Details
-
Improvement
-
Resolution: Unresolved
-
Minor
-
None
-
None
-
None
-
None
Description
- provisioning
- types
- attestation
- deprovisioning?
- inherited privs (special case)
Shilen will test on large database.
GrouperProvisioningService.propagateProvisioningAttributes() pass in what to check (from full or incremental)
Incremental from GrouperProvisioningLogicIncremental
GrouperProvisionerGrouperDao has queries
? What if PIT not there?
– if data isnt there, and no PIT is there, it doesnt error out
? Do we need to change the "doProvision" equivalent
- do not use views
- remove code so when added in UI, it doesnt add provisioning attributes, it happens through daemon
Full: OTHER_JOB_grouperObjectTypeDaemon
Incremental: add
- if attributes have no values, dont assign
- wiki doesnt have exact queries
- do not use transactions
In the finder methods, we can make a generic query to get all attributes (check one name value pair?)
Make AttributeAssignOnAssignFinder with generic methods
Take out current method on group create etc.
FULL
0. two "sync" incremental and full not at same time (CH)
1. get all folders with any type assignments
a. generic query, pass in attribute def name id of the marker attribute
b. return stemId, stemName, attribute def name, attribute value string, attribute assign on assign id?
2. get all folders with ancestor with direct
a. generic query, pass in attribute def name id of the marker attribute, and attribute def name of direct attribute
b. return stemId, stemName
3. get groups with attributes and type (all attributes)
4. get all group ids with ancestor that has a type (sub or one in query)
5. fix what needs to be fixes (individual). use transaction for each object.
6. try to absorb errors
7. let exception be thrown
========================
INCREMENTAL
0. Start with events that happened after the last successful full started
1. ESB events
2. Filtering similar events (group create, folder create, attribute value (un)assign to group, attribute value (un)assign to folder
3. Get attribute def names one time per run
4. Group add
a. Get all attributes currently on all the group
b. Get all ancestor attributes in one query if not retrieve already (save)
5. Folder add
a. Get all attribute on folder and ancestors (save)
6. Attribute value (un)assign
a. See if attribute name is relevant (toss if not)
b. Get attribute assign from PIT (skip if not there)
i. if the attribute assign id was already processed in this run, then skip
c. Query to get stemId if direct stem (toss if indirect)
i. If so, get all child folder attributes in one query
ii. Query all child group attributes (one query)
iii. One query to get all ancestor attribute (if not retrieved already)
d. If not stem, query to get groupId if direct group (if not, then toss) (toss if indirect)
i. If so, get self attributes (one query)
ii. One query to get all ancestor attribute (if not retrieved already)
7. Calculate and done
a. Pass to a method where you pass objects and ancestors and it corrects the assignments
b. Have a try/catch, fix one object method, use transaction for each object. (query and redo [optional])
8. log errors and move on if error (return last change log)