Remove "non-charmed" user deletion at update-status and client-broken
#331
Assignees
Labels
Comments
phvalguima
changed the title
update-status and client-brokenupdate-status and client-broken
|
That's a good one. We should filter out of the removal / cleanup routine users not created through the charm's client relations. |
|
Shortly: the request is to support manually created users. |
juditnovak
added a commit
that referenced
this issue
Sep 20, 2024
# Issue Addressing #331 , namely that currently it's impossible to add users manually to Opensearch, as they are cleaned up on the first `update-status`. # Solution Saving every relation ID with the corresponding user's name in a dictionary on the databag. This allows us to keep track of relation users and the relations they belong to. This data structure is maintained such as - `index-created` : adding new relation - usrer pair as craeting the user in Opensearch - `update-status`, `relation-broken`, `relation-departed`: removing (stale or dedicated) relations - user pairs from the databag as removing Opensearch users ## Developers' notes In order to get involved scopes clear: - Operations on the new databag structure are strongly coupled togeter. Thus they MUST be in the same module. (This principle is also in attempt to decrease the "spagetti".) - Since removing users is now clearly specific to client relations, this functionality should reside in the Provider code. Accompaigned with the suited user creation functionality encapsulating all relation-specific details (role name same as username, databag structures to be maintained, etc.) - Note: since extra user roles may be shared across multiple users, and re-used, we do NOT clean up those. But normal roles only. - Note2: We are taking advantage of usernames being equal to their related roles (and don't store roles specifically). --------- Co-authored-by: Judit Novak <judit.novak@canonical.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently, we have
OpenSearchUserManager.remove_users_and_roles, which removes users and roles that are not linked to system users or existing relations. The removal happens here.This method is called in two different places: update status and client relation broken events. Now, removing the relation user and role makes sense, but we should only remove that user / role, not a generic clean-up. We should also remove the call from
update_status.The text was updated successfully, but these errors were encountered: