openstack
/
keystone
Code Issues Proposed changes

Merge "Clarify documentation on whitelists and blacklists"

This commit is contained in:
Jenkins 2017-08-03 00:18:27 +00:00 committed by Gerrit Code Review
parent 9f03a88fdf 0331a11842
commit bba90f6157
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
doc/source/advanced-topics/federation/mapping_combinations.rst
View File

@ -208,12 +208,14 @@ is passed as input.
in the remote attribute type. Condition result is boolean, not the argument that
is passed as input.
``blacklist``: The rule allows all except a specified set of groups. Condition
result is the argument(s) passed as input minus what was matched in the
blacklist.
``blacklist``: This rule removes all groups matched from the assertion. It is
not intended to be used as a way to prevent users, or groups of users, from
accessing the service provider. The output from filtering through a blacklist
will be all groups from the assertion that were not listed in the blacklist.
``whitelist``: The rules allows a specified set of groups. Condition result is
the argument(s) passed as input and is/are also present in the whitelist.
``whitelist``: This rule explicitly states which groups should be carried over
from the assertion. The result is the groups present in the assertion and in
the whitelist.
.. NOTE::