This is something I have been asked and I was at first under impression it was only available in v3, digging a bit more into the code there is actually a way to do that in v2 when you are using PKI tokens. Since I could not find much documentation online here is a description of the steps how to do it.
Let first get a PKI token, you can do it the hard way by sending a json blob to the keystone url and parse the json results like this :
or do the easy way by gettting my script available here :
and use it like that :
it will give you a variable $TOKEN and a variable $STORAGE_URL that you can use further down.
now let’s try to use it with our swift :
all good here,
so now go inside your keystone.conf and get your admin/service token or use that friendly copy and paste command line :
and use it to DELETE the token we do that request directly to our keystone which is localhost here point it wherever you want:
We can still use it because the token is still in the cache. By default tokens are cached in memcache as good as 5 minutes but the
revocation list is fetched every seconds or so.
but after a bit (like over a minute or so) we are getting a proper denied: