The Trust Class

The Trust class inherits from Resource.

class, connection=None, **attrs)

The base resource

  • _synchronized (bool) – This is not intended to be used directly. See new() and existing().

  • connection (openstack.connection.Connection) – Reference to the Connection being used. Defaults to None to allow Resource objects to be used without an active Connection, such as in unit tests. Use of self._connection in Resource code should protect itself with a check for None.


A boolean indicating whether the trust can be issued by the trustee as a regulart trust. Default is False.


Specifies the expiration time of the trust. A trust may be revoked ahead of expiration. If the value represents a time in the past, the trust is deactivated.


If impersonation is set to true, then the user attribute of tokens that are generated based on the trust will represent that of the trustor rather than the trustee, thus allowing the trustee to impersonate the trustor. If impersonation is set to False, then the token’s user attribute will represent that of the trustee. Type: bool

Links for the trust resource.


ID of the project upon which the trustor is delegating authorization. Type: string

A role links object that includes ‘next’, ‘previous’, and self links for roles.


Specifies the subset of the trustor’s roles on the project_id to be granted to the trustee when the token in consumed. The trustor must already be granted these roles in the project referenced by the project_id attribute. Type: list


Returned with redelegated trust provides information about the predecessor in the trust chain.


Redelegation count


How many times the trust can be used to obtain a token. The value is decreased each time a token is issued through the trust. Once it reaches zero, no further tokens will be isued through the trust.


Represents the user ID who is capable of consuming the trust. Type: string


Represents the user ID who created the trust, and who’s authorization is being delegated. Type: string