Skip to content

keystone-listener: enable allow_requeue for project delete events#371

Open
xek wants to merge 1 commit into
mainfrom
ggrasza/keystone-listener-allow-requeue
Open

keystone-listener: enable allow_requeue for project delete events#371
xek wants to merge 1 commit into
mainfrom
ggrasza/keystone-listener-allow-requeue

Conversation

@xek

@xek xek commented Apr 29, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Set allow_requeue = true in the Keystone listener config template
  • Without this, a transient failure during project-delete cleanup (e.g. DB blip) silently drops the notification, leaving orphaned Barbican resources (secrets, containers, KEK data, ACLs) with no automatic recovery
  • With requeue enabled, the oslo.messaging transport retries delivery until the cleanup succeeds

Test plan

  • Deploy barbican-operator with this change
  • Delete a Keystone project that has Barbican secrets
  • Verify Barbican resources are cleaned up
  • Simulate a transient failure (e.g. brief DB disconnect) during a project delete and verify the notification is requeued and eventually processed

🤖 Generated with Claude Code

@xek
keystone-listener: enable allow_requeue for project delete events
5b7a32b 
When the Keystone listener fails to clean up Barbican resources for a
deleted project (e.g. transient DB outage), the notification was
silently acknowledged and dropped because allow_requeue defaults to
false. This leaves orphaned secrets, containers, KEK data and ACLs in
the database with no automatic recovery path.

Setting allow_requeue = true causes the message to be requeued so the
cleanup is retried once the transient failure resolves.

Assisted-by: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
Change-Id: I8c7911943a3f76dcc4215e05bce69beb3821928d
@openshift-ci

openshift-ci Bot commented Apr 29, 2026

Copy link
Copy Markdown

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@openshift-ci

openshift-ci Bot commented Apr 29, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: xek

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@xek xek marked this pull request as ready for review April 29, 2026 09:12
@openshift-ci openshift-ci Bot requested review from dmendiza and dprince April 29, 2026 09:12
@softwarefactory-project-zuul

softwarefactory-project-zuul Bot commented Apr 29, 2026

Copy link
Copy Markdown

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/a2865839e558414aa3bb96d7144de868

openstack-k8s-operators-content-provider FAILURE in 5m 06s
⚠️ barbican-operator-kuttl SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider (non-voting)
⚠️ barbican-operator-tempest SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider (non-voting)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dmendiza dmendiza Awaiting requested review from dmendiza
@dprince dprince Awaiting requested review from dprince

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

approved

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@xek