Feature #15531

[SDK] Migrate federation to central LoginCluster

Added by Peter Amstutz 16 days ago. Updated 1 day ago.

Status:
New
Priority:
Normal
Assigned To:
-
Category:
-
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Story points:
3.0

Description

Mass user migration to centralized federated user uuids.

  1. Generate a list of all existing users across clusters with --migrate-to flag (this fills in the "home" column for every user)
  2. Produce report listing each email address, existing user uuid, if the user owns anything, the cluster that the user will be migrated to
  3. Admin reviews report
  4. Report is fed back in
  5. If no local user exists for a home cluster, create a new user with the email address
  6. Use user merge to redirect all the old user accounts (and reassign all their data) to user on the home cluster. Decide where to relocate ownership (user or a project owned by user) based on which accounts are empty or not.

Note: API server needs to allow migrating objects owned by remote users to federated user, and make the old remote user disappear (currently migrating remote accounts is not supported) (this was specifically requested by the customer).

API merge method allows specifying the owner_uuid

Write some tests (based on mocks) for the tool.


Related issues

Related to Arvados - Story #15529: [API] [Controller] Share user account database with a group of trusted clustersNew08/22/2019

Related to Arvados - Task #15208: Migration scriptResolved04/18/2019

Related to Arvados - Feature #15061: Redirect users to log in with correct federated identityResolved04/18/2019

History

#1 Updated by Peter Amstutz 16 days ago

  • Status changed from New to In Progress

#2 Updated by Peter Amstutz 16 days ago

  • Status changed from In Progress to New
  • Description updated (diff)
  • Subject changed from User migration tool to User migration tool for federation

#3 Updated by Peter Amstutz 16 days ago

  • Related to Story #15529: [API] [Controller] Share user account database with a group of trusted clusters added

#4 Updated by Peter Amstutz 16 days ago

  • Description updated (diff)

#5 Updated by Peter Amstutz 16 days ago

  • Description updated (diff)

#6 Updated by Peter Amstutz 16 days ago

  • Subject changed from User migration tool for federation to User management/migration tool

#7 Updated by Peter Amstutz 16 days ago

  • Description updated (diff)

#8 Updated by Peter Amstutz 2 days ago

  • Description updated (diff)

#9 Updated by Tom Morris 2 days ago

#10 Updated by Tom Morris 2 days ago

  • Related to Feature #15061: Redirect users to log in with correct federated identity added

#11 Updated by Peter Amstutz 2 days ago

  • Description updated (diff)

#12 Updated by Peter Amstutz 2 days ago

  • Description updated (diff)

#13 Updated by Tom Morris 2 days ago

  • Story points set to 3.0
  • Target version changed from To Be Groomed to Arvados Future Sprints

#14 Updated by Peter Amstutz 1 day ago

  • Subject changed from User management/migration tool to [SDK] Migrate federation to central LoginCluster

Also available in: Atom PDF