openstack/python-keystoneclient
Code Issues Proposed changes
Files
45cb3878462b81cc3c8efa34c6687f02414e970a
python-keystoneclient/keystoneclient/v3/contrib/trusts.py
Kristi Nikolla ef49844248 Add support for specifying role ids when creating trust 
Change-Id: I38e0ac35946ee6e53128babac3ea759a380572e0
Partial-Bug: 1696111
2017-06-16 11:30:56 -04:00

103 lines
3.8 KiB
Python
Raw Blame History

# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from keystoneclient import base
from keystoneclient import exceptions
from keystoneclient.i18n import _
from keystoneclient import utils
class Trust(base.Resource):
"""Represents a Trust.
Attributes:
* id: a uuid that identifies the trust
* impersonation: allow explicit impersonation
* project_id: project ID
* trustee_user_id: a uuid that identifies the trustee
* trustor_user_id: a uuid that identifies the trustor
"""
pass
class TrustManager(base.CrudManager):
"""Manager class for manipulating Trusts."""
resource_class = Trust
collection_key = 'trusts'
key = 'trust'
base_url = '/OS-TRUST'
def create(self, trustee_user, trustor_user, role_names=None,
role_ids=None, project=None, impersonation=False,
expires_at=None, remaining_uses=None, **kwargs):
"""Create a Trust.
:param string trustee_user: user who is capable of consuming the trust
:param string trustor_user: user who's authorization is being delegated
:param string role_names: subset of trustor's roles to be granted
:param string role_ids: subset of trustor's roles to be granted
:param string project: project which the trustor is delegating
:param boolean impersonation: enable explicit impersonation
:param datetime.datetime expires_at: expiry time
:param integer remaining_uses: how many times this trust can be used
to generate a token. None means
unlimited tokens.
"""
# Convert role_names list into list-of-dict API format
roles = []
if role_names:
roles.extend([{'name': n} for n in role_names])
if role_ids:
roles.extend([{'id': i} for i in role_ids])
if not roles:
roles = None
# Convert datetime.datetime expires_at to iso format string
if expires_at:
expires_str = utils.isotime(at=expires_at, subsecond=True)
else:
expires_str = None
return super(TrustManager, self).create(
expires_at=expires_str,
impersonation=impersonation,
project_id=base.getid(project),
remaining_uses=remaining_uses,
roles=roles,
trustee_user_id=base.getid(trustee_user),
trustor_user_id=base.getid(trustor_user),
**kwargs)
def update(self):
raise exceptions.MethodNotImplemented(
_('Update not supported for trusts'))
def list(self, trustee_user=None, trustor_user=None, **kwargs):
"""List Trusts."""
trustee_user_id = base.getid(trustee_user)
trustor_user_id = base.getid(trustor_user)
return super(TrustManager, self).list(trustee_user_id=trustee_user_id,
trustor_user_id=trustor_user_id,
**kwargs)
def get(self, trust):
"""Get a specific trust."""
return super(TrustManager, self).get(trust_id=base.getid(trust))
def delete(self, trust):
"""Delete a trust."""
return super(TrustManager, self).delete(trust_id=base.getid(trust))
View Git Blame Copy Permalink