delete user home directory when deleting user #755
Conversation
C0rby
force-pushed
the
delete-user-home
branch
2 times, most recently
from
03b937e
to
39a241c
Compare
|
Hm... so this solves it for the OCS endpoint. But what about deleting a user directly in the accounts service? E.g. when we implement that in the accounts web UI? Or as a CLI command? |
C0rby
force-pushed
the
delete-user-home
branch
from
39a241c
to
1bdde93
Compare
|
Good point. |
C0rby
force-pushed
the
delete-user-home
branch
from
1bdde93
to
46ab2e8
Compare
|
What happens about folders/files that are shared with other users, or as public links? It would be nice to remove all (or as much as possible) "file metadata" of a user when the user is deleted. |
|
If the user's home directory is correctly cleaned up when the user is deleted, then the tests will no longer need to be responsible to try and do that "under the hood". That is great. So in this PR, it should be possible to remove the uses of But at the moment the core test code still tries to do something "default" on OCIS if |
C0rby
force-pushed
the
delete-user-home
branch
2 times, most recently
from
2eadbe5
to
508c394
Compare
|
afaict there is some work to be done in reva to properly deprovision an account: cs3org/reva#1275 @phil-davis this PR is intended to allow the ocs api to deprovision accounts. wiping the users home will invalidate all share references and they will be filtered out if the referenced file no longer exists. not optimal because it accumulates shares. see the above ticket. good enough to deprovision accounts, I think. I agree with @kulmann to move the deletion code to the accounts service ... for now ... deprovisioning is a sensitive issue. it should happen in stages where the user is notified that his account will be frozen after n days, that his files will be deleted after 2n days, that his files will be moved to the archive after 3n days and that they will be truly deleted after 6n days ... or something like that, depending on company and legal policies. A hardcoded 'wipe now' like this PR is not the end goal. |
|
Kudos, SonarCloud Quality Gate passed!
|
|
@C0rby um this should go into the ocis/ocs because the proxy routes |
|
@butonic, what do you mean? The code is in ocis/ocs or not? |
|
@C0rby see PR #775 - the test suite does an under-the-hood delete of "user" files at the end of each scenario. e.g. I suspect that versions and trashbin of the old user are still there - it would be nice to clear those out when the OCS Provisioning API DELETE is processed. And maybe there are "remnants" of shares that cause side-effects in later scenarios. |
|
I'll have a look. 👀 |
nevermind, got confused... |
|
What the hell... for some reason it doesn't work anymore? |
|
Ah, it does still work... For some reason the accounts are now created with the usernames not with uuids. |
C0rby
force-pushed
the
delete-user-home
branch
from
bff9878
to
5233ccf
Compare
|
Argh fork... The API tests fail... 😞 |
C0rby
force-pushed
the
delete-user-home
branch
from
f05cae7
to
e51aed1
Compare
|
Ah yes, of course... I updated reva in the wrong module.... Now let's see if it works. |
C0rby
force-pushed
the
delete-user-home
branch
from
e51aed1
to
aee886f
Compare
Signed-off-by: David Christofas <dchristofas@owncloud.com>
Signed-off-by: David Christofas <dchristofas@owncloud.com>
Signed-off-by: David Christofas <dchristofas@owncloud.com>
Signed-off-by: David Christofas <dchristofas@owncloud.com>
Signed-off-by: David Christofas <dchristofas@owncloud.com>
C0rby
force-pushed
the
delete-user-home
branch
from
aee886f
to
6c98fde
Compare
Signed-off-by: David Christofas <dchristofas@owncloud.com>
|
Phew... so the ocis storage api tests seem okay-ish now. Halfway there... |
|
@C0rby I adjusted the way that some env variables work to control the core acceptance tests - owncloud/core#38077 I bumped the core commit in OCIS, so that OCIS is running with those changes: #799 - I did that just to make sure that nothing was broken. That is the reason that you have a conflict in |
|
Now I made core PR owncloud/core#38078 - that should be the little change that is needed in core to stop it from cleaning up user shares and files in the after-scenario. You should be able to test against that core branch |
|
@phil-davis, no worries! So I think I got the delete working for the OCIS storage (there is still one scenario failing though). Meaning the storage checks if the path to delete has the prefix |
|
Opened a PR in the cs3apis repo to add a |
|
cs3apis PR needs a rebase 😅 |
|
I think I encountered the same problem that @C0rby did, why is the provisioning API using the user name attribute as ID? It results in an invalid token |
|
Ultimately minting a token relying on the provisioning API results in an invalid JWT attribute:
this is the contents of a working one:
|
|
the previous error was caused because the IDP didn't match |
|
yup. Momentaneously hardcoding the IDP to |
|
Ah, I see, the ocis fs changed from the time of this implementation took place, and it no longer works. Adjusting the IDP in the OCS service makes it work again, since the user equality checks is: func isSameUserID(i *userpb.UserId, j *userpb.UserId) bool {
switch {
case i == nil, j == nil:
return false
case i.OpaqueId == j.OpaqueId && i.Idp == j.Idp:
return true
default:
return false
}
} |
|
I guess this can be closed since @refs did some work in another PR |
No description provided.