Initial Trusts support

Implements client support for the basic trusts API operations,
note this does not include support for the roles subpath operations,
support for those can be added in a subsequent patch.

Change-Id: I0c6ba12bad5cc8f3f10697d2a3dcf4f3be8c7ece
blueprint: delegation-impersonation-support

1 files changed, 33 insertions, 0 deletions

diff --git a/keystoneclient/access.py b/keystoneclient/access.py
index 6acfe24..8be7a5c 100644
--- a/keystoneclient/access.py
+++ b/keystoneclient/access.py
@@ -200,6 +200,23 @@ class AccessInfo(dict):
         raise NotImplementedError()
 
     @property
+    def trust_id(self):
+        """Returns the trust id associated with the authentication token.
+
+        :returns: str or None (if no trust associated with the token)
+        """
+        raise NotImplementedError()
+
+    @property
+    def trust_scoped(self):
+        """Returns true if the authorization token was scoped as delegated in a
+        trust, via the OS-TRUST v3 extension.
+
+        :returns: bool
+        """
+        raise NotImplementedError()
+
+    @property
     def project_id(self):
         """Returns the project ID associated with the authentication
         request, or None if the authentication request wasn't scoped to a
@@ -331,6 +348,14 @@ class AccessInfoV2(AccessInfo):
         return False
 
     @property
+    def trust_id(self):
+        return None
+
+    @property
+    def trust_scoped(self):
+        return False
+
+    @property
     def project_id(self):
         tenant_dict = self['token'].get('tenant', None)
         if tenant_dict:
@@ -449,6 +474,14 @@ class AccessInfoV3(AccessInfo):
         return 'domain' in self
 
     @property
+    def trust_id(self):
+        return self.get('OS-TRUST:trust', {}).get('id')
+
+    @property
+    def trust_scoped(self):
+        return 'OS-TRUST:trust' in self
+
+    @property
     def auth_url(self):
         if self.service_catalog:
             return self.service_catalog.get_urls(service_type='identity',