diff --git a/services/identity/src/backup.rs b/services/identity/src/backup.rs
new file mode 100644
--- /dev/null
+++ b/services/identity/src/backup.rs
@@ -0,0 +1,41 @@
+use comm_lib::auth::AuthService;
+
+use crate::{
+ config::CONFIG,
+ constants::{error_types, tonic_status_messages},
+};
+
+pub async fn delete_backup_user_data(
+ user_id: &str,
+ auth_service: &AuthService,
+) -> Result<(), crate::error::Error> {
+ let path = format!("/user_data/{}", user_id);
+ let url = CONFIG
+ .backup_service_url
+ .join(&path)
+ .expect("failed to construct backup service URL");
+ let services_token =
+ auth_service.get_services_token().await.map_err(|err| {
+ tracing::error!(
+ errorType = error_types::HTTP_LOG,
+ "Failed to retrieve service-to-service token: {err:?}",
+ );
+ tonic::Status::aborted(tonic_status_messages::UNEXPECTED_ERROR)
+ })?;
+
+ let client = reqwest::Client::builder().build()?;
+ let response = client
+ .delete(url)
+ .bearer_auth(services_token.as_authorization_token()?)
+ .send()
+ .await?;
+ if !response.status().is_success() {
+ let response_body = response.text().await?;
+ tracing::error!(
+ errorType = error_types::HTTP_LOG,
+ "Backup service failed to delete user data: {}",
+ response_body
+ )
+ }
+ Ok(())
+}
diff --git a/services/identity/src/error.rs b/services/identity/src/error.rs
--- a/services/identity/src/error.rs
+++ b/services/identity/src/error.rs
@@ -23,6 +23,8 @@
#[display(...)]
Serde(serde_json::Error),
#[display(...)]
+ Reqwest(reqwest::Error),
+ #[display(...)]
CannotOverwrite,
#[display(...)]
OneTimeKeyUploadLimitExceeded,
diff --git a/services/identity/src/grpc_services/authenticated.rs b/services/identity/src/grpc_services/authenticated.rs
--- a/services/identity/src/grpc_services/authenticated.rs
+++ b/services/identity/src/grpc_services/authenticated.rs
@@ -13,6 +13,7 @@
grpc_services::shared::{get_platform_metadata, get_value},
};
use chrono::DateTime;
+use comm_lib::auth::AuthService;
use comm_opaque2::grpc::protocol_error_to_grpc_status;
use tonic::{Request, Response, Status};
use tracing::{debug, error, trace, warn};
@@ -36,6 +37,7 @@
#[derive(derive_more::Constructor)]
pub struct AuthenticatedService {
db_client: DatabaseClient,
+ comm_auth_service: AuthService,
}
fn get_auth_info(req: &Request<()>) -> Option<(String, String, String)> {
@@ -107,6 +109,15 @@
});
}
+fn spawn_delete_backup_data_task(user_id: String, auth_service: AuthService) {
+ tokio::spawn(async move {
+ debug!("Attempting to delete Backup data for user: {}", &user_id);
+ let result =
+ crate::backup::delete_backup_user_data(&user_id, &auth_service).await;
+ consume_error(result);
+ });
+}
+
#[tonic::async_trait]
impl IdentityClientService for AuthenticatedService {
#[tracing::instrument(skip_all)]
@@ -570,10 +581,11 @@
let device_ids = self
.db_client
- .delete_user(user_id)
+ .delete_user(user_id.clone())
.await
.map_err(handle_db_error)?;
spawn_delete_tunnelbroker_data_task(device_ids);
+ spawn_delete_backup_data_task(user_id, self.comm_auth_service.clone());
let response = Empty {};
Ok(Response::new(response))
@@ -657,10 +669,11 @@
let device_ids = self
.db_client
- .delete_user(user_id)
+ .delete_user(user_id.clone())
.await
.map_err(handle_db_error)?;
spawn_delete_tunnelbroker_data_task(device_ids);
+ spawn_delete_backup_data_task(user_id, self.comm_auth_service.clone());
let response = Empty {};
Ok(Response::new(response))
diff --git a/services/identity/src/main.rs b/services/identity/src/main.rs
--- a/services/identity/src/main.rs
+++ b/services/identity/src/main.rs
@@ -1,3 +1,4 @@
+use comm_lib::auth::AuthService;
use comm_lib::aws;
use comm_lib::aws::config::timeout::TimeoutConfig;
use comm_lib::aws::config::BehaviorVersion;
@@ -6,6 +7,7 @@
use tonic::transport::Server;
use tonic_web::GrpcWebLayer;
+mod backup;
mod client_service;
mod config;
pub mod constants;
@@ -83,6 +85,8 @@
.region("us-east-2")
.load()
.await;
+ let comm_auth_service =
+ AuthService::new(&aws_config, "http://localhost:50054".to_string());
let database_client = DatabaseClient::new(&aws_config);
let inner_client_service = ClientService::new(database_client.clone());
let client_service = IdentityClientServiceServer::with_interceptor(
@@ -90,7 +94,7 @@
grpc_services::shared::version_interceptor,
);
let inner_auth_service =
- AuthenticatedService::new(database_client.clone());
+ AuthenticatedService::new(database_client.clone(), comm_auth_service);
let db_client = database_client.clone();
let auth_service =
AuthServer::with_interceptor(inner_auth_service, move |req| {