Comment 6 for bug 1648677

> check_revocations_for_cached = True
> ...
> 1. set the above config in the nova-compute charm

We need to be careful with this option, because this will make nova-compute daemons to ask keystone for the list of revoked tokens (GET /tokens/revoked)[0] every X seconds[1], so the extra pressure on keystone is something to consider.

On top of the previously said, the real problem with this option is that this only works for PKI token format which is being deprecated[2]

[0] https://github.com/openstack/keystonemiddleware/blob/master/keystonemiddleware/auth_token/__init__.py#L744
[1] https://github.com/openstack/keystonemiddleware/blob/master/keystonemiddleware/auth_token/__init__.py#L601
[2] https://github.com/openstack/keystonemiddleware/commit/77909fdc169e4b6f9b177212514f10913bc389e6