Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix CERN lifecycle handler #871

Merged
merged 11 commits into from
Nov 22, 2024
Merged

Fix CERN lifecycle handler #871

merged 11 commits into from
Nov 22, 2024

Conversation

enricovianello
Copy link
Member

@enricovianello enricovianello commented Nov 18, 2024
edited
Loading

Things done:

  • consider null expiration as unlimited
  • order the received participations from the most recent endDate to the oldest (null values on top)
  • take the first participation
  • manage 404 response from API
  • manage no participation for the experiment is found at all

Summary of CERN labels and handler mechanism

  • When user has label "cern.ch.ignore"
cern.hr.status cern.hr.message actions
IGNORED Skipping account as requested by the 'ignore' label no actions
  • In case of 5xx or 4xx errors (except 404) when retrieving the VO Person record from HR DB API
cern.hr.status cern.hr.message actions
ERROR Account not updated: HR DB error no actions
  • In case of 404 error received when retrieving the VO Person record from HR DB API
cern.hr.status cern.hr.message actions
ID_NOT_FOUND No person id cern_person_id found on HR DB Disable user if cern.on-person-id-not-found is disable_user.
No actions otherwise.
  • VO Person record exists but user has no participations to experiment_name (expired or not)
cern.hr.status cern.hr.message actions
EXP_NOT_FOUND Account end-time not updated: no participation to experiment_name found Disable user if cern.on-participation-not-found is disable_user.
No actions otherwise.
  • VO Person record exists for that cern_person_id and a valid participation to the experiment experiment_name is found
cern.hr.status cern.hr.message actions
MEMBER Account has a valid participation to the experiment User's personal data and end-time updated with endDate received from HR (1).
If user's new end-time means a valid membership and user is not active, then it's restored.

(1) Note that labels cern.ch.skip-email-synch and cern.ch.skip-end-date-synch could disable the update of user's email and end-time

  • VO Person record exists for that cern_person_id and an expired participation to the experiment experiment_name is found
cern.hr.status cern.hr.message actions
EXPIRED Account participation to the experiment is expired User's personal data and end-time updated with endDate received from HR (1).
The IAM expiration handler will disable the user as soon as his grace period ends.

(1) Note that labels cern.ch.skip-email-synch and cern.ch.skip-end-date-synch could disable the update of user's email and end-time

@enricovianello enricovianello self-assigned this Nov 18, 2024
@enricovianello enricovianello marked this pull request as ready for review November 18, 2024 17:49
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
93.6% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@enricovianello enricovianello merged commit 8836869 into v1.10.3 Nov 22, 2024
4 checks passed
@enricovianello enricovianello deleted the fix-cern-lifecycle branch November 22, 2024 17:53
@enricovianello
Copy link
Member Author

CERN HR lifecycle handler (SIMPLIFIED).pdf

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rmiccoli rmiccoli rmiccoli left review comments

Assignees

@enricovianello enricovianello

Labels
kind/bug priority/high
Projects
v1.10.3
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@enricovianello @rmiccoli