As of havana, keystone emits notifications on project (tenant) deletion for exactly this use case :)
BP: https://blueprints.launchpad.net/keystone/+spec/notifications Docs: http://docs.openstack.org/developer/keystone/event_notifications.html ** Changed in: keystone Status: New => Invalid -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to Keystone. https://bugs.launchpad.net/bugs/1194540 Title: It should be possible to remove Swift Accounts after their tenants have been deleted Status in OpenStack Identity (Keystone): Invalid Status in OpenStack Object Storage (Swift): New Bug description: Consider the following scenario: Create a tenant, create a user, create a directory, upload a file, delete the user, delete the tenant. Now it makes sense to send DELETE to the swift account before deleting the tenant. However, one might forget it or an application error could occur. So it could be imaginable that there are Swift Accounts whose tenants are gone and nobody remembers their tenant id. In this case all related data in swift is inaccessible. This should not be possible. Possible solutions: a) Make it possible to retrieve a list of swift accounts -> A script could be used to compare with keystone tenants and check for orphan swift accounts. b) Create a keystone callback / hook that notifies Swift to mark accounts as deleted once their corresponding keystone tenants have been deleted. This feature should be optional so that swift operators can either activate or deactivate it. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1194540/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
