Open Stack

Excerpts from Jay Pipes's message of 2017-03-15 15:06:26 -0400:
> +Boris B
> 
> On 03/15/2017 02:55 PM, Fox, Kevin M wrote:
> > I think they are. If they are not, things will break if federation is used for sure. If you know that it is please let me know. I want to deploy federation at some point but was waiting for dashboard support. Now that the dashboard supports it, I may try it soon. Its a no-go still though if heat doesn't work with it.
> 
> We had a customer engagement recently that had issues with Heat not 
> being able to execute certain actions in a federated Keystone 
> environment. I believe we learned that Keystone trusts and federation 
> were not compatible during this engagement.
> 
> Boris, would you mind refreshing memories on this?

Is it possible that this was because there was no writable domain for
Heat to create instance users in?

Because when last I used Heat long ago, Heat straight up just won't work
without trusts (since you have to give Heat a trust for it to be able
to do anything for you). Prior to that Heat was storing your creds in
its database... pretty sure that's long gone.