Synchronization of contract slices doesn't cause provisioning to systems (=> changes may not be propagated)
- We fill the name of work position to some AD attribute
- A user has a contract controlled by time slices (screenshot: before_sync.png)
- A new slice is added in the source system and this slice will be the currently used slice.
(Alternatively: currently used slice is updated in the source system)
- The slice causes some change to the contract, in our case change of the work position
- There is no provisioning caused by the synchronization (provisioning_archive.png) => the change of the work position is not propagated to the end systems => AD contains old values, even if IdM contains new values
Shortly: Entity events coming from the task ClearDirtyStateForContractSliceTaskExecutor have the property skip_provisioning=true.Notes:
- If the slice causes that the identity is a new manager / stops to be a manager, then the subordinates are not provisioned => they have old values of "manager" attribute in AD
- If the synchronization causes some change in roles for the AD system, the provisioning is caused by recalculation of automatic roles. That's probably why we don't encounter this situation in our projects more often.
- If the new slice is valid in the future, then it is handled by SelectCurrentContractSliceTaskExecutor at the start of its validity. This task causes provisioning. => Changes made in the HR systems early enough are propagated in due time
- The synchronization log contains the following message (probably not really important):
Warning - select corrent contract slice is not executed correctly, Returned operation result is null. Ended in [2021-04-20T13:44:56.545299+02:00[Europe/Prague]].
Attached hr-contract-slices.zip can be used as a system for synchronization of contract slices together with the following data:
\c hrdata create table contractsslices (slice date, slice_id varchar, personalnumber varchar, contract_id varchar, validfrom timestamp, workposition varchar); alter table contractsslices owner to czechidm; insert into contractsslices values ('2021-04-01','00001_2021_04_01', '2000','00001', '2021-04-01', 'Department 1'); -- newly added contract slice which will be processed by the synchronization (change of the department) insert into contractsslices values ('2021-04-20','00001_2021_04_20', '2000', '00001', '2021-04-01', 'Department 2');
- % Done changed from 0 to 90
Thanks for very detailed and correct bug report. I fixed this bug by your way.
The cause of this error are parameters that are passed from the slice to the contract and then to the identity. One of them is the contains skip of provisionig (from sync).
After detailed debugging and testing, I think the skip was not intentional and should be removed. During testing, I found that each changed section triggers provisioning identity now. I consider this to be acceptable behavior.
I made a test for this.