Skip to content

iam: migrate UserDeactivation to PlatformAccess in milo and zitadel-provider #658

Description

@JoseSzycho

Context

Part of #613 — replacing UserDeactivation, PlatformAccessApproval, and PlatformAccessRejection with a single mutable PlatformAccess resource.

This issue covers migrating the UserDeactivation resource and all systems that produce or consume it.

Background

UserDeactivation currently governs User.status.state (Active/Inactive). The UserController in Milo watches these resources to set that status field, and the Zitadel provider watches them to activate or deactivate users in Zitadel. Under the new model, the Suspended state on PlatformAccess replaces this resource entirely.

Scope

milo-os/milo

  • Update UserController to watch PlatformAccess for state: Suspended instead of UserDeactivation
  • Remove the UserDeactivation controller
  • Update User.status to reflect accessState derived from PlatformAccess (remove state, registrationApproval; add accessState)
  • Update the Ready condition semantics on User so Ready=True only when accessState=Approved
  • Remove the UserDeactivation CRD and all associated RBAC, roles, and protected resource config once no consumers remain
  • Update e2e tests that exercise the deactivation flow

milo-os/zitadel-provider

  • Update the provider to watch PlatformAccess for state: Suspended and state: Approved (reactivation) instead of watching UserDeactivation creates and deletes
  • Ensure the transition Suspended → Approved reactivates the user in Zitadel, equivalent to deleting a UserDeactivation today

Migration Notes

  • UserDeactivation delete (reactivation) maps to setting PlatformAccess.spec.state = Approved
  • UserDeactivation create (deactivation) maps to setting PlatformAccess.spec.state = Suspended
  • Any system creating UserDeactivation resources (e.g. the fraud operator) is covered in a separate issue

Related

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type
No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions