Q1 2018: Flush Repose Cache when Domain role change event comes in


As Identity, I want Repose to update its internal cache when a default role for a domain changes to something else, so that its internal cache has current/accurate information.

Default Role is: Domain level role – if role changes then we need to apply the change downward (i.e. to people in the domain with the default role).

This happens when a BU (e.g. FAWS or Azure) changes the default roles for people who have a accounts in their BU. For example, FAWS may say all of their customers have ticketing:admin, then later FAWS says it wants to change the default role to be named ticketing:observers instead. But, Repose already cached ticketing:admin as a role for the people who have made requests.

Identity is not going to send an event for all of those customers, though. Instead, they will send an event for the default role name change. Jorge is thinking this is such a rare event, it would be easier to just flush the entire cache (of this type of entry) than to look for these specific entries to invalidate.

Repose needs to start listening to this new event from Identity.

Dist datastore might not have all info necessary to flush the cache and we might not want to flush the entire cache… think about an efficient way to do this.

Note: We need to know what this event looks like and it is dependent on Identity.

Acceptance Criteria:

  • Does the thing happy birthday Adrian... in the keystone filter

  • V3 will need to be considered at some point in the future

  • When event is seen, cached user data is flushed

  • We handle all of our cache mechanisms:

    • Remote

    • Distributed

    • Local

  • Behavior will be erratic in a clustered environment that is already fractured





Adrian George


Kari Davis


External issue ID






Story Points


Epic Link