diff --git a/keystone/credential/core.py b/keystone/credential/core.py
index c2739c0436..96f6ef8cde 100644
--- a/keystone/credential/core.py
+++ b/keystone/credential/core.py
@@ -98,25 +98,25 @@ class Driver(object):
 
     @abc.abstractmethod
     def delete_credentials_for_project(self, project_id):
-        """Deletes all existing credentials for an existing project."""
-        for cred in self.list_credentials():
-            if cred['project_id'] == project_id:
-                try:
-                    self.credential_api.delete_credential(cred['id'])
-                except exception.CredentialNotFound:
-                    # NOTE(morganfainberg): If the credential doesn't exist
-                    # it doesn't matter, it is meant to be deleted. Continue
-                    # on and delete the rest.
-                    pass
+        """Deletes all credentials for a project."""
+        self._delete_credentials(lambda cr: cr['project_id'] == project_id)
 
     @abc.abstractmethod
     def delete_credentials_for_user(self, user_id):
-        for cred in self.list_credentials():
-            if cred['user_id'] == user_id:
+        """Deletes all credentials for a user."""
+        self._delete_credentials(lambda cr: cr['user_id'] == user_id)
+
+    def _delete_credentials(self, match_fn):
+        """Do the actual credential deletion work (default implementation).
+
+        :param match_fn: function that takes a credential dict as the
+                         parameter and returns true or false if the
+                         identifier matches the credential dict.
+        """
+        for cr in self.list_credentials():
+            if match_fn(cr):
                 try:
-                    self.credential_api.delete_credential(cred['id'])
+                    self.credential_api.delete_credential(cr['id'])
                 except exception.CredentialNotFound:
-                    # NOTE(morganfainberg): If the credential doesn't exist
-                    # it doesn't matter, it is meant to be deleted. Continue
-                    # on and delete the rest.
-                    pass
+                    LOG.debug(_('Deletion of credential is not required: %s'),
+                              cr['id'])
diff --git a/keystone/tests/test_v3_credential.py b/keystone/tests/test_v3_credential.py
index b72851295a..7e020fc2ac 100644
--- a/keystone/tests/test_v3_credential.py
+++ b/keystone/tests/test_v3_credential.py
@@ -39,12 +39,16 @@ class CredentialTestCase(test_v3.RestfulTestCase):
 
     def test_credential_api_delete_credentials_for_project(self):
         self.credential_api.delete_credentials_for_project(self.project_id)
+        # Test that the credential that we created in .setUp no longer exists
+        # once we delete all credentials for self.project_id
         self.assertRaises(exception.CredentialNotFound,
                           self.credential_api.get_credential,
                           credential_id=self.credential_id)
 
     def test_credential_api_delete_credentials_for_user(self):
         self.credential_api.delete_credentials_for_user(self.user_id)
+        # Test that the credential that we created in .setUp no longer exists
+        # once we delete all credentials for self.user_id
         self.assertRaises(exception.CredentialNotFound,
                           self.credential_api.get_credential,
                           credential_id=self.credential_id)