def create_trust(trustor, trustee, role_names, impersonation=True, project_id=None, allow_redelegation=False): '''Create a trust and return it's identifier :param trustor: The user delegating the trust, this is an auth plugin. :param trustee: The user consuming the trust, this is an auth plugin. :param role_names: A list of role names to be assigned. :param impersonation: Should the trustee impersonate trustor, default is True. :param project_id: The project that the trust will be scoped into, default is the trustor's project id. :param allow_redelegation: Allow redelegation parameter for cluster trusts. :returns: A valid trust id. :raises CreationFailed: If the trust cannot be created. ''' if project_id is None: project_id = keystone.project_id_from_auth(trustor) try: trustor_user_id = keystone.user_id_from_auth(trustor) trustee_user_id = keystone.user_id_from_auth(trustee) client = keystone.client_from_auth(trustor) trust = client.trusts.create(trustor_user=trustor_user_id, trustee_user=trustee_user_id, impersonation=impersonation, role_names=role_names, project=project_id, allow_redelegation=allow_redelegation) LOG.debug('Created trust {trust_id}'.format( trust_id=six.text_type(trust.id))) return trust.id except Exception as e: LOG.error( _LE('Unable to create trust (reason: {reason})').format(reason=e)) raise ex.CreationFailed(_('Failed to create trust'))
def delete_trust(trustee, trust_id): """Delete a trust from a trustee :param trustee: The user to delete the trust from, this is an auth plugin. :param trust_id: The identifier of the trust to delete. :raises DeletionFailed: If the trust cannot be deleted. """ try: client = keystone.client_from_auth(trustee) client.trusts.delete(trust_id) LOG.debug("Deleted trust {trust_id}".format(trust_id=six.text_type(trust_id))) except Exception as e: LOG.error(_LE("Unable to delete trust (reason: {reason})").format(reason=e)) raise ex.DeletionFailed(_("Failed to delete trust {0}").format(trust_id))
def create_trust(trustor, trustee, role_names, impersonation=True, project_id=None, expires=True): '''Create a trust and return it's identifier :param trustor: The user delegating the trust, this is an auth plugin. :param trustee: The user consuming the trust, this is an auth plugin. :param role_names: A list of role names to be assigned. :param impersonation: Should the trustee impersonate trustor, default is True. :param project_id: The project that the trust will be scoped into, default is the trustor's project id. :param expires: The trust will expire if this is set to True. :returns: A valid trust id. :raises CreationFailed: If the trust cannot be created. ''' if project_id is None: project_id = keystone.project_id_from_auth(trustor) try: expires_at = _get_expiry() if expires else None trustor_user_id = keystone.user_id_from_auth(trustor) trustee_user_id = keystone.user_id_from_auth(trustee) client = keystone.client_from_auth(trustor) trust = client.trusts.create(trustor_user=trustor_user_id, trustee_user=trustee_user_id, impersonation=impersonation, role_names=role_names, project=project_id, expires_at=expires_at) LOG.debug('Created trust {trust_id}'.format( trust_id=six.text_type(trust.id))) return trust.id except Exception as e: LOG.error(_LE('Unable to create trust (reason: {reason})').format( reason=e)) raise ex.CreationFailed(_('Failed to create trust'))
def delete_trust(trustee, trust_id): '''Delete a trust from a trustee :param trustee: The user to delete the trust from, this is an auth plugin. :param trust_id: The identifier of the trust to delete. :raises DeletionFailed: If the trust cannot be deleted. ''' try: client = keystone.client_from_auth(trustee) client.trusts.delete(trust_id) LOG.debug('Deleted trust {trust_id}'.format( trust_id=six.text_type(trust_id))) except Exception as e: LOG.error('Unable to delete trust (reason: {reason})'.format(reason=e)) raise ex.DeletionFailed( _('Failed to delete trust {0}').format(trust_id))
def create_trust(trustor, trustee, role_names, impersonation=True, project_id=None, allow_redelegation=False): """Create a trust and return it's identifier :param trustor: The user delegating the trust, this is an auth plugin. :param trustee: The user consuming the trust, this is an auth plugin. :param role_names: A list of role names to be assigned. :param impersonation: Should the trustee impersonate trustor, default is True. :param project_id: The project that the trust will be scoped into, default is the trustor's project id. :param allow_redelegation: Allow redelegation parameter for cluster trusts. :returns: A valid trust id. :raises CreationFailed: If the trust cannot be created. """ if project_id is None: project_id = keystone.project_id_from_auth(trustor) try: trustor_user_id = keystone.user_id_from_auth(trustor) trustee_user_id = keystone.user_id_from_auth(trustee) client = keystone.client_from_auth(trustor) trust = client.trusts.create( trustor_user=trustor_user_id, trustee_user=trustee_user_id, impersonation=impersonation, role_names=role_names, project=project_id, allow_redelegation=allow_redelegation, ) LOG.debug("Created trust {trust_id}".format(trust_id=six.text_type(trust.id))) return trust.id except Exception as e: LOG.error(_LE("Unable to create trust (reason: {reason})").format(reason=e)) raise ex.CreationFailed(_("Failed to create trust"))