Cannot create cron-trigger using trust-scoped token

Due to that it is impossible to do the following:

Create a workflow that creates a trigger.
Create a trigger which runs the workflow above.

So, in the workflow it will be used trust-scoped token for requesting to Mistral. During mistralclient call cron_triggers.create() mistral server crashes and return 500 with trace:

Server-side error: "Authorization failed: You are not authorized to perform the requested action. (HTTP 403) (Request-ID: req-ed3cd937-cad2-4895-b8fe-9edf64a3b1aa)". Detail:
Traceback (most recent call last):

  File "/opt/mistral/local/lib/python2.7/site-packages/wsmeext/pecan.py", line 85, in callfunction
    result = f(self, *args, **kwargs)

  File "/opt/mistral/local/lib/python2.7/site-packages/mistral/api/controllers/v2/cron_trigger.py", line 73, in post
    workflow_id=values.get('workflow_id')
  File "/opt/mistral/local/lib/python2.7/site-packages/mistral/services/triggers.py", line 127, in create_cron_trigger
    security.add_trust_id(trigger_parameters)
  File "/opt/mistral/local/lib/python2.7/site-packages/mistral/services/security.py", line 110, in add_trust_id
    trust = create_trust()
  File "/opt/mistral/local/lib/python2.7/site-packages/mistral/services/security.py", line 41, in create_trust
    client = keystone.client()
  File "/opt/mistral/local/lib/python2.7/site-packages/mistral/utils/openstack/keystone.py", line 42, in client
    auth_url=auth_url
  File "/opt/mistral/local/lib/python2.7/site-packages/keystoneclient/v3/client.py", line 246, in __init__
    self.authenticate()
  File "/opt/mistral/local/lib/python2.7/site-packages/positional/__init__.py", line 108, in inner
    return wrapped(*args, **kwargs)
  File "/opt/mistral/local/lib/python2.7/site-packages/keystoneclient/httpclient.py", line 581, in authenticate
    resp = self.get_raw_token_from_identity_service(**kwargs)
  File "/opt/mistral/local/lib/python2.7/site-packages/keystoneclient/v3/client.py", line 332, in get_raw_token_from_identity_service
    _('Authorization failed: %s') % e)

Probably there is wrong client initialization in mistral/utils/openstack/keystone.py", line 42

Steps to reproduce:

1. Create a keystone trust
2. Create a token using this trust (Token used inside the workflow above can be just picked from the database, column context)
3. Try to request mistral
curl http://10.10.0.1:8989/v2/cron_triggers -H "X-Auth-Token: $trust_token" -H "Content-Type: application/json" -X POST -d '{"name": "test_trigger", "workflow_name": "test_cron_trigger", "remaining_executions": "1", "pattern": "* * * * *"}'

{"debuginfo": null, "faultcode": "Server", "faultstring": "Authorization failed: You are not authorized to perform the requested action. (HTTP 403) (Request-ID: req-ed3cd937-cad2-4895-b8fe-9edf64a3b1aa)"}

4. Try to use this token to request something else (to verify it is valid)

curl http://10.10.0.1:5000/v3/projects -H "X-Auth-Token: $trust_token"

{"projects": [ ... ]}

5. Eventually we get the project list.