I think creating an ID based on: `trustor_user_id, trustee_user_id, project_id, impersonation, expires_at, and ROLES` might just work.
Yes, this does not guarantee uniqueness; but at the same time, this does indicate duplication. There is no reason for both of these trusts to exist at the same time, since they are doing the same thing. If the user were to create two of these, then grabbing the first one detected would be OK since they would effectively do the same thing.
Rich & Gilles,
I think creating an ID based on: `trustor_user_id, trustee_user_id, project_id, impersonation, expires_at, and ROLES` might just work.
Yes, this does not guarantee uniqueness; but at the same time, this does indicate duplication. There is no reason for both of these trusts to exist at the same time, since they are doing the same thing. If the user were to create two of these, then grabbing the first one detected would be OK since they would effectively do the same thing.
Note that roles are also passed in, as per the spec: specs.openstack .org/openstack/ keystone- specs/api/ v3/identity- api-v3- os-trust- ext.html# create- trust
http://