[Openstack] One Time Keystone Use Tokens?
Brian_Chong at symantec.com
Fri Oct 25 20:25:29 UTC 2013
Ah ok, so is there a event broadcast for Keystone to revoke it after the token is used? Or do I need to write some kind of "listener" on the AMQP to see if the event takes place? Can I correlate the event to the token being used for that event on the AMQP as part of the base of OpenStack?
Also, how would I approach it if its a non AMQP based service? Would I use log files to search for the event that took place?
Thanks a lot!
From: <Ali>, Haneef <haneef.ali at hp.com<mailto:haneef.ali at hp.com>>
Date: Friday, October 25, 2013 1:03 PM
To: Brian Chong <brian_chong at symantec.com<mailto:brian_chong at symantec.com>>, "openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>" <openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>>
Subject: RE: One Time Keystone Use Tokens?
I don’t think it is possible. Can’t you revoke the token after VM boot?
From: Brian Chong [mailto:Brian_Chong at symantec.com]
Sent: Friday, October 25, 2013 8:19 AM
To: openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>
Subject: [Openstack] One Time Keystone Use Tokens?
I'm trying to figure out if its possible to configure KeyStone tokens to be one time use. My use case is that when a user requests that they want to take a action on the platform (i.e.: boot a VM) they aren't also using that same token to load a image in Glance or delete another VM, etc.
How would I do that or is that even possible?
Thanks a lot!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openstack