Ah ok, so is there a event broadcast for Keystone to revoke it after the token is used? Or do I need to write some kind of "listener" on the AMQP to see if the event takes place? Can I correlate the event to the token being used for that event on the AMQP as part of the base of OpenStack?
Also, how would I approach it if its a non AMQP based service? Would I use log files to search for the event that took place? Thanks a lot! -Brian From: <Ali>, Haneef <haneef....@hp.com<mailto:haneef....@hp.com>> Date: Friday, October 25, 2013 1:03 PM To: Brian Chong <brian_ch...@symantec.com<mailto:brian_ch...@symantec.com>>, "openstack@lists.openstack.org<mailto:openstack@lists.openstack.org>" <openstack@lists.openstack.org<mailto:openstack@lists.openstack.org>> Subject: RE: One Time Keystone Use Tokens? I don’t think it is possible. Can’t you revoke the token after VM boot? Thanks Haneef From: Brian Chong [mailto:brian_ch...@symantec.com] Sent: Friday, October 25, 2013 8:19 AM To: openstack@lists.openstack.org<mailto:openstack@lists.openstack.org> Subject: [Openstack] One Time Keystone Use Tokens? Hi, I'm trying to figure out if its possible to configure KeyStone tokens to be one time use. My use case is that when a user requests that they want to take a action on the platform (i.e.: boot a VM) they aren't also using that same token to load a image in Glance or delete another VM, etc. How would I do that or is that even possible? Thanks a lot! -Brian
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
