{"id":23859206,"url":"https://github.com/openconext/openconext-user-lifecycle","last_synced_at":"2025-02-22T10:53:39.562Z","repository":{"id":38109693,"uuid":"132448588","full_name":"OpenConext/OpenConext-user-lifecycle","owner":"OpenConext","description":"Deprovision users within the OpenConext platform","archived":false,"fork":false,"pushed_at":"2024-11-20T10:18:54.000Z","size":822,"stargazers_count":1,"open_issues_count":1,"forks_count":0,"subscribers_count":11,"default_branch":"main","last_synced_at":"2025-01-03T03:34:58.979Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/OpenConext.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-05-07T11:05:37.000Z","updated_at":"2024-11-20T10:09:06.000Z","dependencies_parsed_at":"2024-06-03T14:40:24.998Z","dependency_job_id":"4a847aa2-4f32-4df3-9b86-70ca75538bc8","html_url":"https://github.com/OpenConext/OpenConext-user-lifecycle","commit_stats":null,"previous_names":[],"tags_count":19,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpenConext%2FOpenConext-user-lifecycle","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpenConext%2FOpenConext-user-lifecycle/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpenConext%2FOpenConext-user-lifecycle/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpenConext%2FOpenConext-user-lifecycle/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/OpenConext","download_url":"https://codeload.github.com/OpenConext/OpenConext-user-lifecycle/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240163548,"owners_count":19758028,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-01-03T03:32:49.698Z","updated_at":"2025-02-22T10:53:39.541Z","avatar_url":"https://github.com/OpenConext.png","language":"PHP","readme":"\u003ca href=\"https://openconext.org/\"\u003e\n    \u003cimg src=\"https://openconext.org/wp-content/uploads/2016/11/openconext_logo-med.png\" alt=\"OpenConext\"\n         align=\"right\" width=\"300\" /\u003e\n\u003c/a\u003e\n\n[![Build status](https://img.shields.io/travis/OpenConext/user-lifecycle.svg)](https://travis-ci.org/OpenConext/user-lifecycle)\n[![License](https://img.shields.io/github/license/OpenConext/user-lifecycle.svg)](https://github.com/OpenConext/user-lifecycle/blob/master/LICENSE)\n\n# OpenConext User Lifecycle\nDeprovision users within the OpenConext platform. The User Lifecycle application is where the last login information of OpenConext suite users is stored. From this application you can trigger the deprovisioning of users that are no longer considered active users.\n\n## Configuring deprovision clients\nA deprovision client is an OpenConext suite app that implements the deprovisioning API. And can therefor be used by OpenConext User Lifecycle to deprovision users from the platform. To configure a client, please update the `config/legacy/parameters.yml` file. For each client provide an entry in the `open_conext_user_lifecycle_clients` configuration section. An example can be found below.\n\n```yaml\nopen_conext_user_lifecycle_clients:\n    openconext_engineblock:\n        url: 'https://engine.example.com/path/to/api/'\n        username: 'my-user-name'\n        password: 'secret'\n        verify_ssl: false\n    teams:\n        url: 'https://teams.example.com/api'\n        username: 'deprovision'\n        password: 'secret'\n``` \n\nFor more information about setting up the clients, see the `/config/legacy/parameters.yml.dist` file.\n\n## Deprovisioning users\nDeprovisioning users can be done on a user basis, providing the user collab person id. Or automatically\nafter a period of inactiviy. This period can be configured in the `/config/legacy/parameters.yml`. Both options use\nthe `userlifecycle deprovision` console command.\n\n### Single user\nThe `userlifecycle deprovision` takes an user argument and several other options.\n\nThe `user` argument should be the one and only argument of the command. \n\n**Options**\n\n| Name   | Shortcut | Description |\n|---|---|---|\n| `--dry-run` | __none__ | Enables dry run mode, simulates a deprovision action, returning the output a regular run would, but without actually deprovisioning the user. |\n| `--json` | __none__ | Only outputs JSON. Must be used in combination with the --no-interaction option.|\n| `--pretty` | __none__ | Pretty-print JSON output.|\n| `--no-interaction` | `-n` | Prevents the confirmation question. |\n\n**Example usage**\n\n```bash\n$ userlifecycle deprovision urn:collab:person:surf.nl:janis_joplin\nContinue with deprovisioning of \"urn:collab:person:surf.nl:janis_joplin\"? (y/n)\n# Will start deprovisioning after a positive answer to the confirmation.\n```\n\n```bash\n$ userlifecycle deprovision urn:collab:org:surf.nl:janis_joplin --dry-run\n# Asks confirmation, will not deprovision actual user data\n```\n\n```bash\n$ userlifecycle deprovision urn:collab:org:surf.nl:janis_joplin --no-interaction --json\n# Starts deprovisioning right away, will only output the JSON returned from the services.\n```\n\n### Batch deprovisioning\nWhen the user argument is omitted, the deprovision command will start deprovisioning the users that have exceeded the\ninactivity period set in the `inactivity_period` parameter in `parameters.yml`. This parameter must be an integer value\nrepresenting the months of inactivity before a user must be deprovisioned.\n\n\u003e By default 37 months used as the inactivity period.\n\n**Options**\n\nThe same options can be used as described in the `Single user` section above.\n\n**Example usage**\n\n```bash\n$ userlifecycle deprovision\nContinue with deprovisioning? (y/n)\n# Will start deprovisioning after a positive answer to the confirmation.\n```\n\n```bash\n$ userlifecycle deprovision --dry-run --no-interaction\nContinue with deprovisioning? (y/n)\n# Will start a dry run without asking for confirmation.\n```\n\n## Gather information about a user\nTo read user information you can use the `information` console command.\n\nThe `information` command takes one argument which is the collabPersonId.\n\n\n**Options**\n\n| Name | Shortcut | Description |\n| --- | --- | --- |\n| `--json` | __none__ | Only outputs JSON. |\n\n\n**Example usage**\n```bash\n$ userlifecycle information urn:collab:example.org:user_id\n```\n\n## API\nAn API can be toggled, exposing the deprovision command (in read mode). Use the following feature toggle to enable/disable the API.\n\nIn config/legacy/parameters.yml\n```bash\n# By default the API is disabled\ndeprovision_api_settings_enabled: true\n```\n\nOnly user information can be read from the endpoint. The API by default is configured with basic authentication, using a configurable username and password.\n\nIn config/legacy/parameters.yml\n ```bash\n# To enable the API\ndeprovision_api_settings_enabled: true\ndeprovision_api_settings_username: userlifecycle\ndeprovision_api_settings_password: secret\n ```\n\nPlease note that the username and password should always be provided even when the API is disabled. \n\nThe API can be called in the following manner for a given user's collabPersonId:\n\n`GET /api/deprovision/urn:collab:person:example.org:jdoe`\n\nand will return the deprovision information in JSON format.\n\nThere are some rules on how the user data should be structured. User Lifecycle will only accept properly formatted\nuser data. The contract can be found in the [docs/deprovision-information.md]().\n\n## Logging\n\n### Production logging\nLogging is configured slightly different for the UserLifecycle project. On other OpenConext apps logging on production\nis done in syslog using the fingers crossed strategy. Fingers crossed means that no detailed log trails are produced in\nsyslog unless a certain log level is reached. Say the application logs an `error`. Fingers crossed will then also log\nany previous log messages along the error. Giving the log-auditor all the context it needs.\n\nA great log solution, but this did not fit for UserLifecyle. Here we log data we always want to see in syslog. And using\nthe fingers crossed strategy here was not practical. So the regular `stream` log strategy is used, logging everything\nsurpassing the configured log level (`notice`).\n\n## For developers\nSee the `/docs` folder for more details information about the application.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopenconext%2Fopenconext-user-lifecycle","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fopenconext%2Fopenconext-user-lifecycle","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopenconext%2Fopenconext-user-lifecycle/lists"}