Add an interface to the Proxy to delete accounts

I hope by proxy you mean auth server.

With the latest auth updates, the create account functionality was pushed
into the proxy. So I was expecting that the delete account would follow the
same pattern. This would also require adding a bin file
swift-auth-delete-account

On Sat, Oct 23, 2010 at 7:33 AM, Mike Barton <email address hidden>wrote:

> I hope by proxy you mean auth server.
>
> --
> Add an interface to the Proxy to delete accounts
> https://bugs.launchpad.net/bugs/665383
> You received this bug notification because you are a member of Swift
> Bugs, which is subscribed to OpenStack Object Storage (swift).
>
> Status in OpenStack Object Storage (Swift): New
>
> Bug description:
> There currently isn't an external interface to DELETE an account through
> the proxy. It should require the same auth key, similar to the account PUT
> method.
>
>
>

I guess I need to pay more attention. I didn't realize we no longer have a services server.

This is something we should discuss a bit. We dropped the services server because it was old and crusty, used xmlrpc, and we didn't have time to rewrite it then. That "stuff" moved into the auth server, which required it to have access to all backend account servers. Later with the auth updates, it moved into the proxy so the auth just required proxy access.

I like having a separate service for account puts and deletes as it gives just a little more security with firewall rules and such. But, it does kinda stink to have a whole extra service just for account puts and deletes.

One possibility is to have an option to turn on account puts and deletes (and make them off by default). To run what used to be called services you just run an instance or two of the proxy server with this option on. If you run in a more trusted scenario you can just enable it in your main proxy servers.

I would like to see deleting account be a two part process requiring two different scripts.
Step 1. Suspend the account so no read or write activity can be done.
Step 2. Mark the account deleted.

I'm assuming the account-reaper will come around after a configurable interval and actually reclaim the objects and delete the dbs.

Making it difficult to delete production data usually a good idea.

We talked more on this yesterday and I thought I'd update what we came up with so far:

- There should be an option to turn off account puts/deletes in the proxy for those that want to completely avoid any potential attack vector.

- The account delete should simply mark the account as suspended (status = SUSPENDED), allowing no access to the account's data.

- The account reaper should delete suspended accounts after a configurable amount of time (1 week default?). As soon as it starts the deletion process it should set status = DELETED.

- Maybe provide a way to resurrect a suspended account or even a deleted account. But this is low priority as it could be done manually in such an uncommon situation (shut of the reapers, manually update the 3 account databases).

Partial work on this: https://code.launchpad.net/~gholt/swift/proxyaccount/+merge/42193

gholt is probably right, but these requirements are outside of the scope of this bug

1) We need the ability to issues DELETE's to the Account Server's through an interface on the proxy.

2) There should be a way to turn it off.

https://code.launchpad.net/~gholt/swift/proxyaccount meets those requirements and should be good enough to satisfy this bug.

Other dependencies/features/ideas should be worked on in other bugs. e.g. https://bugs.launchpad.net/swift/+bug/682919