You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Server.loadUsers (from server config) - calls data.DeleteIdentities but does not remove credentials, or access keys for the users
access.DeleteProviders - calls data.DeleteIdentities and handles deleting access keys (doesn't need to delete credentials)
With #2767 merged it seems like the only gap may be loadUsers not deleting of credentials or access keys. I'm not sure if that is by design.
The problem now is that there are two ways to delete users, in one code path the logic to delete associations is handled in access, and in the other code path it's handled in data.
This issue is to clean this up so that at the very least the two flows are consistent about where associations are deleted, either access or data. Ideally we would also remove the need to have separate code paths for deleting one identity and deleting many identities, but I'm not sure if that's possible.
The text was updated successfully, but these errors were encountered:
@j-sneh noticed this while working on #2767
Today we have the following:
access.DeleteIdentity
- handles removing credentials, access keys, and grants associated with the identity, and fix: remove deleted identities from identities_groups #2767 adds removal ofidentities_group
referencesdata.DeleteIdentity
- only deletes the one row fromidentities
tabledata.DeleteIdentities
- handles removing grants, and fix: remove deleted identities from identities_groups #2767 adds removal ofidentities_group
referencesServer.loadUsers
(from server config) - callsdata.DeleteIdentities
but does not remove credentials, or access keys for the usersaccess.DeleteProviders
- callsdata.DeleteIdentities
and handles deleting access keys (doesn't need to delete credentials)With #2767 merged it seems like the only gap may be
loadUsers
not deleting of credentials or access keys. I'm not sure if that is by design.The problem now is that there are two ways to delete users, in one code path the logic to delete associations is handled in
access
, and in the other code path it's handled indata
.This issue is to clean this up so that at the very least the two flows are consistent about where associations are deleted, either
access
ordata
. Ideally we would also remove the need to have separate code paths for deleting one identity and deleting many identities, but I'm not sure if that's possible.The text was updated successfully, but these errors were encountered: