lunarthegrey
commented
2 months ago Outline server Prometheus data is stored for 31d currently.
https://github.com/Jigsaw-Code/outline-server/blob/master/src/shadowbox/server/main.ts#L187
Open lunarthegrey opened 2 months ago
lunarthegrey
commented
2 months ago Outline server Prometheus data is stored for 31d currently.
https://github.com/Jigsaw-Code/outline-server/blob/master/src/shadowbox/server/main.ts#L187
Currently, stale access keys are discovered via Prometheus queries to the Outline servers. Because cron triggers are not working at the moment, access key deletion happens manually and often sporadically.
If the access key has for example been unused for 90 days, it will be deleted if
delete.jsis executed via a request with theX-Dry-Run: falseHTTP header.However, it seems that very old access keys that have been unused for so long, do not even show up in the Prometheus queries, thus they don't get deleted.
To remedy this issue, I think that queries made to Prometheus endpoints can't be the complete source of truth. A query to the Outline API endpoints also has to be made to determine if there are access keys which are very old but no longer exist in Prometheus data.
A potential fix could be to query Outline API endpoints on
/access-keys, and check which access keys are in use via Prometheus queries, then delete the ones that are not found in the Prometheus data.