Use trusts in heat.conf

Change-Id: Ie91b3498e9f9d0d74a502ba6945db531ef967516
Closes-Bug: #1492736

ansible/roles/heat/templates/heat.conf.j2

@@ -10,7 +10,9 @@ stack_domain_admin_password = {{ heat_domain_admin_password }}
 stack_user_domain_name = heat_user_domain
 
 rpc_backend = rabbit
-deferred_auth_method = password
+notification_driver = noop
+deferred_auth_method = trusts
+trusts_delegated_role = heat_stack_owner
 
 syslog_log_facility=LOG_LOCAL0
 use_syslog=yes
@@ -46,6 +48,16 @@ project_name = service
 username = heat
 password = {{ heat_keystone_password }}
 
+[trustee]
+auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }}
+auth_url = http://{{ kolla_internal_address }}:{{ keystone_admin_port }}
+auth_plugin = password
+project_domain_id = default
+user_domain_id = default
+project_name = service
+username = heat
+password = {{ heat_keystone_password }}
+
 [ec2authtoken]
 auth_uri = http://{{ kolla_internal_address }}:{{ keystone_public_port }}
 

docker/heat/heat-api/extend_start.sh

@@ -4,8 +4,10 @@
 # of the KOLLA_BOOTSTRAP variable being set, including empty.
 if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
     heat-manage db_sync
-    openstack domain create heat_user_domain
-    openstack user create --domain heat_user_domain heat_domain_admin --password ${HEAT_DOMAIN_ADMIN_PASSWORD}
-    openstack role add --domain heat_user_domain --user heat_domain_admin admin
+    openstack domain create heat
+    openstack user create --domain heat heat_domain_admin --password ${HEAT_DOMAIN_ADMIN_PASSWORD}
+    openstack role add --domain heat --user heat_domain_admin admin
+    openstack role create heat_stack_owner
+    openstack role create heat_stack_user
     exit 0
 fi