Setting the account deletion delay parameter

You can change the status of an account that has a Pending deletion status and restore the account within the deletion delay period. IBM Security QRadar® Suite Software provides a method to set the account deletion delay period by updating a ConfigMap.

About this task

An account that is selected for deletion is immediately unavailable with a Pending deletion status. As a cluster administrator you can cancel the deletion and restore the account within the account deletions delay period. The default delay period is 14 days.

Procedure

  1. Log in to your Red Hat® OpenShift® Container Platform cluster by typing either of the following commands, where <openshift_url> is the URL for your Red Hat OpenShift Container Platform environment.
    • Using a username and password.
      oc login <openshift_url> -u <username> -p <password>
    • Using a token.
      oc login --token=<token> --server=<openshift_url>
  2. Check what value is currently set, where the number represents the number of days to delay deletion. 
    oc get deploy isc-entitlements -o json | jq '.spec.template.spec.containers[].env[] | select(.name=="DEFER_ACCOUNT_DELETION") | .value'
  3. If you want accounts to enter the processing state and delete within 24 hours, apply the configuration as follows: 
    cat << EOF | oc apply -f - 
apiVersion: isc.ibm.com/v1
kind: CP4SConfiguration
metadata:
    name: account-deletion-delay
spec:
    values:
        - entitlements.account_delete_delay_days="0"
EOF
  4. You can change the entitlements.account_delete_delays_days parameter to any set of days that you want.
  5. After applying the configuration, wait for the pods to reconcile and check again if the value was updated by running the command you entered in step 2. 
    oc get deploy isc-entitlements -o json | jq '.spec.template.spec.containers[].env[] | select(.name=="DEFER_ACCOUNT_DELETION") | .value'

Results

The next time that an account is deleted, the revised delay period is implemented. If the delay period is set to 0, the account is deleted within a 24-hour deletion period and cannot be recovered in that period. See the following tables for examples of deletion implementation for different delay period settings.

Table 1. Implementing account deletion delays
Parameter value Delay period (variable) Deletion processing period (fixed)
0 None 24 hours
14 14 days 24 hours
30 30 days 24 hours