Remove support for trusts in v2.0

If the UUID token provider is configured, it is possible to use trusts to authenticate against the version 2.0 API. The fernet token provider doesn't support trust authentication against the v2.0 API. Trusts were never supported in version 2.0 and it is recommend that trusts are used exclusively with version 3. This commit makes this behavior with trusts and v2.0 consistent regardless of the configured token provider. It is also a step to getting fernet to be the default token provider in Keystone. Change-Id: Ia02850d1aec304eccccb4752c43767272047b74e
2016-02-01 18:34:32 +00:00 · 2016-02-01 18:34:32 +00:00 · 66bfce8f70
parent 7a0874f6f6
commit 66bfce8f70
2 changed files with 4 additions and 10 deletions
--- a/keystone/token/providers/common.py
+++ b/keystone/token/providers/common.py
@ -59,16 +59,6 @@ class V2TokenDataHelper(object):

        user = common_controller.V2Controller.v3_to_v2_user(v3_user)

-        # Maintain Trust Data
-        if 'OS-TRUST:trust' in v3_token:
-            v3_trust_data = v3_token['OS-TRUST:trust']
-            token_data['trust'] = {
-                'trustee_user_id': v3_trust_data['trustee_user']['id'],
-                'id': v3_trust_data['id'],
-                'trustor_user_id': v3_trust_data['trustor_user']['id'],
-                'impersonation': v3_trust_data['impersonation']
-            }
-
        # Set user roles
        user['roles'] = []
        role_ids = []
--- a/releasenotes/notes/remove-trust-auth-support-from-v2-de316c9ba46d556d.yaml
+++ b/releasenotes/notes/remove-trust-auth-support-from-v2-de316c9ba46d556d.yaml
@ -0,0 +1,4 @@
+---
+other:
+  - The ability to obtain a trust-scoped token against the v2.0 API has been
+    removed, in favor of using the version 3 API.