Feature #12626

Updated by Tom Clegg over 3 years ago

New API endpoint: @POST /arvados/v1/users/merge@
* Authorization header has valid API token for the "old" account
* new_user_token (post form param in request body) has valid API token for the "new" account
* new_owner_uuid (post form param in request body) has either new user's UUID, or a group UUID writable by the new
end point to merge user
* redirect_to_new_user=true (optional)

Security checks
* Current token ("old account") has scopes=["all"]
* new_user_token ("new account") has scopes=["all"]
* API logs show the UUID
accounts, accepts tokens of the corresponding api_client_auth record instead of merge_into_token old user and new user.

* Move all
All records (groups, links, (links, collections, projects, jobs, pipelines, container requests, etc) owned by the old user into new_owner_uuid (this is typically are reassigned to a new empty project or a group which is owned by the new user who doesn't own anything, so name conflicts would be a surprise/error)
* Update links set tail_uuid=new_user_uuid where tail_uuid=old_user_uuid

Additional actions if redirect_to_new_user=true
* Set
Links with tail_uuid of the old user's redirect_to_user_uuid field user are changed to the new user's UUID
* Move

Links with head_uuid of the
old user's SSH keys to the new user
are deleted (??)

API tokens associated with old user are left alone. After the merge, they will give access to the new account. deleted (possible exception for scoped sharing links?)

...if redirect_to_new_user=false
* Leave old user's redirect_to_user_uuid field alone
* Delete old user's
SSH keys
* Leave old user's API tokens alone

associated with head_uuid of the old user are left alone. deleted.

This is all done in a transaction: User gets to choose to keep either old or new username (used for vm logins, git repository namespace).

Old user should be linked to the new user such that,
if anything fails, someone authenticates to the entire operation is cancelled.

* New column (users.redirect_to_user_uuid) is needed.
* #12995 and #12703 are blocked only by
old account, they land in the redirect_to_new_user=true case. new account instead.