Comment 4 for bug 1595084

Renat,

I don't know exactly how Heat uses trusts. But I'd assume that it will pass that trust on to other services that can use it to renew the token and prevent the long operation from failing. So it should not matter how long an operation takes. As long as the trust is valid, all services south from me (callstack wise) should be able to perform the operation I told them to do. So a 4 day operation with 3 day validity and a trust should still succeed in my opinion.

I mentioned the admin permission because Mistral currently uses it. It creates the trust for the admin user in the cron jobs. If this was removed, there would be no need for the admin credentials in the Mistral setup. (The service endpoint listing is being de-adminized by https://review.openstack.org/#/c/330469)

Andras