2 files changed, 6 insertions, 19 deletions
diff --git a/keystone/api/trusts.py b/keystone/api/trusts.py
index 3c40d8c67..6c56fe1b0 100644
--- a/keystone/api/trusts.py
+++ b/keystone/api/trusts.py
@@ -228,11 +228,11 @@ class TrustResource(ks_flask.ResourceBase):
         # rule check_str is ""
         if isinstance(rules, op_checks.TrueCheck):
             LOG.warning(
-                "The policy check string for rule \"identity:list_trusts\" has been overridden"
-                "to \"always true\". In the next release, this will cause the"
-                "\"identity:list_trusts\" action to be fully permissive as hardcoded"
-                "enforcement will be removed. To correct this issue, either stop overriding the"
-                "\"identity:list_trusts\" rule in config to accept the defaults, or explicitly"
+                "The policy check string for rule \"identity:list_trusts\" has been overridden "
+                "to \"always true\". In the next release, this will cause the "
+                "\"identity:list_trusts\" action to be fully permissive as hardcoded "
+                "enforcement will be removed. To correct this issue, either stop overriding the "
+                "\"identity:list_trusts\" rule in config to accept the defaults, or explicitly "
                 "set a rule that is not empty."
             )
             if not flask.request.args:
diff --git a/keystone/api/users.py b/keystone/api/users.py
index 2e09f4b9a..b5938b17a 100644
--- a/keystone/api/users.py
+++ b/keystone/api/users.py
@@ -287,19 +287,6 @@ class UserGroupsResource(ks_flask.ResourceBase):
     get_member_from_driver = PROVIDERS.deferred_provider_lookup(
         api='identity_api', method='get_group')
 
-    @staticmethod
-    def _built_target_attr_enforcement():
-        ref = None
-        if flask.request.view_args:
-            try:
-                ref = {'user': PROVIDERS.identity_api.get_user(
-                    flask.request.view_args.get('user_id'))}
-            except ks_exception.NotFound:  # nosec
-                # Defer existence in the event the user doesn't exist, we'll
-                # check this later anyway.
-                pass
-        return ref
-
     def get(self, user_id):
         """Get groups for a user.
 
@@ -308,7 +295,7 @@ class UserGroupsResource(ks_flask.ResourceBase):
         filters = ('name',)
         hints = self.build_driver_hints(filters)
         ENFORCER.enforce_call(action='identity:list_groups_for_user',
-                              build_target=self._built_target_attr_enforcement,
+                              build_target=_build_user_target_enforcement,
                               filters=filters)
         refs = PROVIDERS.identity_api.list_groups_for_user(user_id=user_id,
                                                            hints=hints)