Project

General

Profile

Actions

Task #2551

open

Changing (and upgrading?) virtual system connector causes broken virtual requests (empty changes or bad previous value)

Added by Alena Peterová about 4 years ago. Updated about 3 years ago.

Status:
New
Priority:
Low
Assignee:
Vít Švanda
Category:
Virtual systems
Target version:
-
Start date:
11/02/2020
Due date:
% Done:

0%

Estimated time:
Owner:

Description

Tested on version 10.4.4/7.

We use a different virtual connector implementation - the connector that exports CSV. After virtual system to this connector, all previous virtual accounts were somehow "broken".

I was able to reproduce the issues with this connector, but maybe also if we increased the version of the standard virtual system connector, the same could happen. (I didn't test it, but it may explain the issues we had 2 years ago on one older project.)

Steps to reproduce:
  • Add the JAR https://nexus.bcvsolutions.eu/#browse/browse:maven-releases:eu%2Fbcvsolutions%2Fidm%2Fidm-vs-export%2F1.0.0%2Fidm-vs-export-1.0.0.jar to idm.war
  • Set the property ic.localconnector.packages=eu.bcvsolutions.idm.vsexport.connector,net.tirasa.connid,eu.bcvsolutions.idm.vs.connector,eu.bcvsolutions.idm.connector,eu.bcvsolutions.idm.connectors.csv in application properties
  • Restart IdM
  • Create a virtual system (Virtual systems -> Add)
  • Add the virtual system role to some identity, mark the request as implemented
  • Change the Connector configuration from Virtual system connector to Basic virtual system export connector
  • Resave the identity - the virtual request displays empty changes of the attributes that were previously filled
  • Notice that a new VsAccount form definition was created for the new connector and it doesn't contain the original data (Attribute's values). Tell yourself "Oh, I see, there is a new form definition and it must be filled by the new values for all already created virtual accounts." Mark the request as implemented.
  • Change last name of the identity, the virtual request contains the expected change. Mark the request as implemented.
  • Change last name of the identity back - the previous value in the virtual request doesn't contain the previous value.

After some playing with the form definitions through GUI, I found out only one workaround to make the accounts work again (apart from deleting and recreating them) - change the value "connector_key" in the database. I don't know what it is for, but because it contains also the version of the connector, I think that increasing version of the virtual connector would be problematic as well as changing the connector implementation.

update vs_account set connector_key='czechidm:basic-virtual-system-export:eu.bcvsolutions.idm.vsexport.connector.basic.BasicVsExportConnector:1.0.0'  where system_id='\xdb05f80dff364651b13d3ae0bee4fc1a'


Files

change_to_original_value.png (18.8 KB) change_to_original_value.png Alena Peterová, 11/02/2020 06:41 PM
first_request_after_change_vs_connector.png (15.3 KB) first_request_after_change_vs_connector.png Alena Peterová, 11/02/2020 07:00 PM
request_with_change.png (16.9 KB) request_with_change.png Alena Peterová, 11/02/2020 07:10 PM
Actions #1

Updated by Alena Peterová about 4 years ago

  • Priority changed from Normal to Low

I added a warning to the vs-export connector into its README, just for case that anybody tries to use it.
Otherwise I think it's a small chance that anybody has this problem. But if we ever change the standard virtual connector, we should better check this.

Actions

Also available in: Atom PDF