Client: Removing a user from a team does not recursively remove the user from the team's sub-teams

Created on 1 Sep 2018 · 6Comments · Source: keybase/client

The user then needs to be removed from each sub-team individually. Full credit to @ann-kilzer for finding this.

KeyBase version 2.5.1-20180830164425+a18ce51fa9
macOS 10.13.6

Source

shoenseiwaso

Most helpful comment

It would be really cool if the keybase-cli command keybase team remove-member had a recursive option.

ann-kilzer on 1 Sep 2018

👍5

All 6 comments

Why would you do this? This is totally non-intuitive, and would break our usage of subteams.

If this feature is implemented, it should be defaulted to off and someone must explicitly check some box to recursively remove from subteams.

junderw on 1 Sep 2018

The use case is someone leaving an organization, and wanting to remove them from the team plus all sub-teams at once. Is there another way to accomplish this?

shoenseiwaso on 1 Sep 2018

👍3

I wrote up a bash function that should help.

Try out:
keybasefinduser
keybasefinduserteams
before trying the recursive delete one...

I am on Linux and I heard grep and sed act weird on macOS if you use that...

Please note that this needs to be run by an admin of myteam.

If you want to do recursively from a subteam (ie. myteam.dev and myteam.dev.* but NOT myteam and myteam.marketing etc.) then you must try keybasefinduser myteam\\.dev usertodelete

# usage:
# keybasefinduser myteam usertodelete
keybasefinduser (){
    keybase team list-members --all | grep -P "$1(\\.\S+)?\s{2,}(\S+\s?)+\s{2,}$2"
}

# usage:
# keybasefinduserteams myteam usertodelete
keybasefinduserteams (){
    keybase team list-members --all | grep -P "$1(\\.\S+)?\s{2,}(\S+\s?)+\s{2,}$2" | sed "s/\(\S*\).*/\1/"
}

# usage:
# keybase_recursive_remove myteam usertodelete
# output:
# 
# Removing usertodelete from myteam
# Success! usertodelete removed from team myteam.
# Removing usertodelete from myteam.dev
# Success! usertodelete removed from team myteam.dev.
# Removing usertodelete from myteam.marketing
# Success! usertodelete removed from team myteam.marketing.
# Done removing usertodelete from:
# myteam
# myteam.dev
# myteam.marketing
keybase_recursive_remove (){
    TEAMS=$(keybase team list-members --all | grep -P "$1(\\.\S+)?\s{2,}(\S+\s?)+\s{2,}$2" | sed "s/\(\S*\).*/\1/")
    for TEAM in $TEAMS
    do
        echo "Removing $2 from $TEAM"
        keybase team remove-member $TEAM -f --user=$2
    done
    echo -e "Done removing $2 from:\n$TEAMS"
}

junderw on 1 Sep 2018

👍2

It would be really cool if the keybase-cli command keybase team remove-member had a recursive option.

ann-kilzer on 1 Sep 2018

👍5

Awesome, thanks @junderw! We'll give it a try. Per @ann-kilzer's comment, would be great to add this in to a future keybase-cli (and eventually UI) natively.

shoenseiwaso on 1 Sep 2018

+1 for adding a recursive delete option. Running a script that loops through each team & deletes the user is a bit kludgy, but works.