Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cleanup unused applications in auth0 #519

Closed
2 tasks done
yuvipanda opened this issue Jul 15, 2021 · 10 comments
Closed
2 tasks done

Cleanup unused applications in auth0 #519

yuvipanda opened this issue Jul 15, 2021 · 10 comments
Assignees
@yuvipanda

Comments

@yuvipanda
Copy link
Member

yuvipanda commented Jul 15, 2021
edited by GeorgianaElena
Loading

Our auth0 account has a limit of 100 applications, and we're almost at the limit. There are a lot of unused applications there, because we changed naming schemes once. There's also some duplicates, and I'm not sure why.

In reality, we have way fewer than 100 applications. We need to clean this up.

TODO
@sgibson91 sgibson91 mentioned this issue Jul 15, 2021
Merged
@yuvipanda
Copy link
Member Author

image

Look at the duplicates!

@damianavila
Copy link
Contributor

Mmm... interesting... maybe this is the result of multiple deployments that somehow are generating dupe apps?

yuvipanda added a commit that referenced this issue Jul 16, 2021
@yuvipanda
Fetch all auth0 clients
7fd4f63 
The default per_page limit was 50 items, so we were not getting returned
clients past 50, and recreating them on each deploy

Ref #519
@yuvipanda yuvipanda mentioned this issue Jul 16, 2021
Merged
@sgibson91
Copy link
Member

sgibson91 commented Oct 22, 2021
edited
Loading

I was thinking about writing a helper script to tackle the cleanup of Auth0 apps today, the process would look like the following:

  1. Get all of our apps from Auth0. Structure the data as a dict {app1_name: [client_id1, client_id2, ...], app2_name: ...}
  2. Filter the dict for cases where len(value) > 1
  3. Print to the console which apps have multiple copies and how many copies there are.
  4. OPTIONAL --purge flag which would deleted duplicated apps until all entries in the dict had len(value) == 1

I had trouble figuring out from the deployer how to set up the connection to Auth0 though 😕

@yuvipanda
Copy link
Member Author

Thanks for looking into this, @sgibson91!

infrastructure/deployer/auth.py

Line 16 in fab3dc3

class KeyProvider:
is where all the auth0 related code is - we use the official auth0 python sdk. We obtain a auth0 object using credentials from our sops encrypted config/secrets.yaml, and then that gives us CRUD operations on apps / clients / connections etc.

I hope that is helpful in getting you started!

@sgibson91
Copy link
Member

Huh, I must have run into an intermittent error on the API server as my draft script is working now 😄

@sgibson91 sgibson91 moved this to Needs input 🙌 in Sprint Board Oct 22, 2021
@sgibson91
Copy link
Member

I have opened #769

@sgibson91 sgibson91 self-assigned this Oct 22, 2021
@sgibson91 sgibson91 mentioned this issue Oct 25, 2021
Closed
@choldgraf
Copy link
Member

Is this now finished since #769 is merged?

@sgibson91
Copy link
Member

sgibson91 commented Oct 26, 2021
edited
Loading

Actually, seeing the Wageningen app reminded me that that script only copes with duplicated apps, not apps that are unused because the hubs that generated them no longer exist. At the minimum, we need to add a checkpoint to the decommission hub issue template to manually remove the Auth0 (or GitHub) app when removing a hub. But cleaning the remaining apps up now probably requires a more manual approach.

@sgibson91 sgibson91 removed this from Sprint Board Oct 27, 2021
@sgibson91
Copy link
Member

I updated the issue template in this PR #784

@sgibson91 sgibson91 removed their assignment Oct 29, 2021
@github-project-automation github-project-automation bot moved this to Needs Shaping / Refinement in DEPRECATED Engineering and Product Backlog Jun 2, 2023
@github-project-automation github-project-automation bot moved this from Needs Shaping / Refinement to Complete in DEPRECATED Engineering and Product Backlog Jun 2, 2023
@damianavila
Copy link
Contributor

For future readers, we no longer use Auth0.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yuvipanda yuvipanda

Labels
None yet
Projects
No open projects
DEPRECATED Engineering and Product Backlog
Archived in project
Milestone
No milestone
Development

No branches or pull requests
5 participants
@yuvipanda @damianavila @choldgraf @GeorgianaElena @sgibson91