Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-9880

User object relationships lost when using compensate script to handle failed delete

    Details

      Description

      When the compensate.js script re-generates users where a delete is attempted and fails to propagate to a target, any relationship is lost.

      To re-create:

      1. Start up OpenDJ with data from sample2b (sync-with-ldap-bidirectional)
      2. Modify sample2b's managed.json to include compensate.js against the onSync hook and to return 'roles' by default (returnByDefault : true)
      3. Start up OpenIDM with sample2b
      4. Synchronise users from OpenDJ to OpenIDM
      5. Create a role (testRole)
      6. Assign the testRole to jdoe
      7. Shutdown OpenDJ
      8. Delete jdoe within OpenIDM

      Expected Behaviour:
      The delete fails when attempting to read the target system (OpenDJ) and the compensate script is triggered. The user object is then fully re-created with all attributes and relationships

      Actual Behaviour:
      The user object is re-created with only the attributes and relationships are lost.

      Root Cause:
      If you capture the oldObject value used by the compensate script, the roles attribute will look similar to the following:

      "roles": [
        {
          "_ref": "managed/role/b76d2c99-583d-4e4a-89f3-add74b2cd65d",
          "_refProperties": {
            "temporalConstraints": [],
            "_grantType": "",
            "_id": "5e7bc45c-2476-4a9d-8c18-07bf91837cb5",
            "_rev": "2"
          }
        }
      ]
      

      However when performing a PUT via REST using the whole oldObject to re-create the user manually, an error is returned which seems to be swallowed when using openidm.create:

      {
          "code": 404,
          "reason": "Not Found",
          "message": "Object 5e7bc45c-2476-4a9d-8c18-07bf91837cb5 not found in relationships"
      }
      

      However, the object is still created without this relationship in place.

      The underlying problem here is that roles._refProperties._id references a relationship edge which is deleted the moment that the object is deleted within the UI. When re-creating the object, we have to re-create this edge rather than referring to the previous _id value. A simple method to achieve this manually is to remove both roles._refProperties._id and roles._refProperties._id from the create payload and the edge is re-created with a new _id value.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                mark.offutt Mark Offutt
                Reporter:
                tom.wood Tom Wood
                QA Assignee:
                Jakub Janoska
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: