Comment 25 for bug 1306294

To capture a discussion re this bug with Robert at the tripleo meetup:

1. TripleO is not yet using trusts, so we need to get them using deferred_auth_method=trusts before we can switch to the trusts stored context, and the easiest way to do that is probably by fixing bug #1286157

2. Switching to the existing (password) stored context will only be possible if username/password are provided in the create request context, which will only be enforced by heat if one of the resources requiring deferred auth are used in the tripleo templates (not clear to me atm if they are or not):

https://github.com/openstack/heat/blob/master/heat/engine/service.py#L482

3. There is a desire for a config option which forces heat to switch to the stored context immediately on any create/update - this will probably (at least initally) be disabled by default to avoid reintroducing the overhead of always getting a new token, ref bug #1324102. It may be necessary in future for convergence agents etc to use the stored context, but for now it's desirable to default to reusing the request token where possible.

Remaining question is whether we allow the option to switch to the stored context during a create, if the global switch isn't set and the token expires? My expectation is that we will, or at least that it will be possible via some setting of the config file option?