Don't allow the user to pass in a trust ID

Since Aodh uses trust IDs stored in alarm URLs unconditionally - without
checking for tenant safety - it is not safe to allow users to pass in their own
trust IDs. Forbid this and allow only trusts created by Aodh to be used. It is
highly unlikely that there is any (legitimate) use of this feature in the wild,
since allowing Aodh to create the trust is easier anyway.

Change-Id: I8fd11a7f9fe3c0ea5f9843a89686ac06713b7851
Closes-Bug: #1649333

aodh/api/controllers/v2/alarms.py

@@ -423,7 +423,8 @@ def update_actions(self, old_alarm=None):
                     url = netutils.urlsplit(action)
                     if self._is_trust_url(url):
                         if '@' in url.netloc:
-                            continue
+                            errmsg = _("trust URL cannot contain a trust ID.")
+                            raise base.ClientSideError(errmsg)
                         if trust_id is None:
                             # We have a trust action without a trust ID,
                             # create it

aodh/notifier/trust.py

@@ -55,5 +55,5 @@ class TrustRestAlarmNotifier(TrustAlarmNotifierMixin, rest.RestAlarmNotifier):
     keystone authentication. It uses the aodh service user to
     authenticate using the trust ID provided.
 
-    The URL must be in the form ``trust+http://trust-id@host/action``.
+    The URL must be in the form ``trust+http://host/action``.
     """

aodh/notifier/zaqar.py

@@ -193,7 +193,7 @@ class TrustZaqarAlarmNotifier(trust.TrustAlarmNotifierMixin,
                               ZaqarAlarmNotifier):
     """Zaqar notifier using a Keystone trust to post to user-defined queues.
 
-    The URL must be in the form ``trust+zaqar://trust_id@?queue_name=example``.
+    The URL must be in the form ``trust+zaqar://?queue_name=example``.
     """
 
     def _get_client_conf(self, auth_token):