Remove get_trust_id_for_request function

This function tries to determine the current trust_id by looking up the
auth_context's token model. If this information was available it would
have been put on the request.context object so we can use that instead.

Change-Id: I7ce33b30f220be619c638c77eeb76503f1af79a7

keystone/common/wsgi.py

@@ -337,20 +337,6 @@ class Application(BaseApplication):
             msg = _('%s field(s) cannot be empty') % ', '.join(missing_attrs)
             raise exception.ValidationError(message=msg)
 
-    def _get_trust_id_for_request(self, context):
-        """Get the trust_id for a call.
-
-        Retrieve the trust_id from the token
-        Returns None if token is not trust scoped
-        """
-        if ('token_id' not in context or
-                context.get('token_id') == CONF.admin_token):
-            LOG.debug(('will not lookup trust as the request auth token is '
-                       'either absent or it is the system admin token'))
-            return None
-        token_ref = utils.get_token_ref(context)
-        return token_ref.trust_id
-
     @classmethod
     def base_url(cls, context, endpoint_type):
         url = CONF['%s_endpoint' % endpoint_type]

keystone/contrib/ec2/controllers.py

@@ -165,23 +165,22 @@ class Ec2ControllerCommon(object):
 
         return user_ref, tenant_ref, metadata_ref, roles_ref, catalog_ref
 
-    def create_credential(self, context, user_id, tenant_id):
+    def create_credential(self, request, user_id, tenant_id):
         """Create a secret/access pair for use with ec2 style auth.
 
         Generates a new set of credentials that map the user/tenant
         pair.
 
-        :param context: standard context
+        :param request: current request
         :param user_id: id of user
         :param tenant_id: id of tenant
         :returns: credential: dict of ec2 credential
         """
         self.identity_api.get_user(user_id)
         self.resource_api.get_project(tenant_id)
-        trust_id = self._get_trust_id_for_request(context)
         blob = {'access': uuid.uuid4().hex,
                 'secret': uuid.uuid4().hex,
-                'trust_id': trust_id}
+                'trust_id': request.context.trust_id}
         credential_id = utils.hash_access_key(blob['access'])
         cred_ref = {'user_id': user_id,
                     'project_id': tenant_id,
@@ -303,7 +302,7 @@ class Ec2Controller(Ec2ControllerCommon, controller.V2Controller):
         if not self._is_admin(request):
             self._assert_identity(request.context_dict, user_id)
         return super(Ec2Controller, self).create_credential(
-            request.context_dict, user_id, tenant_id)
+            request, user_id, tenant_id)
 
     @controller.v2_ec2_deprecated
     def delete_credential(self, request, user_id, credential_id):
@@ -408,7 +407,7 @@ class Ec2ControllerV3(Ec2ControllerCommon, controller.V3Controller):
     @controller.protected()
     def ec2_create_credential(self, request, user_id, tenant_id):
         ref = super(Ec2ControllerV3, self).create_credential(
-            request.context_dict, user_id, tenant_id)
+            request, user_id, tenant_id)
         return Ec2ControllerV3.wrap_member(request.context_dict,
                                            ref['credential'])
 

keystone/credential/controllers.py

@@ -64,9 +64,8 @@ class CredentialV3(controller.V3Controller):
     @controller.protected()
     def create_credential(self, request, credential):
         validation.lazy_validate(schema.credential_create, credential)
-        trust_id = self._get_trust_id_for_request(request.context_dict)
         ref = self._assign_unique_id(self._normalize_dict(credential),
-                                     trust_id)
+                                     request.context.trust_id)
         ref = self.credential_api.create_credential(ref['id'], ref)
         return CredentialV3.wrap_member(request.context_dict, ref)