Comment 16 for bug 1300246

I've proposed a patch which adds the keystoneclient options for the "trustee" section to the output from tox -e genconfig.

In summary, you can maintain the previous behavior, which is to delegate to the heat service user defined in the auth_token section by adding this to your heat.conf

[trustee]
auth_plugin = v3password
auth_url = http://<keystone hostname or IP>:5000/v3
username = heat
password = password
user_domain_id = default

Note, this can be maintained independently of any auth_token section, so I believe when that lands, we can close this bug?

I'll also work on some better docs describing how this all works, and update devstack to match this configuration by default.