User deactivation will be performed on a regular basis, calling the appropriate endpoint on fabric8-auth (see fabric8-services/fabric8-auth#780).
In order to avoid running a separate batch on the platform, we could use a go routine built in the admin console service itself (with a lock on a table to avoid concurrent accesses if we run multiple pods).
The deactivation process is the following:
- call
fabric8-auth to retrieve a list of users to deactivate (limited to a certain number of accounts) using
- call
fabric8-auth to deactivate each account and record an "audit log" of each user deactivation
goto 1 until the list of users to deactivate is empty
User deactivation will be performed on a regular basis, calling the appropriate endpoint on
fabric8-auth(see fabric8-services/fabric8-auth#780).In order to avoid running a separate batch on the platform, we could use a go routine built in the admin console service itself (with a lock on a table to avoid concurrent accesses if we run multiple pods).
The deactivation process is the following:
fabric8-authto retrieve a list of users to deactivate (limited to a certain number of accounts) usingfabric8-authto deactivate each account and record an "audit log" of each user deactivationgoto 1until the list of users to deactivate is empty