<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 10/25/2013 11:19 AM, Brian Chong
wrote:<br>
</div>
<blockquote cite="mid:CE8FD9F4.19A11%25brian_chong@symantec.com"
type="cite">
<div>Hi,</div>
<div><br>
</div>
<div>I'm trying to figure out if its possible to configure
KeyStone tokens to be one time use. My use case is that when a
user requests that they want to take a action on the platform
(i.e.: boot a VM) they aren't also using that same token to load
a image in Glance or delete another VM, etc.</div>
</blockquote>
I filed a bug for this feature.<br>
<br>
<a class="moz-txt-link-freetext" href="https://bugs.launchpad.net/keystone/+bug/1250617">https://bugs.launchpad.net/keystone/+bug/1250617</a><br>
<br>
However, not that the feature you are requesting is best supported
by trusts in general: you need to split up the roels for each
action (create vm, upload image to glance) and then delegate only
the roles for the operations desired.<br>
<br>
<br>
<blockquote cite="mid:CE8FD9F4.19A11%25brian_chong@symantec.com"
type="cite">
<div><br>
</div>
<div>How would I do that or is that even possible?</div>
<div><br>
</div>
<div>Thanks a lot!</div>
<div>-Brian</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Mailing list: <a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a>
Post to : <a class="moz-txt-link-abbreviated" href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a>
Unsubscribe : <a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a>
</pre>
</blockquote>
<br>
</body>
</html>