[openstack-dev] [Keystone]ON DELETE RESTRICT VS ON DELETE CASCADE

Mike Bayer mbayer at redhat.com
Mon Mar 9 19:37:02 UTC 2015



Morgan Fainberg <morgan.fainberg at gmail.com> wrote:

> 
> 
> On Monday, March 9, 2015, Mike Bayer <mbayer at redhat.com> wrote:
> 
> 
> Wei D <wei.d.chen at intel.com> wrote:
> 
> > +1,
> >
> >
> >
> > I am fan of checking the constraints in the controller level instead of relying on FK constraints itself, thanks.
> 
> Why shouldn’t the storage backends, be they relational or not, be tasked
> with verifying integrity of data manipulations? If data integrity rules are
> pushed out to the frontend, the frontend starts implementing parts of the
> backend. Other front-ends to the same persistence backend might not have the
> same rule checks, and you are now wide open for invalid data to be
> persisted.
> 
> Front-ends should of course be encouraged to report on a potential issue in
> integrity before proceeding with an operation, but IMO the backend should
> definitely not allow the operation to proceed if the frontend fails to check
> for a constraint. Persistence operations in which related objects must also
> be modified in response to a primary object (e.g. a CASCADE situation),
> else integrity will fail, should also be part of the backend, not the front end.
> 
> 
> 
> 
> You are assuming data is stored in an all SQL environment. In keystone it is highly unlikely that you can make this assumption. When you discuss users, groups, projects, domains, roles, assignments, etc... All of these could be crossing SQL, LDAP, MongoDB, etc. in short, do not assume you are even talking the same language.  This is why FKs are of minimal benefit to us.

You should read my paragraph above again; I referred to “the storage
backends, **be they relational or not**, be tasked with verifying
integrity”. Which means, for example in an LDAP system where deleting a
parent key means all the child keys are automatically deleted, that is what
I mean by “the backend has verified integrity”. The controller didn’t need
to dip into the LDAP backend’s system and make sure that the child keys of
the parent were removed first.   The LDAP system naturally performs this
task.

In a relational backend, it should not be possible to perform an operation
where a row is in place which refers to a primary key that no longer exists.
This should be independent of the system which refers to this schema, even
if that system might be unaware that the backend is in fact relational. I’m
a little surprised this is suddenly controversial.

> 
> So tl;dr, we have an architecture that is not conducive to foreign keys, and therefore should not use them beyond bare-minimums, instead rely on the manager to do business logic. This is not the case for all OpenStack projects.

If your relational backend contains more than one table, and any of these
tables happen to store primary key identifiers from some of the other
tables, then foreign keys are relevant and necessary.


> > Best Regards,
> >
> > Dave Chen
> >
> >
> >
> > From: Morgan Fainberg [mailto:morgan.fainberg at gmail.com]
> > Sent: Monday, March 09, 2015 2:29 AM
> > To: David Stanek; OpenStack Development Mailing List (not for usage questions)
> > Subject: Re: [openstack-dev] [Keystone]ON DELETE RESTRICT VS ON DELETE CASCADE
> >
> >
> >
> > On March 8, 2015 at 11:24:37 AM, David Stanek (dstanek at dstanek.com) wrote:
> >
> >
> > On Sun, Mar 8, 2015 at 1:37 PM, Mike Bayer <mbayer at redhat.com> wrote:
> >
> > can you elaborate on your reasoning that FK constraints should be used less
> > overall?  or do you just mean that the client side should be mirroring the same
> > rules that would be enforced by the FKs?
> >
> >
> > I don't think he means that we will use them less.  Our SQL backends are full of them.  What Keystone can't do is rely on them because not all implementations of our backends support FKs.
> >
> > 100% spot on David. We support implementations that have no real concept of FK and we cannot assume that a cascade (or restrict) will occur on these implementations.
> >
> >
> >
> > —Morga
> >
> >
> >
> > --
> >
> > David
> > blog: http://www.traceback.org
> > twitter: http://twitter.com/dstanek
> >
> > www: http://dstanek.com
> >
> > __________________________________________________________________________
> > OpenStack Development Mailing List (not for usage questions)
> > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >
> > __________________________________________________________________________
> > OpenStack Development Mailing List (not for usage questions)
> > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> 
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



More information about the OpenStack-dev mailing list