
<html>

  <head>

    <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">

  </head>

  <body text="#000000" bgcolor="#FFFFFF">

    <div class="moz-cite-prefix">On 12/15/13 7:01 PM, Ryan Lane wrote:<br>

    </div>

    <blockquote

cite="mid:CALKgCA2gChhdLBq8d0zfn7vrKwb-mqt6c-L=hVzs157CbkvO8w@mail.gmail.com"

      type="cite">

      <div dir="ltr">On Sat, Dec 14, 2013 at 10:33 AM, Maarten Dammers <span

          dir="ltr"><<a moz-do-not-send="true"

            href="mailto:maarten@mdammers.nl" target="_blank">maarten@mdammers.nl</a>></span>

        wrote:<br>

        <div class="gmail_extra">

          <div class="gmail_quote">

            <blockquote class="gmail_quote" style="margin:0 0 0

              .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi

              Andrew,<br>

              <br>

              Andrew Bogott schreef op 13-12-2013 23:43:

              <div class="im"><br>

                <blockquote class="gmail_quote" style="margin:0 0 0

                  .8ex;border-left:1px #ccc solid;padding-left:1ex">

                  The following projects are visible on wikitech but do

                  not contain any instances.  My inclination is to

                  delete them all -- it's easy enough to recreate them

                  after the fact if necessary.<br>

                  <br>

                  Any objections?<br>

                </blockquote>

              </div>

              Are you certain this doesn't have any security

              implications? Say for example when someone else creates a

              deleted project and gets rights which belonged to the

              previous project or when the system reuses internal id's.<span

                class="HOEnZb"><font color="#888888"><br>

                  <br>

                </font></span></blockquote>

            <div><br>

            </div>

            <div>All rights are managed by keystone and keystone uses

              LDAP for role and project membership. When Andrew deletes

              the project, he'll be deleting the entire project tree

              from LDAP. It's possible that some service specific

              resources could be held over (like quotas), but hopefully

              there's an easy way to clean those references up in those

              specific services.<br>

            </div>

          </div>

        </div>

      </div>

    </blockquote>

    <br>

    Yep!  Also, in addition to cleaning projects out of LDAP I'm

    planning to delete the gluster shared storage for these projects. 

    Given that the projects are empty, gluster is really the only place

    that anything of value could reside.<br>

    <br>

    I won't be doing gluster first, though, so will probably send yet

    another warning message before I clobber all that.<br>

    <br>

    <blockquote

cite="mid:CALKgCA2gChhdLBq8d0zfn7vrKwb-mqt6c-L=hVzs157CbkvO8w@mail.gmail.com"

      type="cite">

      <div dir="ltr">

        <div class="gmail_extra">

          <div class="gmail_quote">

            <div>

              <br>

              We've always had the ability to delete projects, but I've

              avoided doing so because it's a relatively involved

              process.<br>

            </div>

          </div>

        </div>

      </div>

    </blockquote>

    <br>

    Ryan, in case I'm missing anything:  other than gluster, are there

    other specific project bits that you know the 'manage projects'

    delete link fails to clean up?<br>

    <br>

    -A<br>

    <br>

  </body>

</html>