Reproduce https://bugs.launchpad.net/keystone/+bug/1484237

repro.sh

#!/bin/bash
set -e

unset OS_TOKEN
unset OS_ENDPOINT

# mysql -ukeystone -pkeystone -e "drop database keystone; create database keystone;"
# ~/openstack/keystone/.tox/py27/bin/keystone-manage db_sync

export OS_IDENTITY_API_VERSION=2.0
keystone --os-endpoint="http://localhost:35357/v2.0/" --os-token="ADMIN" bootstrap --user-name=admin --pass=admin --role-name=admin --tenant-name=admin

export OS_AUTH_URL=http://localhost:35357/v3/
export OS_IDENTITY_API_VERSION=3
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_TENANT_NAME=admin
export OS_PROJECT_NAME=admin
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default

ADMIN_TOKEN=`openstack token issue | grep id | grep -v project_id | grep -v user_id | awk '{ print $4 }'`

while true
do
    # mysql -ukeystone -pkeystone -e "use keystone; truncate revocation_event; commit;"

    # generate a new subject token
    echo "Creating a subject token..."
    SUBJECT_TOKEN=`openstack token issue | grep id | grep -v project_id | grep -v user_id | awk '{ print $4 }'`
    echo $SUBJECT_TOKEN

    # the "fix"!
    # sleep 0.5

    # try to delete the token
    echo "Deleting the subject token..."
    http --verbose delete ${OS_AUTH_URL}auth/tokens --x-auth-token=$ADMIN_TOKEN --x-subject-token=$SUBJECT_TOKEN | grep "Status: 204"

    echo "Validating the deleted token..."
    set +e
    http --verbose get ${OS_AUTH_URL}auth/tokens --x-auth-token=$ADMIN_TOKEN --x-subject-token=$SUBJECT_TOKEN | grep "Status: 404"
    if [ $? -ne 0 ]; then
        echo "Token is unexpectedly valid! Bug!"
        break
    fi
    echo "Token is correctly invalid. Trying again with another token..."
    set -e
done

echo "Token remains valid!"
# mysql -ukeystone -pkeystone -e "use keystone; select * from revocation_event;"