Feature #15531

Updated by Peter Amstutz almost 2 years ago

Update federation_migrate.py

h2. Migrate to federated

Mass user migration to new federated user uuids.

# Generate a list of all existing users across clusters
# Generate deterministic user uuids
# Produce report listing each email address, old user uuid, and new deterministic user uuid
# Admin reviews report
# Report is fed back in, merge Consume report and migrate each old user to new deterministic user uuid on each cluster
# Use existing user merge feature to redirect each user account (and reassign all their data) to the deterministic user uuid

Note: API server needs to allow migrating objects owned by remote users to clusterwide federated user, and make the disappear (currently migrating remote accounts is not supported) (this was specifically requested by the customer).

If the deterministic user uuid is based on something other than the email address (or something else in the user record) we won't be able to generate correct ones.

h2. User redirect

For case where user email address changes, so that logging in yields a new deterministic uuid.

Add migration tool option that accepts two email addresses. Generate deterministic uuid for each email address, then make merge API call to direct new user uuid to existing user on each cluster.

h2. User ownership reassign

For case where a user leaves the organization and her stuff needs to be given to someone else.

Similar to user redirect, this mode accepts two email addresses. Generate deterministic uuid for each email address. Make merge API call to assign ownership of departing user's stuff to new user on each cluster.

Note: also needs API server support, must permit redirect_to_user_uuid is nil, in which case ApiClientAuthorization (API tokens) and AuthorizedKey (ssh keys) are not migrated, because the user that left may have lingering credentials and shouldn't gain access to other account.

h2. Workbench2 ?

User redirect and user reassign could also be implemented as admin tools on Workbench 2.