diff --git a/senlin/api/middleware/trust.py b/senlin/api/middleware/trust.py index c603c12bb..5af04f5ed 100644 --- a/senlin/api/middleware/trust.py +++ b/senlin/api/middleware/trust.py @@ -84,7 +84,7 @@ class TrustMiddleware(wsgi.Middleware): try: trusts = kc.trust_get_by_trustor(ctx.user, admin_id, ctx.project) except exception.TrustNotFound: - # No trust found is okay + # Trust not found is okay trusts = [] if len(trusts) > 0: @@ -92,12 +92,9 @@ class TrustMiddleware(wsgi.Middleware): else: # Create a trust if no existing one found try: - trust = kc.trust_create(ctx.user, admin_id, ctx.project, - ctx.roles) - except exception.Error as ex: - msg = _("Failed building trust from user: " - "%s.") % six.text_type(ex) - raise webob.exc.HTTPInternalServerError(msg) + trust = kc.trust_create(ctx.user, admin_id, ctx.project) + except exception.TrustCreationFailure as ex: + raise webob.exc.HTTPInternalServerError(six.text_type(ex)) # update cache if cred_exists: diff --git a/senlin/common/exception.py b/senlin/common/exception.py index 37805793e..aba20897c 100644 --- a/senlin/common/exception.py +++ b/senlin/common/exception.py @@ -251,11 +251,12 @@ class EventNotFound(SenlinException): class InternalError(SenlinException): '''A base class for internal exceptions in senlin. - The internal exception classes which inherit from InternalError - class should be translated to a user facing exception. + The internal exception classes which inherit from :class:`InternalError` + class should be translated to a user facing exception type if need to be + made user visible. ''' - def __init__(self, **kwargs): + def __init__(self, message=None, **kwargs): super(InternalError, self).__init__(**kwargs) @@ -273,6 +274,10 @@ class TrustNotFound(InternalError): msg_fmt = _("The trust for trustor (%(trustor)s) could not be found.") +class TrustCreationFailure(InternalError): + msg_fmt = _("Failed in creating trust: %(reason)s.") + + class ResourceNotFound(InternalError): # Used when retrieving resources from other services msg_fmt = _("The resource (%(resource)s) could not be found.") diff --git a/senlin/drivers/openstack/keystone_v3.py b/senlin/drivers/openstack/keystone_v3.py index fc97c9d8a..d6b35773d 100644 --- a/senlin/drivers/openstack/keystone_v3.py +++ b/senlin/drivers/openstack/keystone_v3.py @@ -67,7 +67,7 @@ class KeystoneClient(base.DriverBase): if interface: filters['interface'] = interface - endpoints = [e for e in self.conn.identity.endpoints(filters=filters)] + endpoints = [e for e in self.conn.identity.endpoints(**filters)] if len(endpoints) == 0: resource = _('endpoint: service=%(service)s,region=' '%(region)s,visibility=%(interface)s.' @@ -86,7 +86,7 @@ class KeystoneClient(base.DriverBase): if name: filters['name'] = name - services = [s for s in self.conn.identity.services(filters=filters)] + services = [s for s in self.conn.identity.services(**filters)] if len(services) == 0: resource = _('service:type=%(type)s%(name)s' ) % {'type': service_type, @@ -111,13 +111,13 @@ class KeystoneClient(base.DriverBase): filters['project'] = project try: - trusts = [t for t in self.conn.identity.trusts(filters=filters)] + trusts = [t for t in self.conn.identity.trusts(**filters)] except sdk.exc.HttpException: raise exception.TrustNotFound(trustor=trustor) return trusts - def trust_create(self, trustor, trustee, project, roles, + def trust_create(self, trustor, trustee, project, roles=None, impersonation=True): '''Create trust between two users. @@ -129,19 +129,23 @@ class KeystoneClient(base.DriverBase): the trustor. ''' + if roles: + role_list = [{'name': role} for role in roles] + else: + role_list = [] params = { 'trustor_user_id': trustor, 'trustee_user_id': trustee, 'project': project, 'impersonation': impersonation, 'allow_redelegation': True, - 'roles': [{'name': role} for role in roles] + 'roles': role_list } try: result = self.conn.identity.create_trust(**params) except sdk.exc.HttpException as ex: - raise exception.Error(message=six.text_type(ex)) + raise exception.TrustCreationFailure(reason=six.text_type(ex)) return result