aboutsummaryrefslogtreecommitdiffstats
path: root/keystone-moon/keystone/trust/controllers.py
diff options
context:
space:
mode:
authorasteroide <thomas.duval@orange.com>2015-09-01 16:03:26 +0200
committerasteroide <thomas.duval@orange.com>2015-09-01 16:04:53 +0200
commit92fd2dbfb672d7b2b1cdfd5dd5cf89f7716b3e12 (patch)
tree7ba22297042019e7363fa1d4ad26d1c32c5908c6 /keystone-moon/keystone/trust/controllers.py
parent26e753254f3e43399cc76e62892908b7742415e8 (diff)
Update Keystone code from official Github repository with branch Master on 09/01/2015.
Change-Id: I0ff6099e6e2580f87f502002a998bbfe12673498
Diffstat (limited to 'keystone-moon/keystone/trust/controllers.py')
-rw-r--r--keystone-moon/keystone/trust/controllers.py39
1 files changed, 14 insertions, 25 deletions
diff --git a/keystone-moon/keystone/trust/controllers.py b/keystone-moon/keystone/trust/controllers.py
index 60e34ccd..39cf0110 100644
--- a/keystone-moon/keystone/trust/controllers.py
+++ b/keystone-moon/keystone/trust/controllers.py
@@ -16,18 +16,18 @@ import uuid
from oslo_config import cfg
from oslo_log import log
+from oslo_log import versionutils
from oslo_utils import timeutils
import six
from keystone import assignment
from keystone.common import controller
from keystone.common import dependency
+from keystone.common import utils
from keystone.common import validation
from keystone import exception
from keystone.i18n import _
-from keystone.models import token_model
from keystone import notifications
-from keystone.openstack.common import versionutils
from keystone.trust import schema
@@ -63,19 +63,15 @@ class TrustV3(controller.V3Controller):
return super(TrustV3, cls).base_url(context, path=path)
def _get_user_id(self, context):
- if 'token_id' in context:
- token_id = context['token_id']
- token_data = self.token_provider_api.validate_token(token_id)
- token_ref = token_model.KeystoneToken(token_id=token_id,
- token_data=token_data)
- return token_ref.user_id
- return None
+ try:
+ token_ref = utils.get_token_ref(context)
+ except exception.Unauthorized:
+ return None
+ return token_ref.user_id
def get_trust(self, context, trust_id):
user_id = self._get_user_id(context)
trust = self.trust_api.get_trust(trust_id)
- if not trust:
- raise exception.TrustNotFound(trust_id=trust_id)
_trustor_trustee_only(trust, user_id)
self._fill_in_roles(context, trust,
self.role_api.list_roles())
@@ -83,7 +79,7 @@ class TrustV3(controller.V3Controller):
def _fill_in_roles(self, context, trust, all_roles):
if trust.get('expires_at') is not None:
- trust['expires_at'] = (timeutils.isotime
+ trust['expires_at'] = (utils.isotime
(trust['expires_at'],
subsecond=True))
@@ -126,15 +122,12 @@ class TrustV3(controller.V3Controller):
@controller.protected()
@validation.validated(schema.trust_create, 'trust')
- def create_trust(self, context, trust=None):
+ def create_trust(self, context, trust):
"""Create a new trust.
The user creating the trust must be the trustor.
"""
- if not trust:
- raise exception.ValidationError(attribute='trust',
- target='request')
auth_context = context.get('environment',
{}).get('KEYSTONE_AUTH_CONTEXT', {})
@@ -206,15 +199,16 @@ class TrustV3(controller.V3Controller):
if not expiration_date.endswith('Z'):
expiration_date += 'Z'
try:
- return timeutils.parse_isotime(expiration_date)
+ expiration_time = timeutils.parse_isotime(expiration_date)
except ValueError:
raise exception.ValidationTimeStampError()
+ if timeutils.is_older_than(expiration_time, 0):
+ raise exception.ValidationExpirationError()
+ return expiration_time
def _check_role_for_trust(self, context, trust_id, role_id):
"""Checks if a role has been assigned to a trust."""
trust = self.trust_api.get_trust(trust_id)
- if not trust:
- raise exception.TrustNotFound(trust_id=trust_id)
user_id = self._get_user_id(context)
_trustor_trustee_only(trust, user_id)
if not any(role['id'] == role_id for role in trust['roles']):
@@ -247,7 +241,7 @@ class TrustV3(controller.V3Controller):
if 'roles' in trust:
del trust['roles']
if trust.get('expires_at') is not None:
- trust['expires_at'] = (timeutils.isotime
+ trust['expires_at'] = (utils.isotime
(trust['expires_at'],
subsecond=True))
return TrustV3.wrap_collection(context, trusts)
@@ -255,9 +249,6 @@ class TrustV3(controller.V3Controller):
@controller.protected()
def delete_trust(self, context, trust_id):
trust = self.trust_api.get_trust(trust_id)
- if not trust:
- raise exception.TrustNotFound(trust_id=trust_id)
-
user_id = self._get_user_id(context)
_admin_trustor_only(context, trust, user_id)
initiator = notifications._get_request_audit_info(context)
@@ -266,8 +257,6 @@ class TrustV3(controller.V3Controller):
@controller.protected()
def list_roles_for_trust(self, context, trust_id):
trust = self.get_trust(context, trust_id)['trust']
- if not trust:
- raise exception.TrustNotFound(trust_id=trust_id)
user_id = self._get_user_id(context)
_trustor_trustee_only(trust, user_id)
return {'roles': trust['roles'],