Comment 2 for bug 1475091

We could have a unique name for each trust, constructed with a serial number added to the project/trustor/trustee name.
Although since a name is not unique that's not ideal either.
I'm not sure we want to bother with that, but that's more an Openstack Puppet-keystone project question.

At least, with a name field, we could have idem-potency and allowing at Puppet manifests to run:

keystone_trust { 'admin_heat_delegation1':
      trustor_user => 'admin',
      trustee_user => 'heat',
      project => 'services',
      roles => ['admin', 'manager']
    }