[JUJU-2928] fully remove users #15266
Conversation
There was a problem hiding this comment.
This seems dangerous to me, even if you've got a different password. Ostensibly it means you can pretend to be the previous user and I don't know what all the ramifications are to that. At the very least I'd want a new field (int?) that states if this was a takeover/repurposed account.
|
For me the problem there is the concept "user reuse" which is basically what we're doing here but I share your concerns. About indicating if a username was taken over, that can be easily done but probably is not fully informative for auditing purposes. This maybe requires an additional object storing the history of the user entry... |
juanmanuel-tirado
added
the
do not merge
juanmanuel-tirado
removed
the
do not merge
* Do not increment CharmModifiedVersion for importing a resource during model migration; * Patch statefulset valid fields only; * Fix TestUpgradeStateful; * Rephrase the error message in caas provisioner worker for less confusion; * [JUJU-2928] fully remove users (#15266) * Add removallog for user entries and permit to add previously removed users. * Split transactions when regenerating previously removed user (#26) * When recreating the user permissions for a removed user, the transactions are failing. This behaviour does not happen in 2.9. I split the transactions in two different sets. --------- Co-authored-by: Juju bot <jujubot@users.noreply.github.com> Co-authored-by: Juan M. Tirado <juanmanuel-tirado@users.noreply.github.com>
* Do not increment CharmModifiedVersion for importing a resource during model migration; * Patch statefulset valid fields only; * Fix TestUpgradeStateful; * Rephrase the error message in caas provisioner worker for less confusion; * [JUJU-2928] fully remove users (#15266) * Add removallog for user entries and permit to add previously removed users. * Split transactions when regenerating previously removed user (#26) * When recreating the user permissions for a removed user, the transactions are failing. This behaviour does not happen in 2.9. I split the transactions in two different sets. --------- Co-authored-by: Kelvin <kelvin.liu@canonical.com> Co-authored-by: Juju bot <jujubot@users.noreply.github.com>
|
@juanmanuel-tirado This needs migration and upgrade steps. For any already-deleted users, we should add the removal log entry with the current date for deletion and some indicator of upgrade/migration as the user. If anyone reactivates an already-deleted user after this patch, we'll be missing the log entry. |
|
Let me address this in another PR. Thanks! |
The current Juju logic does not fully remove users from the database in order to maintain relevant info for auditing purposes. This makes impossible to reuse usernames. This is a problem in certain scenarios where by mistake a user is deleted and has to be created again (e.g. Terraform provider). This PR modifies the state package to permit the addition of a previously removed user. We basically, check if a returned doc was already deleted and if so, we update the doc with the new details.
Note: These changes may impact the integration tests on Jenkins.
Checklist
- [ ] Code style: imports ordered, good names, simple structure, etc- [] Comments saying why design decisions were made- [ ] Integration tests, with comments saying what you're testing- [ ] doc.go added or updated in changed packagesQA steps
Verify using the CLI that a user can be added after been removed.
List users
juju users Name Display name Access Date created Last connection admin* admin superuser 19 hours ago just now user1 login 51 seconds ago never connectedRemove it
juju remove-user user1 --yes User "user1" removedAdd it again
If we try to add it it will simply fail because the user already exists.