Task #495
closed
Account mappings for all provisioned systems must have separate transactions
100%
Description
Situation:
I have an organization I need to provision into multiple systems A, B and C.
When organization is saved, provisioning runs in order:
1. A - success, connector returns UID = 1
2. B - success, connector returns UID = 2
3. C - failure - transformation script execution fails
As a result, IdM obviously rolls back the transaction and neither the A and B AccAccount nor SysSystemEntity are created.
This means that another save of the organization IdM sends CREATE action even to A and B where the accounts already exist.
Related issues
Updated by Jan Helbich almost 7 years ago
- Related to Task #468: Account management is synchronous with Role add operation added
Updated by Ondřej Kopr almost 7 years ago
- Assignee changed from Radek Tomiška to Vít Švanda
Updated by Vít Švanda almost 7 years ago
This is known behavior.
In standard situations, will be (in second save) call updated not created account. This assums generate same uid for every save.
- We need know more informations:
-- Was error in UID attribute or in other?
-- Was created provisioning log for first success provisionings?
Posible solutions:
- Retry agenda for account management. (Same principe as retry agenda for provisioinig).
- Call provisioning executors after success commit main transaction.
Updated by Vít Švanda almost 7 years ago
- Priority changed from Immediate to High
Updated by Vít Švanda almost 7 years ago
- Status changed from New to In Progress
- Assignee changed from Vít Švanda to Radek Tomiška
- Target version changed from Citrine (7.3.0) to Diamond (7.4.0)
Updated by Radek Tomiška almost 7 years ago
- % Done changed from 0 to 30
I've created PoC - provisioning is executed after all accounts is prepared (uids are computed). I've used spring transaction listener (the same as for LRT).
Branch rtomiska/acc-transaction.
Updated by Radek Tomiška almost 7 years ago
- Status changed from In Progress to Needs feedback
- Assignee changed from Radek Tomiška to Vít Švanda
- Target version changed from Diamond (7.4.0) to Citrine (7.3.0)
- % Done changed from 30 to 90
I've separated account management and provisioning transaction, all needed features and tests are working.
Could you do a feedback please?
Updated by Vít Švanda almost 7 years ago
- Status changed from Needs feedback to Closed
- Assignee changed from Vít Švanda to Radek Tomiška
- % Done changed from 90 to 100
I tested many scenarios: Two table systems and identity. Role with approving (async). Table and CSV systems with tree. ....
Everything works great (tests too). This is big improve for good provisioning process. Thank you for it.