Open Stack

Hi all,

From the API perspective it is possible to delete user without deleting its key pairs. Practice showed, however, that keypairs of deleted user still exist and can be queried by API knowing id of the deleted user (at least in devstack and 1 other public cloud). I know it may be tricky if there is still VM provisioned with the key, but deleting user logically means nobody has access to the private key anyway. And since key pairs belong to users and not to projects it is not possible to clean them up in the project cleanup either. Actually from the API pov there is no reasonable way to ever find those (without knowing ID of the deleted user which is logically not known anymore). If there is no cleanup this can in the mid term cause trashing the database (records are small, but still), especially when using “dynamic” users to perform some actions. 

So far I haven’t tried to grep through code basis of Nova to check what is happening, neither tried to check behavior over time, and decided first to ask here whether somebody knows what should be generally happening here, is it a bug or feature?

Thanks,
Artem