def create_trust(trustor,
trustee,
role_names,
impersonation=True,
project_id=None,
allow_redelegation=False):
'''Create a trust and return it's identifier
:param trustor: The user delegating the trust, this is an auth plugin.
:param trustee: The user consuming the trust, this is an auth plugin.
:param role_names: A list of role names to be assigned.
:param impersonation: Should the trustee impersonate trustor,
default is True.
:param project_id: The project that the trust will be scoped into,
default is the trustor's project id.
:param allow_redelegation: Allow redelegation parameter for cluster
trusts.
:returns: A valid trust id.
:raises CreationFailed: If the trust cannot be created.
'''
if project_id is None:
project_id = keystone.project_id_from_auth(trustor)
try:
trustor_user_id = keystone.user_id_from_auth(trustor)
trustee_user_id = keystone.user_id_from_auth(trustee)
client = keystone.client_from_auth(trustor)
trust = client.trusts.create(trustor_user=trustor_user_id,
trustee_user=trustee_user_id,
impersonation=impersonation,
role_names=role_names,
project=project_id,
allow_redelegation=allow_redelegation)
LOG.debug('Created trust {trust_id}'.format(
trust_id=six.text_type(trust.id)))
return trust.id
except Exception as e:
LOG.error(
_LE('Unable to create trust (reason: {reason})').format(reason=e))
raise ex.CreationFailed(_('Failed to create trust'))
def delete_trust(trustee, trust_id):
"""Delete a trust from a trustee
:param trustee: The user to delete the trust from, this is an auth plugin.
:param trust_id: The identifier of the trust to delete.
:raises DeletionFailed: If the trust cannot be deleted.
"""
try:
client = keystone.client_from_auth(trustee)
client.trusts.delete(trust_id)
LOG.debug("Deleted trust {trust_id}".format(trust_id=six.text_type(trust_id)))
except Exception as e:
LOG.error(_LE("Unable to delete trust (reason: {reason})").format(reason=e))
raise ex.DeletionFailed(_("Failed to delete trust {0}").format(trust_id))
def create_trust(trustor, trustee, role_names, impersonation=True,
project_id=None, expires=True):
'''Create a trust and return it's identifier
:param trustor: The user delegating the trust, this is an auth plugin.
:param trustee: The user consuming the trust, this is an auth plugin.
:param role_names: A list of role names to be assigned.
:param impersonation: Should the trustee impersonate trustor,
default is True.
:param project_id: The project that the trust will be scoped into,
default is the trustor's project id.
:param expires: The trust will expire if this is set to True.
:returns: A valid trust id.
:raises CreationFailed: If the trust cannot be created.
'''
if project_id is None:
project_id = keystone.project_id_from_auth(trustor)
try:
expires_at = _get_expiry() if expires else None
trustor_user_id = keystone.user_id_from_auth(trustor)
trustee_user_id = keystone.user_id_from_auth(trustee)
client = keystone.client_from_auth(trustor)
trust = client.trusts.create(trustor_user=trustor_user_id,
trustee_user=trustee_user_id,
impersonation=impersonation,
role_names=role_names,
project=project_id,
expires_at=expires_at)
LOG.debug('Created trust {trust_id}'.format(
trust_id=six.text_type(trust.id)))
return trust.id
except Exception as e:
LOG.error(_LE('Unable to create trust (reason: {reason})').format(
reason=e))
raise ex.CreationFailed(_('Failed to create trust'))
def delete_trust(trustee, trust_id):
'''Delete a trust from a trustee
:param trustee: The user to delete the trust from, this is an auth plugin.
:param trust_id: The identifier of the trust to delete.
:raises DeletionFailed: If the trust cannot be deleted.
'''
try:
client = keystone.client_from_auth(trustee)
client.trusts.delete(trust_id)
LOG.debug('Deleted trust {trust_id}'.format(
trust_id=six.text_type(trust_id)))
except Exception as e:
LOG.error('Unable to delete trust (reason: {reason})'.format(reason=e))
raise ex.DeletionFailed(
_('Failed to delete trust {0}').format(trust_id))
def create_trust(trustor, trustee, role_names, impersonation=True, project_id=None, allow_redelegation=False):
"""Create a trust and return it's identifier
:param trustor: The user delegating the trust, this is an auth plugin.
:param trustee: The user consuming the trust, this is an auth plugin.
:param role_names: A list of role names to be assigned.
:param impersonation: Should the trustee impersonate trustor,
default is True.
:param project_id: The project that the trust will be scoped into,
default is the trustor's project id.
:param allow_redelegation: Allow redelegation parameter for cluster
trusts.
:returns: A valid trust id.
:raises CreationFailed: If the trust cannot be created.
"""
if project_id is None:
project_id = keystone.project_id_from_auth(trustor)
try:
trustor_user_id = keystone.user_id_from_auth(trustor)
trustee_user_id = keystone.user_id_from_auth(trustee)
client = keystone.client_from_auth(trustor)
trust = client.trusts.create(
trustor_user=trustor_user_id,
trustee_user=trustee_user_id,
impersonation=impersonation,
role_names=role_names,
project=project_id,
allow_redelegation=allow_redelegation,
)
LOG.debug("Created trust {trust_id}".format(trust_id=six.text_type(trust.id)))
return trust.id
except Exception as e:
LOG.error(_LE("Unable to create trust (reason: {reason})").format(reason=e))
raise ex.CreationFailed(_("Failed to create trust"))
