Project

General

Profile

Actions

Task #495

closed

Account mappings for all provisioned systems must have separate transactions

Added by Jan Helbich over 7 years ago. Updated over 7 years ago.

Status:
Closed
Priority:
High
Assignee:
Radek Tomiška
Category:
Provisioning
Target version:
Start date:
06/07/2017
Due date:
% Done:

100%

Estimated time:
Owner:

Description

Situation:
I have an organization I need to provision into multiple systems A, B and C.
When organization is saved, provisioning runs in order:
1. A - success, connector returns UID = 1
2. B - success, connector returns UID = 2
3. C - failure - transformation script execution fails

As a result, IdM obviously rolls back the transaction and neither the A and B AccAccount nor SysSystemEntity are created.
This means that another save of the organization IdM sends CREATE action even to A and B where the accounts already exist.


Related issues

Related to IdStory Identity Manager - Task #468: Account management is synchronous with Role add operationClosedRadek Tomiška05/31/2017

Actions
Actions #1

Updated by Jan Helbich over 7 years ago

  • Related to Task #468: Account management is synchronous with Role add operation added
Actions #2

Updated by Ondřej Kopr over 7 years ago

  • Assignee changed from Radek Tomiška to Vít Švanda
Actions #4

Updated by Ondřej Kopr over 7 years ago

  • File tenor.gif added
Actions #5

Updated by Vít Švanda over 7 years ago

  • File deleted (tenor.gif)
Actions #6

Updated by Vít Švanda over 7 years ago

This is known behavior.
In standard situations, will be (in second save) call updated not created account. This assums generate same uid for every save.
- We need know more informations:
-- Was error in UID attribute or in other?
-- Was created provisioning log for first success provisionings?

Posible solutions:
- Retry agenda for account management. (Same principe as retry agenda for provisioinig).
- Call provisioning executors after success commit main transaction.

Actions #7

Updated by Vít Švanda over 7 years ago

  • Priority changed from Immediate to High
Actions #8

Updated by Vít Švanda over 7 years ago

  • Status changed from New to In Progress
  • Assignee changed from Vít Švanda to Radek Tomiška
  • Target version changed from Citrine (7.3.0) to Diamond (7.4.0)
Actions #9

Updated by Radek Tomiška over 7 years ago

  • % Done changed from 0 to 30

I've created PoC - provisioning is executed after all accounts is prepared (uids are computed). I've used spring transaction listener (the same as for LRT).

Branch rtomiska/acc-transaction.

Actions #10

Updated by Radek Tomiška over 7 years ago

  • Status changed from In Progress to Needs feedback
  • Assignee changed from Radek Tomiška to Vít Švanda
  • Target version changed from Diamond (7.4.0) to Citrine (7.3.0)
  • % Done changed from 30 to 90

I've separated account management and provisioning transaction, all needed features and tests are working.

Could you do a feedback please?

Actions #11

Updated by Vít Švanda over 7 years ago

  • Status changed from Needs feedback to Closed
  • Assignee changed from Vít Švanda to Radek Tomiška
  • % Done changed from 90 to 100

I tested many scenarios: Two table systems and identity. Role with approving (async). Table and CSV systems with tree. ....

Everything works great (tests too). This is big improve for good provisioning process. Thank you for it.

Actions

Also available in: Atom PDF