What does "revoked" mean in keystone

When I run command nova image-list, I get some info from /var/log/keystone/keystone.log:

2013-06-04 15:31:46 INFO [access] - - [04/Jun/2013:07:31:46 +0000] "POST http://keystone:5000/v2.0/tokens HTTP/1.0" 200 5143
2013-06-04 15:31:46 INFO [access] - - [04/Jun/2013:07:31:46 +0000] "GET http://keystone:35357/v2.0/tokens/revoked HTTP/1.0" 200 504
2013-06-04 15:31:46 INFO [access] - - [04/Jun/2013:07:31:46 +0000] "GET http://keystone:35357/v2.0/tokens/revoked HTTP/1.0" 200 504

What is glance trying to get from URL http://keystone:35357/v2.0/tokens/revoked HTTP/1.0? What does revoked means in the context of tokens?

1 answer

Tokens have an expiry time, before which they need to be renewed, or they can be manually revoked. A 'revoked' token means that it is no longer able to be used for one of these reasons. Instead, a new token should be requested.

Thanks. Then, what is GET http://keystone:35357/v2.0/tokens/revoked HTTP/1.0 doing ?

This will return the list of revoked tokens, which can be used to check whether the token is still valid or not.

o, understand. Another question, use command "nova list" as the example, I used to think when a user run command "nova list", keystone will accept three access, from user,nova, and nova. But now, only one access is need, do you know why? Because I guess this is related with revoked tokens.

To help with indexing, please create a new question entry for this one :)

