On Mon, Jan 21, 2019 at 1:17 PM Ed Leafe <ed@leafe.com> wrote:
On Jan 21, 2019, at 3:10 AM, Jean-Philippe Evrard <jean-philippe@evrard.me> wrote:
>
> I think it would be great to have a larger community feedback, or at
> least a API SIG feedback, analysing this pattern.

I would strongly prefer the approach of each service implementing an endpoint to be called by the Keystone when a project is deleted. Relying on a library that would somehow be able to understand all the parts a project touches within a service sounds a lot more error-prone.

Are you referring to the system scope approach detailed on line 38, here [0]? I might be misunderstanding something, but I didn't think keystone was going to iterate all available services and call clean-up APIs. I think it was just that services would be able to expose an endpoint that cleans up resources without a project scoped token (e.g., it would be system scoped [1]).

[0] https://etherpad.openstack.org/p/community-goal-project-deletion
[1] https://docs.openstack.org/keystone/latest/admin/tokens-overview.html#system-scoped-tokens 



-- Ed Leafe