From 63b8a82b31fbfa09b539d0a56cdcc942fe2b9ebd Mon Sep 17 00:00:00 2001 From: Dolph Mathews Date: Thu, 21 Mar 2013 11:45:03 -0500 Subject: Move trusts to extension Change-Id: I32b32fc5df8d8483ae8e99067f0655c13c6f520b --- keystone/auth/controllers.py | 9 +++++---- keystone/auth/token_factory.py | 2 +- keystone/trust/routers.py | 14 +++++++------- 3 files changed, 13 insertions(+), 12 deletions(-) (limited to 'keystone') diff --git a/keystone/auth/controllers.py b/keystone/auth/controllers.py index 66ff6230..1ab9de03 100644 --- a/keystone/auth/controllers.py +++ b/keystone/auth/controllers.py @@ -171,9 +171,9 @@ class AuthInfo(object): return if sum(['project' in self.auth['scope'], 'domain' in self.auth['scope'], - 'trust' in self.auth['scope']]) != 1: + 'RH-TRUST:trust' in self.auth['scope']]) != 1: raise exception.ValidationError( - attribute='project, domain, or trust', + attribute='project, domain, or RH-TRUST:trust', target='scope') if 'project' in self.auth['scope']: @@ -182,10 +182,11 @@ class AuthInfo(object): elif 'domain' in self.auth['scope']: domain_ref = self._lookup_domain(self.auth['scope']['domain']) self._scope_data = (domain_ref['id'], None, None) - elif 'trust' in self.auth['scope']: + elif 'RH-TRUST:trust' in self.auth['scope']: if not CONF.trust.enabled: raise exception.Forbidden('Trusts are disabled.') - trust_ref = self._lookup_trust(self.auth['scope']['trust']) + trust_ref = self._lookup_trust( + self.auth['scope']['RH-TRUST:trust']) #TODO ayoung when trusts support domain, Fill in domain data here if 'project_id' in trust_ref: project_ref = self._lookup_project( diff --git a/keystone/auth/token_factory.py b/keystone/auth/token_factory.py index c16d88dd..430c442a 100644 --- a/keystone/auth/token_factory.py +++ b/keystone/auth/token_factory.py @@ -114,7 +114,7 @@ class TokenDataHelper(object): raise exception.Forbidden() if trust['impersonation']: user_ref = trustor_user_ref - token_data['trust'] = ( + token_data['RH-TRUST:trust'] = ( { 'id': trust['id'], 'trustor_user': {'id': trust['trustor_user_id']}, diff --git a/keystone/trust/routers.py b/keystone/trust/routers.py index b1378628..9f9ce3e5 100644 --- a/keystone/trust/routers.py +++ b/keystone/trust/routers.py @@ -22,37 +22,37 @@ from keystone.common import router def append_v3_routers(mapper, routers): trust_controller = controllers.TrustV3() - mapper.connect('/trusts', + mapper.connect('/RH-TRUST/trusts', controller=trust_controller, action='create_trust', conditions=dict(method=['POST'])) - mapper.connect('/trusts', + mapper.connect('/RH-TRUST/trusts', controller=trust_controller, action='list_trusts', conditions=dict(method=['GET'])) - mapper.connect('/trusts/{trust_id}', + mapper.connect('/RH-TRUST/trusts/{trust_id}', controller=trust_controller, action='delete_trust', conditions=dict(method=['DELETE'])) - mapper.connect('/trusts/{trust_id}', + mapper.connect('/RH-TRUST/trusts/{trust_id}', controller=trust_controller, action='get_trust', conditions=dict(method=['GET'])) - mapper.connect('/trusts/{trust_id}/roles', + mapper.connect('/RH-TRUST/trusts/{trust_id}/roles', controller=trust_controller, action='list_roles_for_trust', conditions=dict(method=['GET'])) - mapper.connect('/trusts/{trust_id}/roles/{role_id}', + mapper.connect('/RH-TRUST/trusts/{trust_id}/roles/{role_id}', controller=trust_controller, action='check_role_for_trust', conditions=dict(method=['HEAD'])) - mapper.connect('/trusts/{trust_id}/roles/{role_id}', + mapper.connect('/RH-TRUST/trusts/{trust_id}/roles/{role_id}', controller=trust_controller, action='get_role_for_trust', conditions=dict(method=['GET'])) -- cgit