The RepoInitService(https://stash.forgerock.org/projects/OPENIDM/repos/openidm/browse/openidm-repo-init/src/main/java/org/forgerock/openidm/repo/init/RepoInitService.java) is responsible for creating, updating, or deleting repo objects on IDM startup. This is used, for example, to create the openidm-admin internal user account. Currently the RepoInitService will successfully startup regardless if there are any errors produced when creating, updating, or deleting the repo objects. The service allows errors since it assumes errors will occur if other nodes have already done the create, update, or deletes.
This is a problem because if the repo is in a poor state and the internal user accounts were actually not created IDM will still startup, but be unusable due to the missing internal user accounts.
The RepoInitService can be enhanced to only accept known errors, and actually fail when unknown errors occur. These are the list of known acceptable conditions and their errors.
1) Created object already exists == PreconditionFailedException
2) Updated object already updated == PreconditionFailedException
3) Delete object already deleted == NotFoundException
If we enhance the RepoInitService to capture those errors and allow it to fail for unknown errors, then IDM will fail to start if the internal user accounts are not able to be created which is the correct behavior (IDM should not be able to start if openidm-admin does not exist).