Feature #15531

Updated by Peter Amstutz 10 months ago

Update federation_migrate.py

h2. Migrate to federated

Mass user migration to new federated user uuids.

#
Generate a list of all existing users across clusters
#


Generate the deterministic user uuids
# Produce report listing each email address, old user uuid, and new deterministic user uuid
# Admin reviews report
# Consume report and migrate each old user to new deterministic user uuid on each cluster
# Use


Migrate
existing user merge feature to redirect each user account accounts (and reassign all their data) to the deterministic user uuid

Note: API server needs to allow Support migrating objects owned by remote individual users to clusterwide federated user, and make the disappear (currently migrating remote accounts is not supported) (this was specifically requested by the customer).

h2. User redirect

For case where user email address changes, so that logging in yields a new deterministic uuid.

Add migration tool option that accepts two email addresses. Generate deterministic uuid for each email address, then make merge API call to direct new user uuid to existing user on each cluster.

h2. User ownership reassign

For case where a user leaves the organization and her stuff needs to be given to someone else.

Similar to user redirect, this mode accepts two email addresses. Generate deterministic uuid for each email address. Make merge API call to assign ownership of departing user's stuff to new user on each cluster.

Note: also needs API server support, must permit redirect_to_user_uuid is nil, in which case ApiClientAuthorization (API tokens) and AuthorizedKey (ssh keys) are not migrated, because the user that left may have lingering credentials and shouldn't gain access to other account.

h2. Workbench2 ?

User redirect and user reassign could be implemented as admin tools on Workbench 2.

Back