Logic of a provisioning brake

From programmers intuitions we decided that name for provisioning brake will be provisioning break. Break is more a programmer's steady expression than brake.
If you set warning limit equals or higher than disable limit. The warning message will not be sent.

All provisioning break logic is in the processor ProvisioningBreakProcessor, this processor controls if the system isn't blocked, etc. (see below). This processor can't be disabled!

  1. check if the system isn't blocked. If the system is already blocked, skip provisioning - operation will be added to queue with BLOCKED status,
  2. get specific provisioning break configuration for the system,
  3. if the specific configuration doesn't exists, get the global configuration,
  4. if any configuration isn't found, continue with provisioning operation as usually,
  5. if the configuration exists, check that the configuration isn't inactive,
  6. after checking the Inactive attribute, initialize the actual counter and remove older records from the cache,
  7. check if the actual counter equals the warning limit. If it does, send the notification,
  8. check if the disable limit is exceeded. If it is exceeded, block the system and send the notification,
  9. finally, add a new item to the cache and continue.

After exceeeding the disable limit, the actual operation is put into provisioning queue with the BLOCKED status. Next operations for the system will be directly added into queue with the BLOCKED status.

After restarting CzechIdM backend, the provisioning cache will be cleared!

The operation counter is obtained from a special cache used only for provisioning operations, this cache isn't used for any other logic. This cache is in memory, so after restarting CzechIdM backend, the cache is cleared.

Older records are removed before checking the actual count and limits. New timestamp is added to this cache after every successful provisioning operation. The cache is divided for every system and their provisioning operations.

When the disable limit of the provisioning break configuration is exceeded, the system is marked by one of these boolean flags: createOperation, updateOperation, deleteOperation as true. When the boolean flag is checked, the corresponding operation (create, update or delete) is blocked. These attributes for system are added by the class SysBlockedOperation, this class is embeddable part of system.

  • by kopro