From 26ecdca88845a56e7d2793db76484cbcc5f6fa85 Mon Sep 17 00:00:00 2001
From: Adam Young <ayoung@redhat.com>
Date: Wed, 6 Mar 2013 11:47:33 -0500
Subject: Change exception raised to Forbidden on trust_id

Change-Id: I30f89d52ade45335d2f29b8454438d0dd3b20a97
---
 keystone/token/controllers.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/keystone/token/controllers.py b/keystone/token/controllers.py
index ade2af4f..23ee11ae 100644
--- a/keystone/token/controllers.py
+++ b/keystone/token/controllers.py
@@ -170,8 +170,8 @@ class Auth(controller.V2Controller):
 
         #A trust token cannot be used to get another token
         if 'trust' in old_token_ref:
-            raise exception.Unauthorized()
-        if 'trust_id' in old_token_ref["metadata"]:
+            raise exception.Forbidden()
+        if 'trust_id' in old_token_ref['metadata']:
             raise exception.Forbidden()
 
         user_ref = old_token_ref['user']
@@ -202,7 +202,6 @@ class Auth(controller.V2Controller):
                 current_user_ref = trustee_user_ref
 
         else:
-            tenant_id = self._get_project_id_from_auth(context, auth)
             current_user_ref = self.identity_api.get_user(context=context,
                                                           user_id=user_id)
 
-- 
cgit