On 7/14/2016 3:04 AM, Zhenyu Zheng wrote:
Hi All,
We have meet some problems when trying to cleanup resources, keypairs in
particular.
The scenario is like this, we have several projects in our public cloud,
each project have their own admin, they can create and delete users, and
their users may create keypairs; As keypairs are only related to
users(user_id), when project admin delete it's users, they may forget to
delete the related keypairs and also they might tried to delete keypairs
but some thing happened and it didn't work.
Now, when we, as public cloud admin, we want to delete this project and
cleanup its' resources, we can't delete the keypairs because when delete
keypairs we have to provide the related user_id, if this user has
already been deleted(keystone uses hard delete and we cannot find
deleted users their), we won't able to delete the keypairs forever.
Does anyone have any comments or thoughts about the above problem?
Thanks
Kevin Zheng
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Nova doesn't actually validate the user_id passed into the keypairs API
is valid, does it? Like flavor access and quotas, Nova is given an ID
but doesn't validate it with Keystone. So we don't actually need
Keystone to find these do we?
I'm not saying that's great, we already had a spec approved for Newton
to check the provided user/project ID with keystone for the flavor
access and quotas APIs, we could do the same for keypairs.
You could, however, write a script that deletes keypairs for user_ids
that don't exist in Keystone...
--
Thanks,
Matt Riedemann
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
