====== Logic of a provisioning brake ======
{{tag> provisioning break brake}}
From programmers intuitions we decided that name for provisioning brake will be **provisioning break**. Break is more a programmer's steady expression than brake.
If you set warning limit equals or higher than disable limit. The warning message will not be sent.
All provisioning break logic is in the processor **ProvisioningBreakProcessor**, this processor controls if the system isn't blocked, etc. (see below). **This processor can't be disabled**!
==== Processor steps ====
- check if the system isn't blocked. If the system is already blocked, skip provisioning - operation will be added to queue with BLOCKED status,
- get specific provisioning break configuration for the system,
- if the specific configuration doesn't exists, get the global configuration,
- if any configuration isn't found, continue with provisioning operation as usually,
- if the configuration exists, check that the configuration isn't inactive,
- after checking the Inactive attribute, initialize the actual counter and remove older records from the cache,
- check if the actual counter equals the warning limit. If it does, send the notification,
- check if the disable limit is exceeded. If it is exceeded, block the system and send the notification,
- finally, add a new item to the cache and continue.
{{ :devel:dev:provisioning:brzda_navrh.png | }}
After exceeeding the disable limit, the actual operation is put into provisioning queue with the **BLOCKED** status. Next operations for the system will be directly added into queue with the BLOCKED status.
===== Cache and operation counter =====
After restarting CzechIdM backend, the provisioning cache will be **cleared**!
The operation counter is obtained from a special cache used only for provisioning operations, this cache isn't used for any other logic. This cache is in memory, so after restarting CzechIdM backend, the cache is **cleared**.
Older records are removed before checking the actual count and limits. New timestamp is added to this cache after every successful provisioning operation. The cache is divided for every system and their provisioning operations.
{{ :devel:dev:provisioning:cache.png |}}
===== System blocked operations =====
When the disable limit of the provisioning break configuration is exceeded, the system is marked by one of these boolean flags: **createOperation, updateOperation, deleteOperation** as true. When the boolean flag is checked, the corresponding operation (create, update or delete) is blocked. These attributes for system are added by the class ''SysBlockedOperation'', this class is embeddable part of system.