OpenStack Identity (keystone)

  1. Bug #1202952
  2. Comment #7

Comment 7 for bug 1202952

Revision history for this message
Adam Young (ayoung) wrote : Re: PKI tokens are never revoked using memcache token backend

With the applied patch, you can see the revocation list in memcached:

ran devstack, killed keystone server, modified /etc/keystone/keystone.conf with

[token]
driver = keystone.token.backends.memcache.Token
#driver = keystone.token.backends.sql.Token

service start memcached

restarted keystone server

sourced openrc

as demo user, created a bunch of tokens using cli token-get

export OS_USERNAME=admin
export ADMINTOKEN=` keystone token-get | awk '/ id /{print $4}'`

deleted a bunch of tokens using:
curl -X DELETE -H "X-Auth-Token:$ADMINTOKEN" http://localhost:35357/v2.0/tokens/$USERTOKEN

ran the following code in the python interpreter

import memcache
memcache_client = memcache.Client(['localhost'],debug=0)
memcache_client.get(revocation_key)

output looks like this:

'{"id": "83d677322322fc279a6a11c9c7474cb3"},{"id": "089dfcc4e55f96301d3d19beb663435d"},{"id": "36851e53e0027bf55c32b12a898b2950"}'