It should be possible to remove Swift Accounts after their tenants have been deleted
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Identity (keystone) |
Invalid
|
Undecided
|
Unassigned | ||
| OpenStack Object Storage (swift) |
Won't Fix
|
Undecided
|
Unassigned | ||
Bug Description
Consider the following scenario:
Create a tenant, create a user, create a directory, upload a file, delete the user, delete the tenant.
Now it makes sense to send DELETE to the swift account before deleting the tenant.
However, one might forget it or an application error could occur.
So it could be imaginable that there are Swift Accounts whose tenants are gone and nobody remembers their tenant id.
In this case all related data in swift is inaccessible.
This should not be possible.
Possible solutions:
a) Make it possible to retrieve a list of swift accounts -> A script could be used to compare with keystone tenants and check for orphan swift accounts.
b) Create a keystone callback / hook that notifies Swift to mark accounts as deleted once their corresponding keystone tenants have been deleted.
This feature should be optional so that swift operators can either activate or deactivate it.
| Kun Huang (academicgareth) wrote | #1 |
| Dolph Mathews (dolph) wrote | #2 |
| Changed in keystone: | |
| status: | New → Invalid |
| Kun Huang (academicgareth) wrote | #3 |
| Kun Huang (academicgareth) wrote | #4 |
| Dolph Mathews (dolph) wrote | #5 |
| John Dickinson (notmyname) wrote | #6 |
| Changed in swift: | |
| status: | New → Won't Fix |
I think this is the job or client applications or keystone. Let's see keystone developer's view on the keystone callback