openstack.identity.v3.trust

The Trust Class

The Trust class inherits from Resource.

class openstack.identity.v3.trust.Trust(_synchronized=False, connection=None, **attrs)

The base resource

Parameters
  • _synchronized (bool) – This is not intended to be used directly. See new() and existing().

  • connection (openstack.connection.Connection) – Reference to the Connection being used. Defaults to None to allow Resource objects to be used without an active Connection, such as in unit tests. Use of self._connection in Resource code should protect itself with a check for None.

allow_redelegation

A boolean indicating whether the trust can be issued by the trustee as a regulart trust. Default is False.

expires_at

Specifies the expiration time of the trust. A trust may be revoked ahead of expiration. If the value represents a time in the past, the trust is deactivated.

is_impersonation

If impersonation is set to true, then the user attribute of tokens that are generated based on the trust will represent that of the trustor rather than the trustee, thus allowing the trustee to impersonate the trustor. If impersonation is set to False, then the token’s user attribute will represent that of the trustee. Type: bool

Links for the trust resource.

project_id

ID of the project upon which the trustor is delegating authorization. Type: string

A role links object that includes ‘next’, ‘previous’, and self links for roles.

roles

Specifies the subset of the trustor’s roles on the project_id to be granted to the trustee when the token in consumed. The trustor must already be granted these roles in the project referenced by the project_id attribute. Type: list

redelegated_trust_id

Returned with redelegated trust provides information about the predecessor in the trust chain.

redelegation_count

Redelegation count

remaining_uses

How many times the trust can be used to obtain a token. The value is decreased each time a token is issued through the trust. Once it reaches zero, no further tokens will be isued through the trust.

trustee_user_id

Represents the user ID who is capable of consuming the trust. Type: string

trustor_user_id

Represents the user ID who created the trust, and who’s authorization is being delegated. Type: string