yahoo-eng-team team mailing list archive

[Dolph Mathews <1194540@xxxxxxxxxxxxxxxxxx>]

As of havana, keystone emits notifications on project (tenant) deletion
for exactly this use case :)

BP: https://blueprints.launchpad.net/keystone/+spec/notifications

Docs:
http://docs.openstack.org/developer/keystone/event_notifications.html

** Changed in: keystone
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1194540

Title:
  It should be possible to remove Swift Accounts after their tenants
  have been deleted

Status in OpenStack Identity (Keystone):
  Invalid
Status in OpenStack Object Storage (Swift):
  New

Bug description:
  Consider the following scenario:
  Create a tenant, create a user, create a directory, upload a file, delete the user, delete the tenant.

  Now it makes sense to send DELETE to the swift account before deleting the tenant.
  However, one might forget it or an application error could occur.

  So it could be imaginable that there are Swift Accounts whose tenants are gone and nobody remembers their tenant id.
  In this case all related data in swift is inaccessible.

  This should not be possible.

  Possible solutions:
  a) Make it possible to retrieve a list of swift accounts -> A script could be used to compare with keystone tenants and check for orphan swift accounts.

  b) Create a keystone callback / hook that notifies Swift to mark accounts as deleted once their corresponding keystone tenants have been deleted.
  This feature should be optional so that swift operators can either activate or deactivate it.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1194540/+subscriptions