tripleo-validations/playbooks/controller-token.yaml

---
- hosts: undercloud, Controller
  vars:
    metadata:
      name: Verify that keystone admin token is disabled
      description: >
        This validation checks that keystone admin token is disabled on both
        undercloud and overcloud controller after deployment.        
      groups:
        - post-deployment
    keystone_conf_file: "/var/lib/config-data/puppet-generated/keystone/etc/keystone/keystone.conf"
  roles:
    - controller_token