From bad2728b2ed147badcd67ff0d21be20d17f0c9ea Mon Sep 17 00:00:00 2001
From: Ward Vandewege <ward@curii.com>
Date: Wed, 27 Oct 2021 15:48:54 -0400
Subject: [PATCH] 18183: add a database migration that deletes tokens and ssh
 keys that        belong to inactive users.

Arvados-DCO-1.1-Signed-off-by: Ward Vandewege <ward@curii.com>
---
 ...154300_delete_disabled_user_tokens_and_keys.rb | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 services/api/db/migrate/20211027154300_delete_disabled_user_tokens_and_keys.rb

diff --git a/services/api/db/migrate/20211027154300_delete_disabled_user_tokens_and_keys.rb b/services/api/db/migrate/20211027154300_delete_disabled_user_tokens_and_keys.rb
new file mode 100644
index 0000000000..df3db6f5f2
--- /dev/null
+++ b/services/api/db/migrate/20211027154300_delete_disabled_user_tokens_and_keys.rb
@@ -0,0 +1,15 @@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
+class DeleteDisabledUserTokensAndKeys < ActiveRecord::Migration[5.2]
+  def up
+    execute "delete from api_client_authorizations where user_id in (select id from users where is_active ='false' and uuid not like '%-tpzed-anonymouspublic' and uuid not like '%-tpzed-000000000000000')"
+    execute "delete from authorized_keys where owner_uuid in (select uuid from users where is_active ='false' and uuid not like '%-tpzed-anonymouspublic' and uuid not like '%-tpzed-000000000000000')"
+    execute "delete from authorized_keys where authorized_user_uuid in (select uuid from users where is_active ='false' and uuid not like '%-tpzed-anonymouspublic' and uuid not like '%-tpzed-000000000000000')"
+  end
+
+  def down
+    # This migration is not reversible.
+  end
+end
-- 
2.30.2