[Openstack] One Time Keystone Use Tokens?

Brian Chong Brian_Chong at symantec.com
Fri Oct 25 20:25:29 UTC 2013

Ah ok, so is there a event broadcast for Keystone to revoke it after the token is used? Or do I need to write some kind of "listener" on the AMQP to see if the event takes place? Can I correlate the event to the token being used for that event on the AMQP as part of the base of OpenStack?

Also, how would I approach it if its a non AMQP based service? Would I use log files to search for the event that took place?

Thanks a lot!

From: <Ali>, Haneef <haneef.ali at hp.com<mailto:haneef.ali at hp.com>>
Date: Friday, October 25, 2013 1:03 PM
To: Brian Chong <brian_chong at symantec.com<mailto:brian_chong at symantec.com>>, "openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>" <openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>>
Subject: RE: One Time Keystone Use Tokens?

I don’t think it is possible.  Can’t you revoke the token after  VM boot?


From: Brian Chong [mailto:Brian_Chong at symantec.com]
Sent: Friday, October 25, 2013 8:19 AM
To: openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>
Subject: [Openstack] One Time Keystone Use Tokens?


I'm trying to figure out if its possible to configure KeyStone tokens to be one time use. My use case is that when a user requests that they want to take a action on the platform (i.e.: boot a VM) they aren't also using that same token to load a image in Glance or delete another VM, etc.

How would I do that or is that even possible?

Thanks a lot!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20131025/5b631512/attachment.html>

More information about the Openstack mailing list