On 12/15/13 7:01 PM, Ryan Lane wrote:
On Sat, Dec 14, 2013 at 10:33 AM, Maarten Dammers <[email protected]
<mailto:[email protected]>> wrote:
Hi Andrew,
Andrew Bogott schreef op 13-12-2013 23:43:
The following projects are visible on wikitech but do not
contain any instances. My inclination is to delete them all
-- it's easy enough to recreate them after the fact if necessary.
Any objections?
Are you certain this doesn't have any security implications? Say
for example when someone else creates a deleted project and gets
rights which belonged to the previous project or when the system
reuses internal id's.
All rights are managed by keystone and keystone uses LDAP for role and
project membership. When Andrew deletes the project, he'll be deleting
the entire project tree from LDAP. It's possible that some service
specific resources could be held over (like quotas), but hopefully
there's an easy way to clean those references up in those specific
services.
Yep! Also, in addition to cleaning projects out of LDAP I'm planning to
delete the gluster shared storage for these projects. Given that the
projects are empty, gluster is really the only place that anything of
value could reside.
I won't be doing gluster first, though, so will probably send yet
another warning message before I clobber all that.
We've always had the ability to delete projects, but I've avoided
doing so because it's a relatively involved process.
Ryan, in case I'm missing anything: other than gluster, are there other
specific project bits that you know the 'manage projects' delete link
fails to clean up?
-A
_______________________________________________
Labs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/labs-l
