def create_trust(trustor,
trustee,
role_names,
impersonation=True,
project_id=None):
'''Create a trust and return it's identifier
:param trustor: The Keystone client delegating the trust.
:param trustee: The Keystone client consuming the trust.
:param role_names: A list of role names to be assigned.
:param impersonation: Should the trustee impersonate trustor,
default is True.
:param project_id: The project that the trust will be scoped into,
default is the trustor's project id.
:returns: A valid trust id.
:raises CreationFailed: If the trust cannot be created.
'''
if project_id is None:
project_id = trustor.tenant_id
try:
trust = trustor.trusts.create(trustor_user=trustor.user_id,
trustee_user=trustee.user_id,
impersonation=impersonation,
role_names=role_names,
project=project_id)
LOG.debug('Created trust {0}'.format(six.text_type(trust.id)))
return trust.id
except Exception as e:
LOG.exception(_LE('Unable to create trust (reason: %s)'), e)
raise ex.CreationFailed(_('Failed to create trust'))
def create_trust(trustor,
trustee,
role_names,
impersonation=True,
project_id=None,
allow_redelegation=False):
'''Create a trust and return it's identifier
:param trustor: The user delegating the trust, this is an auth plugin.
:param trustee: The user consuming the trust, this is an auth plugin.
:param role_names: A list of role names to be assigned.
:param impersonation: Should the trustee impersonate trustor,
default is True.
:param project_id: The project that the trust will be scoped into,
default is the trustor's project id.
:param allow_redelegation: Allow redelegation parameter for cluster
trusts.
:returns: A valid trust id.
:raises CreationFailed: If the trust cannot be created.
'''
if project_id is None:
project_id = keystone.project_id_from_auth(trustor)
try:
trustor_user_id = keystone.user_id_from_auth(trustor)
trustee_user_id = keystone.user_id_from_auth(trustee)
client = keystone.client_from_auth(trustor)
trust = client.trusts.create(trustor_user=trustor_user_id,
trustee_user=trustee_user_id,
impersonation=impersonation,
role_names=role_names,
project=project_id,
allow_redelegation=allow_redelegation)
LOG.debug('Created trust {trust_id}'.format(
trust_id=six.text_type(trust.id)))
return trust.id
except Exception as e:
LOG.error(
_LE('Unable to create trust (reason: {reason})').format(reason=e))
raise ex.CreationFailed(_('Failed to create trust'))