Task #495
closed
Account mappings for all provisioned systems must have separate transactions
Added by Jan Helbich over 7 years ago.
Updated over 7 years ago.
Description
Situation:
I have an organization I need to provision into multiple systems A, B and C.
When organization is saved, provisioning runs in order:
1. A - success, connector returns UID = 1
2. B - success, connector returns UID = 2
3. C - failure - transformation script execution fails
As a result, IdM obviously rolls back the transaction and neither the A and B AccAccount nor SysSystemEntity are created.
This means that another save of the organization IdM sends CREATE action even to A and B where the accounts already exist.
- Related to Task #468: Account management is synchronous with Role add operation added
- Assignee changed from Radek Tomiška to Vít Švanda
This is known behavior.
In standard situations, will be (in second save) call updated not created account. This assums generate same uid for every save.
- We need know more informations:
-- Was error in UID attribute or in other?
-- Was created provisioning log for first success provisionings?
Posible solutions:
- Retry agenda for account management. (Same principe as retry agenda for provisioinig).
- Call provisioning executors after success commit main transaction.
- Priority changed from Immediate to High
- Status changed from New to In Progress
- Assignee changed from Vít Švanda to Radek Tomiška
- Target version changed from Citrine (7.3.0) to Diamond (7.4.0)
- % Done changed from 0 to 30
I've created PoC - provisioning is executed after all accounts is prepared (uids are computed). I've used spring transaction listener (the same as for LRT).
Branch rtomiska/acc-transaction.
- Status changed from In Progress to Needs feedback
- Assignee changed from Radek Tomiška to Vít Švanda
- Target version changed from Diamond (7.4.0) to Citrine (7.3.0)
- % Done changed from 30 to 90
I've separated account management and provisioning transaction, all needed features and tests are working.
Could you do a feedback please?
- Status changed from Needs feedback to Closed
- Assignee changed from Vít Švanda to Radek Tomiška
- % Done changed from 90 to 100
I tested many scenarios: Two table systems and identity. Role with approving (async). Table and CSV systems with tree. ....
Everything works great (tests too). This is big improve for good provisioning process. Thank you for it.
Also available in: Atom
PDF