1#    Licensed under the Apache License, Version 2.0 (the "License"); you may
2#    not use this file except in compliance with the License. You may obtain
3#    a copy of the License at
4#
5#         http://www.apache.org/licenses/LICENSE-2.0
6#
7#    Unless required by applicable law or agreed to in writing, software
8#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
9#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
10#    License for the specific language governing permissions and limitations
11#    under the License.
12
13from keystoneclient import base
14from keystoneclient import exceptions
15from keystoneclient.i18n import _
16from keystoneclient import utils
17
18
19class Trust(base.Resource):
20    """Represents a Trust.
21
22    Attributes:
23        * id: a uuid that identifies the trust
24        * impersonation: allow explicit impersonation
25        * project_id: project ID
26        * trustee_user_id: a uuid that identifies the trustee
27        * trustor_user_id: a uuid that identifies the trustor
28    """
29
30    pass
31
32
33class TrustManager(base.CrudManager):
34    """Manager class for manipulating Trusts."""
35
36    resource_class = Trust
37    collection_key = 'trusts'
38    key = 'trust'
39    base_url = '/OS-TRUST'
40
41    def create(self, trustee_user, trustor_user, role_names=None,
42               role_ids=None, project=None, impersonation=False,
43               expires_at=None, remaining_uses=None, **kwargs):
44        """Create a Trust.
45
46        :param string trustee_user: user who is capable of consuming the trust
47        :param string trustor_user: user who's authorization is being delegated
48        :param string role_names: subset of trustor's roles to be granted
49        :param string role_ids: subset of trustor's roles to be granted
50        :param string project: project which the trustor is delegating
51        :param boolean impersonation: enable explicit impersonation
52        :param datetime.datetime expires_at: expiry time
53        :param integer remaining_uses: how many times this trust can be used
54                                       to generate a token. None means
55                                       unlimited tokens.
56
57        """
58        # Convert role_names list into list-of-dict API format
59        roles = []
60        if role_names:
61            roles.extend([{'name': n} for n in role_names])
62        if role_ids:
63            roles.extend([{'id': i} for i in role_ids])
64
65        if not roles:
66            roles = None
67
68        # Convert datetime.datetime expires_at to iso format string
69        if expires_at:
70            expires_str = utils.isotime(at=expires_at, subsecond=True)
71        else:
72            expires_str = None
73
74        return super(TrustManager, self).create(
75            expires_at=expires_str,
76            impersonation=impersonation,
77            project_id=base.getid(project),
78            remaining_uses=remaining_uses,
79            roles=roles,
80            trustee_user_id=base.getid(trustee_user),
81            trustor_user_id=base.getid(trustor_user),
82            **kwargs)
83
84    def update(self):
85        raise exceptions.MethodNotImplemented(
86            _('Update not supported for trusts'))
87
88    def list(self, trustee_user=None, trustor_user=None, **kwargs):
89        """List Trusts."""
90        trustee_user_id = base.getid(trustee_user)
91        trustor_user_id = base.getid(trustor_user)
92        return super(TrustManager, self).list(trustee_user_id=trustee_user_id,
93                                              trustor_user_id=trustor_user_id,
94                                              **kwargs)
95
96    def get(self, trust):
97        """Get a specific trust."""
98        return super(TrustManager, self).get(trust_id=base.getid(trust))
99
100    def delete(self, trust):
101        """Delete a trust."""
102        return super(TrustManager, self).delete(trust_id=base.getid(trust))
103