Closed smoy closed 1 year ago
Patch coverage: 53.84%
and project coverage change: -0.16%
:warning:
Comparison is base (
bec7490
) 83.84% compared to head (c1032c2
) 83.69%. Report is 1 commits behind head on main.
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
Some extra feedback as we test this on AD + identity center setup. Event describe_user and describe_group can fail during PrincipalID resolution (we are referencing principalID and GUID loosely, principalID is the term Identity center document uses).
the feedback is in those situation, maybe we want to provide extra configuration for user to simply capture the permission set configuration without the PrincipalID resolution. One further step is to configure to simply capture the permission set configuration without the assignment. so the assignment can be configure out-of-band.
well, this is actually not a bad improvement. even for existing identity center usage, there is a race condition between fetch_users_and_groups and the subsequent permission center ingestion. because there is no speak of transaction. looking users and group ahead of time does not help if the moment we ingest permission center assignment, it contains PrincipalID that are outside the known range. This PR already address the defer lookup and error handling, so we should merge this PR.
What changed?
Rationale
How was it tested?
If it was manually verified, list the instructions for your reviewers to follow.
how to verify: I simulate the issue by just not calling the actual list users and list groups.
this is likely only work for import. it will take some thoughts on how to implement change things from iambic-templates without user and group knowledge