On Mon, Jan 21, 2019 at 2:18 PM Ed Leafe <ed@leafe.com> wrote:
On Jan 21, 2019, at 1:55 PM, Lance Bragstad <lbragstad@gmail.com> wrote:
Are you referring to the system scope approach detailed on line 38, here
[0]?
Yes.
I might be misunderstanding something, but I didn't think keystone was going to iterate all available services and call clean-up APIs. I think it was just that services would be able to expose an endpoint that cleans up resources without a project scoped token (e.g., it would be system scoped [1]).
[0] https://etherpad.openstack.org/p/community-goal-project-deletion [1] https://docs.openstack.org/keystone/latest/admin/tokens-overview.html#system...
It is more likely that I’m misunderstanding. Reading that etherpad, it appeared that it was indeed the goal to have project deletion in Keystone cascade to all the services, but I guess I missed line 19.
So if it isn’t Keystone calling this API on all the services, what would be the appropriate actor?
The actor could still be something like os-purge or adjutant [0]. Depending on how the implementation shakes out in each service, the implementation in the actor could be an interation of all services calling the same API for each one. I guess the benefit is that the actor doesn't need to manage the deletion order based on the dependencies of the resources (internal or external to a service). Adrian, and others, have given this a bunch more thought than I have. So I'm curious to hear if what I'm saying is in line with how they've envisioned things. I'm recalling most of this from Berlin. [0] https://adjutant.readthedocs.io/en/latest/
-- Ed Leafe