When a user account is "deleted" / removed, we make sure that Beaker also cleans up any resources belonging to that account. The account can no longer log in or submit jobs, however there is currently nothing stopping somebody *else* from giving resources to the account after it is removed.
Specifically it should not be possible to:
* loan a system to a removed account
* change a system's owner to be a removed account
* add a removed account to a group
* add a removed account to a system access policy
because these are all the things that get cleaned up as part of the removal process, so we expect them to stay that way afterwards.
https://gerrit.beaker-project.org/5864 disallow lending systems to deleted users
https://gerrit.beaker-project.org/5865 disallow giving systems to deleted users
https://gerrit.beaker-project.org/5866 disallow adding deleted users to groups
https://gerrit.beaker-project.org/5867 disallow adding deleted users to access policies
Verified that deleted user cannot be
* loaned to a system
* a system's owner
* added to a group
* added to a system access policy
Beaker 24.5 has been released.