This micro-service runs periodically and disposes archived citizen accounts
Available on tag v2.0.0 and also as a separate read-only branch.
Role-assignments returns paged results, however we overlooked this and disposer-idam-user deleted a lot more users than had to. This caused us to write additional functionality to restore all the users, which we don't expect to use in the future. But if ever need to, there are few things required outside of our app control. This is an attempt to document those requirements.
Additional functionality is:
- idam user restorer. Used to restore deleted users. Flow roughly looks like
this:
- get deleted users from lau-idam-backend DB table in batches
- iterate over deleted entries individually and create a request
- call idam api to insert the user
- check the response for any potential conflicts due to user already present on idam
- role assignments merger. If there were conflicts due to user already existing
on idam we needed to merge old user id with a new user id. Flow roughly looks
like this:
- get deleted users from lau-idam-backend DB table in batches
- query idam for the user using email address
- check if there are multiple IDs for the same user for the same email
- on multiple IDs get role assignments for deleted user from role assignments
- create role assignments request using new user (active) id and assigning old user (deleted/archived) role assignments to the new user
For role assignments to work we need:
search-userscope in[idam-access-config](https://github.com/hmcts/idam-access-config). Revert PR is here
and we need to add environment variables in cnp-flux-config for all environments:
IDAM_USER_RESTORER_ENABLED: false
DISPOSER_RESTORER_BATCH_SIZE: 100
DISPOSER_RESTORER_REQUESTS_LIMIT: 10000
DISPOSER_RESTORER_START_PAGE: 1
IDAM_DUPLICATE_USER_RESTORER_ENABLED: false
DUPLICATE_USER_MERGE_DRY_RUN: true
DUPLICATE_USER_BATCH_SIZE: 100
DUPLICATE_USER_REQUESTS_LIMIT: 10000
DUPLICATE_USER_START_PAGE: 1We disabled some functional tests in order for pipeline to pass, as permission was already removed.
The project uses Gradle as a build tool. It already
contains gradlew wrapper script, so there's no need to install system-wide
gradle.
To build the project execute the following command:
./gradlew buildCreate the image of the application by executing the following command:
./gradlew assembleCreate docker image:
docker-compose buildRun the distribution by executing the following command:
docker-compose upThis will start the container and by default exits immediately as service is set to disabled. If service were enabled, then it would try to fetch stale (archived) users from idam-api, filter by roles querying (am-role-assignments) and call user deletion endpoint on idam-api.
To skip all the setting up and building, just execute the following command:
./bin/run-in-docker.shFor more information:
./bin/run-in-docker.sh -hScript includes bare minimum environment variables necessary to start api instance. Whenever any variable is changed or any other script regarding docker image/container build, the suggested way to ensure all is cleaned up properly is by this command:
docker-compose rmIt clears stopped containers correctly. Might consider removing clutter of images too, especially the ones fiddled with:
docker images
docker image rm <image-id>There is no need to remove postgres and java or similar core images.
To run all unit tests execute the following command:
./gradlew testTo run all integration tests execute the following command:
./gradlew integrationFunctional tests require setting the right environment variables pointing to idam-api and am-role-assignemnt services. To access those services, VPN needs to be connected. To get secret and password refer to disposer key-vault. Once everything is setup, functional tests can be executed using the following command:
./gradlew functionalWe use checkstyle and PMD.
To run all checks execute the following command:
./gradlew clean checkstyleMain checkstyleTest checkstyleIntegrationTest pmdMain pmdTest pmdIntegrationTestor to generate a code coverage report execute the following command:
./gradlew integration functional jacocoTestReportThis project is licensed under the MIT License - see the LICENSE file for details