ce4883469a2129af6a2db279eaf429287c435"},{"author":{"_account_id":6486,"name":"Brant Knudson","email":"blk@acm.org","username":"blk-u"},"change_message_id":"17687381f2f575fb817c24ba5e529bf8823bbc30","unresolved":false,"context_lines":[{"line_number":313,"context_line":"        \"name\": \"\u003clocal-user-name\u003e\","},{"line_number":314,"context_line":"        \"id\": \"\u003clocal-user-id\u003e\""},{"line_number":315,"context_line":"      },"},{"line_number":316,"context_line":"      \"group_names\": [\u003cgroup-names\u003e]"},{"line_number":317,"context_line":"    }"},{"line_number":318,"context_line":""},{"line_number":319,"context_line":"``local``: If the user has domain specified, the user is treated as existing in"}],"source_content_type":"text/x-rst","patch_set":15,"id":"ba3cc151_660aea29","line":316,"updated":"2015-07-10 00:44:42.000000000","message":"don\u0027t we also need the group domain?","commit_id":"b53ce4883469a2129af6a2db279eaf429287c435"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"f41b2d58577bb1531308c19b585fa318f96b962c","unresolved":false,"context_lines":[{"line_number":313,"context_line":"        \"name\": \"\u003clocal-user-name\u003e\","},{"line_number":314,"context_line":"        \"id\": \"\u003clocal-user-id\u003e\""},{"line_number":315,"context_line":"      },"},{"line_number":316,"context_line":"      \"group_names\": [\u003cgroup-names\u003e]"},{"line_number":317,"context_line":"    }"},{"line_number":318,"context_line":""},{"line_number":319,"context_line":"``local``: If the user has domain specified, the user is treated as existing in"}],"source_content_type":"text/x-rst","patch_set":15,"id":"9a41bdd9_efca046e","line":316,"in_reply_to":"9a41bdd9_6724f40c","updated":"2015-07-13 16:42:15.000000000","message":"Thanks for the hint! Updated","commit_id":"b53ce4883469a2129af6a2db279eaf429287c435"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"4bcfda54507a6abd0fbd33296d7043df69de7900","unresolved":false,"context_lines":[{"line_number":313,"context_line":"        \"name\": \"\u003clocal-user-name\u003e\","},{"line_number":314,"context_line":"        \"id\": \"\u003clocal-user-id\u003e\""},{"line_number":315,"context_line":"      },"},{"line_number":316,"context_line":"      \"group_names\": [\u003cgroup-names\u003e]"},{"line_number":317,"context_line":"    }"},{"line_number":318,"context_line":""},{"line_number":319,"context_line":"``local``: If the user has domain specified, the user is treated as existing in"}],"source_content_type":"text/x-rst","patch_set":15,"id":"9a41bdd9_6724f40c","line":316,"in_reply_to":"ba3cc151_660aea29","updated":"2015-07-13 09:35:54.000000000","message":"We do: https://github.com/openstack/keystone/blob/master/keystone/contrib/federation/utils.py#L559-L578 and we will show it. \n\nHint for Fernando: Update docs so users know there are group names with domains.","commit_id":"b53ce4883469a2129af6a2db279eaf429287c435"},{"author":{"_account_id":6486,"name":"Brant Knudson","email":"blk@acm.org","username":"blk-u"},"change_message_id":"17687381f2f575fb817c24ba5e529bf8823bbc30","unresolved":false,"context_lines":[{"line_number":322,"context_line":"``ephemeral``: A user that does not exist in the backend."},{"line_number":323,"context_line":""},{"line_number":324,"context_line":"``Federated``: If no domain is specified in the local rule, user is deemed"},{"line_number":325,"context_line":"ephemeral and becomes a member of service domain named Federated."},{"line_number":326,"context_line":""},{"line_number":327,"context_line":".. NOTE::"},{"line_number":328,"context_line":""}],"source_content_type":"text/x-rst","patch_set":15,"id":"ba3cc151_69115d53","line":325,"updated":"2015-07-10 00:44:42.000000000","message":"Put Federated in ``","commit_id":"b53ce4883469a2129af6a2db279eaf429287c435"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"f41b2d58577bb1531308c19b585fa318f96b962c","unresolved":false,"context_lines":[{"line_number":322,"context_line":"``ephemeral``: A user that does not exist in the backend."},{"line_number":323,"context_line":""},{"line_number":324,"context_line":"``Federated``: If no domain is specified in the local rule, user is deemed"},{"line_number":325,"context_line":"ephemeral and becomes a member of service domain named Federated."},{"line_number":326,"context_line":""},{"line_number":327,"context_line":".. NOTE::"},{"line_number":328,"context_line":""}],"source_content_type":"text/x-rst","patch_set":15,"id":"9a41bdd9_b35567c7","line":325,"in_reply_to":"ba3cc151_69115d53","updated":"2015-07-13 16:42:15.000000000","message":"Done","commit_id":"b53ce4883469a2129af6a2db279eaf429287c435"},{"author":{"_account_id":6486,"name":"Brant Knudson","email":"blk@acm.org","username":"blk-u"},"change_message_id":"17687381f2f575fb817c24ba5e529bf8823bbc30","unresolved":false,"context_lines":[{"line_number":357,"context_line":"                    {"},{"line_number":358,"context_line":"                        \"type\": \"HTTP_OIDC_GROUPIDS\","},{"line_number":359,"context_line":"                        \"any_one_of\": ["},{"line_number":360,"context_line":"                            \".*@yeah.com$\""},{"line_number":361,"context_line":"                        ]"},{"line_number":362,"context_line":"                        \"regex\": true"},{"line_number":363,"context_line":"                    }"}],"source_content_type":"text/x-rst","patch_set":15,"id":"ba3cc151_097771a0","line":360,"updated":"2015-07-10 00:44:42.000000000","message":"if this matches partial string then .* isn\u0027t needed.\n\nAlso, since . is a special character in regex it needs to be escaped.","commit_id":"b53ce4883469a2129af6a2db279eaf429287c435"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"f41b2d58577bb1531308c19b585fa318f96b962c","unresolved":false,"context_lines":[{"line_number":357,"context_line":"                    {"},{"line_number":358,"context_line":"                        \"type\": \"HTTP_OIDC_GROUPIDS\","},{"line_number":359,"context_line":"                        \"any_one_of\": ["},{"line_number":360,"context_line":"                            \".*@yeah.com$\""},{"line_number":361,"context_line":"                        ]"},{"line_number":362,"context_line":"                        \"regex\": true"},{"line_number":363,"context_line":"                    }"}],"source_content_type":"text/x-rst","patch_set":15,"id":"9a41bdd9_2f0d4c37","line":360,"in_reply_to":"ba3cc151_097771a0","updated":"2015-07-13 16:42:15.000000000","message":".* should be fine since:\n\n\".\" is any char except newline\n\"*\" is zero or more of the preceding element.\n\nJust trying to show regex syntax and trying to keep it consistent with /keystone/tests/unit/mapping_fixtures.py","commit_id":"b53ce4883469a2129af6a2db279eaf429287c435"},{"author":{"_account_id":6486,"name":"Brant Knudson","email":"blk@acm.org","username":"blk-u"},"change_message_id":"17687381f2f575fb817c24ba5e529bf8823bbc30","unresolved":false,"context_lines":[{"line_number":367,"context_line":"    }"},{"line_number":368,"context_line":""},{"line_number":369,"context_line":"This allows any user with the following claim information to be mapped to"},{"line_number":370,"context_line":"group with id 0cd5e9. HTTP_OIDC_GROUPIDS is cn\u003dIBM_Canada_Lab;cn\u003dIBM_USA_Lab."},{"line_number":371,"context_line":""},{"line_number":372,"context_line":".. code-block:: javascript"},{"line_number":373,"context_line":""}],"source_content_type":"text/x-rst","patch_set":15,"id":"ba3cc151_c9598937","line":370,"updated":"2015-07-10 00:44:42.000000000","message":"put 0cd5e9, HTTP_OIDC_GROUPIDS, cn\u003dIBM_Canada_Lab;cn\u003dIBM_USA_Lab in ``","commit_id":"b53ce4883469a2129af6a2db279eaf429287c435"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"f41b2d58577bb1531308c19b585fa318f96b962c","unresolved":false,"context_lines":[{"line_number":367,"context_line":"    }"},{"line_number":368,"context_line":""},{"line_number":369,"context_line":"This allows any user with the following claim information to be mapped to"},{"line_number":370,"context_line":"group with id 0cd5e9. HTTP_OIDC_GROUPIDS is cn\u003dIBM_Canada_Lab;cn\u003dIBM_USA_Lab."},{"line_number":371,"context_line":""},{"line_number":372,"context_line":".. code-block:: javascript"},{"line_number":373,"context_line":""}],"source_content_type":"text/x-rst","patch_set":15,"id":"9a41bdd9_b3e7a73f","line":370,"in_reply_to":"ba3cc151_c9598937","updated":"2015-07-13 16:42:15.000000000","message":"Done","commit_id":"b53ce4883469a2129af6a2db279eaf429287c435"},{"author":{"_account_id":6486,"name":"Brant Knudson","email":"blk@acm.org","username":"blk-u"},"change_message_id":"9c6bcf6f9dc8f3617b6a185e66df3919e300e71d","unresolved":false,"context_lines":[{"line_number":405,"context_line":"                    {"},{"line_number":406,"context_line":"                        \"type\": \"cn\u003dIBM_Canada_Lab\","},{"line_number":407,"context_line":"                        \"not_any_of\": ["},{"line_number":408,"context_line":"                            \".*@naww.com$\""},{"line_number":409,"context_line":"                        ],"},{"line_number":410,"context_line":"                        \"regex\": true"},{"line_number":411,"context_line":"                    },"}],"source_content_type":"text/x-rst","patch_set":15,"id":"9a41bdd9_fd01676b","line":408,"updated":"2015-07-13 12:46:57.000000000","message":"if this matches partial string then .* isn\u0027t needed.\n\nAlso, since . is a special character in regex it needs to be escaped.","commit_id":"b53ce4883469a2129af6a2db279eaf429287c435"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"f41b2d58577bb1531308c19b585fa318f96b962c","unresolved":false,"context_lines":[{"line_number":405,"context_line":"                    {"},{"line_number":406,"context_line":"                        \"type\": \"cn\u003dIBM_Canada_Lab\","},{"line_number":407,"context_line":"                        \"not_any_of\": ["},{"line_number":408,"context_line":"                            \".*@naww.com$\""},{"line_number":409,"context_line":"                        ],"},{"line_number":410,"context_line":"                        \"regex\": true"},{"line_number":411,"context_line":"                    },"}],"source_content_type":"text/x-rst","patch_set":15,"id":"9a41bdd9_34ba816f","line":408,"in_reply_to":"9a41bdd9_fd01676b","updated":"2015-07-13 16:42:15.000000000","message":".* should be fine since:\n\n\".\" is any char except newline\n\"*\" is zero or more of the preceding element.\n\nJust trying to show regex syntax and trying to keep it consistent with /keystone/tests/unit/mapping_fixtures.py","commit_id":"b53ce4883469a2129af6a2db279eaf429287c435"},{"author":{"_account_id":6486,"name":"Brant Knudson","email":"blk@acm.org","username":"blk-u"},"change_message_id":"9c6bcf6f9dc8f3617b6a185e66df3919e300e71d","unresolved":false,"context_lines":[{"line_number":412,"context_line":"                    {"},{"line_number":413,"context_line":"                        \"type\": \"cn\u003dIBM_USA_Lab\","},{"line_number":414,"context_line":"                        \"any_one_of\": ["},{"line_number":415,"context_line":"                            \".*@yeah.com$\""},{"line_number":416,"context_line":"                        ]"},{"line_number":417,"context_line":"                        \"regex\": true"},{"line_number":418,"context_line":"                    }"}],"source_content_type":"text/x-rst","patch_set":15,"id":"9a41bdd9_5df3b39e","line":415,"updated":"2015-07-13 12:46:57.000000000","message":"if this matches partial string then .* isn\u0027t needed.\n\nAlso, since . is a special character in regex it needs to be escaped.","commit_id":"b53ce4883469a2129af6a2db279eaf429287c435"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"f41b2d58577bb1531308c19b585fa318f96b962c","unresolved":false,"context_lines":[{"line_number":412,"context_line":"                    {"},{"line_number":413,"context_line":"                        \"type\": \"cn\u003dIBM_USA_Lab\","},{"line_number":414,"context_line":"                        \"any_one_of\": ["},{"line_number":415,"context_line":"                            \".*@yeah.com$\""},{"line_number":416,"context_line":"                        ]"},{"line_number":417,"context_line":"                        \"regex\": true"},{"line_number":418,"context_line":"                    }"}],"source_content_type":"text/x-rst","patch_set":15,"id":"9a41bdd9_14b73d87","line":415,"in_reply_to":"9a41bdd9_5df3b39e","updated":"2015-07-13 16:42:15.000000000","message":".* should be fine since:\n\n\".\" is any char except newline\n\"*\" is zero or more of the preceding element.\n\nJust trying to show regex syntax and trying to keep it consistent with /keystone/tests/unit/mapping_fixtures.py","commit_id":"b53ce4883469a2129af6a2db279eaf429287c435"},{"author":{"_account_id":6486,"name":"Brant Knudson","email":"blk@acm.org","username":"blk-u"},"change_message_id":"17687381f2f575fb817c24ba5e529bf8823bbc30","unresolved":false,"context_lines":[{"line_number":434,"context_line":""},{"line_number":435,"context_line":"::"},{"line_number":436,"context_line":""},{"line_number":437,"context_line":"    any claim containing the key Email."},{"line_number":438,"context_line":"    any claim containing key cn\u003dIBM_Canada_Lab that doesn\u0027t have the value \u003cany_name\u003e@naww.com."},{"line_number":439,"context_line":"    any claim containing key cn\u003dIBM_USA_Lab that has value \u003cany_name\u003e@yeah.com."},{"line_number":440,"context_line":""}],"source_content_type":"text/x-rst","patch_set":15,"id":"ba3cc151_c9cc29be","line":437,"updated":"2015-07-10 00:44:42.000000000","message":"this should be a list not preformatted.","commit_id":"b53ce4883469a2129af6a2db279eaf429287c435"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"f41b2d58577bb1531308c19b585fa318f96b962c","unresolved":false,"context_lines":[{"line_number":434,"context_line":""},{"line_number":435,"context_line":"::"},{"line_number":436,"context_line":""},{"line_number":437,"context_line":"    any claim containing the key Email."},{"line_number":438,"context_line":"    any claim containing key cn\u003dIBM_Canada_Lab that doesn\u0027t have the value \u003cany_name\u003e@naww.com."},{"line_number":439,"context_line":"    any claim containing key cn\u003dIBM_USA_Lab that has value \u003cany_name\u003e@yeah.com."},{"line_number":440,"context_line":""}],"source_content_type":"text/x-rst","patch_set":15,"id":"9a41bdd9_93ee2321","line":437,"in_reply_to":"ba3cc151_c9cc29be","updated":"2015-07-13 16:42:15.000000000","message":"Changed to a list.","commit_id":"b53ce4883469a2129af6a2db279eaf429287c435"},{"author":{"_account_id":6486,"name":"Brant Knudson","email":"blk@acm.org","username":"blk-u"},"change_message_id":"17687381f2f575fb817c24ba5e529bf8823bbc30","unresolved":false,"context_lines":[{"line_number":518,"context_line":"The above shows all orgPersonType:"},{"line_number":519,"context_line":"::"},{"line_number":520,"context_line":""},{"line_number":521,"context_line":"    that are not Contractor or SubContractor will belong to the non-contractors group."},{"line_number":522,"context_line":"    that are Contractor or Subcontractor will belong to the contractors group."},{"line_number":523,"context_line":""}],"source_content_type":"text/x-rst","patch_set":15,"id":"ba3cc151_49b9f914","line":521,"updated":"2015-07-10 00:44:42.000000000","message":"I assume this is supposed to be a list not preformatted.","commit_id":"b53ce4883469a2129af6a2db279eaf429287c435"},{"author":{"_account_id":7725,"name":"David Stanek","email":"dstanek@dstanek.com","username":"dstanek"},"change_message_id":"9c4d736753be87c6096b0e3d4486dfe95a90ad07","unresolved":false,"context_lines":[{"line_number":518,"context_line":"The above shows all orgPersonType:"},{"line_number":519,"context_line":"::"},{"line_number":520,"context_line":""},{"line_number":521,"context_line":"    that are not Contractor or SubContractor will belong to the non-contractors group."},{"line_number":522,"context_line":"    that are Contractor or Subcontractor will belong to the contractors group."},{"line_number":523,"context_line":""}],"source_content_type":"text/x-rst","patch_set":15,"id":"ba3cc151_56e99be4","line":521,"updated":"2015-07-09 23:14:15.000000000","message":"This looks a little strange in the resulting HTML. Is it supposed to look like that?","commit_id":"b53ce4883469a2129af6a2db279eaf429287c435"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"f41b2d58577bb1531308c19b585fa318f96b962c","unresolved":false,"context_lines":[{"line_number":518,"context_line":"The above shows all orgPersonType:"},{"line_number":519,"context_line":"::"},{"line_number":520,"context_line":""},{"line_number":521,"context_line":"    that are not Contractor or SubContractor will belong to the non-contractors group."},{"line_number":522,"context_line":"    that are Contractor or Subcontractor will belong to the contractors group."},{"line_number":523,"context_line":""}],"source_content_type":"text/x-rst","patch_set":15,"id":"9a41bdd9_53817b49","line":521,"in_reply_to":"ba3cc151_49b9f914","updated":"2015-07-13 16:42:15.000000000","message":"Changed to a List.","commit_id":"b53ce4883469a2129af6a2db279eaf429287c435"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"9b8421c4405dbb36549bf18880c03c13f8583d78","unresolved":false,"context_lines":[{"line_number":230,"context_line":""},{"line_number":231,"context_line":".. NOTE::"},{"line_number":232,"context_line":""},{"line_number":233,"context_line":"    If the user id or name is missing when processing an assertion, the server tries to"},{"line_number":234,"context_line":"    directly map ``REMOTE_USER`` environment variable. If this variable is also unavailable"},{"line_number":235,"context_line":"    the server returns an HTTP 401 Unauthorized error."},{"line_number":236,"context_line":""}],"source_content_type":"text/x-rst","patch_set":16,"id":"9a41bdd9_abde100f","line":233,"updated":"2015-07-14 07:06:10.000000000","message":"s/or/and","commit_id":"2902faed219f9d908742629e075feed12f1b7d1b"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"73b92e9c374da135c1f9d74bc393c6cde6741c37","unresolved":false,"context_lines":[{"line_number":230,"context_line":""},{"line_number":231,"context_line":".. NOTE::"},{"line_number":232,"context_line":""},{"line_number":233,"context_line":"    If the user id or name is missing when processing an assertion, the server tries to"},{"line_number":234,"context_line":"    directly map ``REMOTE_USER`` environment variable. If this variable is also unavailable"},{"line_number":235,"context_line":"    the server returns an HTTP 401 Unauthorized error."},{"line_number":236,"context_line":""}],"source_content_type":"text/x-rst","patch_set":16,"id":"9a41bdd9_c9726511","line":233,"in_reply_to":"9a41bdd9_abde100f","updated":"2015-07-14 16:41:18.000000000","message":"Done","commit_id":"2902faed219f9d908742629e075feed12f1b7d1b"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"9b8421c4405dbb36549bf18880c03c13f8583d78","unresolved":false,"context_lines":[{"line_number":300,"context_line":"        \"name\":\u003cgroup-names\u003e,"},{"line_number":301,"context_line":"        \"domain\": \u003cgroup-domain\u003e"},{"line_number":302,"context_line":"      ]"},{"line_number":303,"context_line":"    }"},{"line_number":304,"context_line":""},{"line_number":305,"context_line":"``local``: If the user has domain specified, the user is treated as existing in"},{"line_number":306,"context_line":"the backend, hence the server will fetch user details (id, name, roles, groups)."}],"source_content_type":"text/x-rst","patch_set":16,"id":"9a41bdd9_4bc74445","line":303,"updated":"2015-07-14 07:06:10.000000000","message":"group_names wil be a list of dictionaries grouped per domain, for instance for input https://gist.github.com/zaccone/bcb3c4d221e9bd4d8364 and rules https://gist.github.com/zaccone/fc8a9f89f1ef41f74572 the result is: https://gist.github.com/zaccone/48d2d42ad2287e241751","commit_id":"2902faed219f9d908742629e075feed12f1b7d1b"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"73b92e9c374da135c1f9d74bc393c6cde6741c37","unresolved":false,"context_lines":[{"line_number":300,"context_line":"        \"name\":\u003cgroup-names\u003e,"},{"line_number":301,"context_line":"        \"domain\": \u003cgroup-domain\u003e"},{"line_number":302,"context_line":"      ]"},{"line_number":303,"context_line":"    }"},{"line_number":304,"context_line":""},{"line_number":305,"context_line":"``local``: If the user has domain specified, the user is treated as existing in"},{"line_number":306,"context_line":"the backend, hence the server will fetch user details (id, name, roles, groups)."}],"source_content_type":"text/x-rst","patch_set":16,"id":"9a41bdd9_e428b0e4","line":303,"in_reply_to":"9a41bdd9_4bc74445","updated":"2015-07-14 16:41:18.000000000","message":"Thanks for the info. I updated it and put 2 different domains in the example, that way the user can see multiple domains can be displayed.","commit_id":"2902faed219f9d908742629e075feed12f1b7d1b"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"5e58a2b075dd43091bb5c0d36a58ed49f25e6112","unresolved":false,"context_lines":[{"line_number":149,"context_line":""},{"line_number":150,"context_line":"        - Mapping to user with the name matching the value in remote attribute OS_FIRST_NAME"},{"line_number":151,"context_line":"        - Mapping to user with the name matching the value in remote attribute OS_LAST_NAME"},{"line_number":152,"context_line":"        - Mapping to user with the email matching value in remote attribute OS_EMAIL"},{"line_number":153,"context_line":"        - Mapping to a group(s) with the name matching the value(s) in remote attribute OIDC_GROUPS"},{"line_number":154,"context_line":""},{"line_number":155,"context_line":"    Groups can have multiple values. Each value must be separated by a `;`"}],"source_content_type":"text/x-rst","patch_set":17,"id":"9a41bdd9_0856b905","line":152,"updated":"2015-07-15 20:36:08.000000000","message":"Why OS_* here where in rules you read FirstName, LastName, Email parameters.....","commit_id":"08b106413340bae632efd71522d8b5a686e99515"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"b06d6b43c1babf62b207f3c9548a1848373df4b3","unresolved":false,"context_lines":[{"line_number":149,"context_line":""},{"line_number":150,"context_line":"        - Mapping to user with the name matching the value in remote attribute OS_FIRST_NAME"},{"line_number":151,"context_line":"        - Mapping to user with the name matching the value in remote attribute OS_LAST_NAME"},{"line_number":152,"context_line":"        - Mapping to user with the email matching value in remote attribute OS_EMAIL"},{"line_number":153,"context_line":"        - Mapping to a group(s) with the name matching the value(s) in remote attribute OIDC_GROUPS"},{"line_number":154,"context_line":""},{"line_number":155,"context_line":"    Groups can have multiple values. Each value must be separated by a `;`"}],"source_content_type":"text/x-rst","patch_set":17,"id":"9a41bdd9_7892ae4d","line":152,"in_reply_to":"9a41bdd9_0856b905","updated":"2015-07-15 22:06:23.000000000","message":"Done","commit_id":"08b106413340bae632efd71522d8b5a686e99515"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"5e58a2b075dd43091bb5c0d36a58ed49f25e6112","unresolved":false,"context_lines":[{"line_number":230,"context_line":""},{"line_number":231,"context_line":".. NOTE::"},{"line_number":232,"context_line":""},{"line_number":233,"context_line":"    If the user ids and/or names are missing when processing an assertion, the server tries to"},{"line_number":234,"context_line":"    directly map ``REMOTE_USER`` environment variable. If this variable is also unavailable"},{"line_number":235,"context_line":"    the server returns an HTTP 401 Unauthorized error."},{"line_number":236,"context_line":""}],"source_content_type":"text/x-rst","patch_set":17,"id":"9a41bdd9_08f23906","line":233,"updated":"2015-07-15 20:36:08.000000000","message":"If the user id and name are not specified in the mapping, the server tries [...]","commit_id":"08b106413340bae632efd71522d8b5a686e99515"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"b06d6b43c1babf62b207f3c9548a1848373df4b3","unresolved":false,"context_lines":[{"line_number":230,"context_line":""},{"line_number":231,"context_line":".. NOTE::"},{"line_number":232,"context_line":""},{"line_number":233,"context_line":"    If the user ids and/or names are missing when processing an assertion, the server tries to"},{"line_number":234,"context_line":"    directly map ``REMOTE_USER`` environment variable. If this variable is also unavailable"},{"line_number":235,"context_line":"    the server returns an HTTP 401 Unauthorized error."},{"line_number":236,"context_line":""}],"source_content_type":"text/x-rst","patch_set":17,"id":"9a41bdd9_e5713b0d","line":233,"in_reply_to":"9a41bdd9_08f23906","updated":"2015-07-15 22:06:23.000000000","message":"Done","commit_id":"08b106413340bae632efd71522d8b5a686e99515"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"5e58a2b075dd43091bb5c0d36a58ed49f25e6112","unresolved":false,"context_lines":[{"line_number":330,"context_line":""},{"line_number":331,"context_line":"``Federated``: If no domain is specified in the local rule, user is deemed"},{"line_number":332,"context_line":"ephemeral and becomes a member of service domain named ``Federated``."},{"line_number":333,"context_line":""},{"line_number":334,"context_line":".. NOTE::"},{"line_number":335,"context_line":""},{"line_number":336,"context_line":"    `group_ids` and/or `group_names` will only be displayed if they were set in the"}],"source_content_type":"text/x-rst","patch_set":17,"id":"9a41bdd9_889e4961","line":333,"updated":"2015-07-15 20:36:08.000000000","message":"you are mixing two things here.\n\nPlease specify and explain \"type\" parameter:\n\ntype:\nlocal - \nephemeral -\n\nand later specify service domain \u0027Federated\u0027.","commit_id":"08b106413340bae632efd71522d8b5a686e99515"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"b06d6b43c1babf62b207f3c9548a1848373df4b3","unresolved":false,"context_lines":[{"line_number":330,"context_line":""},{"line_number":331,"context_line":"``Federated``: If no domain is specified in the local rule, user is deemed"},{"line_number":332,"context_line":"ephemeral and becomes a member of service domain named ``Federated``."},{"line_number":333,"context_line":""},{"line_number":334,"context_line":".. NOTE::"},{"line_number":335,"context_line":""},{"line_number":336,"context_line":"    `group_ids` and/or `group_names` will only be displayed if they were set in the"}],"source_content_type":"text/x-rst","patch_set":17,"id":"9a41bdd9_58b6caf9","line":333,"in_reply_to":"9a41bdd9_889e4961","updated":"2015-07-15 22:06:23.000000000","message":"I see. gotcha.","commit_id":"08b106413340bae632efd71522d8b5a686e99515"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"5e58a2b075dd43091bb5c0d36a58ed49f25e6112","unresolved":false,"context_lines":[{"line_number":334,"context_line":".. NOTE::"},{"line_number":335,"context_line":""},{"line_number":336,"context_line":"    `group_ids` and/or `group_names` will only be displayed if they were set in the"},{"line_number":337,"context_line":"    rules under `local`, otherwise they will be empty."},{"line_number":338,"context_line":""},{"line_number":339,"context_line":"Regular Expressions"},{"line_number":340,"context_line":"-------------------"}],"source_content_type":"text/x-rst","patch_set":17,"id":"9a41bdd9_4892814d","line":337,"updated":"2015-07-15 20:36:08.000000000","message":"so, even if empty they will still be displayed :P","commit_id":"08b106413340bae632efd71522d8b5a686e99515"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"b06d6b43c1babf62b207f3c9548a1848373df4b3","unresolved":false,"context_lines":[{"line_number":334,"context_line":".. NOTE::"},{"line_number":335,"context_line":""},{"line_number":336,"context_line":"    `group_ids` and/or `group_names` will only be displayed if they were set in the"},{"line_number":337,"context_line":"    rules under `local`, otherwise they will be empty."},{"line_number":338,"context_line":""},{"line_number":339,"context_line":"Regular Expressions"},{"line_number":340,"context_line":"-------------------"}],"source_content_type":"text/x-rst","patch_set":17,"id":"9a41bdd9_a5bc93bb","line":337,"in_reply_to":"9a41bdd9_4892814d","updated":"2015-07-15 22:06:23.000000000","message":"gotcha :)/. I\u0027ll remove this","commit_id":"08b106413340bae632efd71522d8b5a686e99515"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"5e58a2b075dd43091bb5c0d36a58ed49f25e6112","unresolved":false,"context_lines":[{"line_number":380,"context_line":""},{"line_number":381,"context_line":"    {\"cn\u003dIBM_Canada_Lab\":\"\u003cany_name\u003e@yeah.com\"}"},{"line_number":382,"context_line":"    {\"cn\u003dIBM_USA_Lab\":\"\u003cany_name\u003e@yeah.com\"}"},{"line_number":383,"context_line":""},{"line_number":384,"context_line":"Condition Combinations"},{"line_number":385,"context_line":"----------------------"},{"line_number":386,"context_line":""}],"source_content_type":"text/x-rst","patch_set":17,"id":"9a41bdd9_3359ae35","line":383,"updated":"2015-07-15 20:36:08.000000000","message":"remove this code block, imho it doesn\u0027t bring anything and is more confusing.","commit_id":"08b106413340bae632efd71522d8b5a686e99515"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"b06d6b43c1babf62b207f3c9548a1848373df4b3","unresolved":false,"context_lines":[{"line_number":380,"context_line":""},{"line_number":381,"context_line":"    {\"cn\u003dIBM_Canada_Lab\":\"\u003cany_name\u003e@yeah.com\"}"},{"line_number":382,"context_line":"    {\"cn\u003dIBM_USA_Lab\":\"\u003cany_name\u003e@yeah.com\"}"},{"line_number":383,"context_line":""},{"line_number":384,"context_line":"Condition Combinations"},{"line_number":385,"context_line":"----------------------"},{"line_number":386,"context_line":""}],"source_content_type":"text/x-rst","patch_set":17,"id":"9a41bdd9_25e64315","line":383,"in_reply_to":"9a41bdd9_3359ae35","updated":"2015-07-15 22:06:23.000000000","message":"Done","commit_id":"08b106413340bae632efd71522d8b5a686e99515"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"5e58a2b075dd43091bb5c0d36a58ed49f25e6112","unresolved":false,"context_lines":[{"line_number":387,"context_line":"Combinations of mappings conditions can also be done."},{"line_number":388,"context_line":""},{"line_number":389,"context_line":"``empty``, ``any_one_of``, and ``not_any_of`` can all be used in the same rule,"},{"line_number":390,"context_line":"but cannot be repeated within that rule. ``any_one_of`` and ``not_any_of`` are"},{"line_number":391,"context_line":"mutually exclusive.``whitelist`` and ``blacklist`` cannot be used together."},{"line_number":392,"context_line":""},{"line_number":393,"context_line":".. code-block:: javascript"}],"source_content_type":"text/x-rst","patch_set":17,"id":"9a41bdd9_938f5a74","line":390,"updated":"2015-07-15 20:36:08.000000000","message":"[...] cannot be repeated withing same condition.","commit_id":"08b106413340bae632efd71522d8b5a686e99515"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"b06d6b43c1babf62b207f3c9548a1848373df4b3","unresolved":false,"context_lines":[{"line_number":387,"context_line":"Combinations of mappings conditions can also be done."},{"line_number":388,"context_line":""},{"line_number":389,"context_line":"``empty``, ``any_one_of``, and ``not_any_of`` can all be used in the same rule,"},{"line_number":390,"context_line":"but cannot be repeated within that rule. ``any_one_of`` and ``not_any_of`` are"},{"line_number":391,"context_line":"mutually exclusive.``whitelist`` and ``blacklist`` cannot be used together."},{"line_number":392,"context_line":""},{"line_number":393,"context_line":".. code-block:: javascript"}],"source_content_type":"text/x-rst","patch_set":17,"id":"9a41bdd9_42afbd7c","line":390,"in_reply_to":"9a41bdd9_938f5a74","updated":"2015-07-15 22:06:23.000000000","message":"Done","commit_id":"08b106413340bae632efd71522d8b5a686e99515"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"5e58a2b075dd43091bb5c0d36a58ed49f25e6112","unresolved":false,"context_lines":[{"line_number":441,"context_line":""},{"line_number":442,"context_line":"The following claims will be mapped:"},{"line_number":443,"context_line":""},{"line_number":444,"context_line":"- any claim containing the key Email."},{"line_number":445,"context_line":"- any claim containing key cn\u003dIBM_Canada_Lab that doesn\u0027t have the value \u003cany_name\u003e@naww.com."},{"line_number":446,"context_line":"- any claim containing key cn\u003dIBM_USA_Lab that has value \u003cany_name\u003e@yeah.com."},{"line_number":447,"context_line":""}],"source_content_type":"text/x-rst","patch_set":17,"id":"9a41bdd9_5361d2a7","line":444,"updated":"2015-07-15 20:36:08.000000000","message":"UserType, not Email.","commit_id":"08b106413340bae632efd71522d8b5a686e99515"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"b06d6b43c1babf62b207f3c9548a1848373df4b3","unresolved":false,"context_lines":[{"line_number":441,"context_line":""},{"line_number":442,"context_line":"The following claims will be mapped:"},{"line_number":443,"context_line":""},{"line_number":444,"context_line":"- any claim containing the key Email."},{"line_number":445,"context_line":"- any claim containing key cn\u003dIBM_Canada_Lab that doesn\u0027t have the value \u003cany_name\u003e@naww.com."},{"line_number":446,"context_line":"- any claim containing key cn\u003dIBM_USA_Lab that has value \u003cany_name\u003e@yeah.com."},{"line_number":447,"context_line":""}],"source_content_type":"text/x-rst","patch_set":17,"id":"9a41bdd9_2294f940","line":444,"in_reply_to":"9a41bdd9_5361d2a7","updated":"2015-07-15 22:06:23.000000000","message":"Done","commit_id":"08b106413340bae632efd71522d8b5a686e99515"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"c44b0b8c1684f187c170bdc456829f75e58f83b8","unresolved":false,"context_lines":[{"line_number":98,"context_line":"    ``empty``, ``blacklist`` and ``whitelist`` are the only conditions that can"},{"line_number":99,"context_line":"    be used in direct mapping ({0}, {1}, etc.)"},{"line_number":100,"context_line":""},{"line_number":101,"context_line":"You can combine multiple conditions in a single rule.The schema that needs to be"},{"line_number":102,"context_line":"followed for the mapping rules can be seen in the :doc:`mapping_schema` page."},{"line_number":103,"context_line":""},{"line_number":104,"context_line":"Mappings Examples"}],"source_content_type":"text/x-rst","patch_set":19,"id":"3a50d1a3_046fe82b","line":101,"updated":"2015-07-21 18:09:40.000000000","message":"space after period here","commit_id":"0a7a03836835b32a45236013e3d3d1bbd82399dc"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"83d36e9777680c59456672342cd3b3bd87ddf349","unresolved":false,"context_lines":[{"line_number":98,"context_line":"    ``empty``, ``blacklist`` and ``whitelist`` are the only conditions that can"},{"line_number":99,"context_line":"    be used in direct mapping ({0}, {1}, etc.)"},{"line_number":100,"context_line":""},{"line_number":101,"context_line":"You can combine multiple conditions in a single rule.The schema that needs to be"},{"line_number":102,"context_line":"followed for the mapping rules can be seen in the :doc:`mapping_schema` page."},{"line_number":103,"context_line":""},{"line_number":104,"context_line":"Mappings Examples"}],"source_content_type":"text/x-rst","patch_set":19,"id":"3a50d1a3_610a427b","line":101,"in_reply_to":"3a50d1a3_046fe82b","updated":"2015-07-22 07:14:23.000000000","message":"Done","commit_id":"0a7a03836835b32a45236013e3d3d1bbd82399dc"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"c44b0b8c1684f187c170bdc456829f75e58f83b8","unresolved":false,"context_lines":[{"line_number":390,"context_line":""},{"line_number":391,"context_line":"``empty``, ``any_one_of``, and ``not_any_of`` can all be used in the same rule,"},{"line_number":392,"context_line":"but cannot be repeated within the same condition. ``any_one_of`` and"},{"line_number":393,"context_line":"``not_any_of`` are mutually exclusive within a condition\u0027s scope .So are"},{"line_number":394,"context_line":"``whitelist`` and ``blacklist``."},{"line_number":395,"context_line":""},{"line_number":396,"context_line":".. code-block:: javascript"}],"source_content_type":"text/x-rst","patch_set":19,"id":"3a50d1a3_e44afcab","line":393,"updated":"2015-07-21 18:09:40.000000000","message":"nit: space after period here","commit_id":"0a7a03836835b32a45236013e3d3d1bbd82399dc"},{"author":{"_account_id":8978,"name":"Marek Denis","email":"marek.denis+openstack@gmail.com","username":"marek-denis"},"change_message_id":"83d36e9777680c59456672342cd3b3bd87ddf349","unresolved":false,"context_lines":[{"line_number":390,"context_line":""},{"line_number":391,"context_line":"``empty``, ``any_one_of``, and ``not_any_of`` can all be used in the same rule,"},{"line_number":392,"context_line":"but cannot be repeated within the same condition. ``any_one_of`` and"},{"line_number":393,"context_line":"``not_any_of`` are mutually exclusive within a condition\u0027s scope .So are"},{"line_number":394,"context_line":"``whitelist`` and ``blacklist``."},{"line_number":395,"context_line":""},{"line_number":396,"context_line":".. code-block:: javascript"}],"source_content_type":"text/x-rst","patch_set":19,"id":"3a50d1a3_e12df2a8","line":393,"in_reply_to":"3a50d1a3_e44afcab","updated":"2015-07-22 07:14:23.000000000","message":"Done","commit_id":"0a7a03836835b32a45236013e3d3d1bbd82399dc"}],"doc/source/mapping_schema.rst":[{"author":{"_account_id":11022,"name":"Rodrigo Duarte Sousa","email":"rodrigodsousa@gmail.com","username":"rodrigods"},"change_message_id":"01cabc4fa02ec82584490ad7808073dff722b9c2","unresolved":false,"context_lines":[{"line_number":21,"context_line":"The schema for mapping is a description of how a mapping should be created."},{"line_number":22,"context_line":"It shows all the requirements and possibilities for a json to be used for mapping."},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"Mapping Schema"},{"line_number":25,"context_line":"--------------"},{"line_number":26,"context_line":""},{"line_number":27,"context_line":"The rules supported must use the following schema:"}],"source_content_type":"text/x-rst","patch_set":7,"id":"fa32b979_d3ec64f5","line":24,"updated":"2015-06-23 09:04:54.000000000","message":"some of the attributes in the schema can be not straight forward to understand. What do you think about providing a help section that will briefly explain these attributes?\n\nFor example, what means \"additionalProperties\": False ?","commit_id":"32fe07fc268167d575b69660213dbba4068c4d5f"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"8be2999cd204f2837c057ea27649f25d44e12b24","unresolved":false,"context_lines":[{"line_number":21,"context_line":"The schema for mapping is a description of how a mapping should be created."},{"line_number":22,"context_line":"It shows all the requirements and possibilities for a json to be used for mapping."},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"Mapping Schema"},{"line_number":25,"context_line":"--------------"},{"line_number":26,"context_line":""},{"line_number":27,"context_line":"The rules supported must use the following schema:"}],"source_content_type":"text/x-rst","patch_set":7,"id":"fa32b979_a91353b7","line":24,"in_reply_to":"fa32b979_d3ec64f5","updated":"2015-06-23 18:33:31.000000000","message":"Added information about additionalProperties. Should I add info on all aspects of how a json schema works?","commit_id":"32fe07fc268167d575b69660213dbba4068c4d5f"},{"author":{"_account_id":11022,"name":"Rodrigo Duarte Sousa","email":"rodrigodsousa@gmail.com","username":"rodrigods"},"change_message_id":"54e7101ead502f99ef7effa24628d411f40d61a1","unresolved":false,"context_lines":[{"line_number":154,"context_line":"            }"},{"line_number":155,"context_line":""},{"line_number":156,"context_line":"    if any other properties other than type and whitelist are added, then"},{"line_number":157,"context_line":"    the json file will be invalid."}],"source_content_type":"text/x-rst","patch_set":9,"id":"fa32b979_1e2d70a7","line":157,"updated":"2015-06-25 16:03:51.000000000","message":"great explanation!","commit_id":"0b05ac11a83dadf573134dbcb91498bd66c8deb5"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"9c9520f8b498da04dec117a2833e0730eb30c89d","unresolved":false,"context_lines":[{"line_number":154,"context_line":"            }"},{"line_number":155,"context_line":""},{"line_number":156,"context_line":"    if any other properties other than type and whitelist are added, then"},{"line_number":157,"context_line":"    the json file will be invalid."}],"source_content_type":"text/x-rst","patch_set":9,"id":"fa32b979_85f047fe","line":157,"in_reply_to":"fa32b979_1e2d70a7","updated":"2015-06-25 21:06:28.000000000","message":"Awesome, Thanks!!!!","commit_id":"0b05ac11a83dadf573134dbcb91498bd66c8deb5"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"c4949cb52539b574ebef43f09397c1f99fb3e4c6","unresolved":false,"context_lines":[{"line_number":19,"context_line":"-----------"},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"The schema for mapping is a description of how a mapping should be created."},{"line_number":22,"context_line":"It shows all the requirements and possibilities for a json to be used for mapping."},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"Mapping Schema"},{"line_number":25,"context_line":"--------------"}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_2d4f93be","line":22,"updated":"2015-06-30 15:40:23.000000000","message":"JSON*","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"113e848c01df03c6e8e9e680b97648deb9010e29","unresolved":false,"context_lines":[{"line_number":19,"context_line":"-----------"},{"line_number":20,"context_line":""},{"line_number":21,"context_line":"The schema for mapping is a description of how a mapping should be created."},{"line_number":22,"context_line":"It shows all the requirements and possibilities for a json to be used for mapping."},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"Mapping Schema"},{"line_number":25,"context_line":"--------------"}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_af905e44","line":22,"in_reply_to":"ba3cc151_2d4f93be","updated":"2015-07-01 19:28:53.000000000","message":"Done","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"c4949cb52539b574ebef43f09397c1f99fb3e4c6","unresolved":false,"context_lines":[{"line_number":26,"context_line":""},{"line_number":27,"context_line":"The rules supported must use the following schema:"},{"line_number":28,"context_line":""},{"line_number":29,"context_line":".. code-block:: json"},{"line_number":30,"context_line":""},{"line_number":31,"context_line":"    {"},{"line_number":32,"context_line":"        \"type\": \"object\","}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_ad83a3cb","line":29,"updated":"2015-06-30 15:40:23.000000000","message":"so \u0027json\u0027 isn\u0027t a supported code-block, but \u0027javascript\u0027 is, suggest renaming them all to \u0027javascript\u0027","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"113e848c01df03c6e8e9e680b97648deb9010e29","unresolved":false,"context_lines":[{"line_number":26,"context_line":""},{"line_number":27,"context_line":"The rules supported must use the following schema:"},{"line_number":28,"context_line":""},{"line_number":29,"context_line":".. code-block:: json"},{"line_number":30,"context_line":""},{"line_number":31,"context_line":"    {"},{"line_number":32,"context_line":"        \"type\": \"object\","}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_cf93624e","line":29,"in_reply_to":"ba3cc151_ad83a3cb","updated":"2015-07-01 19:28:53.000000000","message":"Done","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":6482,"name":"Steve Martinelli","email":"s.martinelli@gmail.com","username":"stevemar"},"change_message_id":"c4949cb52539b574ebef43f09397c1f99fb3e4c6","unresolved":false,"context_lines":[{"line_number":135,"context_line":""},{"line_number":136,"context_line":".. NOTE::"},{"line_number":137,"context_line":""},{"line_number":138,"context_line":"    \"additionalProperties\": False, shows that only the properties shown can be displayed."},{"line_number":139,"context_line":""},{"line_number":140,"context_line":"    .. code-block:: json"},{"line_number":141,"context_line":""}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_cdeb8777","line":138,"updated":"2015-06-30 15:40:23.000000000","message":"maybe combine the two sentences?\n\nBy setting ``additionalProperties`` to False, Keystone will not accept any other keys in the JSON mapping. only ``type``, ``whitelist``, ``blacklist``, ``any_one_of```, ``not_any_of``, and ``regex`` are supported.","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"113e848c01df03c6e8e9e680b97648deb9010e29","unresolved":false,"context_lines":[{"line_number":135,"context_line":""},{"line_number":136,"context_line":".. NOTE::"},{"line_number":137,"context_line":""},{"line_number":138,"context_line":"    \"additionalProperties\": False, shows that only the properties shown can be displayed."},{"line_number":139,"context_line":""},{"line_number":140,"context_line":"    .. code-block:: json"},{"line_number":141,"context_line":""}],"source_content_type":"text/x-rst","patch_set":12,"id":"ba3cc151_8fd55aba","line":138,"in_reply_to":"ba3cc151_cdeb8777","updated":"2015-07-01 19:28:53.000000000","message":"I was thinking, if we combine them we may confuse the reader with which additional Properties in the schema we are referring to. I think there should just be a specific example. I altered it either way to make it easier to understand. We can talk about it.","commit_id":"ad64202bda21f708d4eab56d634dcd6fc3ac4aa3"},{"author":{"_account_id":7725,"name":"David Stanek","email":"dstanek@dstanek.com","username":"dstanek"},"change_message_id":"9c4d736753be87c6096b0e3d4486dfe95a90ad07","unresolved":false,"context_lines":[{"line_number":135,"context_line":""},{"line_number":136,"context_line":".. NOTE::"},{"line_number":137,"context_line":""},{"line_number":138,"context_line":"    \"additionalProperties\": False, shows that only the properties shown can be displayed."},{"line_number":139,"context_line":""},{"line_number":140,"context_line":"    .. code-block:: javascript"},{"line_number":141,"context_line":""}],"source_content_type":"text/x-rst","patch_set":15,"id":"ba3cc151_11e55d36","line":138,"updated":"2015-07-09 23:14:15.000000000","message":"(nit) i think the code here should be wrapped in `` ``.","commit_id":"b53ce4883469a2129af6a2db279eaf429287c435"},{"author":{"_account_id":16046,"name":"Fernando Diaz","email":"diazjf@us.ibm.com","username":"diazjf"},"change_message_id":"f41b2d58577bb1531308c19b585fa318f96b962c","unresolved":false,"context_lines":[{"line_number":135,"context_line":""},{"line_number":136,"context_line":".. NOTE::"},{"line_number":137,"context_line":""},{"line_number":138,"context_line":"    \"additionalProperties\": False, shows that only the properties shown can be displayed."},{"line_number":139,"context_line":""},{"line_number":140,"context_line":"    .. code-block:: javascript"},{"line_number":141,"context_line":""}],"source_content_type":"text/x-rst","patch_set":15,"id":"9a41bdd9_185c704a","line":138,"in_reply_to":"ba3cc151_11e55d36","updated":"2015-07-13 16:42:15.000000000","message":"Done","commit_id":"b53ce4883469a2129af6a2db279eaf429287c435"}]}