Project description

Globus Identity Mapper

The Globus Identity Mapper Python library provides two mapping classes that implement configurable hooks for mapping a Globus Auth Identity resource to an application- or context-specific username:

ExpressionIdentityMapping
ExternalIdentityMapping

Additionally, the library offers a protocol for implementing custom identity mapper logic:

IdentityMappingProtocol

Most consumers of this library will make use of a mapping configuration document, the .from_mapping_document() method to instantiate the appropriate class, and then call .map_identity() or .map_identities() thereafter. This enables administrators to dynamically specify their desired mapping configuration without having to resort to typing Python code. For example, a simple mapping configuration to use the ExpressionIdentityMapping logic to follow the rules as documented at Globus Connect Server, Identity Mapping might be:

{
  "DATA_TYPE": "expression_identity_mapping#1.0.0",
  "mappings": [
    {
      "source": "{email}", "match": "(.*)@example\\.org", "output": "{0}"
    }
  ]
}

A hard-coded class instantiation might look like:

>>> import json
>>> from globus_identity_mapping import ExpressionIdentityMapping
>>> fdata = open("example_configuration.json").read()
>>> mapping_document = json.loads(fdata)
>>> connector_id = "..."  # see the Identity Mapping Guide, linked above
>>> storage_gateway = "application-specific-identifier"
>>> mapper = ExpressionIdentityMapping.from_mapping_document(
...   mapping_document, storage_gateway=storage_gateway, connector_id=connector_id
... )

Thereafter, the mapper may be used to find a context-aware username by mapping the source field of email from a Globus Auth Identity record via the regular expression logic. (In the above example, the hostname is stripped to determine the application-specific username.) Example:

>>> gair = {"id": "...", "sub": "...", "email": "billy@example.org", "name": "..."}
>>> mapper.map_identity(gair)
'billy'

For more serious library usage, implements may want to look at globus_identity_mapping.loader.load_mappers

Development

The high level bits:

uses Poetry (pyproject.toml)
uses tox
- tox - enough to run all tests
- tox -e mypy to run mypy
Reminder to install pre-commit at your first checkout: pre-commit --install

Project details

These details have not been verified by PyPI

View statistics for this project via Libraries.io, or by using our public dataset on Google BigQuery

Release history Release notifications | RSS feed

This version

0.3.0

Mar 1, 2024

0.2.0

Jan 4, 2024

0.1.0

Oct 31, 2023

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

globus_identity_mapping-0.3.0.tar.gz (21.3 kB view hashes)

Uploaded Mar 1, 2024 Source

Built Distribution

globus_identity_mapping-0.3.0-py3-none-any.whl (26.3 kB view hashes)

Uploaded Mar 1, 2024 Python 3

Hashes for globus_identity_mapping-0.3.0.tar.gz

Hashes for globus_identity_mapping-0.3.0.tar.gz
Algorithm	Hash digest
SHA256	`6b5981bd991e5dc52b6dd8ac95463e07db26068117713cce724abd61357d76e7`
MD5	`dfcdd22f1549442e5450f42d47179955`
BLAKE2b-256	`c14c7b76ee7076a9bd00cacc018e1f428069574108e9bcac13c2766995543c57`

Hashes for globus_identity_mapping-0.3.0-py3-none-any.whl

Hashes for globus_identity_mapping-0.3.0-py3-none-any.whl
Algorithm	Hash digest
SHA256	`336f1da95ea15d8cb9c575b7c3ecb89ad019a4766f16d3c8e81ec8f921f14c17`
MD5	`665af64c7f9ce1c921d528dcdb7bea12`
BLAKE2b-256	`920e6b28699d5553bb4e875e1d632d9a6b6b12e8758bb3c4bd1f91ed3e651775`