When a user account is "deleted" / removed, we make sure that Beaker also cleans up any resources belonging to that account. The account can no longer log in or submit jobs, however there is currently nothing stopping somebody *else* from giving resources to the account after it is removed. Specifically it should not be possible to: * loan a system to a removed account * change a system's owner to be a removed account * add a removed account to a group * add a removed account to a system access policy because these are all the things that get cleaned up as part of the removal process, so we expect them to stay that way afterwards.
https://gerrit.beaker-project.org/5864 disallow lending systems to deleted users https://gerrit.beaker-project.org/5865 disallow giving systems to deleted users https://gerrit.beaker-project.org/5866 disallow adding deleted users to groups https://gerrit.beaker-project.org/5867 disallow adding deleted users to access policies
Verified that deleted user cannot be * loaned to a system * a system's owner * added to a group * added to a system access policy
Beaker 24.5 has been released.