Fix missing AWS IAM User and GCP IAM User Role deprovisioning when deleting Cloud Account Users
requested to merge 178-improve-user-and-cloud-account-deletion-for-team-member-offboarding into main
Overview
This MR fixes missing method calls when using :delete
, :restore
, and :destroy
CLI commands to remove user access.
New Features
- The
cloud-account-user:delete
andcloud-account-user:destroy
CLI commands now delete all child Cloud Account User Roles. - The
auth-user:restore
CLI command now re-provisions all Cloud Account Users and the GitOps user account. - The
auth-user:delete
andauth-user:destroy
CLI commands now deprovision the GitOps user account. - The
auth-user:delete
andauth-user:destroy
CLI commands now delete the Cloud Account User and Cloud Account User Roles which deprovision the AWS IAM User or GCP IAM User Role.
Fixes
- The GCP
IamUserRoleService::delete
method was not calling thedeprovision
method so the GCP IAM Policy was not updated to remove the user role when a Cloud Account User Role was deleted. - The AWS
IamUserService::delete
method was not being properly called fromcloud-account-user:delete
due to a typo trying to calldeleteUser
method that did not exist. No AWS user accounts were deleted when this CLI command was used. Any Cloud Account Users withdeleted_at
timestamps anddeleted
state may still exist. Retroactive deprovisioning CLI command will be added in #181. - The
CloudAccountUserService
andCloudAccountUserRoleService
now call the proper deprovisioning methods.
Breaking Changes
-
Low
3d8c62fc - UpdateCloudAccountUserService::deprovision
to return false instead of void if method is not successful
Limitations
- #179 Add support for closing and deleting an AWS Account
- #180 Add support for closing and deleting a GCP project
- #181 Add retroactive mitigation CLI command to check if AWS IAM Users still exist for previously deleted Cloud Account Users
- #182 Add retroactive mitigation CLI command to check if GCP IAM Users Role Mappings still exist for previously deleted Cloud Account User Roles
Related to #178 (closed)
Edited by Jeff Martin