1# Licensed under the Apache License, Version 2.0 (the "License"); you may 2# not use this file except in compliance with the License. You may obtain 3# a copy of the License at 4# 5# http://www.apache.org/licenses/LICENSE-2.0 6# 7# Unless required by applicable law or agreed to in writing, software 8# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10# License for the specific language governing permissions and limitations 11# under the License. 12 13from keystoneclient import base 14from keystoneclient import exceptions 15from keystoneclient.i18n import _ 16from keystoneclient import utils 17 18 19class Trust(base.Resource): 20 """Represents a Trust. 21 22 Attributes: 23 * id: a uuid that identifies the trust 24 * impersonation: allow explicit impersonation 25 * project_id: project ID 26 * trustee_user_id: a uuid that identifies the trustee 27 * trustor_user_id: a uuid that identifies the trustor 28 """ 29 30 pass 31 32 33class TrustManager(base.CrudManager): 34 """Manager class for manipulating Trusts.""" 35 36 resource_class = Trust 37 collection_key = 'trusts' 38 key = 'trust' 39 base_url = '/OS-TRUST' 40 41 def create(self, trustee_user, trustor_user, role_names=None, 42 role_ids=None, project=None, impersonation=False, 43 expires_at=None, remaining_uses=None, **kwargs): 44 """Create a Trust. 45 46 :param string trustee_user: user who is capable of consuming the trust 47 :param string trustor_user: user who's authorization is being delegated 48 :param string role_names: subset of trustor's roles to be granted 49 :param string role_ids: subset of trustor's roles to be granted 50 :param string project: project which the trustor is delegating 51 :param boolean impersonation: enable explicit impersonation 52 :param datetime.datetime expires_at: expiry time 53 :param integer remaining_uses: how many times this trust can be used 54 to generate a token. None means 55 unlimited tokens. 56 57 """ 58 # Convert role_names list into list-of-dict API format 59 roles = [] 60 if role_names: 61 roles.extend([{'name': n} for n in role_names]) 62 if role_ids: 63 roles.extend([{'id': i} for i in role_ids]) 64 65 if not roles: 66 roles = None 67 68 # Convert datetime.datetime expires_at to iso format string 69 if expires_at: 70 expires_str = utils.isotime(at=expires_at, subsecond=True) 71 else: 72 expires_str = None 73 74 return super(TrustManager, self).create( 75 expires_at=expires_str, 76 impersonation=impersonation, 77 project_id=base.getid(project), 78 remaining_uses=remaining_uses, 79 roles=roles, 80 trustee_user_id=base.getid(trustee_user), 81 trustor_user_id=base.getid(trustor_user), 82 **kwargs) 83 84 def update(self): 85 raise exceptions.MethodNotImplemented( 86 _('Update not supported for trusts')) 87 88 def list(self, trustee_user=None, trustor_user=None, **kwargs): 89 """List Trusts.""" 90 trustee_user_id = base.getid(trustee_user) 91 trustor_user_id = base.getid(trustor_user) 92 return super(TrustManager, self).list(trustee_user_id=trustee_user_id, 93 trustor_user_id=trustor_user_id, 94 **kwargs) 95 96 def get(self, trust): 97 """Get a specific trust.""" 98 return super(TrustManager, self).get(trust_id=base.getid(trust)) 99 100 def delete(self, trust): 101 """Delete a trust.""" 102 return super(TrustManager, self).delete(trust_id=base.getid(trust)) 103